[loketje]

Hi,

two days ago when trying to send an email I received the following error :

The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was 'removed email address'. Subject 'test12', Account: 'mail.chello.nl', Server: 'smtp.upcmail.nl', Protocol: SMTP, Server Response: '550 5.1.1 <removed email address> recipient rejected 213.46.54.222 is in RBL', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79

My ISP told me there was nothing they could do because there probably was some malware on my pc sending spam.
I have three pc's networked behind a router that according to shields up are totally stealthed.

I immediately restored my primary pc from a ghost image and followed your malware removal program to the letter.
A vunda virus was found and removed, otherwise nothing was found.

I also scanned my other two pc's thoroughly.

Here's my hijackthis.log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39:06, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synergy\synergys.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rmctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
D:\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
D:\Ray Adams\ATI Tray Tools\atitray.exe
D:\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series (Copy 1)]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "EPSON Stylus Photo R300 Series

(Copy 1)" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [WinZip E-Mail Companion OEAPI] "d:\WinZip E-Mail Companion\loadwzco.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300

Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [DAEMON Tools] "d:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AtiTrayTools] "d:\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat

7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [TomTomHOME.exe] "d:\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program

Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program

Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL

SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK

SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma

Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) -

http://support.asus....ek_sys_ctrl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -

http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {22CF0C35-80CE-11D3-9354-00105AA793BF} (Ipa Control) -

http://www.immdesign.../IPAWebView.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.mi...eb_site.cab?119

0313032453
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{21706310-D267-4A3B-8714-9B4843B90C36}: NameServer =

62.179.104.196,212.142.28.69
O17 - HKLM\System\CS1\Services\Tcpip\..\{21706310-D267-4A3B-8714-9B4843B90C36}: NameServer =

62.179.104.196,212.142.28.69
O17 - HKLM\System\CS2\Services\Tcpip\..\{21706310-D267-4A3B-8714-9B4843B90C36}: NameServer =

62.179.104.196,212.142.28.69
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe

Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program

Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Synergy Server - Unknown owner - C:\Program Files\Synergy\synergys.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH -

C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 8345 bytes

thanks in advance for any tips on how to restore my mail sending capabilities

regards

Martin

Reason for edit: removed email address

Edited by Octagonal, 22 June 2008 - 05:23 AM.

[Advertisements]

I don't have permission to reply in the waiting room, so I hope this reply gets read.
My IP address is linked to the mac address of my router. It's supposed to be dynamic but it never changes, I've had the same IP address for years. Switching off the router and switching on again just gives me the same IP.
I know that changing my IP address would solve my problems but my ISP won't change it.
Is there a way to make absolutely sure my computer is not spamming and how can I get this ban to be lifted ?

regards

Martin

[loketje]

I don't have permission to reply in the waiting room, so I hope this reply gets read.
My IP address is linked to the mac address of my router. It's supposed to be dynamic but it never changes, I've had the same IP address for years. Switching off the router and switching on again just gives me the same IP.
I know that changing my IP address would solve my problems but my ISP won't change it.
Is there a way to make absolutely sure my computer is not spamming and how can I get this ban to be lifted ?

regards

Martin

[BHowett]

Hello and welcome to Geeks To Go! My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again.

The fixes may take several attempts and my replies may take some time but stick with it, and we will be sure to get you sorted.

I am looking over you log now, and I will post your first set of instructions shortly.

[BHowett]

Hi loketje,

I don’t see anything bad in you HijackThis log, so let’s take a deeper look and run an online scan just to make sure.

Fix with HijackThis

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - AutorunsDisabled - (no file)
O16 - DPF: {22CF0C35-80CE-11D3-9354-00105AA793BF} (Ipa Control) - http://www.immdesign.../IPAWebView.cab
O24 - Desktop Component 0: (no name) - (no file)



Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.


===============================================


ATF Cleaner

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

===============================================

Deckard's System Scanner

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

===============================================

Kaspersky WebScanner
please go to Kaspersky website and perform an online antivirus scan.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

===============================================

Needed in your next reply:

Deckard's System Scanner main.txt and extra.txt

Kaspersky WebScanner results

[BHowett]

Also the formatting of your fist post is messed up. This is caused by not having Word Wrap checked. So before you post the logs I requested please do this:

1. Click Start > All Programs > Accessories > Notepad
2. On the menu bar in Notepad select Format and click on WordWrap so it appears checked.

