Hello,

Is there someone who could walk me through manual removal of Backdoor.Tidserv!inf. I cannot understand what the moderators are doing while reading users log files without detailed explanation. Norton is a fag for this.

Thank You,

-Nathan Fakhouri
Removed email address

Moderators are more than likely making sure what is posted meets our Terms of Use and keeping you safe. An example would be removing email addresses in posts.

This post has been edited by Octagonal: Nov 29 2008, 09:10 PM

Hello nateb4s5 and welcome to Geeks to Go! My is Dave and I'll be helping you to clean your computer.

The first thing I need you to do is go to this page and follow the instructions there: You must read this before posting a HijackThis log. These are some preliminary steps designed to deal with the most common problems. If you follow the procedures and your problems disappear, then great - let us know of your success. If you're still having trouble when you get to Step 5 - Posting a HijackThis (HJT) log, follow the steps for downloading and creating a log with HJT. Then post the logs from HijackThis and Malwarebytes' Anti-Malware here in a reply to this thread so I can take a look at them and get an idea of what's going on with your computer.

The logs we ask for show us the places malware most commonly hides on your computer, or sometimes search for one specific infection. We look through the results of them and determine what needs to be removed an how best to go about removing it. So please post me the logs from HJT and MBAM so we can get started.

- Dave

I did everything you asked, including installing windows service pack3. Since I realized there was a Virus, the only symptons I could discover are having 4 svchots.exe in my processes and when trying to read FAQ files or trying to Email support at the Samsung web site, the browser gets closed and plays a sound something like a COW getting wacked, even some misdirected google searches.

Here is the info you requested:

HijackThis Log

-----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:21:34 PM, on 11/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.instafinder.com/addsearch.asp?err=ADD&url=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdxhh.exe] C:\WINDOWS\system32\kdxhh.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8250 bytes


-----------------------------------




HijackThis Uninstall List
------------------------------------

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 6.0
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Spyware Protection
AOL Toolbar
AOL You've Got Pictures Screensaver
AppCore
Ask Toolbar
AV
BigFix
Bluesoleil2.6.0.8 Release 070517
ccCommon
Digital Media Reader
ERUNT 1.1j
getPlus® for Adobe
GoldenCasino
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Deskjet 6500
HP Software Update
Instafinder
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet
Internet Worm Protection
Jackpot Capital
Java 2 Runtime Environment, SE v1.4.2
Kazaa 3.2.7
Kazaa Lite Resurrection 0.0.9
Learn2 Player (Uninstall Only)
LimeWire 4.14.7
LiveUpdate 3.1 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MonkeyBongo - Free SMS Now!
MonkeyBongo - Midi Editor
MonkeyBongo - Upload2Phone
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero 8 Essentials
neroxml
Norton AntiVirus
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
PokerStars
PowerDVD
Pure Networks Port Magic
QuickTime
RealPlayer Basic
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SoftV92 Data Fax Modem with SmartCP
SoundMAX
SPBBC 32bit
Symantec
Update for Windows XP (KB951072-v2)
VCRedistSetup
Viewpoint Media Player
WavePad Sound Editor
Windows Backup Utility
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3

----------------------------------




Thank You

Hi nate -

I see you're using p2p software such as Kazaa and Limewire. Although p2p programs are not usually malware in their own right, oftentimes malware is installed alongside them. Even if the program is clean, people can and quite often do upload infected files to be shared using these programs, and it is very easy to end up compromising your PC. It's your decision about whether or not you use p2p programs, you don't have to remove them to be deemed clean and we'll still give you help if you want to keep them. However, it is important that you are aware of the risks. If you want to continue using p2p programs that's fine with me, all I ask is that you not download anything from them until you're clean so we aren't taking steps backwards here. To remove p2p programs if you wish to do so, uninstall them from the Add/Remove Programs (it's Programs and Features in Vista) menu of your Control Panel.

