Hi, here the contents of the 2documents.
Log
Logfile of random's system information tool 1.05 (written by random/random)
Run by Brian at 2009-02-22 13:39:09
Microsoft® Windows Vista™ Home Premium
System drive C: has 24 GB (33%) free of 71 GB
Total RAM: 1014 MB (31% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:39:30, on 22/02/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\ctfmon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Brian\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Brian.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.yahoo.com/search/ie.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://bt.my.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://home.bt.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://uk.red.clientapps.yahoo.com/cust ... _side.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://home.bt.yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\techguysctss\sscommon\common\snapins\toolkit_techguys\bin\sdscanner\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: &Windows Live Search -
res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\Windows\system32\YPcservice.exe
--
End of file - 9255 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
C:\Windows\tasks\User_Feed_Synchronization-{2A7317CC-319A-4918-976E-E99E94D24256}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-09-29 440384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll [2008-12-12 344944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL [2008-10-24 107896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}]
SidebarAutoLaunch Class - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [2005-02-03 124032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-09-29 440384]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll [2008-12-12 344944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-04-18 1006264]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-09-30 737370]
"High Definition Audio Property Page Shortcut"=C:\Windows\system32\CHDAudPropShortcut.exe [2006-04-28 61952]
""= []
"BluetoothAuthenticationAgent"=C:\Windows\system32\bthprops.cpl [2006-11-02 989696]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-03-15 116328]
"EOUApp"=C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2006-04-14 569413]
"ISTray"=C:\Program Files\techguysctss\sscommon\common\snapins\toolkit_techguys\bin\sdscanner\pctsTray.exe []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-13 1232896]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-11-02 8704]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-01-15 1830128]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL_Demo]
C:\Applications\Tool\AOL Demo\DSGDemo.exe [2006-03-01 177178]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2005-10-12 139264]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-04-14 667718]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Keyboard Manager Utility]
C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe [2006-05-17 1200128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHELP~1.EXE [2004-12-09 421888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
C:\Program Files\Norton Internet Security\osCheck.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe [2005-07-08 1953887]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
C:\WINDOWS\SM1BG.EXE [2003-08-27 94208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME\TomTomHOME.exe [2007-03-14 3770024]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Antivirus]
G:\Software\PortableApps\USB Disk Security\USB Disk Security\USBGuard.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [2006-07-21 129536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BT Broadband Help.lnk]
C:\PROGRA~1\BTTOTA~1\Help\bin\matcli.exe [2004-03-16 217088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE -systray -startup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^South Park Desktop Friends.lnk]
E:\Software\Portable apps\South Park Desktop Friends.exe []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"legalnoticecaption"=
"legalnoticetext"=
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Philips\Media Manager\Philips Media Manager.exe"="C:\Program Files\Philips\Media Manager\Philips Media Manager.exe:*:Enabled:Philips Media Management for your Media Devices"
"C:\Program Files\Yahoo!\Messenger\ypager.exe"="C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef8db331-b267-11dc-abb5-0016368b3f3b}]
shell\AutoRun\command - F:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
2009-02-22 13:39:09 ----D---- C:\rsit
2009-02-17 13:37:19 ----D---- C:\Program Files\Trend Micro
2009-02-16 12:31:33 ----HDC---- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-16 12:31:12 ----D---- C:\ProgramData\Lavasoft
2009-02-16 12:31:12 ----D---- C:\Program Files\Lavasoft