Thanks it makes it easier to read

[loketje]

Well, the scan took 18 hours, but here it is:

Deckard's System Scanner v20071014.68
Run by martin on 2008-06-25 18:12:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-06-25 16:13:13 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as martin.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:14:53, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synergy\synergys.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\rmctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
D:\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
D:\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\martin\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\martin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [DAEMON Tools] "d:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AtiTrayTools] "d:\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus....ek_sys_ctrl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190313032453
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{21706310-D267-4A3B-8714-9B4843B90C36}: NameServer = 62.179.104.196,212.142.28.69
O17 - HKLM\System\CS1\Services\Tcpip\..\{21706310-D267-4A3B-8714-9B4843B90C36}: NameServer = 62.179.104.196,212.142.28.69
O17 - HKLM\System\CS2\Services\Tcpip\..\{21706310-D267-4A3B-8714-9B4843B90C36}: NameServer = 62.179.104.196,212.142.28.69
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Synergy Server - Unknown owner - C:\Program Files\Synergy\synergys.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 7580 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080625-180815-249 O16 - DPF: {22CF0C35-80CE-11D3-9354-00105AA793BF} (Ipa Control) - http://www.immdesign.../IPAWebView.cab
backup-20080625-180815-394 O2 - BHO: (no name) - AutorunsDisabled - (no file)
backup-20080625-180822-869 O24 - Desktop Component 0: (no name) - (no file)
backup-20080625-180951-677 O24 - Desktop Component 0: (no name) - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 atitray - d:\ray adams\ati tray tools\atitray.sys
R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture>
R3 ha20x2k (Creative 20X HAL Driver) - c:\windows\system32\drivers\ha20x2k.sys <Not Verified; Creative Technology Ltd; Creative Audio Product>
R3 HCWBT8XX (Hauppauge WinTV 848/9 WDM Video Driver) - c:\windows\system32\drivers\hcwbt8xx.sys <Not Verified; Hauppauge Computer Works; WinTV WDM Driver>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 SaiMini - c:\windows\system32\drivers\saimini.sys <Not Verified; Saitek; Configuration Software>
R3 SaiNtBus - c:\windows\system32\drivers\saibus.sys <Not Verified; Saitek; Configuration Software>

S3 BOCDRIVE (BOClean Kernel Monitor.) - c:\program files\comodo\cboclean\bocdrive.sys (file missing)
S3 COMMONFX.DLL - c:\windows\system32\commonfx.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
S3 CTAUDFX.DLL - c:\windows\system32\ctaudfx.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
S3 CTEAPSFX.DLL - c:\windows\system32\cteapsfx.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
S3 CTEDSPFX.DLL - c:\windows\system32\ctedspfx.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
S3 CTEDSPIO.DLL - c:\windows\system32\ctedspio.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
S3 CTEDSPSY.DLL - c:\windows\system32\ctedspsy.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
S3 CTERFXFX.DLL - c:\windows\system32\cterfxfx.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
S3 CTSBLFX.DLL - c:\windows\system32\ctsblfx.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S4 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
S4 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
S4 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 O&O Defrag - c:\windows\system32\oodag.exe <Not Verified; O&O Software GmbH; O&O Defrag>
R2 Synergy Server - c:\program files\synergy\synergys.exe

S4 CTAudSvcService (Creative Audio Service) - c:\program files\creative\shared files\ctaudsvc.exe <Not Verified; Creative Technology Ltd; Creative Audio Service>
S4 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice (file missing)
S4 SandraDataSrv (SiSoftware Database Agent Service) - d:\sisoftware\sisoftware sandra lite xib\win32\rpcdatasrv.exe (file missing)
S4 SandraTheSrv (SiSoftware Sandra Agent Service) - d:\sisoftware\sisoftware sandra lite xib\rpcsandrasrv.exe (file missing)
S4 VMnetDHCP - c:\windows\system32\vmnetdhcp.exe <Not Verified; VMware, Inc.; VMware Workstation>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VIA Rhine II Fast Ethernet Adapter
Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_80ED1043&REV_78\3&267A616A&0&90
Manufacturer: VIA Technologies, Inc.
Name: VIA Rhine II Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_80ED1043&REV_78\3&267A616A&0&90
Service: FETND5BV