In addition to any p2p apps you choose to remove, please uninstall the following from Add/Remove Programs in your Control Panel:

Instafinder
Viewpoint Media Player (and anything else that says Viewpoint)

Then:

1. Toolbar S&D

Please download ToolBar S&D to your desktop.

• Disable any protection software you're running (Antivirus, Firewall, etc.) so they don't interfere with the scan. Look here for program-specific instructions if you don't know how.
• Double-click ToolBar S&D.exe to run it.
• Choose the language, then choose Option 2 (Fix).
• Allow the scan to complete.
• Post the log which was created, if it didn't appear in notepad at the end of the scan it's located at C:\TB.txt

In your next reply I need your decision on p2p programs and the log from Toolbar S&D.

- Dave

Hello,

Instafinder, all P2P, and Viewpoint have been removed.

Here is the log file from Toolbar S&D:


-----------\\ ToolBar S&D 1.2.5 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel® Celeron® CPU 2.93GHz )
BIOS : BIOS Date: 08/18/04 20:53:52 Ver: 08.00.10
USER : Owner ( Administrator )
BOOT : Normal boot
Antivirus : Norton AntiVirus 2007 (Not Activated)
Firewall : Norton AntiVirus 2007 (Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:63 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
Option : [2] ( Mon 12/01/2008|20:04 )

-----------\\ FIX

Deleted! - C:\Program Files\AskTBar\bar
Deleted! - C:\Program Files\AskTBar\PopSwatr
Deleted! - C:\Program Files\AskTBar\SrchAstt
Deleted! - C:\DOCUME~1\Owner\Desktop\kazaa_setup_PConline.exe
Deleted! - C:\DOCUME~1\Owner\Cookies\owner@mysearch[2].txt
Deleted! - C:\Program Files\AskTBar
Deleted! - C:\Program Files\KaZaA

-----------\\ Searching for Files - Folders ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
"Search Bar"="http://g.msn.com/0SEENUS/SAOS01"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68929"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68928"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.msn.com/"


--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Owner\Desktop\evolver\03-311-crack_the_code-csr.mp3



1 - "C:\ToolBar SD\TB_1.txt" - Mon 12/01/2008|20:06 - Option : [2]

-----------\\ Scan completed at 20:06:21.67



Thank You,
-Nate

Good, that took care of some stuff, let's see where we're at now:

1. Random's System Information Tool

• Please download random's system information tool (RSIT) by random/random from here.
• It is important that is saved directly to your desktop.
• Double click on RSIT.exe to run RSIT.
• Leave the file age at the default of 1 month, and click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Note: It is likely that the 2 logs will be very long and may not fit into one reply. If that's the case, please split them up into multiple replies and ensure that you've posted the contents of the logs to the last line, which should read ---EOF---.

Just the 2 RSIT logs in your next reply.