2009-02-16 10:54:14 ----RD---- C:\Program Files\Norton Support
2009-02-12 23:17:24 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-02-12 23:09:19 ----D---- C:\Users\Brian\AppData\Roaming\SUPERAntiSpyware.com
2009-02-12 23:09:19 ----D---- C:\Program Files\SUPERAntiSpyware
2009-02-12 23:08:02 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-02-11 23:47:35 ----D---- C:\Users\Brian\AppData\Roaming\Malwarebytes
2009-02-11 23:47:24 ----D---- C:\ProgramData\Malwarebytes
2009-02-11 23:47:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-11 23:34:52 ----A---- C:\Windows\ntbtlog.txt
2009-02-10 17:35:40 ----D---- C:\RECYCLER
2009-02-03 17:09:25 ----D---- C:\Users\Brian\AppData\Roaming\Thunderbird
2009-02-02 21:54:27 ----A---- C:\Windows\system32\javaws.exe
2009-02-02 21:54:24 ----A---- C:\Windows\system32\javaw.exe
2009-02-02 21:54:24 ----A---- C:\Windows\system32\java.exe
2009-01-24 09:30:23 ----D---- C:\Users\Brian\AppData\Roaming\Mozilla
======List of files/folders modified in the last 1 months======
2009-02-22 13:39:12 ----D---- C:\Windows\Temp
2009-02-21 23:46:17 ----A---- C:\Windows\SchedLgU.Txt
2009-02-21 22:49:38 ----D---- C:\Windows\system32\catroot2
2009-02-20 19:01:19 ----D---- C:\Windows\System32
2009-02-20 18:14:05 ----D---- C:\Program Files\Microsoft Games
2009-02-19 18:39:54 ----D---- C:\Windows\Minidump
2009-02-19 18:39:45 ----D---- C:\Windows\system32\Macromed
2009-02-19 18:39:45 ----D---- C:\Windows
2009-02-19 18:00:04 ----SD---- C:\Windows\Downloaded Program Files
2009-02-19 18:00:03 ----D---- C:\Windows\inf
2009-02-17 13:37:19 ----RD---- C:\Program Files
2009-02-17 12:53:50 ----D---- C:\Users\Brian\AppData\Roaming\Skype
2009-02-17 12:52:53 ----D---- C:\Users\Brian\AppData\Roaming\skypePM
2009-02-16 12:54:15 ----DC---- C:\Windows\system32\DRVSTORE
2009-02-16 12:33:31 ----D---- C:\Windows\system32\Tasks
2009-02-16 12:33:27 ----SD---- C:\Windows\Tasks
2009-02-16 12:32:37 ----D---- C:\Windows\system32\catroot
2009-02-16 12:32:34 ----D---- C:\Windows\system32\drivers
2009-02-16 12:31:33 ----SHD---- C:\Windows\Installer
2009-02-16 12:31:33 ----HD---- C:\ProgramData
2009-02-16 12:31:07 ----D---- C:\Windows\winsxs
2009-02-16 11:39:59 ----SHD---- C:\System Volume Information
2009-02-16 10:57:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-02-15 11:22:27 ----D---- C:\Windows\Prefetch
2009-02-12 23:08:02 ----D---- C:\Program Files\Common Files
2009-02-11 18:47:14 ----D---- C:\Windows\Debug
2009-02-10 18:52:31 ----D---- C:\Program Files\Yahoo!
2009-02-10 18:52:31 ----D---- C:\Program Files\Microsoft Works
2009-02-10 18:52:27 ----D---- C:\Windows\system32\spool
2009-02-10 18:52:26 ----D---- C:\Windows\system32\CodeIntegrity
2009-02-10 18:52:22 ----D---- C:\Users\Brian\AppData\Roaming\gtk-2.0
2009-02-10 18:00:26 ----D---- C:\Program Files\DivX
2009-02-10 18:00:16 ----D---- C:\Users\Brian\AppData\Roaming\vlc
2009-02-10 18:00:12 ----D---- C:\Program Files\Windows Mail
2009-02-03 19:29:11 ----D---- C:\Users\Brian\AppData\Roaming\U3
2009-02-02 21:54:18 ----D---- C:\Program Files\Java
2009-01-24 09:41:25 ----SD---- C:\Users\Brian\AppData\Roaming\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 BHDrvx86;Symantec Heuristics Driver; C:\Windows\System32\Drivers\NIS\1002000.007\BHDrvx86.sys [2008-12-12 255536]
R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\NIS\1002000.007\ccHPx86.sys [2008-10-24 362544]
R1 Cdr4_xp;Cdr4_xp; C:\Windows\system32\drivers\Cdr4_xp.sys [2004-04-03 43392]
R1 Cdralw2k;Cdralw2k; C:\Windows\system32\drivers\Cdralw2k.sys [2004-04-03 24576]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-02-15 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090129.005\IDSvix86.sys [2009-01-29 292912]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-01-15 55024]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\System32\Drivers\NIS\1002000.007\SRTSPX.SYS [2008-12-12 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2008-12-12 25136]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\NIS\1002000.007\SYMTDI.SYS [2008-12-12 198192]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\Windows\system32\DRIVERS\AegisP.sys [2006-07-04 21275]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2006-11-02 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-02-17 12544]
R2 s24trans;WLAN Transport; C:\Windows\system32\DRIVERS\s24trans.sys [2006-04-14 13568]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-11-17 14208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-10-24 99376]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2006-11-10 145920]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-02-17 935424]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-02-17 194048]
R3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-05 1476608]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090215.002\NAVENG.SYS [2009-02-15 89104]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090215.002\NAVEX15.SYS [2009-02-15 876112]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-11-11 2251776]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-07-12 82432]
R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1002000.007\SRTSP.SYS [2008-12-12 306736]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\NIS\1002000.007\SYMDNS.SYS [2008-12-12 12976]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-10-24 124464]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\NIS\1002000.007\SYMFW.SYS [2008-12-12 89904]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\NIS\1002000.007\SYMNDISV.SYS [2008-12-12 40496]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\NIS\1002000.007\SYMREDRV.SYS [2008-12-12 24624]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2005-09-30 191872]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2005-12-19 162432]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-02-17 671232]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S3 DCamUSBDigitalCamera;Digital Camera; C:\Windows\System32\Drivers\mpixvid.sys [2005-04-26 104593]
S3 DCamUSBEMPIA;USB 2710 Camera; C:\Windows\system32\DRIVERS\emDevice.sys [2007-06-21 171136]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\Windows\System32\Drivers\SQcaptur.sys [2003-01-10 30921]
S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2006-11-02 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2006-11-02 16384]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2006-11-02 10752]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2006-11-02 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 emAudio;USB EMP Audio Device; C:\Windows\system32\drivers\emAudio.sys [2007-01-12 22912]
S3 FiltUSBEMPIA;USB Device Lower Filter; C:\Windows\system32\DRIVERS\emFilter.sys [2007-06-21 5248]
S3 irsir;Microsoft Serial Infrared Driver; C:\Windows\system32\DRIVERS\irsir.sys [2006-11-02 20992]
S3 MHNDRV;MHN driver; C:\Windows\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S3 qkbfiltr;Quanta HotKey Keyboard Filter Driver; C:\Windows\system32\drivers\qkbfiltr.sys [2006-05-04 33664]
S3 qmofiltr;Quanta HotKey Mouse Filter Driver; C:\Windows\system32\drivers\qmofiltr.sys [2005-05-05 7936]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 ScanUSBEMPIA;USB Still Image Capture Device; C:\Windows\system32\DRIVERS\emScan.sys [2007-06-21 5120]
S3 SYMIDSCO;SYMIDSCO; \??\C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20070409.003\SymIDSCo.sys [2007-01-16 185976]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\Windows\system32\DRIVERS\usb8023.sys [2006-11-02 14848]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2005-10-12 874240]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-03-15 109160]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-03-15 109160]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-04-14 114753]
R2 IAANTMon;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [2005-10-12 86140]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-03-15 109160]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2008-12-12 115560]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-04-14 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-04-14 540745]
R2 TeamViewer;TeamViewer 3; C:\Program Files\TeamViewer3\TeamViewer_Host.exe [2008-06-18 181544]
S2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2007-09-12 214376]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-03-15 109160]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2007-07-11 68096]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2006-11-02 22016]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 YPCService;YPCService; C:\Windows\system32\YPcservice.exe [2003-05-19 86016]
S4 TlntSvr;@%SystemRoot%\system32\tlntsvr.exe,-119; C:\Windows\System32\tlntsvr.exe [2006-11-02 75776]
-----------------EOF-----------------
Infoinfo.txt logfile of random's system information tool 1.05 2009-02-22 13:39:35
======Uninstall list======
-->C:\PROGRA~1\BTTOTA~1\Help\UNINST~1.EXE btbb
Ad-Aware-->"C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.amp 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Adobe Media Player-->MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
ArcSoft PhotoBase-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF2FD610-3862-4ED9-A22E-52C27F7C6DAE}\setup.exe" -l0x9 -uninst
ArcSoft ShowBiz DVD 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9FC434F-9950-487C-82F1-E1515FA70DA4}\Setup.exe" -l0x9
AVS Audio Editor version 4.1-->"G:\Software\AVSAudioEditor\unins000.exe"
AVS4YOU Software Navigator 1.2-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Blaze Media Pro-->"C:\ProgramData\{AE0BC752-61D9-47F3-849E-867386B3C499}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