-- Scheduled Tasks -------------------------------------------------------------

2008-03-31 21:26:08 368 --a------ C:\WINDOWS\Tasks\Easy Onderhoud.job


-- Files created between 2008-05-25 and 2008-06-25 -----------------------------

2008-06-24 20:19:15 0 d-------- C:\Program Files\Shockwave 3D Lights Redux for FS9
2008-06-22 05:34:19 0 dr-h----- C:\Documents and Settings\martin\Recent
2008-06-21 21:38:30 0 d-------- C:\Program Files\Trend Micro
2008-06-21 12:20:49 0 d-------- C:\Cielosim


-- Find3M Report ---------------------------------------------------------------

2008-06-25 17:33:04 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-06-24 18:29:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-24 17:24:47 0 d-------- C:\Documents and Settings\martin\Application Data\Mozilla
2008-06-23 17:22:55 0 d-------- C:\Documents and Settings\martin\Application Data\Adobe
2008-06-21 16:49:21 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-21 16:44:12 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-21 16:37:58 0 d-------- C:\Program Files\Java
2008-04-27 08:17:41 0 d-------- C:\Program Files\Resource Kit
2008-04-26 07:06:57 0 d-------- C:\Program Files\Panda Security
2008-04-26 07:05:32 6626 --a------ C:\WINDOWS\mozver.dat
2008-04-25 20:49:08 0 d-------- C:\Documents and Settings\martin\Application Data\SUPERAntiSpyware.com
2008-04-25 20:48:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-25 20:39:19 0 d-------- C:\Documents and Settings\martin\Application Data\Malwarebytes
2008-04-25 20:33:21 0 d-------- C:\Program Files\Common Files
2008-04-25 20:33:21 0 d-------- C:\Program Files\Common Files\Download Manager


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo R300 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/16/2008 01:19]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" [04/21/2008 17:41]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"CTxfiHlp"="CTXFIHLP.EXE" [11/12/2007 22:43 C:\WINDOWS\system32\Ctxfihlp.exe]
"AtiPTA"="atiptaxx.exe" []
"RemoteControl"="C:\WINDOWS\system32\rmctrl.exe" [06/26/2004 11:27]
"nwiz"="nwiz.exe" []
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00]
"DAEMON Tools"="d:\DAEMON Tools\daemon.exe" [12/10/2005 16:57]
"CTHelper"="CTHELPER.EXE" [11/12/2007 22:43 C:\WINDOWS\system32\CtHelper.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 14:00]
"AtiTrayTools"="d:\Ray Adams\ATI Tray Tools\atitray.exe" [05/22/2007 11:04]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 17:45]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [12/02/2004 19:23]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"EPSON Stylus Photo R300 Series (Copy 1)"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /M "Stylus Photo R300" /EF "HKCU"

C:\Documents and Settings\martin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 19:16:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 23:05:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=01000000
"NoActiveDesktop"=01000000
"NoRecentDocsNetHood"=01000000
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06/21/2008 16:49 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 04/26/2008 07:01 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DirectOutput"=C:\Program Files\Saitek\DirectOutput\DirectOutputManager.exe
"ProfilerU"=C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
"SaiMfd"=C:\Program Files\Saitek\SD6\Software\SaiMfd.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe92c431-ec7a-11dc-b169-00173142cbd8}]
AutoRun\command- J:\start.exe




-- End of Deckard's System Scanner: finished at 2008-06-25 18:15:55 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 1023.36 MiB / 608.13 MiB
Pagefile Memory (total/avail): 2460.45 MiB / 2133.5 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.54 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 29.89 GiB total, 19 GiB free.
D: is Fixed (NTFS) - 248.77 GiB total, 25.39 GiB free.
E: is Fixed (NTFS) - 19.43 GiB total, 6.46 GiB free.
F: is Fixed (NTFS) - 55.48 GiB total, 17.83 GiB free.
G: is Fixed (FAT32) - 20.83 GiB total, 14.46 GiB free.
H: is CDROM (No Media)
I: is CDROM (No Media)
K: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - Maxtor 6Y080M0 - 76.33 GiB - 2 partitions
\PARTITION0 - Extended w/Extended Int 13 - 76.32 GiB - F: - G:

