Explorer.exe

Hello Ken, I have uninstalled Stopzilla and also is3 Stopzilla Toolbar aswell. This could be a problem. I can not find the file that you want me to submit to VirusTotal however. Before I uninstalled the is3 Stopzilla Toolbar there was a file there
called is3srv I think but it is now gone. Should I restore my computer back to the time just before I uninstalled the is3 Stopzilla toolbar and then submit this file?
 
Good Morning,

No, don't restore your computer, that file may have been related to Stopzilla.

How are things running now ?
 
Hello Ken, explorer.exe is still operating at 10% even when the computer is idle. I did a search in my registry for is3srv and it is there along with "clicktilluwin",explorer.exe, Firebird,LDAP32.DLL,dlder.exe, Flashplayer.
 
Hello Ken, I have run the Addaware scan and it has removed some things but Explorer.exe is still operating at about 10% even when the computer is doing nothing.
 
CA antivirus <--Disable this and see if it goes down


Lets check to see if its infected

You need to enable windows to show all files and folders, instructions Here

Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see.

C:\WINDOWS\explorer.exe







Please run this free online virus scanner from ESET
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic





  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
 
Hello Ken, this is the imformation you have requested. Yes when I put my CA Antivirus on snooze it does indeed make explorer.exe go to 0 per cent and then up to 8 to 10% when I unsnooze CA again.I was unable to send the explorer file to Virusvault because it
would upload for a while and then the screen would change and say there has been an error.
I tried to do this several times but it would keep comming up with error all the time. However I was able to email it to them and
here is what I got back in the return email.

Complete scanning result of "explorer.exe", processed in VirusTotal at 11/09/2009 02:01:46 (CET).

[ file data ]
* name..: explorer.exe
* size..: 1033728
* md5...: 12896823fb95bfb3dc9b46bcaedc9923
* sha1..: 9d2bf84874abc5b6e9a2744b7865c193c08d362f
* peid..: -

[ scan result ]
a-squared 4.5.0.41/20091108 found nothing
AhnLab-V3 5.0.0.2/20091106 found nothing
AntiVir 7.9.1.61/20091108 found nothing
Antiy-AVL 2.0.3.7/20091105 found nothing
Authentium 5.2.0.5/20091108 found nothing
Avast 4.8.1351.0/20091108 found nothing
AVG 8.5.0.423/20091108 found nothing
BitDefender 7.2/20091109 found nothing
CAT-QuickHeal 10.00/20091107 found nothing
ClamAV 0.94.1/20091109 found nothing
Comodo 2890/20091109 found nothing
DrWeb 5.0.0.12182/20091109 found nothing
eTrust-Vet 35.1.7108/20091106 found nothing
F-Prot 4.5.1.85/20091108 found nothing
F-Secure 9.0.15370.0/20091104 found nothing
Fortinet 3.120.0.0/20091108 found nothing
GData 19/20091109 found nothing
Ikarus T3.1.1.74.0/20091108 found nothing
Jiangmin 11.0.800/20091108 found nothing
K7AntiVirus 7.10.891/20091107 found nothing
Kaspersky 7.0.0.125/20091108 found nothing
McAfee 5796/20091108 found nothing
McAfee+Artemis 5796/20091108 found nothing
McAfee-GW-Edition 6.8.5/20091109 found [Heuristic.LooksLike.Win32.Suspicious.K]
Microsoft 1.5202/20091108 found nothing
NOD32 4586/20091109 found nothing
Norman 6.03.02/20091106 found nothing


nProtect 2009.1.8.0/20091108 found nothing
Panda 10.0.2.2/20091108 found nothing
PCTools 7.0.3.5/20091106 found nothing
Prevx 3.0/20091109 found nothing
Rising 21.54.62.00/20091108 found nothing
Sophos 4.47.0/20091109 found nothing
Sunbelt 3.2.1858.2/20091108 found nothing
Symantec 1.4.4.12/20091109 found nothing
TheHacker 6.5.0.2.063/20091106 found nothing
TrendMicro 9.0.0.1003/20091108 found nothing
VBA32 3.12.10.11/20091109 found nothing
ViRobot 2009.11.6.2025/20091106 found nothing
VirusBuster 4.6.5.0/20091108 found nothing