Blaze Media Pro-->C:\ProgramData\{AE0BC752-61D9-47F3-849E-867386B3C499}\setup_blazemp.exe
Blender (remove only)-->"C:\Program Files\Blender Foundation\Blender\uninstall.exe"
Bonus-->MsiExec.exe /I{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}
BT Broadband Help-->C:\WINDOWS\Motive\btbb\MCCUninst.exe
BT Yahoo! Applications-->C:\Program Files\Yahoo!\Common\uninstall.exe
Bullzip PDF Printer 5.0.0.599-->"C:\Program Files\Bullzip\PDF Printer\unins000.exe"
CC_ccProxyExt-->MsiExec.exe /I{4AAD206E-0557-440F-8A98-94921A64BF4B}
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
ccPxyCore-->MsiExec.exe /I{47A86BDE-6871-4A8A-BB49-21FAF754E00E}
CIB-->MsiExec.exe /I{E8176C35-0C2D-4142-9ED4-81861ECAB403}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -ITW3Venza.inf
Cypress USB Mass Storage Driver Installation-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
Digital Camera Driver-->C:\PROGRA~1\DIGITA~1\UNWISE.EXE C:\PROGRA~1\DIGITA~1\INSTALL.LOG
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driving Test Success 2005/6-->"C:\Program Files\Driving Test Success 2005-2006\unins000.exe"
EA SPORTS online 2007-->C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
FIFA 07-->C:\Program Files\EA SPORTS\FIFA 07\EAUninstall.exe
GPL Ghostscript Lite 8.61-->"C:\Program Files\Bullzip\PDF Printer\gs\unins000.exe"
Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel Matrix Storage Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\Setup.exe" -l0409 -INTELUNINST
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
J2SE Runtime Environment 5.0 Update 12-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150120}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Keyboard Manager Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{C99EF05C-A49C-4C8C-902B-BD4B96A6F3A8} /l1033
K-Lite Codec Pack 3.2.0 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\tv_enua.inf, Uninstall
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Magic ISO Maker v5.4 (build 0251)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mEoU-->MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Flight Simulator 2002-->"C:\Program Files\Microsoft Games\FS2002\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Web Components-->MsiExec.exe /I{90260409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
My DSC-->C:\Program Files\InstallShield Installation Information\{225af9a1-b556-88d5-94aa-0010b5426419}\setup.exe
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Napster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 AddRemoveCPRun
Norton Add-on Pack (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}_1_1_0_38\{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}.exe" /X
Norton AntiSpam-->MsiExec.exe /I{3B29A786-5803-4E9E-9B58-3014A5B4E519}
Norton AntiSpam-->MsiExec.exe /I{5677563D-0CB1-485F-9E18-C5025306BB3F}
Norton Internet Security Bonus Pack-->MsiExec.exe /I{D4BB907A-623E-4F07-8787-041ABAE088E4}
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\2454B0AB\16.2.0.7\InstStub.exe /X
Norton Security Scan-->MsiExec.exe /I{E5431FB5-B3EB-46C8-8275-F6447131C98A}
NxvConverter-->C:\Program Files\NxTools\NxvConverter\uninstall.exe
OCA Client history tool install-->"C:\WINDOWS\$UninstallOCA-X86Fre-ENU$\spuninst\spuninst.exe"
Power2Go 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Roxio Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045&SUBSYS_152D0753\HXFSETUP.EXE -U -ITW3Venpm.inf
Speakonia-->"C:\Program Files\CFS-Technologies\Speakonia\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamViewer 3-->C:\Program Files\TeamViewer3\uninstall.exe
TomTom HOME-->C:\Program Files\InstallShield Installation Information\{CE325D55-FCAF-4273-BB79-069BB8747270}\setup.exe -runfromtemp -l0x0009 -removeonly -removeonly
USB Audio/Video-->C:\Program Files\InstallShield Installation Information\{D7010312-5B14-4FA4-909A-28FDD9072CCB}\setup.exe -runfromtemp -l0x0409
USB Disk Security 5.0.0.90-->"G:\Software\PortableApps\USB Disk Security\USB Disk Security\unins000.exe"
USB Storage Adapter FX (SM1)-->SM1UN.EXE SM1FX_AT
VDownloader 0.76-->"C:\Program Files\VDOWNLOADER\unins000.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
======Security center information======
AV: Norton Internet Security (outdated)
FW: Norton Internet Security
AS: Windows Defender
AS: SUPERAntiSpyware
AS: Norton Internet Security (outdated)
System event log
Computer Name: Joseph
Event Code: 10029
Message: DCOM started the service netman with arguments "" in order to run the server:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}
Record Number: 121289
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090222132218.000000-000
Event Type: Information
User:
Computer Name: Joseph
Event Code: 6
Message: File System Filter 'SRTSP' (6.0, 2008-10-16T21:27:47.000Z) has successfully loaded and registered with Filter Manager.