\\.\PHYSICALDRIVE0 - WDC WD3200KS-00PFB0 - 298.09 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 29.89 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 268.2 GiB - D: - E:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: COMODO Firewall Pro v3.0 (COMODO)
AV: avast! antivirus 4.8.1201 [VPS 080625-0] v4.8.1201 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\martin\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=IGOR
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\martin
LOGONSERVER=\\IGOR
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Support Tools\;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\martin\LOCALS~1\Temp
TMP=C:\DOCUME~1\martin\LOCALS~1\Temp
USERDOMAIN=IGOR
USERNAME=martin
USERPROFILE=C:\Documents and Settings\martin
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

martin (admin)
pruim (new local)
simu (new local, admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W
--> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
--> MsiExec.exe /I{98D1A713-438C-4A23-8AB6-41B37C4A2D47}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "d:\uTorrent\uninstall.exe"
737 Flight Transition CBT --> C:\WINDOWS\uninst.exe -fd:\737_CBT\DeIsL1.isu
Aangifte inkomstenbelasting 2007 --> C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\2007\ib2007u.exe
Abacus Mission WWI Dogfight for FSX --> MsiExec.exe /X{08468616-9678-43BF-A3DD-F6EA2B3CADA9}
AC3Filter (remove only) --> d:\AC3Filter\uninstall.exe
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
aerosoft's - MyTraffic 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{671A18C5-3182-4359-B1DA-986DB9C22A8C}\setup.exe" -uninst
Airbus Series Vol.2 (FS X) --> D:\Program Files\Microsoft Games\Microsoft Flight Simulator X\Uninstal_Airbus2X_wilco.exe
Aplicacion de control para tarjetas IOCARDs ver 3.2 --> MsiExec.exe /I{59146995-E743-4754-B6CA-A5D79CF60494}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Canon PowerShot A40 WIA Driver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PowerShot A40 WIA\Uninst.isu" -c"C:\Program Files\Canon\PowerShot A40 WIA\UNSTD113.dll"
CCleaner (remove only) --> "d:\CCleaner\uninst.exe"
ClearType Tuning Control Panel Applet --> MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
CloneDVD 4.1.0.23 --> "d:\CloneDVD\unins000.exe"
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
Corel Graphics Suite 11 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{07A540AB-D785-11D5-8E89-0090275862A0}
Creative Audio Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
DH Driver Cleaner Professional Edition --> d:\Driver Cleaner Pro\Uninstall.exe
DVD Shrink 3.2 --> "d:\DVD Shrink\unins000.exe"
EditVoicepack --> MsiExec.exe /I{1EC65D1D-3911-4F7D-8B6A-63C69EDBFC6E}
eMule --> "d:\eMule\Uninstall.exe"
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Europese landschappen in detail --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6EA9D653-2D11-4B60-9C98-9732BB821845}\setup.exe" -l0x13
F22 Air Dominance Fighter --> C:\WINDOWS\uninst.exe -fd:\DID\F22ADF\DeIsL1.isu
FireTune --> C:\WINDOWS\iun6002.exe "d:\FireTune\irunin.ini"
Flight Simulator X -->
Flight Simulator X Service Pack 1 -->
Free DWG Viewer 5.4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}\setup.exe" -l0x9 -removeonly
FS EARTH v.5.0 --> e:\Program Files\Microsoft Games\Flight Simulator 9\Uninstallfsearth.exe
FSAutoStart --> MsiExec.exe /I{9A08B949-E26B-4120-95C3-BA8C1D602A19}
FSBuild 2 --> d:\FSBuild\UnInstall_19636.exe
FSNavigator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F76FF6D-B992-4FD9-8686-F09F868B2C58}\Setup.exe" -l0x9
FSX Flight Weather Report --> "C:\WINDOWS\FSX Flight Weather Report\uninstall.exe" "/U:d:\FSX Flight Weather Report\Uninstall\uninstall.xml"
GeldManager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{533A9692-E8EA-4ED9-9EF3-2111F14FE8E8}
GOM Player --> "d:\GRETECH\GomPlayer\Uninstall.exe"
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
GrabIt 1.7.1 Beta (build 960) --> "d:\GrabIt\unins000.exe"
Hauppauge WinTV2000 --> C:\PROGRA~1\WinTV\UNTV32.EXE C:\PROGRA~1\WinTV\WINTV2K.LOG
High Definition Audio Driver Package - KB888111 -->
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP PrecisionScan Pro --> C:\WINDOWS\IsUn0413.exe -f"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\Uninst.isu"
I-Droid01 PC Control --> C:\Program Files\I-Droid01\PC Control\uninstall.exe
I-Droid01 Visual C-like Editor --> C:\Program Files\I-Droid01\Visual C-like Editor\uninstall.exe
iiyama Monitor Test 2.1 --> "d:\iiyama monitor test\unins000.exe"
ImgBurn --> "d:\ImgBurn\uninstall.exe"
Instant Enhancer --> d:\Cielosim\Uninstall Live ATC.exe
IZArc 3.5 beta 3 --> d:\IZArc\unins000.exe