- Dave

RSIT log.txt


Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-12-02 20:19:35
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 65 GB (85%) free of 76 GB
Total RAM: 503 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:44 PM, on 12/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdxhh.exe] C:\WINDOWS\system32\kdxhh.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7624 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ISP signup reminder 2.job
C:\WINDOWS\tasks\ISP signup reminder 3.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Owner.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - AOL Toolbar - C:\Program Files\AOL Toolbar\toolbar.dll [2004-03-22 390256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"SunKistEM"=C:\Program Files\Digital Media Reader\shwiconem.exe [2004-03-11 135168]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe [2006-01-13 172032]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2006-01-13 49152]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-09-03 84640]
"osCheck"=C:\Program Files\Norton AntiVirus\osCheck.exe [2006-09-05 26248]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2004-08-09 98304]
"C:\WINDOWS\system32\kdxhh.exe"=C:\WINDOWS\system32\kdxhh.exe []
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2004-04-07 496752]
"AOL Spyware Protection"=C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe [2004-03-19 78960]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-01-29 323584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
2008-12-02 20:19:35 ----D---- C:\rsit
2008-12-02 03:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-02 03:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-01 20:04:36 ----A---- C:\TB.txt
2008-12-01 20:03:34 ----D---- C:\ToolBar SD
2008-12-01 14:29:15 ----D---- C:\Program Files\Slots Plus Casino
2008-12-01 11:23:04 ----D---- C:\WINDOWS\LastGood
2008-11-30 20:20:51 ----D---- C:\Program Files\Trend Micro
2008-11-30 20:11:31 ----D---- C:\WINDOWS\Prefetch
2008-11-30 19:48:41 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-30 19:48:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-30 19:48:20 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-30 19:48:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-30 19:47:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-30 19:47:43 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-30 19:47:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-30 19:47:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-30 19:47:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-30 19:46:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-30 19:46:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-30 19:46:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-30 19:46:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-30 19:46:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-30 19:45:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-30 19:45:48 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-30 19:45:37 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-30 19:45:28 ----D---- C:\WINDOWS\LastGood.Tmp
2008-11-30 19:40:34 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-11-30 19:40:34 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-11-30 19:40:28 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-11-30 19:40:27 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-11-30 19:40:27 ----N---- C:\WINDOWS\system32\azroles.dll
2008-11-30 19:40:26 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-11-30 19:40:26 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-11-30 19:40:26 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-11-30 19:40:26 ----N---- C:\WINDOWS\system32\credssp.dll
2008-11-30 19:40:25 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-11-30 19:40:25 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-11-30 19:40:25 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-11-30 19:40:25 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-11-30 19:40:25 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-11-30 19:40:25 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-11-30 19:40:25 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-11-30 19:40:25 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-11-30 19:40:24 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-11-30 19:40:24 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-11-30 19:40:24 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-11-30 19:40:24 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-11-30 19:40:24 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-11-30 19:40:24 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-11-30 19:40:24 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-11-30 19:40:21 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-11-30 19:40:21 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-11-30 19:40:21 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-11-30 19:40:21 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-11-30 19:40:20 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-11-30 19:40:20 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-11-30 19:40:20 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-11-30 19:40:20 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-11-30 19:40:20 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-11-30 19:40:20 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-11-30 19:40:19 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-11-30 19:40:19 ----N---- C:\WINDOWS\system32\mssha.dll