Record Number: 121290
Source Name: Microsoft-Windows-FilterManager
Time Written: 20090222132218.421461-000
Event Type: Information
User: NT AUTHORITY\SYSTEM
Computer Name: Joseph
Event Code: 2003
Message: Symantec Antivirus minifilter successfully loaded.
Record Number: 121291
Source Name: SRTSP
Time Written: 20090222132220.405836-000
Event Type: Information
User:
Computer Name: Joseph
Event Code: 10029
Message: DCOM started the service wercplsupport with arguments "" in order to run the server:
{0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB}
Record Number: 121292
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090222132230.000000-000
Event Type: Information
User:
Computer Name: Joseph
Event Code: 10029
Message: DCOM started the service TrustedInstaller with arguments "" in order to run the server:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}
Record Number: 121293
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090222133632.000000-000
Event Type: Information
User:
Application event log
Computer Name: Joseph
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 42707
Source Name: Microsoft-Windows-WMI
Time Written: 20090222132212.000000-000
Event Type: Information
User:
Computer Name: Joseph
Event Code: 1003
Message: The Windows Search Service started.
Record Number: 42708
Source Name: Microsoft-Windows-Search
Time Written: 20090222132218.000000-000
Event Type: Information
User:
Computer Name: Joseph
Event Code: 1
Message: Certificate Services Client has been started successfully.
Record Number: 42709
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090222132218.093336-000
Event Type: Information
User: JOSEPH\Brian
Computer Name: Joseph
Event Code: 1
Message: Certificate Services Client has been started successfully.
Record Number: 42710
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090222132218.702711-000
Event Type: Information
User: NT AUTHORITY\SYSTEM
Computer Name: Joseph
Event Code: 1
Message: The Windows Security Center Service has started.
Record Number: 42711
Source Name: SecurityCenter
Time Written: 20090222132419.000000-000
Event Type: Information
User:
Security event log
Computer Name: Joseph
Event Code: 4616
Message: The system time was changed.
Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5
Process Information:
Process ID: 0x484
Name: C:\Windows\System32\svchost.exe
Previous Time: 22:50:13 20/02/2009
New Time: 22:50:12 20/02/2009
This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Record Number: 1845
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090220225013.996500-000
Event Type: Audit Success
User:
Computer Name: Joseph
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 1846
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090221102915.958584-000
Event Type: Audit Success
User:
Computer Name: Joseph
Event Code: 4616
Message: The system time was changed.
Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5
Process Information:
Process ID: 0x494
Name: C:\Windows\System32\svchost.exe
Previous Time: 10:29:17 21/02/2009
New Time: 10:29:17 21/02/2009
This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Record Number: 1847
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090221102918.410875-000
Event Type: Audit Success
User:
Computer Name: Joseph
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 1848
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090221234617.075110-000
Event Type: Audit Success
User:
Computer Name: Joseph
Event Code: 4616
Message: The system time was changed.
Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5
Process Information:
Process ID: 0x474
Name: C:\Windows\System32\svchost.exe
Previous Time: 23:46:18 21/02/2009
New Time: 23:46:18 21/02/2009
This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Record Number: 1849
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090221234619.184250-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
-----------------EOF-----------------
Thanks, Brian