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
JeppChart --> C:\WINDOWS\IsUninst.exe -f"d:\Jeppesen Sanderson, Inc.\JeppChart Training\Uninst.isu"
Magic ISO Maker v5.3 (build 0216) --> D:\MagicISO\UNWISE.EXE D:\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Bootvis --> MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Flight Simulator 2004 A Century of Flight --> "e:\Program Files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove
Microsoft Flight Simulator X --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Flight Simulator X --> MsiExec.exe /X{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Flight Simulator X Service Pack 1 --> C:\WINDOWS\system32\msiexec.exe /qb /l*vx "%TEMP%\FlightSimPatchUninstall.log" /uninstall {92635E02-4C29-4A8F-AA82-7B8B95C823D3} /package {9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Flight Simulator X: Acceleration --> C:\WINDOWS\system32\msiexec.exe /qb /l*vx "%TEMP%\FlightSimUninstall.log" /uninstall {A9729B90-D37B-4A69-B66A-7436AC1F7274}
Microsoft Flight Simulator X: Acceleration --> MsiExec.exe /I{A9729B90-D37B-4A69-B66A-7436AC1F7274}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft PowerPoint Viewer 97 --> D:\PowerPoint Viewer\setup\setup.exe
Microsoft Tool Web Package : EXCTRLST.EXE --> MsiExec.exe /X{B0650E3D-FDCA-4908-B74B-0CC1731BDB93}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MPEG2 Codec(libmpeg2/mad) --> "C:\Program Files\GNU\MPEG2\Uninstall.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Navigraph nDAC 3 --> MsiExec.exe /X{92F312C1-ED70-4C47-9EA2-18647C0EE954}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NTREGOPT 1.1j --> "d:\NT Registry Optimizer\unins000.exe"
NVIDIA nTune --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
O&O Defrag Professional Edition --> MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PDF Kraker 1.2 --> D:\Osirius\UNWISE.EXE /U D:\Osirius\PDFKraker.log
Pinnacle Hollywood FX 5 --> C:\WINDOWS\unvise32.exe d:\Pinnacle\Hollywood FX 5\uninstal.log
Pit Trainer --> d:\PitTrainer\Uninst.exe
Pixie registration fix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8ACE0437-ABC8-42EE-A165-D5ADD81A1BD3}\setup.exe" -l0x9
PMDG 747-400/400F for FSX --> C:\Program Files\InstallShield Installation Information\{EDCEE320-0FB3-4197-9F86-8C1CCF2278FB}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG747_400 Queen of the Skies --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97679567-0095-464E-B5F2-E218A1CF3421}\setup.exe" -l0x9 -removeonly
PMDG747_400F --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{164360E5-0AAD-48AD-8A36-3F8A859FAB6F}\setup.exe" -l0x9 -removeonly
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
Ray Adams ATI Tray Tools --> "d:\Ray Adams\ATI Tray Tools\uninstall.exe"
Real Alternative 1.52 --> "d:\Real Alternative\unins000.exe"
RealScene U.S. Terrain and Landclass Scenery 2004 Edition --> MsiExec.exe /I{45E00C4A-08AC-4417-8353-5EF6D440E360}
RegSupreme Pro 1.4 --> "d:\RegSupreme Pro\unins000.exe"
Saitek DirectOutput 5.7.0.24 --> MsiExec.exe /X{05EB9A67-6A21-4390-A9C8-6165EEE1921A}
Saitek SD6 Programming Software 6.0.4.1 --> MsiExec.exe /X{F0C26B7B-2AD0-4514-8F3B-7F965428F1A8}
Sam and Max - Season Two - Sam and Max Episode 201 - Ice Station Santa --> d:\Telltale Games\Sam and Max - Season Two\Uninstall Episode 201 - Ice Station Santa.exe
Security Update for Step By Step Interactive Training (KB898458) -->
SimCharts 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61812F6F-0705-4B20-B914-32C1E3C155C7}\setup.exe" -l0x9
SimVoice --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\SimVoice\ST6UNST.LOG"
SmartDraw 7 --> D:\SMARTD~1\UNWISE.EXE D:\SMARTD~1\INSTALL.LOG
Solitaire Plus! --> "d:\Solitaire Plus\unins000.exe"
Sound Blaster X-Fi --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x9 /remove
Studio 9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x9 UNINSTALL
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synergy --> "C:\Program Files\Synergy\uninstall.exe"
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
ThumbsPlus version 6.0 --> D:\Thumbs6\UNWISE.EXE D:\Thumbs6\INSTALL.LOG
TomTom HOME --> d:\TomTom HOME 2\Uninstall TomTom HOME.exe
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Unlocker 1.8.6 --> d:\Unlocker\uninst.exe
VC_MergeModuleToMSI --> MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Support Tools --> MsiExec.exe /I{8398B542-3CC4-44D9-83DF-696CCE70124B}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
xint v4.3 by xtort.net © --> d:\xint\unins000.exe
XML Paper Specification Shared Components Pack 1.0 -->
Zune Desktop Theme --> MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}