Here is Esset Online Scanner text as follows

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=b1e95bcb3514cc488b586db7399a1c7d
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-08 11:48:44
# local_time=2009-11-09 12:48:44 (+1200, New Zealand Daylight Time)
# country="New Zealand"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=256 16777215 100 0 77480063 77480063 0 0
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=4865 16777189 100 100 137953 79556218 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 25 13 76695792 76695815 0 0
# scanned=97266
# found=5
# cleaned=5
# scan_time=1827
C:\Qoobox\Quarantine\C\WINDOWS\aabdeg.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\bedgjl.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\oqprqr.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\xyybbc.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\VundoFix Backups\chtonf.dll.bad probably a variant of Win32/TrojanDownloader.ConHook.AA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Here is RSIT imformation as follows

Logfile of random's system information tool 1.06 (written by random/random)
Run by Brian at 2009-11-09 15:16:57
Microsoft Windows XP Professional Service Pack 3
System drive C: has 91 GB (60%) free of 153 GB
Total RAM: 1023 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:17:35 p.m., on 09/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\Firebird\FIREBI~1\Bin\FBGuard.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\MINDAlink\mlp_manager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Firebird\FIREBI~1\Bin\fbserver.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Brian\Desktop\RSIT.exe
C:\Documents and Settings\Brian\Desktop\Brian.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [mlp_manager] C:\Program Files\MINDAlink\mlp_manager.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Registration Brothers In Arms.LNK = D:\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.playtech.co.nz
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15103/CTPID.cab
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: FirebirdGuardianDefaultInstance - The Firebird Project - C:\PROGRA~1\Firebird\FIREBI~1\Bin\FBGuard.EXE
O23 - Service: FirebirdServerDefaultInstance - The Firebird Project - C:\PROGRA~1\Firebird\FIREBI~1\Bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 6757 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}]
bho2gr Class - C:\Program Files\GetRight\xx2gr.dll [2005-02-14 233472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-10 155648]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-06 64512]
"cctray"=C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe [2009-07-31 177392]
"CAVRID"=C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe [2009-10-15 230664]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"AGEIA PhysX SysTray"=C:\Program Files\AGEIA Technologies\TrayIcon.exe [2006-03-21 331776]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"mlp_manager"=C:\Program Files\MINDAlink\mlp_manager.exe [2006-09-04 2865664]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
GetRight - Tray Icon.lnk - C:\Program Files\GetRight\getright.exe

C:\Documents and Settings\Brian\Start Menu\Programs\Startup
Registration Brothers In Arms.LNK - D:\Support\Register\RegistrationReminder.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-08-11 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Zboard]
C:\WINDOWS\system32\Winlognotif.dll [2003-09-03 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-10 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Firewall GUI"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d885041-afa0-11da-a082-806d6172696f}]
shell\AutoRun\command - D:\Autorun.exe