2008-11-30 19:40:18 ----N---- C:\WINDOWS\system32\onex.dll
2008-11-30 19:40:18 ----N---- C:\WINDOWS\system32\napstat.exe
2008-11-30 19:40:18 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-11-30 19:40:18 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-11-30 19:40:17 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-11-30 19:40:17 ----N---- C:\WINDOWS\system32\qutil.dll
2008-11-30 19:40:17 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-11-30 19:40:17 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-11-30 19:40:17 ----N---- C:\WINDOWS\system32\qagent.dll
2008-11-30 19:40:17 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-11-30 19:40:16 ----N---- C:\WINDOWS\system32\setupn.exe
2008-11-30 19:40:16 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-11-30 19:40:15 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-11-30 19:40:15 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-11-30 19:40:14 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-11-30 19:40:14 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-11-30 19:40:14 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-11-30 19:40:14 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-11-30 19:40:10 ----D---- C:\WINDOWS\system32\scripting
2008-11-30 19:40:08 ----D---- C:\WINDOWS\l2schemas
2008-11-30 19:40:07 ----D---- C:\WINDOWS\system32\en
2008-11-30 19:40:06 ----D---- C:\WINDOWS\system32\bits
2008-11-30 19:33:22 ----A---- C:\WINDOWS\005305_.tmp
2008-11-30 13:45:16 ----D---- C:\WINDOWS\ERDNT
2008-11-30 13:44:35 ----D---- C:\Program Files\ERUNT
2008-11-29 17:12:07 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-11-29 17:11:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-29 17:11:58 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-29 15:58:13 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-28 20:04:31 ----A---- C:\WINDOWS\ModemLog_Bluetooth DUN Modem.txt
2008-11-27 23:56:08 ----D---- C:\Documents and Settings\Owner\Application Data\Music Recognition
2008-11-26 23:08:55 ----D---- C:\Documents and Settings\Owner\Application Data\Recordpad
2008-11-26 23:08:55 ----D---- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
2008-11-26 23:08:55 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-11-26 23:08:49 ----D---- C:\Program Files\NCH Software
2008-11-26 23:08:17 ----D---- C:\Program Files\NCH Swift Sound
2008-11-26 23:06:47 ----D---- C:\Program Files\TallStick
2008-11-26 22:35:49 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-26 22:33:58 ----A---- C:\WINDOWS\system32\pwmdtl40.dll
2008-11-26 22:33:58 ----A---- C:\WINDOWS\system32\cwsmaf40.dll
2008-11-26 22:33:58 ----A---- C:\WINDOWS\system32\cwpwmd10.dll
2008-11-26 22:33:57 ----A---- C:\WINDOWS\system32\vorbisenc.dll
2008-11-26 22:33:57 ----A---- C:\WINDOWS\system32\vorbis.dll
2008-11-26 22:33:57 ----A---- C:\WINDOWS\system32\ogg.dll
2008-11-26 22:33:57 ----A---- C:\WINDOWS\system32\MP3enc.dll
2008-11-26 22:33:57 ----A---- C:\WINDOWS\system32\Mp3dec.dll
2008-11-26 22:33:57 ----A---- C:\WINDOWS\system32\DGVorbis.dll
2008-11-26 22:33:56 ----A---- C:\WINDOWS\system32\vorbisfile.dll
2008-11-26 22:33:56 ----A---- C:\WINDOWS\system32\gdiplus.dll
2008-11-26 22:33:55 ----A---- C:\WINDOWS\system32\lame_enc.dll
2008-11-26 22:33:54 ----A---- C:\WINDOWS\system32\viscomtran.dll
2008-11-26 22:33:54 ----A---- C:\WINDOWS\system32\viscomqtenc.dll
2008-11-26 22:33:54 ----A---- C:\WINDOWS\system32\viscomqtde.dll
2008-11-26 22:33:54 ----A---- C:\WINDOWS\system32\viscomframe.dll
2008-11-26 22:33:54 ----A---- C:\WINDOWS\system32\viscomaudioencoder.dll
2008-11-26 22:33:54 ----A---- C:\WINDOWS\system32\viscomaudiodata.dll
2008-11-26 22:33:53 ----D---- C:\Program Files\Polyphonic Wizard
2008-11-26 22:33:53 ----A---- C:\WINDOWS\system32\viscomwave.dll
2008-11-26 00:04:12 ----A---- C:\WINDOWS\War3Unin.exe
2008-11-26 00:01:01 ----D---- C:\Program Files\Warcraft III
2008-11-24 22:33:48 ----D---- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-11-24 22:33:16 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-24 22:33:16 ----A---- C:\WINDOWS\system32\java.exe
2008-11-24 22:20:29 ----D---- C:\Documents and Settings\Owner\Application Data\Kazaa Lite
2008-11-24 22:05:27 ----A---- C:\BDELog.txt
2008-11-24 21:56:42 ----D---- C:\Program Files\Common Files\eSellerate
2008-11-24 19:39:02 ----D---- C:\Program Files\MonkeyBongo
2008-11-24 16:48:41 ----D---- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-11-24 16:44:47 ----D---- C:\Program Files\IVT Corporation
2008-11-21 19:26:14 ----D---- C:\Documents and Settings\Owner\Application Data\VTExtra
2008-11-21 19:23:53 ----D---- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-11-19 16:54:04 ----D---- C:\Program Files\Jackpot Capital
2008-11-12 03:02:11 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-11-12 03:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-11-12 03:00:54 ----SHD---- C:\Config.Msi
======List of files/folders modified in the last 1 months======