-- Application Event Log -------------------------------------------------------

Event Record #/Type3803 / Error
Event Submitted/Written: 06/25/2008 06:15:11 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type3802 / Error
Event Submitted/Written: 06/25/2008 06:15:11 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type3801 / Error
Event Submitted/Written: 06/25/2008 06:15:11 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type3800 / Error
Event Submitted/Written: 06/25/2008 06:15:10 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type3799 / Error
Event Submitted/Written: 06/25/2008 06:15:10 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type36661 / Error
Event Submitted/Written: 06/25/2008 06:12:40 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Event Record #/Type36660 / Error
Event Submitted/Written: 06/25/2008 06:12:38 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Event Record #/Type36659 / Error
Event Submitted/Written: 06/25/2008 06:12:38 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Event Record #/Type36658 / Error
Event Submitted/Written: 06/25/2008 06:12:37 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Event Record #/Type36657 / Error
Event Submitted/Written: 06/25/2008 06:12:37 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058



-- End of Deckard's System Scanner: finished at 2008-06-25 18:15:55 ------------


--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, June 26, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, June 25, 2008 16:49:01
Records in database: 882642
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
K:\

Scan statistics:
Files scanned: 280710
Threat name: 4
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 14:19:29


File name / Threat name / Threats count
D:\My Documents\Flight Simulator Files\FS9\Scenery\svmc\La Chinita 2004.exe Infected: not-a-virus:AdWare.Win32.EShoper.k 1
D:\_AppsBackup\_Internet\MailPassword\mailpv_setup.exe Infected: not-a-virus:PSWTool.Win32.MailPassView.a 1
D:\_AppsBackup\_Simulation\PMDG\fuelplanner747\Fuel Planner 747.exe Infected: not-a-virus:AdWare.Win32.EShoper.i 1
D:\_AppsBackup\_Utilities\Diskeeper\setup.exe Infected: Backdoor.Win32.Rbot.gep 1

The selected area was scanned.

Edited by loketje, 26 June 2008 - 09:08 AM.

[BHowett]

Wow those might be some of the cleanest logs I ever seen, however we have one maybe two things to get rid of.



D:\_AppsBackup\_Internet\MailPassword\mailpv_setup.exe

This is a password recovery tool that may have been installed by one of the infections... Unless you know you put it there, and have control over it we should get rid of it ... Also if you didn’t put it there be sure change ALL of your passwords after we are done.



OTMoveIt2 by OldTimer


Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  D:\_AppsBackup\_Utilities\Diskeeper\setup.exe
  Purity

  *Note* if you did not install D:\_AppsBackup\_Internet\MailPassword\mailpv_setup.exe and want to delete it, copy and paste it right under the file path all ready in the code box.
  
  
• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

===============================================

Update Java


Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Upgrading Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.