======List of files/folders created in the last 3 months======

2009-11-09 15:16:57 ----D---- C:\rsit
2009-11-09 00:51:10 ----A---- C:\WINDOWS\ppyanti.txt
2009-11-08 23:02:41 ----D---- C:\Program Files\ESET
2009-11-07 23:54:58 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-11-07 09:23:58 ----HDC---- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-07 09:23:44 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-11-06 22:45:52 ----A---- C:\Program Files\Ad-AwareInstallation.exe
2009-11-05 16:20:00 ----D---- C:\WINDOWS\SxsCaPendDel
2009-11-04 23:19:33 ----D---- C:\WINDOWS\temp
2009-11-04 23:19:27 ----A---- C:\ComboFix.txt
2009-11-04 23:07:45 ----A---- C:\Boot.bak
2009-11-04 23:07:40 ----RASHD---- C:\cmdcons
2009-11-04 22:51:04 ----D---- C:\ComboFix
2009-11-04 15:54:30 ----A---- C:\WINDOWS\zip.exe
2009-11-04 15:54:30 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-11-04 15:54:30 ----A---- C:\WINDOWS\SWSC.exe
2009-11-04 15:54:30 ----A---- C:\WINDOWS\SWREG.exe
2009-11-04 15:54:30 ----A---- C:\WINDOWS\sed.exe
2009-11-04 15:54:30 ----A---- C:\WINDOWS\PEV.exe
2009-11-04 15:54:30 ----A---- C:\WINDOWS\NIRCMD.exe
2009-11-04 15:54:30 ----A---- C:\WINDOWS\MBR.exe
2009-11-04 15:54:30 ----A---- C:\WINDOWS\grep.exe
2009-11-04 15:52:14 ----D---- C:\Qoobox
2009-11-03 08:02:46 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2009-11-03 08:02:02 ----D---- C:\Program Files\Common Files\iS3
2009-11-03 08:02:01 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2009-10-29 11:39:03 ----D---- C:\Documents and Settings\Brian\Application Data\Malwarebytes
2009-10-29 11:38:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-29 11:38:54 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-28 13:15:19 ----HDC---- C:\WINDOWS\$NtUninstallKB953295$
2009-10-26 09:28:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-26 09:26:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-23 20:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-23 20:01:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-23 20:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-21 19:28:55 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-20 20:35:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-20 20:34:53 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-19 22:39:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-14 21:36:18 ----D---- C:\WINDOWS\ERDNT
2009-10-14 21:34:31 ----D---- C:\Program Files\ERUNT
2009-10-03 23:56:40 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-10-03 23:56:39 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-09-29 20:38:04 ----D---- C:\Documents and Settings\All Users\Application Data\POP3Profiles
2009-09-12 00:13:00 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-11 16:42:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-11 07:31:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973768$
2009-09-08 10:23:22 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-26 17:31:00 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-18 00:13:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-15 08:46:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-15 08:46:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-14 22:51:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-14 22:51:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-14 22:51:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-14 17:43:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-14 17:42:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 16:47:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$

======List of files/folders modified in the last 3 months======

2009-11-09 15:16:44 ----D---- C:\WINDOWS\Prefetch
2009-11-09 13:10:45 ----D---- C:\WINDOWS\system32
2009-11-09 13:10:45 ----D---- C:\WINDOWS
2009-11-09 13:01:46 ----SD---- C:\WINDOWS\Tasks
2009-11-09 13:01:13 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem.txt
2009-11-09 13:01:08 ----D---- C:\WINDOWS\Registration
2009-11-09 12:59:38 ----D---- C:\WINDOWS\CAVTemp
2009-11-09 01:35:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-08 23:02:44 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-08 23:02:43 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-08 23:02:41 ----RD---- C:\Program Files
2009-11-08 14:48:29 ----D---- C:\Program Files\GetRight
2009-11-08 14:45:18 ----D---- C:\Downloads
2009-11-08 14:22:43 ----HD---- C:\WINDOWS\inf
2009-11-08 14:22:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-08 14:22:14 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-08 14:22:14 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-07 22:53:55 ----D---- C:\WINDOWS\system32\drivers
2009-11-07 09:35:13 ----D---- C:\Program Files\Lavasoft
2009-11-07 09:35:12 ----D---- C:\Documents and Settings\Brian\Application Data\Lavasoft
2009-11-07 09:35:11 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-11-07 09:24:40 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-07 09:23:58 ----SHD---- C:\WINDOWS\Installer
2009-11-07 09:23:38 ----D---- C:\WINDOWS\WinSxS
2009-11-07 03:17:31 ----D---- C:\Program Files\Internet Explorer
2009-11-07 03:01:25 ----A---- C:\WINDOWS\imsins.BAK
2009-11-04 23:16:46 ----A---- C:\WINDOWS\system.ini
2009-11-04 23:13:19 ----D---- C:\WINDOWS\AppPatch
2009-11-04 23:13:18 ----D---- C:\Program Files\Common Files
2009-11-04 23:07:45 ----RASH---- C:\boot.ini
2009-11-03 08:12:54 ----D---- C:\WINDOWS\Minidump
2009-11-03 05:54:21 ----SHD---- C:\System Volume Information
2009-10-22 22:19:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-03 07:01:57 ----A---- C:\WINDOWS\system32\MRT.exe
2009-10-01 22:00:26 ----N---- C:\WINDOWS\explorer.exe
2009-10-01 12:32:04 ----D---- C:\WINDOWS\Help
2009-09-29 20:44:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-29 20:38:38 ----D---- C:\WINDOWS\system32\config
2009-09-29 20:38:24 ----D---- C:\WINDOWS\system32\wbem
2009-09-12 03:18:39 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-09-11 22:35:38 ----A---- C:\WINDOWS\DVDRegionFree.INI
2009-09-11 22:24:49 ----D---- C:\Program Files\Ubisoft
2009-09-11 22:24:46 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-11 07:31:56 ----D---- C:\WINDOWS\ehome
2009-09-05 10:03:36 ----A---- C:\WINDOWS\system32\msasn1.dll
2009-08-31 23:18:44 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
2009-08-29 21:08:21 ----A---- C:\WINDOWS\system32\wininet.dll
2009-08-29 21:08:21 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-08-29 21:08:20 ----A---- C:\WINDOWS\system32\occache.dll
2009-08-29 21:08:18 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-08-29 21:08:18 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-08-29 21:08:18 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-08-29 21:08:18 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-08-29 21:08:17 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-08-29 21:08:16 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-08-29 21:08:13 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-08-28 23:35:52 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-08-26 21:00:21 ----A---- C:\WINDOWS\system32\strmdll.dll
2009-08-15 08:46:39 ----D---- C:\Program Files\Outlook Express

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 72624]
R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2009-10-15 739752]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2007-05-03 21648]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2007-05-03 26640]
R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2007-05-03 32528]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2007-05-03 21392]
R2 ithsgt;ithsgt; C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2008-05-27 162432]
R2 lilsgt;lilsgt; C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2008-05-27 12032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-04 11868]
R2 NvNdis;NVIDIA NDIS IO Control Driver; \??\C:\WINDOWS\system32\Drivers\NvNdis.sys []
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-10-26 4124352]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-04 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-04 220032]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 P16X;Sound Blaster 5.1; C:\WINDOWS\system32\drivers\P16X.sys [2005-07-22 1275776]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-10-12 9856]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2009-10-15 133576]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-04 685056]
S3 catchme;catchme; \??\C:\DOCUME~1\Brian\LOCALS~1\Temp\catchme.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-11 11008]
S3 OmniDrv;Ideazon Keyboard Driver; C:\WINDOWS\system32\DRIVERS\OmniDrv.sys [2004-01-05 30976]
S3 OmniUsb;Ideazon USB Zboard Driver; C:\WINDOWS\system32\DRIVERS\OmniUsb.sys [2005-04-08 28800]
S3 OmniUsbl;Ideazon USBl Zboard Driver; C:\WINDOWS\system32\DRIVERS\OmniUsbl.sys [2004-07-27 9696]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-11 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CAISafe;CAISafe; C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe [2007-05-03 144960]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-12 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-06 102912]
R2 FirebirdGuardianDefaultInstance;FirebirdGuardianDefaultInstance; C:\PROGRA~1\Firebird\FIREBI~1\Bin\FBGuard.EXE [2005-10-03 65536]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-11-07 1179232]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-06 99328]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]
R2 VETMSGNT;VET Message Service; C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe [2009-10-15 233472]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2009-07-31 214256]
R3 FirebirdServerDefaultInstance;FirebirdServerDefaultInstance; C:\PROGRA~1\Firebird\FIREBI~1\Bin\fbserver.exe [2005-10-03 1527893]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-11-09 15:17:39

======Uninstall list======

"Faces of War" (Remove Only)-->"C:\Program Files\Ubisoft\Faces of War\unins000.exe"
-->"C:\Program Files\Creative\SB5.1\Program\Ctzapxx.EXE" /W /U /S
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
AGEIA PhysX v2.3.3-->"C:\Program Files\AGEIA Technologies\uninstall.exe"
Baldur's Gate(TM) II - Shadows of Amn(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DAE4336-2B71-11D4-9A6C-006067325E47}\setup.exe"
Battleship 2-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Battleship 2\Uninst.isu"
BOILING POINT-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58AC967F-CE64-4065-AF54-FA66BAF31FE8}\SETUP.EXE" -l0x9
CA Anti-Virus-->"C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u /product=av
Celtic Kings -- Rage of War-->C:\PROGRA~1\STRATE~1\CELTIC~1\UNWISE.EXE C:\PROGRA~1\STRATE~1\CELTIC~1\INSTALL.LOG
Clive Barker's Undying(tm)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{631A0B87-B0B7-4B47-00A2-119A4B942EB6}\setup.exe" -l0x9 Uninstall
Conflict Desert Storm II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08F0DDCB-05C1-4A0E-B9E7-9EE077A2EDAD}\setup.exe" -l0x9
DOOM II-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\DOOM II\DOOM II\DOOMII.isu"
Dungeon Lords-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4EC24B6B-6C6F-49EF-8856-0FF7634C2F4D}\setup.exe" -l0x9
Dungeon Lords-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F41D7749-D973-42E7-BD80-64309766C39E}\setup.exe" -l0x9 -removeonly
DVD Region+CSS Free 5.9.4.0-->"C:\Program Files\DVD Region+CSS Free\unins000.exe"
DVD Solution-->"C:\Program Files\Uninstall_CDS.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Evil Islands-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34034600-FB40-4542-BF97-A87AF0A45BFF}\Setup.exe" -l0x9
GetRight-->C:\Program Files\GetRight\GETRIGHT.EXE /UNINSTALL
Ghost Recon Advanced Warfighter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFC97089-04D6-42CE-A707-A343B4A7D2CD}\Setup.exe" -l0x9
Ghost Recon-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D89EF3B3-6F17-4665-B7A9-A4235A6DC787}\setup.exe"
Gods - Lands of Infinity-->"C:\Program Files\Strategy First\Gods - LOI SE\Uninstall Information\unins000.exe"
Ground Control II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21C41BAF-6F62-469D-A43B-DDF01628346E}\setup.exe" -l0x9
HijackThis 2.0.2-->"C:\Documents and Settings\Brian\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Icewind Dale II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{588C135F-0B15-4A02-8F2D-04697BE2904E}\setup.exe" -l0x9
Interstate '76 Nitro Pack-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Activision\I76Nitro\Uninst.isu"
Jagged Alliance 2 Gold Pack-->C:\PROGRA~1\STRATE~1\JAGGED~1\UNWISE.EXE C:\PROGRA~1\STRATE~1\JAGGED~1\INSTALL.LOG
Kaspersky Online Scanner-->C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Medal of Honor Allied Assault-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x9
Medal of Honor Pacific Assault(tm) Patch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA586D1D-6E4B-4A05-B956-4ACF063BA711}\setup.exe" -l0x9 -removeonly
Medal of Honor Pacific Assault(tm)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}\Setup.exe" -l0x9 -removeonly
Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
MINDA Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{339ABC2E-AA2B-46B1-A5F7-B2B0AA1D16C1}\Setup.exe" -l0x9 anything
Morrowind-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\MWUninstall\setup.exe" -l0x9
Multimedia Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Neverwinter Nights-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C503E58-B2BC-11D5-978A-0050BA84F5F7}\setup.exe" -l0x9
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA DVD Decoder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}\setup.exe" -l0x9 -uninstall
NVIDIA Media Center extensions for DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED5FE275-944A-4E31-A109-FC9CD9E5AEA4}\setup.exe" -l0x9 -uninstall
Prince of Persia T2T-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}\setup.exe" -l0x9 -removeonly
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Redline-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Accolade\Redline\Uninst.isu" -c"C:\Program Files\Accolade\Redline\Uninst.dll"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\INSTALL.LOG
Sound Blaster 5.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD196DAC-F550-46C5-9D3A-FD04474C1FCC}\SETUP.EXE" -l0x9
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Sudden Strike Gold-->C:\Program Files\Sudden Strike Gold\uninstall.exe
Sunbelt Personal Firewall-->MsiExec.exe /X{BFD080F6-3BF0-40E1-9507-9CA969C35870}
Supreme Commander Demo-->C:\Program Files\InstallShield Installation Information\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B1848}\setup.exe -runfromtemp -l0x0009 -removeonly
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Terracide-->C:\WINDOWS\uninst.exe -fC:\Terracide\DeIsL1.isu
TES Construction Set-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9
Tomb Raider: Legend 1.0-->C:\Program Files\Tomb Raider - Legend\uninsttrl.exe
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
USB Vibration Joystick-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA12FD6C-169A-11D7-A6A9-00C026281E5A}\setup.exe" -l0x9
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Media Center Edition 2005 KB908250-->"C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Zboard (TM) Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B5658E-5E34-45C1-AAFA-8AF997684928}\Setup.exe" -l0x9

======Security center information======

AV: CA Anti-Virus
FW: Sunbelt Personal Firewall

======System event log======

Computer Name: YOUR-02F33F0187
Event Code: 1073
Message: The attempt to power off YOUR-02F33F0187 failed

Record Number: 102077
Source Name: USER32
Time Written: 20091001221556.000000+780
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-02F33F0187
Event Code: 7000
Message: The Sunbelt Personal Firewall 4 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 102023
Source Name: Service Control Manager
Time Written: 20091001121951.000000+780
Event Type: error
User:

Computer Name: YOUR-02F33F0187
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the Sunbelt Personal Firewall 4 service to connect.

Record Number: 102022
Source Name: Service Control Manager
Time Written: 20091001121951.000000+780
Event Type: error
User:

Computer Name: YOUR-02F33F0187
Event Code: 7000
Message: The Sunbelt Personal Firewall 4 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 101761
Source Name: Service Control Manager
Time Written: 20090928191916.000000+780
Event Type: error
User:

Computer Name: YOUR-02F33F0187
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the Sunbelt Personal Firewall 4 service to connect.

Record Number: 101760
Source Name: Service Control Manager
Time Written: 20090928191916.000000+780
Event Type: error
User:

=====Application event log=====

Computer Name: YOUR-02F33F0187
Event Code: 1000
Message: Faulting application kpf4ss.exe, version 4.5.916.0, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Record Number: 6683
Source Name: Application Error
Time Written: 20090504053951.000000+720
Event Type: error
User:

Computer Name: YOUR-02F33F0187
Event Code: 1000
Message: Faulting application kpf4ss.exe, version 4.5.916.0, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Record Number: 6673
Source Name: Application Error
Time Written: 20090501060405.000000+720
Event Type: error
User:

Computer Name: YOUR-02F33F0187
Event Code: 1000
Message: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x519857d0.

Record Number: 6472
Source Name: Application Error
Time Written: 20090409205121.000000+720
Event Type: error
User:

Computer Name: YOUR-02F33F0187
Event Code: 1000
Message: Faulting application mlp_manager.exe, version 6.0.5.0, faulting module kernel32.dll, version 5.1.2600.5512, fault address 0x00012aeb.

Record Number: 5987
Source Name: Application Error
Time Written: 20090224062233.000000+780
Event Type: error
User:

Computer Name: YOUR-02F33F0187
Event Code: 212
Message:
Record Number: 5978
Source Name: FirebirdGuardianDefaultInstance
Time Written: 20090223155404.000000+780
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 7 Stepping 10, AuthenticAMD
"PROCESSOR_REVISION"=070a
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
 
Hi Tony,

Don't see any sign of clicktiluwin, but lets do this.


You need to enable windows to Show all Files and Folders
Instructions for your Operating System HERE




Backup Your Registry with ERUNT:
  • Download erunt.zip to your Desktop from here:
    http://aumha.org/downloads/erunt.zip
  • Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
  • Inside the new folder, double-click ERUNT.exe to start the program
  • OK all the prompts to back up your registry to the default location.
Note: to restore your registry, go to the backup folder and start ERDNT.exe


Go to Task Manager and stop process on these, keep in mind there may be two explorer.exe so look them over carefully

ClickTillUWin
dlder.exe
explorer.exe

If you only see one explorer.exe running then leave it be
C:\Windows\explorer <--Not this one
C:\Windows\explorer\explorer.exe <--This one




REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Dlder"=-
[HKEY_LOCAL_MACHINE\Software\games]
"ClickTillUWin"=-
Click to expand...

Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.

If you saved the file correctly it should look like this
reg.jpg




Delete the files in RED
C:\Windows\dlder.exe
C:\Windows\explorer\explorer.exe
C:\Windows\explorer <--Not this one.


Reboot and lets see if this helped
 
Hello Ken, ClickTillUWin,dlder.exe, are not in my task manager however I do have 2 iexplorers in my task manager. I could not find
C:\Windows\dlder.exe or C:\Windows\explorer\explorer.exe either. There are a explorer.exe and a explorer in Windows. Clicking on
explorer takes you to Local disk C and clicking on explorer.exe takes you to My Documents. The clicktilluwin in my registry is
located in Hkey Local Machine Hkey users S-1-5-21-1202660629-823518204-725345543-1004 Software Microsoft Search Assistant
ACMru 5603.
 
Your path to clicktiluwin does not make sense, you must have copied it wrong. Did you run the reg fix I posted ?

Open up Spybot Search and Destroy , go to Help> About and make sure its the latest version 1.6.2, if not uninstall it and download and install from this link.

http://www.safer-networking.org/en/home/index.html


Check for Updates and run a full scan, it should remove Clicktiluwin
 
Good Morning Tony

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: 
    :reg
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



Then do this one with SystemLook

:regfind
ClickTillUWin
 
Last edited:
Hello Ken, yes you are right I have made a mistake it was located in My Computer Hkey users S-1-5-21-1202660629-823518204-725345543-1004 Software Microsoft Search Assistant
ACMru 5603. Yes I have run the regfix that you have told me to do. I have run a full scan using the latest Spybot that is fully updated but all it picked up is 2 tracking Cookies.
When I was intalling Spybot I did the full instalation however there was an option to install "Explorer file scan plugin(in file context menu)"
and I did not put a tick in this box. Was I suppossed do to this? I think there is definetly something wrong because Explorer.exe
is now about 9to10% where as before it was around 6to8% CPU. It is now 72000k Mem Usage where as before it was around 20000k to 30000k and my computer now is
often times freezing up for 20 seconds or more.
 
Hello Ken, yes sorry I did not see your last post before I made my last reply. I will do what you have told me to do and then report back.
 
Hello Ken, here is the imformation you have requested

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 14:17 on 11/11/2009 by Brian (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe"
"CAVRID"=""C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe""
"cctray"=""C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe""
"ehTray"="C:\WINDOWS\ehome\ehtray.exe"
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
"SoundMan"="SOUNDMAN.EXE"
"UpdReg"="C:\WINDOWS\UpdReg.EXE"


-=End Of File=-


SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 14:19 on 11/11/2009 by Brian (Administrator - Elevation successful)

========== regfind ==========

Searching for "ClickTillUWin"
No data found.

-=End Of File=-
 
Tony,

I could be wrong but this may not be malware related. First off I see a ton of games installed, there could be one or more conflicting. I have seen some computers with lots of games and sometimes they cause issues.

Another thing

CA Internet Security Suite
You have this installed and it includes a firewall


C:\Program Files\Sunbelt Software\Personal Firewall
So no need for this one, uninstall it via Add Remove Programs, you should not have two firewalls running at the same time.



Why don't you post here and see if they can help you sort out some of your programs. I will keep this thread open for you for a week or so , post back and let me know if they fixed anything.

This is our sister site
http://forums.whatthetech.com/Microsoft_Windows_f119.html

Ken
 
Hello Ken, yes I have CA internet Security installed but I only have the Antivirus component. I have registered at What The Tech and will let you know what they tell me.
 
OK Tony, thanks for letting me know, you can link them to this thread if you like to let them see what we have done .
 
Hello Ken, you are right. I have been told that the problem is being caused by an update to CA Antivirus in late september. I looked on the
CA forum and there was a workaround but it does not work for me. It appears for the meantime at least I will have to just put
up with it. I understand now that the Clicktilluwin only has shown up in Search Assistant because I have searched for this
file using the seach companion in Windows. Thank you very much for trying to help me.
 
You must log in or register to reply here.
Back
Top