2008-12-02 17:20:28 ----D---- C:\WINDOWS\Temp
2008-12-02 03:00:51 ----HD---- C:\WINDOWS\inf
2008-12-02 03:00:50 ----D---- C:\WINDOWS
2008-12-02 03:00:49 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-02 03:00:49 ----D---- C:\WINDOWS\system32
2008-12-02 03:00:39 ----A---- C:\WINDOWS\imsins.BAK
2008-12-02 00:19:41 ----D---- C:\Program Files\PokerStars
2008-12-01 20:05:14 ----D---- C:\Program Files
2008-12-01 20:01:34 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-01 20:01:13 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-01 11:23:17 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-01 03:53:53 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-30 20:15:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-30 20:13:51 ----A---- C:\WINDOWS\win.ini
2008-11-30 20:12:36 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-30 20:12:10 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-30 20:10:47 ----A---- C:\WINDOWS\setuplog.txt
2008-11-30 20:09:22 ----D---- C:\WINDOWS\system32\wbem
2008-11-30 20:09:22 ----D---- C:\WINDOWS\system32\Setup
2008-11-30 20:09:22 ----D---- C:\WINDOWS\AppPatch
2008-11-30 20:09:21 ----RSD---- C:\WINDOWS\Fonts
2008-11-30 20:09:18 ----D---- C:\WINDOWS\system32\drivers
2008-11-30 20:08:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-30 19:51:12 ----D---- C:\WINDOWS\security
2008-11-30 19:49:40 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-30 19:45:49 ----D---- C:\Program Files\Messenger
2008-11-30 19:40:43 ----D---- C:\WINDOWS\WinSxS
2008-11-30 19:40:35 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-30 19:40:31 ----D---- C:\WINDOWS\network diagnostic
2008-11-30 19:40:31 ----D---- C:\WINDOWS\ime
2008-11-30 19:40:30 ----D---- C:\WINDOWS\Help
2008-11-30 19:40:12 ----D---- C:\WINDOWS\system32\usmt
2008-11-30 19:40:12 ----D---- C:\WINDOWS\system32\en-US
2008-11-30 19:40:07 ----SHD---- C:\WINDOWS\Installer
2008-11-30 19:40:06 ----D---- C:\WINDOWS\peernet
2008-11-30 19:40:06 ----D---- C:\Program Files\Movie Maker
2008-11-30 19:36:33 ----D---- C:\WINDOWS\system32\Restore
2008-11-30 19:36:33 ----D---- C:\WINDOWS\system32\npp
2008-11-30 19:36:31 ----D---- C:\WINDOWS\msagent
2008-11-30 19:36:30 ----D---- C:\WINDOWS\srchasst
2008-11-30 19:36:28 ----D---- C:\Program Files\NetMeeting
2008-11-30 19:36:26 ----D---- C:\WINDOWS\system32\Com
2008-11-30 19:36:23 ----D---- C:\Program Files\Windows NT
2008-11-30 19:36:23 ----D---- C:\Program Files\Windows Media Player
2008-11-30 19:36:23 ----D---- C:\Program Files\Outlook Express
2008-11-30 19:36:19 ----D---- C:\Program Files\Common Files\System
2008-11-30 19:36:03 ----D---- C:\WINDOWS\system32\oobe
2008-11-30 19:36:01 ----D---- C:\WINDOWS\system
2008-11-30 19:33:16 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-30 19:33:00 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-30 19:28:16 ----D---- C:\WINDOWS\EHome
2008-11-30 18:26:40 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-30 14:40:56 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-30 13:46:04 ----RASH---- C:\boot.ini
2008-11-30 13:46:04 ----A---- C:\WINDOWS\system.ini
2008-11-30 13:46:03 ----D---- C:\WINDOWS\pss
2008-11-29 17:54:26 ----D---- C:\Program Files\Java
2008-11-28 21:59:48 ----D---- C:\Program Files\Norton AntiVirus
2008-11-28 21:46:17 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-11-27 22:39:38 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-24 21:56:42 ----D---- C:\Program Files\Common Files
2008-11-20 15:09:29 ----D---- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-11-02 5632]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-10-03 187952]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-08-09 8552]
R2 MaVctrl;MaVctrl; C:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2005-08-18 11473]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-01-16 12970]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2004-01-29 122110]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2004-01-29 99002]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-05-11 34704]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-05-09 36496]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-09-25 140800]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-13 1042816]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-11-13 210304]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-01-29 95579]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081202.004\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081202.004\NAVEX15.SYS []
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-03-31 5888]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-03-18 542976]
R3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-10-03 12848]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-10-03 146096]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-10-03 39984]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20081127.001\SymIDSCo.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-10-03 35120]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-10-03 27696]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-11-13 679808]
S3 mad600m;mad600m; C:\WINDOWS\System32\Drivers\mad600m.sys [2005-06-16 25044]
S3 mad600u;mad600u; C:\WINDOWS\System32\Drivers\mad600u.sys [2005-11-08 51038]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 SunkFilt39;Alcor Micro Corp - 3239; \??\C:\WINDOWS\System32\Drivers\sunkfilt39.sys []
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-14 73472]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2004-04-07 1135728]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-09-02 198336]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-09-03 105632]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-09-03 105632]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-09-03 105632]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-09-03 105632]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2006-09-01 46736]
R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-10-14 1251720]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 ISPwdSvc;Symantec IS Password Validation; C:\Program Files\Norton AntiVirus\isPwdSvc.exe [2006-09-05 79496]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 NetSvc;Intel NCS NetService; c:\Program Files\Intel\NCS\Sync\NetSvc.exe [2002-09-27 139264]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-10-15 382248]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