===============================================

Needed in your next reply:


OTMoveIt2 log

[loketje]

Here you go, a very small log

D:\_AppsBackup\_Utilities\Diskeeper\setup.exe moved successfully.
< Purity >

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06262008_195157

[BHowett]

Hi loketje,

Your all set… you original email problem does not appear to malware related, so please post you question HERE and see if the techs can help you out. Be sure to mention that you were cleared on the malware forum.


OTCleanIt



Download OTCleanit
Save it to your Desktop.

• Double-click on OTCleanIt.exe to run
• Click on the CleanUp! button
• Click Yes to begin the Cleanup process and remove these components, including this application.
• You may be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

===============================================


This is my standard post for when you are clear - which you now are - or seem to be. Please advise me of any problems you still have. I know you have some of the listed items so just choose what you need. I just like to post them incase you ever need them or want to change them.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

1.) Watch what you download!
Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself. If you insist on using a P2P program, please read This Article written by Mike Healan of Spywareinfo.com fame. It is an updated and comprehensive article that gives in-depth detail about which P2P programs are "safe" to use.

2.) Go to Intenet Explorer > Tools > Windows Update > Product Updates, and install ALL High-Priority Security Updates listed. If you're running Windows XP, that of course includes the Service Pack 2! If you suspect your computer is infected with Malware of any type, we advise you to not install SP2 if you don't already have it. You can post a HijackThis log on our Forums to get free Expert help cleaning your machine. Once you are sure you have a clean system, it is highly recommended to install SP2 to help prevent against future infections.

It's important to always keep current with the latest security fixes from Microsoft.
Install those patches for Internet Explorer, and make sure your installation of Java VM is up-to-date. There are some well known security bugs with Microsoft Java VM which are exploited regularly by browser hijackers.

3.) Open Intenet Explorer and go to Internet Options > Security > Internet, then press "Default Level", then OK. Now press "Custom Level." In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".

Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.
Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option > Security.

So why is ActiveX so dangerous that you have to increase the security for it?
When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
Would you run just any random file downloaded off a web site without knowing what it is and what it does?

4.) Install Javacool's SpywareBlaster

It will protect you from most spy/foistware in it's database by blocking installation of their ActiveX objects.

Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer) Press "Enable All Protection", and you're done.
The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer. Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
Don't forget to check for updates every week or so.

5.) Let's also not forget that Spybot Search & Destroy has the Immunize feature which works roughly the same way. Another feature within Spybot is the TeaTimer option. This option immediately detects known malicious processes wanting to start and terminates them. TeaTimer also detects when something wants to change some critical registry keys and gives you an option to allow them or not.

6.) Microsoft now offers their own free malicious software blocking tool. Windows Defender improves Internet browsing safety by guarding over fifty (50) ways spyware can enter your PC.

7.) Another excellent program by Javacool we recommend is SpywareGuard.
It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

8.) IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Another good hosts program is mvpshosts. This little program packs a powerful punch as it block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial.

*It is important to note that all of the above programs/files can be run simultaneously on your system. They will work together in layers, so to speak, to help protect your computer. However, the following suggestions are designed to only run one of each. It is not a good idea to run more than one firewall, and one anti-virus program. Running more than one of these at a time can cause system crashes, high system usage and/or conflicts with each other.*

9.) It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built in to Windows. It doesn't block everything that may try to get in, and the entire firewall is written to the registry. As various kinds of malware hack the Registry in order to disable the Windows firewall, it's far preferable to install one of the excellent third party solutions. Three good ones that are freeware to boot are ZoneAlarm, Kerio and Sygate

10.) An Anti-Virus product is a necessity. There are many excellent programs that you can purchase. However, we choose to advocate the use of free programs whenever possible. Some very good and easy-to-use free A/V programs are AVG, Avast, and AntiVir. It's a good idea to set these to receive automatic updates so you are always as fully protected as possible from the newest virus threats.

NOTE: DO NOT install more than one anti-virus program. They will conflict, and provide less protection, not more.


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Thanks for letting us help you!

[loketje]

Mr Howett, thank you very much for all your help in checking my computer.
I don't know how, but I'm suddenly again able to send email without problems so I guess I'm cured.

Thanks again !!

regards

Martin

[BHowett]

Hi Martin

You’re very welcome I am glad it turned out good for you, and you email is working. Lets us know if there is anything else we can do for you .

[BHowett]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.