RSIT info.txt:


info.txt logfile of random's system information tool 1.04 2008-12-02 20:19:48

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
America Online (Choose which version to remove)-->C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOL Coach Version 1.0(Build:20040229.1 en)-->C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Connectivity Services-->C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
AOL Spyware Protection-->C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
AOL Toolbar-->"C:\Program Files\AOL Toolbar\UNWISE.EXE" /u "C:\Program Files\AOL Toolbar\INSTALL.LOG"
AOL You've Got Pictures Screensaver-->C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Ask Toolbar-->rundll32 C:\PROGRA~1\AskTBar\bar\1.bin\AskTBar.dll,O
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
BigFix-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Bluesoleil2.6.0.8 Release 070517-->MsiExec.exe /X{438BB9B4-65FE-4626-91D9-A8F57B18001D}
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
getPlus® for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
GoldenCasino-->C:\Program Files\InstallShield Installation Information\{8EF1FB4F-5C75-4B9E-B55E-061465DD05E0}\setup.exe -runfromtemp -l0x0009 -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Deskjet 6500-->msiexec /x{3D50E33F-0DB8-4E3B-B75C-2B872A33D87B}
HP Software Update-->MsiExec.exe /X{B81023A5-71ED-46EB-BE3B-9F974D1155F1}
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Intel® PROSet-->MsiExec.exe /I{EF4EF65F-4D62-44D7-82C9-1AECCBA74C50}
Internet Worm Protection-->MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
Jackpot Capital-->"C:\Program Files\Jackpot Capital\Install.exe" -u
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveUpdate 3.1 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MonkeyBongo - Free SMS Now!-->C:\Program Files\MonkeyBongo\Free SMS Now!\Uninstall.exe
MonkeyBongo - Midi Editor-->C:\Program Files\MonkeyBongo\Midi Editor\Uninstall.exe
MonkeyBongo - Upload2Phone-->C:\Program Files\MonkeyBongo\Upload2Phone\Uninstall.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 8 Essentials-->MsiExec.exe /X{50BC0FF8-F19C-42C3-AB28-55280DA21033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton AntiVirus (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X
Norton AntiVirus Help-->MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI-->MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton AntiVirus-->MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Protection Center-->MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Pure Networks Port Magic-->C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Uninstall -ShowUI
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe