Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Advertisement Virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Advertisement Virus

Unread postby luckyguy457321 » September 3rd, 2009, 10:57 am

Hello
Lately i have received a virus that once in a while opens a new internet explorer page with ads.
The time between each ad is varied
I am using McAfee Antivirus
The McAfee has pickled up a virus but i can't remember what it was...
In my TEMP folder i keep getting these new .exe programs
They are named "ctv#.exe" Note: the # represents a random number

Also after creating a tread how can I delete it?

Help would be greatly appreciated

Regards

P.S. Sorry i have read the rules and regulations again instead of skimming them

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:33 AM, on 3/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ccsrvc.exe
C:\Program Files\Altiris\Carbon Copy\shellker.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\PROGRA~1\Altiris\CARBON~1\client.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CAP3RSK.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe
C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\00thotkey .exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Paint.Net\PaintDotNet.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
Z:\A_My_Stuff\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://learning.hale.wa.edu.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://antares/proxy.dat
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = enterprise:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\lyzd\eivs.exe \s,C:\Documents and Settings\lyzd\qpwx.exe \s
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Shortcut to 00thotkey .lnk = C:\WINDOWS\system32\00thotkey .exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Styler.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: Shortcut to 00thotkey .lnk = C:\WINDOWS\system32\00thotkey .exe (User 'Default user')
O4 - .DEFAULT Startup: Styler.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: TSkin.lnk = C:\Documents and Settings\Default User\Local Settings\Temp\TSkin.bat (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Shortcut to 00thotkey .lnk = C:\WINDOWS\system32\00thotkey .exe
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Canon LASER SHOT LBP-1120 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.hale.wa.edu.au
O15 - ESC Trusted Zone: http://*.hale.wa.edu.au (HKLM)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = students.hale.wa.edu.au
O17 - HKLM\Software\..\Telephony: DomainName = students.hale.wa.edu.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{C824F35A-53BC-4E37-994F-83E8C991D536}: Domain = students.hale.wa.edu.au
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = students.hale.wa.edu.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = students.hale.wa.edu.au
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = students.hale.wa.edu.au
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINDOWS\system32\ccsrvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 13262 bytes
luckyguy457321
Regular Member
 
Posts: 56
Joined: September 2nd, 2009, 10:16 am
Location: Perth,Western Australia
Advertisement
Register to Remove

Re: Advertisement Virus

Unread postby askey127 » September 6th, 2009, 10:54 am

Hi luckyguy457321,
-----------------------------------------------------------
TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Note: Save your work. TFC will automatically close any open programs. Let it run uninterrupted.
  • Double-click TFC.exe to run the program.
  • The scan shouldn't take longer take a couple of minutes, and may only take a few seconds.
  • TFC will most likely require a Reboot. If prompted, click "Yes" to reboot.
----------------------------------------------------------------------------------
Download and Run MalwareBytes' Anti-Malware
Please go here to the Download Location, click on Download.
  • After clicking on the download and choosing Save, the "Save to location" dialog will come up.
  • Choose Desktop as the location to save the installer and click Save again.
  • You should now have a desktop icon named mbam-setup.exe. Double-click it.
  • Let it install the program where it wants to, with the default settings, and click Finish.
  • If an update is found, it will download and install the latest version.
  • If necessary, start Malwarebytes Anti-Malware again.
  • Once the program is running, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it found any malware items. Be sure that every item is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found using the "Logs" tab in the program. You can click any log listed to open its contents.
  • Recent logs are named by time/date stamp in this format : mbam-log-2009-mm-dd(hour-min-sec).txt
  • You can now delete the installer icon, named mbam-setup.exe from your desktop.
-----------------------------------------------
Run the RSIT Scanner
Please download the scanner from here and save it to your desktop. The icon will be named RSIT.exe
Doubleclick the RSIT icon.
When the scan is complete, two text files will open
log.txt <- this one will be maximized
info.txt <- this one will be minimized
( Default location for both files is C:\rsit\ )
Copy/Paste the contents of both log.txt and info.txt into your next post please. Use two posts if you prefer.

so we are looking for the two logs from the RSIT scanner, and the log from Malwarebytes Anti-Malware.
Use separate replies to this thread if you prefer.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Advertisement Virus

Unread postby luckyguy457321 » September 7th, 2009, 7:07 am

Thank you for your help i will do this and reply as soon as possible
luckyguy457321
Regular Member
 
Posts: 56
Joined: September 2nd, 2009, 10:16 am
Location: Perth,Western Australia

Re: Advertisement Virus

Unread postby luckyguy457321 » September 7th, 2009, 7:33 am

I ran the TEMP file cleaner and when it asked to reboot I pressed okay.
After I pressed okay my computer just froze I could move my mouse around the screen but I couldn't do the ctrl+alt+del shortcut.
I have to force restart my computer.

I have run the Virus Scan and while it was scanning my anti virus delete some of the viruses that Malwarebytes' picked up not all of them though

I continued your instructions and here is the log

I'm going to restart my computer then run RSIT

Thank you

Malwarebytes' Anti-Malware 1.40
Database version: 2750
Windows 5.1.2600 Service Pack 3

7/09/2009 7:30:47 PM
mbam-log-2009-09-07 (19-30-47).txt

Scan type: Quick Scan
Objects scanned: 134846
Time elapsed: 8 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl\1 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer (Disable.MCProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\lyzd\eivs.exe \s,C:\Documents and Settings\lyzd\qpwx.exe \s) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Recycler\S-1-5-21-2697369009-1876499387-319801102-1022\Dc1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\00thotkey.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\lyzd\000stthk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\lyzd\agrsmmsg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\lyzd\tfncky.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\lyzd\tfnf5.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\secupdat.dat (Backdoor.Bot) -> Quarantined and deleted successfully.
luckyguy457321
Regular Member
 
Posts: 56
Joined: September 2nd, 2009, 10:16 am
Location: Perth,Western Australia

Re: Advertisement Virus

Unread postby luckyguy457321 » September 7th, 2009, 7:36 am

RSIT Log

Logfile of random's system information tool 1.06 (written by random/random)
Run by lyzd at 2009-09-07 19:34:17
Microsoft Windows XP Professional Service Pack 3
System drive C: has 32 GB (56%) free of 57 GB
Total RAM: 2039 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:27 PM, on 7/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ccsrvc.exe
C:\Program Files\Altiris\Carbon Copy\shellker.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\PROGRA~1\Altiris\CARBON~1\client.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\system32\CAP3RSK.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe
C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\00thotkey .exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
Z:\A_My_Stuff\Downloads\RSIT.exe
Z:\A_My_Stuff\Downloads\lyzd.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://learning.hale.wa.edu.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://antares/proxy.dat
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = enterprise:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Shortcut to 00thotkey .lnk = C:\WINDOWS\system32\00thotkey .exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Styler.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: Shortcut to 00thotkey .lnk = C:\WINDOWS\system32\00thotkey .exe (User 'Default user')
O4 - .DEFAULT Startup: Styler.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: TSkin.lnk = C:\Documents and Settings\Default User\Local Settings\Temp\TSkin.bat (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Shortcut to 00thotkey .lnk = C:\WINDOWS\system32\00thotkey .exe
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Canon LASER SHOT LBP-1120 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.hale.wa.edu.au
O15 - ESC Trusted Zone: http://*.hale.wa.edu.au (HKLM)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = students.hale.wa.edu.au
O17 - HKLM\Software\..\Telephony: DomainName = students.hale.wa.edu.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{C824F35A-53BC-4E37-994F-83E8C991D536}: Domain = students.hale.wa.edu.au
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = students.hale.wa.edu.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = students.hale.wa.edu.au
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = students.hale.wa.edu.au
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINDOWS\system32\ccsrvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 13707 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\OGADaily.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{9FE7B8B1-3D14-4EBB-B7A7-7BCADB845CDF}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll [2008-09-29 61200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
Locked
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\Styler\TB\StylerTB.dll [2006-05-02 102400]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-05-20 429816]
{52836EB0-631A-47B1-94A6-61F9D9112DAE} - Veoh Video Compass - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll [2009-05-19 456440]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"=C:\WINDOWS\help\SplshWrp.exe [2008-04-14 16384]
"TabletTip"=C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe [2008-04-14 271872]
"TMESRV.EXE"=C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE [2005-12-14 126976]
"TMERzCtl.EXE"=C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE [2005-12-20 86016]
"TAudEffect"=C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe [2005-10-05 344144]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-04 44032]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"AeXAgentLogon"=C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe [2008-05-12 143360]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2008-09-29 124240]
"Snippet"=C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe [2005-02-25 68296]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"TosHKCW.exe"=C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [2005-05-17 49152]
"AClntUsr"=C:\Program Files\Altiris\AClient\AClntUsr.EXE [2009-09-07 184320]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2009-05-20 3561720]
""= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]
C:\WINDOWS\system32\000StTHK.exe [2001-06-23 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastFox]
C:\Program Files\NCH Swift Sound\FastFox\fastfox.exe [2009-07-20 360452]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fling]
C:\Program Files\NCH Software\Fling\fling.exe [2009-07-20 536580]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe [2009-01-31 3399727]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IVM]
C:\Program Files\NCH Swift Sound\IVM\ivm.exe [2009-07-20 1159172]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lightbox Manager]
C:\Program Files\Conceiva\Lightbox\manager.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad]
C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe [2009-07-20 913412]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScreenStreamRun]
C:\Program Files\NCH Software\ScreenStream\screenstream.exe [2009-07-20 368644]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Talk]
C:\Program Files\NCH Swift Sound\Talk\talk.exe [2009-07-20 704516]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
TFncKy.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]
C:\WINDOWS\system32\TFNF5.exe [2005-11-10 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThpSrv]
thpsrv /logon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
C:\WINDOWS\system32\TPSMain.exe [2005-12-15 315392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3
"WinDefend"=2
"VRSService"=2
"USBDLM"=2
"Tmesrv"=2
"SQLWriter"=2
"ose"=3
"odserv"=3
"NMSAccessU"=2
"MSSQL$SQLEXPRESS"=2
"MDM"=2
"McTaskManager"=2
"McShield"=2
"McAfeeFramework"=2
"McAfeeEngineService"=2
"JavaQuickStarterService"=2
"IVMService"=2
"iPod Service"=3
"idsvc"=3
"IDriverT"=3
"gusvc"=3
"gupdate1ca046ca279b146"=2
"FlingService"=2
"Bonjour Service"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Canon LASER SHOT LBP-1120 Status Window.LNK - C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE

C:\Documents and Settings\lyzd\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Shortcut to 00thotkey .lnk - C:\WINDOWS\system32\00thotkey .exe
Styler.lnk - C:\Documents and Settings\lyzd\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-07 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll [2008-04-14 47104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll [2006-05-05 40448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TabBtnWL]
C:\WINDOWS\system32\TabBtnWL.dll [2002-08-29 11776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpgwlnotify]
C:\WINDOWS\system32\tpgwlnot.dll [2008-04-14 32256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"HideLegacyLogonScripts"=1
"HideLogonScripts"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=Important Notice:
"legalnoticetext"=I have read and understood the Hale School Network Resources Policy and agree to abide by the conditions of use as stated.
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"disablecad"=0
"MaxGPOScriptWait"=0
"SynchronousMachineGroupPolicy"=1
"SynchronousUserGroupPolicy"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMConfigurePrograms"=1
"NoSharedDocuments"=1
"Start_NotifyNewApps"=0
"NoInstrumentation"=0
"DisallowCpl"=1
"NoStartMenuNetworkPlaces"=1
"RestrictRun"=0
"NoBandCustomize"=1
"SpecifyDefaultButtons"=1
"Btn_Back"=1
"Btn_Forward"=1
"Btn_Stop"=1
"Btn_Refresh"=1
"Btn_Home"=1
"Btn_Search"=1
"Btn_History"=2
"Btn_Favorites"=2
"Btn_Folders"=2
"Btn_Fullscreen"=2
"Btn_Tools"=2
"Btn_MailNews"=2
"Btn_Size"=2
"Btn_Print"=1
"Btn_Edit"=2
"Btn_Discussions"=2
"Btn_Cut"=1
"Btn_Copy"=1
"Btn_Paste"=1
"Btn_Encoding"=2
"NoNetConnectDisconnect"=1
"NoManageMyComputerVerb"=1
"NoChangeKeyboardNavigationIndicators"=1
"NoChangeAnimation"=1
"NoDFSTab"=1
"ForceStartMenuLogOff"=1
"NoRecentDocsNetHood"=1
"DisablePersonalDirChange"=1
"NoWelcomeScreen"=1
"NoPropertiesMyDocuments"=1
"NoDesktopCleanupWizard"=1
"NoSecurityTab"=1
"NoToolbarCustomize"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoToolbarCustomize"=
"NoBandCustomize"=
"HonorAutoRunSetting"=
"NoWelcomeScreen"=
"NoMSAppLogo5ChannelNotify"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Altiris\AClient\AClntUsr.EXE"="C:\Program Files\Altiris\AClient\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\NCH Software\ScreenStream\screenstream.exe"="C:\Program Files\NCH Software\ScreenStream\screenstream.exe:*:Enabled:screenstream"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Altiris\AClient\AClntUsr.EXE"="C:\Program Files\Altiris\AClient\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"E:\Games\Steam\steamapps\common\crayon physics deluxe demo\launcher.exe"="E:\Games\Steam\steamapps\common\crayon physics deluxe demo\launcher.exe:*:Enabled:Crayon Physics Deluxe Demo"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\lyzd\eivs.exe"="C:\Documents and Settings\lyzd\eivs.exe:*:Enabled:ENABLE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
shell\AutoRun\command - I:\ZensHDD.exe
shell\Run Startup Program\command - I:\ZensHDD.exe
shell\SHOW or HIDE autorun files\command - I:\Autorun.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c0c1b94-74fe-11de-8299-001cbf78d17f}]
shell\AutoRun\command - L:\ZensHDD.exe
shell\Run Startup Program\command - L:\ZensHDD.exe
shell\SHOW or HIDE autorun files\command - L:\Autorun.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0f17886-8ad7-11de-a921-001cbf78d17f}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0f17887-8ad7-11de-a921-001cbf78d17f}]
shell\AutoRun\command - F:\m1eqos3.exe
shell\open\command - F:\m1eqos3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4d1bd6d-7669-11de-829d-001cbf78d17f}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4d1bd6e-7669-11de-829d-001cbf78d17f}]
shell\AutoRun\command - I:\ZensUsb.exe
shell\Lock or Unlock USB\command - I:\LOCK.bat
shell\Run Startup Program\command - I:\ZensUsb.exe
shell\This Usb Belongs to Zen Ly\command - I:\README.txt


======File associations======

.js - edit -

======List of files/folders created in the last 1 months======

2009-09-07 19:34:17 ----D---- C:\rsit
2009-09-07 19:11:44 ----D---- C:\Documents and Settings\lyzd\Application Data\Malwarebytes
2009-09-07 19:11:38 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-07 19:11:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-07 06:28:29 ----D---- C:\Documents and Settings\lyzd\Application Data\Nokia
2009-09-07 06:28:21 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite
2009-09-07 06:28:20 ----D---- C:\Documents and Settings\lyzd\Application Data\PC Suite
2009-09-06 21:53:13 ----D---- C:\Program Files\Common Files\Nokia
2009-09-06 21:52:33 ----D---- C:\Program Files\DIFX
2009-09-06 21:52:19 ----D---- C:\Program Files\PC Connectivity Solution
2009-09-06 21:51:47 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
2009-09-06 21:50:20 ----D---- C:\Program Files\Nokia
2009-09-06 21:50:20 ----D---- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
2009-09-02 21:29:38 ----D---- C:\Documents and Settings\lyzd\Application Data\Desktopicon
2009-09-02 21:29:37 ----D---- C:\Program Files\Unlocker
2009-09-02 21:02:10 ----A---- C:\WINDOWS\system32\Uharc.exe
2009-09-02 21:02:10 ----A---- C:\WINDOWS\system32\reico.exe
2009-09-02 21:02:10 ----A---- C:\WINDOWS\system32\moveex.exe
2009-09-02 21:02:10 ----A---- C:\WINDOWS\system32\modifype.exe
2009-09-02 19:45:30 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-02 19:45:30 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-02 19:45:30 ----A---- C:\WINDOWS\system32\java.exe
2009-09-01 21:41:43 ----D---- C:\Program Files\VBto Converter
2009-09-01 16:20:58 ----A---- C:\WINDOWS\WirelessFTP.INI
2009-09-01 15:03:50 ----D---- C:\Documents and Settings\lyzd\Application Data\Hale_School
2009-08-31 19:26:55 ----D---- C:\Program Files\Metric Converter 2
2009-08-28 20:39:47 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-27 22:33:19 ----D---- C:\Program Files\iPod
2009-08-27 22:33:15 ----D---- C:\Program Files\iTunes
2009-08-27 22:31:02 ----D---- C:\Program Files\Apple Software Update
2009-08-27 22:28:52 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-08-26 19:10:20 ----A---- C:\WINDOWS\DATA.txt
2009-08-24 18:37:55 ----D---- C:\Program Files\Conceiva
2009-08-24 12:06:22 ----D---- C:\Program Files\Teebo Software Solutions
2009-08-17 22:41:35 ----A---- C:\WINDOWS\SWFDecompiler.INI
2009-08-17 12:12:46 ----D---- C:\Documents and Settings\lyzd\Application Data\InterVideo
2009-08-17 12:10:09 ----D---- C:\Documents and Settings\lyzd\Application Data\dvdcss
2009-08-16 21:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-16 21:50:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-16 21:50:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-16 21:50:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-16 21:49:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-16 21:49:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-16 21:49:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-16 21:49:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-16 21:49:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-16 21:49:02 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-16 20:03:55 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-11 20:17:58 ----D---- C:\Program Files\Easy GIF Animator
2009-08-11 18:56:49 ----D---- C:\Program Files\Macromedia
2009-08-11 18:56:49 ----D---- C:\Program Files\Common Files\Macromedia
2009-08-11 12:28:02 ----D---- C:\Program Files\Direct MIDI to MP3 Converter
2009-08-11 12:16:39 ----D---- C:\Program Files\Sibelius Software
2009-08-11 12:00:53 ----D---- C:\Documents and Settings\All Users\Application Data\Sibelius Software
2009-08-11 11:49:44 ----D---- C:\Documents and Settings\lyzd\Application Data\Sibelius Software
2009-08-11 11:42:34 ----D---- C:\Program Files\DotNetBar for Windows Forms
2009-08-11 11:41:49 ----D---- C:\My Documents
2009-08-11 11:25:10 ----D---- C:\WINDOWS\Minidump
2009-08-11 09:47:06 ----D---- C:\Documents and Settings\lyzd\Application Data\DassaultSystemes
2009-08-11 09:47:06 ----D---- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
2009-08-11 09:46:28 ----D---- C:\Program Files\Dassault Systemes
2009-08-11 09:31:21 ----D---- C:\Program Files\Virtual Earth 3D
2009-08-09 19:46:01 ----D---- C:\Documents and Settings\lyzd\Application Data\DivX
2009-08-09 19:38:44 ----D---- C:\WINDOWS\system32\IOSUBSYS
2009-08-09 12:12:06 ----D---- C:\Documents and Settings\lyzd\Application Data\Download Manager
2009-08-08 14:42:48 ----D---- C:\Documents and Settings\lyzd\Application Data\Talex

======List of files/folders modified in the last 1 months======

2009-09-07 19:33:53 ----AD---- C:\WINDOWS\Temp
2009-09-07 19:30:47 ----ASHD---- C:\WINDOWS\system32
2009-09-07 19:26:55 ----D---- C:\Quarantine
2009-09-07 19:19:00 ----ASHD---- C:\WINDOWS
2009-09-07 19:18:50 ----D---- C:\WINDOWS\Prefetch
2009-09-07 19:17:44 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-07 19:17:43 ----D---- C:\WINDOWS\system32\drivers
2009-09-07 19:15:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-07 19:11:37 ----RD---- C:\Program Files
2009-09-07 19:05:59 ----D---- C:\Documents and Settings\lyzd\Application Data\Free Download Manager
2009-09-07 13:54:20 ----D---- C:\WINDOWS\security
2009-09-07 06:29:39 ----HD---- C:\WINDOWS\inf
2009-09-06 21:55:35 ----SHD---- C:\WINDOWS\Installer
2009-09-06 21:53:13 ----D---- C:\Program Files\Common Files
2009-09-06 21:52:32 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-06 21:51:32 ----D---- C:\WINDOWS\WinSxS
2009-09-06 20:19:23 ----D---- C:\Documents and Settings\lyzd\Application Data\U3
2009-09-06 20:14:45 ----D---- C:\Documents and Settings\lyzd\Application Data\vlc
2009-09-03 08:28:33 ----D---- C:\Program Files\Apoint2K
2009-09-02 19:45:21 ----D---- C:\Program Files\Java
2009-09-02 10:33:07 ----A---- C:\WINDOWS\hpbafd.ini
2009-09-02 10:22:59 ----SD---- C:\Documents and Settings\lyzd\Application Data\Microsoft
2009-09-02 08:20:36 ----D---- C:\Program Files\Adobe
2009-09-01 20:13:04 ----D---- C:\WINDOWS\Help
2009-08-31 20:12:32 ----SH---- C:\boot.ini
2009-08-31 20:12:32 ----A---- C:\WINDOWS\win.ini
2009-08-31 20:12:32 ----A---- C:\WINDOWS\system.ini
2009-08-31 08:23:40 ----SD---- C:\WINDOWS\Tasks
2009-08-29 08:29:23 ----D---- C:\Program Files\Free Download Manager
2009-08-28 20:54:45 ----SHD---- C:\RECYCLER
2009-08-27 22:33:45 ----D---- C:\Documents and Settings\lyzd\Application Data\Apple Computer
2009-08-27 22:33:19 ----D---- C:\Program Files\Common Files\Apple
2009-08-27 22:33:15 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-08-25 21:26:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-24 18:37:55 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-17 19:22:02 ----D---- C:\Documents and Settings\lyzd\Application Data\Macromedia
2009-08-17 19:17:16 ----D---- C:\WINDOWS\Downloaded Installations
2009-08-16 21:50:18 ----A---- C:\WINDOWS\imsins.BAK
2009-08-16 21:50:02 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-16 21:49:44 ----D---- C:\Program Files\Outlook Express
2009-08-13 17:45:00 ----SD---- C:\WINDOWS\system32\Microsoft
2009-08-13 08:10:40 ----D---- C:\Program Files\Microsoft Silverlight
2009-08-12 23:55:27 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-08-11 18:59:00 ----D---- C:\Documents and Settings\All Users\Application Data\Macromedia
2009-08-11 12:16:43 ----RSD---- C:\WINDOWS\Fonts
2009-08-11 11:42:51 ----RSD---- C:\WINDOWS\assembly
2009-08-11 10:08:25 ----D---- C:\WINDOWS\Microsoft.Net
2009-08-09 19:38:43 ----D---- C:\Program Files\Google
2009-08-09 12:12:05 ----SD---- C:\WINDOWS\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CCDevice;CCDevice; C:\WINDOWS\system32\drivers\CCDevice.sys [2007-05-29 9216]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 mfetdik;McAfee Inc. mfetdik; C:\WINDOWS\system32\drivers\mfetdik.sys [2008-09-29 62704]
R1 TMEI3E;TMEI3E; C:\WINDOWS\System32\Drivers\TMEI3E.SYS [2004-06-16 5888]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R2 FdRedir;FdRedir; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys []
R2 FileDisk2;FileDisk Protector Kernel Driver; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys []
R2 smihlp;SMI helper driver; \??\C:\Program Files\Protector Suite QL\smihlp.sys []
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-05-08 101833]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2008-12-05 241296]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-07 5776864]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-11 35968]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2008-09-29 74648]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-09-29 90360]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-09-29 42424]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2009-07-20 27136]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-11-17 3636864]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-12-12 1083576]
R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver; C:\WINDOWS\system32\DRIVERS\TBtnKey.sys [2002-09-12 8832]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2006-05-05 28800]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 TEchoCan;Toshiba Audio Effect; C:\WINDOWS\system32\DRIVERS\TEchoCan.sys [2005-12-26 595072]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-06-28 45952]
R3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-07-04 112128]
R3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-03-16 37632]
R3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]
R3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-05-29 60672]
R3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-06-26 40064]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 WacomPen;Wacom Serial Pen HID Driver; C:\WINDOWS\system32\DRIVERS\wacompen.sys [2008-04-14 14208]
S3 AlKernel;Altiris Kernel Driver; C:\WINDOWS\System32\Drivers\AlKernel.sys [2009-09-07 2401]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys []
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2008-09-29 64432]
S3 NETw3x32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-09-26 1709696]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2006-03-15 52864]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-04 1428096]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AClient;Altiris Client Service; C:\Program Files\Altiris\AClient\AClient.exe [2009-03-30 5365836]
R2 AeXNSClient;Altiris Agent; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [2008-05-12 1523712]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 CarbonCopy32;Altiris Carbon Copy; C:\WINDOWS\system32\ccsrvc.exe [2007-05-29 49152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 McAfeeEngineService;McAfee Engine Service; C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2008-11-10 103744]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2008-09-29 143088]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2008-09-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\WINDOWS\system32\mfevtps.exe [2008-09-29 67904]
R2 Thpsrv;TOSHIBA HDD Protection; C:\WINDOWS\system32\ThpSrv.exe [2005-12-20 176128]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\WINDOWS\system32\TODDSrv.exe [2006-05-25 114688]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-08-11 644096]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 FlingService;Fling File Transfer; C:\Program Files\NCH Software\Fling\fling.exe [2009-07-20 536580]
S4 gupdate1ca046ca279b146;Google Update Service (gupdate1ca046ca279b146); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-14 133104]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-21 136120]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S4 IVMService;IVM Answering Attendant; C:\Program Files\NCH Swift Sound\IVM\ivm.exe [2009-07-20 1159172]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S4 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-10 40999448]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]
S4 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
S4 Tmesrv;Tmesrv3; C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe [2005-12-14 126976]
S4 USBDLM;USBDLM; C:\Program Files\USBDLM\USBDLM.exe [2007-09-04 139264]
S4 VRSService;VRS Recording System; C:\Program Files\NCH Swift Sound\VRS\vrs.exe [2009-07-20 794628]
S4 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------
luckyguy457321
Regular Member
 
Posts: 56
Joined: September 2nd, 2009, 10:16 am
Location: Perth,Western Australia

Re: Advertisement Virus

Unread postby luckyguy457321 » September 7th, 2009, 7:37 am

RSIT Info

info.txt logfile of random's system information tool 1.06 2009-09-07 19:34:30

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall
-->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {DFFBA095-230A-4FE7-998C-75479A662550}
-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {DFFBA095-230A-4FE7-998C-75479A662550}
-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {DFFBA095-230A-4FE7-998C-75479A662550}
-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {DFFBA095-230A-4FE7-998C-75479A662550}
-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {DFFBA095-230A-4FE7-998C-75479A662550}
-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {DFFBA095-230A-4FE7-998C-75479A662550}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
3DVIA Shape for Maps-->MsiExec.exe /X{3C74D5C3-EBB9-408E-972F-B9802F13D5E4}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.2-->MsiExec.exe /X{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe® Photoshop® Album Starter Edition 3.0.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Altiris Carbon Copy Solution Agent -->MsiExec.exe /X{332454D8-73B0-4b4a-954C-D96089CD898A}
Altiris Carbon Copy Solution Agent 6.2-->MsiExec.exe /x {332454D8-73B0-4b4a-954C-D96089CD898A} /qf
Altiris Software Delivery Solution Agent-->MsiExec.exe /X{A0A1EB01-A6FD-423A-8480-364055A7C961}
Alt-Tab Task Switcher Powertoy for Windows XP-->MsiExec.exe /X{A7050037-F0EA-4BAB-BCD5-FC05507D6147}
Apple Bonjour Service-->MsiExec.exe /X{07287123-B8AC-41CE-8346-3D777245C35B}
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple QuickTime v7.62.14-->MsiExec.exe /X{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArtRage 2.5-->MsiExec.exe /X{13CB54D3-A7C9-4B23-89A4-6331368AFD30}
AudioGrabber-->MsiExec.exe /X{0F3ADFE2-02A0-4720-8893-9D634322F09C}
Autograph 3-->MsiExec.exe /X{AA2C8973-5BED-4988-936A-4B91A26655D7}
Bing Maps 3D-->MsiExec.exe /I{2D87E961-577B-492B-AD54-1368680FB9A7}
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bryce v5.5c (Free)-->MsiExec.exe /X{732341EB-5D7F-4D46-8F9B-ED60C27D561B}
C4F Developer Kit 2008-->MsiExec.exe /X{2B668D76-0B57-4794-A433-07F0D881717A}
Calculator for Tablet PC-->MsiExec.exe /X{2175F2B1-E91A-4FA8-98B4-1558D2E09A53}
Calculator Powertoy for Windows XP-->MsiExec.exe /X{B37C842A-B624-46B8-A727-654E72F1C91A}
Camtasia Studio 3-->C:\Program Files\TechSmith\Camtasia Studio 3\CSuninst.EXE
Canon Digital Camera USB WIA Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\DC USB WIA\Uninst.isu" -c"C:\Program Files\Canon\DC USB WIA\SetupWia.dll"
Canon LASER SHOT LBP-1120-->C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3UNIK.EXE
CDBurnerXP v4.2.4.1351-->MsiExec.exe /X{5932A5C4-BB44-4CFB-AD66-1B826F4D788B}
CorelDRAW Graphics Suite X3-->MsiExec.exe /X{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dassault Systemes Software Prerequisites x86-->MsiExec.exe /X{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}
DAZ Studio v3.0-->MsiExec.exe /X{798ABCA7-F411-4BB2-89EA-EE9631CF7BAC}
Dictionary Tool for Tablet PC-->MsiExec.exe /X{38F05DF0-0094-4FF7-A9BA-BCBF410A513B}
Direct MIDI to MP3 Converter version 6.1.0.32-->"C:\Program Files\Direct MIDI to MP3 Converter\unins000.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DotNetBar for Windows Forms-->MsiExec.exe /X{5D6110FA-F3B0-41B8-BC06-181BEF93D6FE}
Easy GIF Animator 4.9-->"C:\Program Files\Easy GIF Animator\unins000.exe"
EN-->MsiExec.exe /I{32A72502-BC2C-4C39-ACEA-BC3D463F0697}
Essentials of Music Theory (Version 2)-->MsiExec.exe /X{A328F316-6623-46A9-9C3F-855C8428310C}
eText TypeSmart 3.3-->MsiExec.exe /X{ACEA0A06-7578-4D9A-98DE-C10ED21A09B2}
Express Burn-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Express Dictate-->C:\Program Files\NCH Swift Sound\Express\uninst.exe
Express Rip-->C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
Express Talk-->C:\Program Files\NCH Swift Sound\Talk\uninst.exe
Extended Desktop for Tablet PC-->MsiExec.exe /X{61F14CBA-A872-4D39-B765-8EABC31B6E40}
FastFox-->C:\Program Files\NCH Swift Sound\FastFox\uninst.exe
Finale Notepad 2008-->MsiExec.exe /X{69164446-8CB7-4181-8021-D829D1C4FDEB}
Fling File Transfer-->C:\Program Files\NCH Software\Fling\uninst.exe
FontNav-->MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
Free Download Manager 3.0-->"C:\Program Files\Free Download Manager\unins000.exe"
Free NaturalReader v9.0-->MsiExec.exe /X{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}
FX Draw v3-->MsiExec.exe /X{7D9BD132-2159-4FA1-B2A7-ED539EA812CD}
GCFScape 1.7.3-->"C:\Program Files\GCFScape\unins000.exe"
Golden Records Vinyl to CD Converter-->C:\Program Files\NCH Swift Sound\Golden\uninst.exe
Google Chrome-->"C:\Program Files\Google\Chrome\Application\2.0.172.43\Installer\setup.exe" --uninstall --system-level
Google Earth v5.0-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Handwriting Analysis Tool for Tablet PC-->MsiExec.exe /X{A19443D4-4D1C-427A-90D0-18BC8A44AA48}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"Z:\A_My_Stuff\Downloads\HijackThis.exe" /uninstall
Hold Tool for Tablet PC-->MsiExec.exe /X{4F8B9A2E-E140-46CA-8BBC-E6D0AA7B6447}
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)-->C:\WINDOWS\system32\msiexec.exe /package {A4418082-E601-3954-805B-D56A2B50EC8B} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)-->C:\WINDOWS\system32\msiexec.exe /package {A4418082-E601-3954-805B-D56A2B50EC8B} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)-->C:\WINDOWS\system32\msiexec.exe /package {A4418082-E601-3954-805B-D56A2B50EC8B} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)-->C:\WINDOWS\system32\msiexec.exe /package {A4418082-E601-3954-805B-D56A2B50EC8B} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)-->C:\WINDOWS\system32\msiexec.exe /package {A4418082-E601-3954-805B-D56A2B50EC8B} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB945282)-->C:\WINDOWS\system32\msiexec.exe /package {C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946040)-->C:\WINDOWS\system32\msiexec.exe /package {C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946308)-->C:\WINDOWS\system32\msiexec.exe /package {C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946344)-->C:\WINDOWS\system32\msiexec.exe /package {C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946581)-->C:\WINDOWS\system32\msiexec.exe /package {C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947540)-->C:\WINDOWS\system32\msiexec.exe /package {C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947789)-->C:\WINDOWS\system32\msiexec.exe /package {C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB951708)-->C:\WINDOWS\system32\msiexec.exe /package {C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Office (KB950278)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {FED55BA1-5A70-44B4-8EB1-E72274AED780}
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
HTML Slideshow Powertoy for Windows XP-->MsiExec.exe /X{4E475FD4-4513-4B1D-8DDA-43912B068C99}
Image Resizer Powertoy for Windows XP-->MsiExec.exe /X{1CB92574-96F2-467B-B793-5CEB35C40C29}
Ink Art 1.3-->MsiExec.exe /X{1FBEE61B-F90E-4EE3-AE94-FCB8BD6EC443}
Inspiration 8 IE-->MsiExec.exe /X{B26372AC-72F1-434B-BBBD-BB5A0C3835B4}
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Internet Explorer-->MsiExec.exe /I{C9B643B4-FB78-4268-9168-C839BC5E693D}
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
IVM Answering Attendant-->C:\Program Files\NCH Swift Sound\IVM\uninst.exe
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Learning Essentials for Microsoft Office-->MsiExec.exe /X{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}
Lightbox 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94758FCF-0844-4543-B1A6-0CDFDED9E58E}\Setup.exe" -l0x9 Version100
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Agent-->MsiExec.exe /X{36FE3EDA-0C18-48DE-934B-D9862F82A7A8}
McAfee VirusScan Enterprise-->MsiExec.exe /X{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}
Meo Encryption Software-->C:\Program Files\NCH Software\Meo\uninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Education Pack for Tablet PC-->MsiExec.exe /X{40FFC202-F842-44C7-ACBE-8B0EA690B1A3}
Microsoft Ink Crossword-->MsiExec.exe /X{1759CACC-6CF9-4C3C-92C5-39668679AB17}
Microsoft Ink Desktop-->MsiExec.exe /X{0759CACC-6CF9-4C3C-92C5-39668679AB16}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Math-->MsiExec.exe /X{07043840-959A-4B0D-8825-2C533F0DDB19}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ONENOTE /dll OSETUP.DLL
Microsoft Office OneNote 2007-->MsiExec.exe /X{90120000-00A1-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visual Web Developer 2007-->MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (English) 2007-->MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Physics Illustrator for Tablet PC-->MsiExec.exe /X{49690597-1A6D-4E44-9060-DBDAFD2607C6}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Snipping Tool 2.0-->MsiExec.exe /X{09F5B438-2C8D-45CF-BB6D-8E156E5852C2}
Microsoft Speech SDK 5.1-->MsiExec.exe /I{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}
Microsoft SQL Server 2008 Browser-->MsiExec.exe /X{C688457E-03FD-4941-923B-A27F4D42A7DD}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{4A6F34E2-09E5-4616-B227-4A26A488A6F9}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{4815BD99-96A4-49FE-A885-DCF06E9E4E78}
Microsoft SQL Server 2008 Setup Support Files (English)-->MsiExec.exe /X{9D6D76A6-4328-49E8-97A7-531A74841DA5}
Microsoft SQL Server 2008-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /x86
Microsoft SQL Server 2008-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /X86
Microsoft SQL Server Compact 3.5 SP1 Design Tools English-->MsiExec.exe /X{0C19D563-5F25-4621-BF10-01F741BD283F}
Microsoft SQL Server Database Publishing Wizard 1.3-->MsiExec.exe /I{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}
Microsoft Student with Encarta Premium 2008-->MsiExec.exe /X{08041881-FCA5-44A7-B863-D66037A16AAF}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition with SP1 - ENU\setup.exe
Microsoft Visual C# 2008 Express Edition with SP1 - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual C# 2008 Express Edition with SP1 - ENU\setup.exe
Microsoft Visual C# 2008 Express Edition with SP1 - ENU-->MsiExec.exe /X{A4418082-E601-3954-805B-D56A2B50EC8B}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual C++ 2008 Express Edition with SP1 - ENU\setup.exe
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Visual C++ 8.0 Support DLLs-->MsiExec.exe /X{342F5437-C87D-4BB5-89B9-B23E16C6A395}
Microsoft Visual Studio Web Authoring Component-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU\setup.exe
Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU-->MsiExec.exe /X{C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu-->MsiExec.exe /X{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu-->MsiExec.exe /X{15EFEBF6-E414-33EB-8710-A04AD1302BF8}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32-->MsiExec.exe /X{044F9133-B8D7-4d11-BF39-803FA20F5C8B}
MixPad-->C:\Program Files\NCH Swift Sound\MixPad\uninst.exe
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSVC90_x86-->MsiExec.exe /I{218D629E-8D06-4B23-A238-EB869770B6CC}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
My Font Tool for Tablet PC-->MsiExec.exe /X{2782822A-FC21-41A3-8D12-FA4F131A7A8A}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296}
Nokia Ovi Suite Software Updater-->MsiExec.exe /X{99E7B577-E96A-4EC7-BDB8-E9184A2FA827}
Nokia Ovi Suite-->C:\Documents and Settings\All Users\Application Data\OviInstallerCache\{F8A2B78E-92D7-43B8-8476-79F2EC15429D}\Nokia_Ovi_Suite_0_4_122_0_ALL_web.exe
NVU Webpage Editor-->MsiExec.exe /X{9F93DFF6-4266-4F30-BAF7-53C658BDB9EC}
OfficeMDI Tabs 1.1-->"C:\Program Files\Teebo Software Solutions\Demo\OfficeMDI Tabs 1.1\unins000.exe"
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}
Ovi Desktop Sync Engine-->MsiExec.exe /X{090CDA6A-8267-41B1-9C94-DD0360D34205}
OviMPlatform-->MsiExec.exe /I{4E941585-35EF-4B8A-A0A5-0959F14BD526}
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
Peanut WinGeom v2008-->MsiExec.exe /X{7DC25C1E-6A61-4312-A502-8421C565B5FE}
PFConfig 1.0.238-->C:\Program Files\PFConfig\uninst.exe
Photo Story 3 for Windows-->MsiExec.exe /X{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Power Paint Tool for Tablet PC-->MsiExec.exe /X{4023F044-5120-4372-BCE4-0E226BAD3FAF}
Printer Install (Art Mono)-->MsiExec.exe /X{3B9E79C9-DFC6-4737-9A9B-CAE5D5D27B02}
Printer Install (B1)-->MsiExec.exe /X{4EC51FDF-19FF-4865-A9B5-B26E97E950A1}
Printer Install (B2)-->MsiExec.exe /X{A4423B49-755B-452F-80D8-3688CD289F06}
Printer Install (B3)-->MsiExec.exe /X{6C62089A-D083-482F-BF2D-707EC6686EB8}
Printer Install (B4)-->MsiExec.exe /X{663B7E88-1EDE-4E78-83EC-15900BBCA4DF}
Printer Install (B5)-->MsiExec.exe /X{1CFBA2ED-70A2-4037-9EA8-0E21E1EDA3D6}
Printer Install (Biology_n6)-->MsiExec.exe /X{5B2FB98A-253A-422A-8D8D-AC81A2FF803F}
Printer Install (Chem Lab)-->MsiExec.exe /X{552F341F-29A8-4C8A-9C46-5988EBF2C246}
Printer Install (Commerce_Office)-->MsiExec.exe /X{B7288D89-C340-4055-BAC2-FB1459FFAC0E}
Printer Install (DS2)-->MsiExec.exe /X{B2FC3A0B-7C4F-42DF-A276-7370CE2A0A1D}
Printer Install (DT Green Room)-->MsiExec.exe /X{7B23689F-E4DA-4FDC-AC3B-9564234903BE}
Printer Install (DT Orange Room)-->MsiExec.exe /X{94FD8AA4-DC6A-40C5-B041-E31003CE19D0}
Printer Install (DT Systems)-->MsiExec.exe /X{A5A0ED6C-91CE-40B5-BB8B-6A7B91F85D79}
Printer Install (English L5)-->MsiExec.exe /X{8542FE3B-2CB0-4216-9DC7-ECA5F058A0FA}
Printer Install (Gym Office)-->MsiExec.exe /X{BD33C4CA-502D-4B3F-BCA4-FE95C045D203}
Printer Install (Mad MT1)-->MsiExec.exe /X{AD7B8631-1940-49F5-9BD2-A3411B65FD52}
Printer Install (Math N2)-->MsiExec.exe /X{ADD2E408-CA95-474C-B79D-B8C7FC6ABE04}
Printer Install (Math Office)-->MsiExec.exe /X{72771148-54FF-45FA-8F30-45215DB8FBF6}
Printer Install (MultiMedia Mono)-->MsiExec.exe /X{2E1995BE-73C0-4A60-943D-DC08878E4905}
Printer Install (Physics S6)-->MsiExec.exe /X{8AC1EA0F-5CA0-40EB-B1D1-C722AE3955B7}
Printer Install (Senior Boarding Faulkner)-->MsiExec.exe /X{BA141B12-4402-4876-B34B-AF5546AAB0DD}
Printer Install (Stowe Office)-->MsiExec.exe /X{685B6B9D-C193-476E-892C-A1A58E2EDEDA}
PTC ProDESKTOP 8.0 SP2-->MsiExec.exe /X{A4C4EAEC-5751-11D6-8E4E-009027AA4188}
RecordPad Sound Recorder-->C:\Program Files\NCH Swift Sound\Recordpad\uninst.exe
ScreenStream-->C:\Program Files\NCH Software\ScreenStream\uninst.exe
SD Secure Module-->MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-00A1-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sib Icon Editor-->"C:\Program Files\Sib Icon Editor\uninstall.exe"
Sibelius 5 Student-->MsiExec.exe /X{3DF497D8-C37F-4BFF-B8A3-DA6D6E967EC9}
Sibelius Scorch (all browsers)-->MsiExec.exe /I{80F6A672-C39B-41CE-8AF5-A9C2FA8C2B72}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\SETUP.exe" -l0x9 -remove -removeonly
Slideshow Generator Powertoy for Windows XP-->MsiExec.exe /X{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}
SoundTap Streaming Audio Recorder-->C:\Program Files\NCH Swift Sound\SoundTap\uninst.exe
Sql Server Customer Experience Improvement Program-->MsiExec.exe /I{C965F01C-76EA-4BD7-973E-46236AE312D7}
SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Tablet PC Composition Tool-->MsiExec.exe /X{A973170F-E401-4498-BED0-A541C439885F}
Tablet PC Tutorials for Microsoft Windows XP SP2-->MsiExec.exe /X{0CAD092C-5D1E-48AD-A845-E1EBA9AF1AF8}
Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E18E644D-4FC1-4E7F-87B7-A0288A14A322} /l1033
Thumbnail View-->MsiExec.exe /X{7049A7F0-6AD3-4233-A520-90F9C1BEE0D1}
TortoiseSVN 1.5.7.15182 (32 bit)-->MsiExec.exe /X{27968397-2FC3-4D79-BD5D-E6AC44A263FE}
TOSHIBA Accelerometer Utilities-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Acceleration Utilities\Uninst.isu" -c"C:\Program Files\TOSHIBA\Acceleration Utilities\SETUPSUB.dll"
TOSHIBA Controls-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\SETUP.EXE" -l0x9 UNINSTALL
TOSHIBA Disc Creator-->MsiExec.exe /I{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA Display Devices Change Utility-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TDspBtn.inf,DefaultUninstall,5
TOSHIBA HDD Protection-->MsiExec.exe /X{94A90C69-71C1-470A-88F5-AA47ECC96B40}
TOSHIBA Hotkey Utility for Display Devices-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5
TOSHIBA Mic Effect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0577A2AA-DEA0-4D40-8372-4211102D43E4}\SETUP.EXE"
TOSHIBA Mobile Extension3 for Windows XP V3.78.00.XP-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TME3\Uninst.isu" -c"C:\Program Files\TOSHIBA\TME3\uninstx.dll"
TOSHIBA Power Saver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
TOSHIBA Rotation Utility-->MsiExec.exe /X{B7F4B477-8EA3-4028-B458-2AE5E4A9D853}
TOSHIBA SD Memory Card Format-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\SETUP.EXE"
TOSHIBA Security Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}\SETUP.EXE" -l0x9 -removeonly
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA TouchPad On/Off Utility V2.05.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24300A63-DD78-4AA5-A914-4D582C41D33A}\SETUP.EXE" -uninst
TOSHIBA Utilities-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{56190F69-01D3-46CA-9861-43377C5E9B87} /l1033
TOSHIBA Zooming Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\SETUP.EXE"
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-00A1-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Microsoft Visual Studio Web Authoring Component (KB945140)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {F9DE79A2-9049-4589-9787-815147371581}
Update for Outlook 2007 Junk Email Filter (kb972691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AA020E6E-E2FB-45EF-B732-2400E2296742}
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
USB drive letter manager-->MsiExec.exe /X{C256573D-B3CE-4256-BEA2-217C8B211DD5}
VBA-->MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Veoh Video Compass-->C:\Program Files\Veoh Networks\Veoh Video Compass\uninst.exe
Veoh Web Player-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
VirtualDUB v1.8.8-->MsiExec.exe /X{56D244B2-3275-43D3-9364-C90488C4AE62}
VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VRS Recording System-->C:\Program Files\NCH Swift Sound\VRS\uninst.exe
WavePad Sound Editor-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Defender-->MsiExec.exe /X{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinDVD for TOSHIBA-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
Wireless Hotkey-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7862BAD8-A379-4128-8AA1-EFD5A9603C53}\SETUP.EXE" -l0x9
Writing Practice Tool For Tablet PC-->MsiExec.exe /X{8D7D72F7-4557-420B-9D1D-CF70CF2D2924}
XviD (MPEG-4 CODEC) v1.2.1a-->MsiExec.exe /X{B2ACEEB6-EB7C-4669-AAE0-90473F9BDCB0}
Yenka-->MsiExec.exe /X{91EEE513-A1F0-4F04-A9F6-33DBC294DD93}
Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}

======Security center information======

AV: McAfee VirusScan Enterprise

======System event log======

Computer Name: M405MASTER-09B
Event Code: 16
Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Record Number: 27
Source Name: Windows Update Agent
Time Written: 20090708180843.000000+480
Event Type: error
User:

Computer Name: M405MASTER-09B
Event Code: 2505
Message: The server could not bind to the transport \Device\NetBT_Tcpip_{E5907998-BBC0-4CFF-B01D-7376EE353425} because another computer on the network has the same name. The server could not start.

Record Number: 16
Source Name: Server
Time Written: 20090708180745.000000+480
Event Type: error
User:

Computer Name: M405MASTER-09B
Event Code: 4321
Message: The name "M405MASTER-09B :20" could not be registered on the Interface with IP address 192.168.4.2.
The machine with the IP address 192.168.1.231 did not allow the name to be claimed by
this machine.

Record Number: 15
Source Name: NetBT
Time Written: 20090708180745.000000+480
Event Type: error
User:

Computer Name: M405MASTER-09B
Event Code: 3033
Message: The redirector was unable to register the address for transport NetBT_Tcpip_{E5907998-BBC0-4CFF-B0 for the following reason: . Transport has been taken offline.

Record Number: 13
Source Name: MRxSmb
Time Written: 20090708180744.000000+480
Event Type: warning
User:

Computer Name: M405MASTER-09B
Event Code: 4321
Message: The name "M405MASTER-09B :0" could not be registered on the Interface with IP address 192.168.4.2.
The machine with the IP address 192.168.1.231 did not allow the name to be claimed by
this machine.

Record Number: 12
Source Name: NetBT
Time Written: 20090708180744.000000+480
Event Type: error
User:

=====Application event log=====

Computer Name: ST13LYZD
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 16
Source Name: crypt32
Time Written: 20090708181131.000000+480
Event Type: error
User:

Computer Name: ST13LYZD
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: 407 (HTTP Response Status)

Record Number: 15
Source Name: crypt32
Time Written: 20090708181127.000000+480
Event Type: error
User:

Computer Name: M405MASTER-09B
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 9
Source Name: crypt32
Time Written: 20090708180804.000000+480
Event Type: error
User:

Computer Name: M405MASTER-09B
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 8
Source Name: crypt32
Time Written: 20090708180804.000000+480
Event Type: error
User:

Computer Name: M405MASTER-09B
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: 407 (HTTP Response Status)

Record Number: 7
Source Name: crypt32
Time Written: 20090708180801.000000+480
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\Lhsp;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files\TortoiseSVN\bin
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f02
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"DEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"VSEDEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"CLASSPATH"=.;C:\_QT\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\_QT\Program Files\QuickTime\QTSystem\QTJava.zip
"VS90COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\

-----------------EOF-----------------
luckyguy457321
Regular Member
 
Posts: 56
Joined: September 2nd, 2009, 10:16 am
Location: Perth,Western Australia

Re: Advertisement Virus

Unread postby luckyguy457321 » September 7th, 2009, 7:39 am

For some strange reason windows Defender fails to start and has this error each time it loads up

Thank you for all your help!
I really appreciate it

Regards
luckyguy457321
luckyguy457321
Regular Member
 
Posts: 56
Joined: September 2nd, 2009, 10:16 am
Location: Perth,Western Australia

Re: Advertisement Virus

Unread postby askey127 » September 7th, 2009, 8:16 am

Thanks.
We'll look at it later. Don't try to restart it yet.
I have a lot to look at. Be back later in the day.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Advertisement Virus

Unread postby askey127 » September 7th, 2009, 10:41 am

luckyguy457321,
-----------------------------------------------------------
Unfortunately, you have a very dangerous infection, with "backdoor" capabilities.
This can give remote intruders complete control of your computer, which can include logging key strokes, stealing information, etc.
The SAFEST advice is to do the following :
  • Call your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change *ALL* of your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
  • Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.
Because of the infection's backdoor functionality(i.e., remote control capability), the basic security of your PC is very likely compromised, and there is no way to be sure it can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action is to reformat the hard drive and reinstall the Windows Operating System. The reason for this is that the infection can make undetectable changes to your security settings, which may enable a re-installation of the infection after the machine is "cleaned". (This infection can, in effect, leave a "cellar door" unlocked so it can come back later and gain entry).

These infections are serious enough that removing them without damaging the Windows System is no sure thing. This is your choice to make.
The following articles may be of assistance in your decision: Should you have any questions, please feel free to ask.

If you read the above, and still decide you want to proceed with cleaning it, please do as follows:
--------------------------------------------------
OK on the information about TFC. Just delete it from your desktop.
--------------------------------------------------
If the F: drive on your machine is for a flash drive, one of your flash drives may have a file on it named m1eqos3.exe
If you can locate that flash drive, or the F: drive otherwise, please delete that file.
--------------------------------------------------
Run Flash Disinfector
  • Please download Flash_Disinfector and save it to your desktop.
  • Double click to run it.
  • You will be prompted to plug in your flash drive. Plug it in.
  • Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
  • When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
  • Click on File > New Task > Run... Type in explorer.exe and press Enter. Your desktop should now appear.
Wait until it has finished scanning and then exit the program.

You can run Flash Disinfector with other flash drives and/or other removable drives. This may include your mobile phone.
Please do so and allow the utility to clean up those drives as well.
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
Please disable all your antivirus software, firewalls, and antispyware software BEFORE running ComboFix!!
If you don't know how to disable your antivirus, stop and ask
  • Download ComboFix from here and save it to your desktop
  • Disable ALL antivirus/antimalware programs before proceeding!
  • Now start ComboFix
  • The tool will check whether the Recovery Console is present on your system. If it is not, ComboFix will prompt you whether you would like to install it.
  • If it is not, make sure you are connected to the internet as ComboFix needs to download a file. When you are connected to the internet, click Yes and follow the prompts. When asked whether to continue scanning or to exit, click Yes to continue scanning (no need to disconnect from the internet as ComboFix breaks your internet connection for you).
  • Do not touch the computer AT ALL while ComboFix is running!
  • When finished, the report will open. Reenable your protection software and post the log in your next reply
A copy is located here -> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

askey127

This sort of thing should work to disable McAfee if you need it :
DISABLE MCAFEE SECURITY CENTER
Please navigate to the system tray and double-click the taskbar icon to open Security Center.
  • Click Advanced Menu (bottom mid-left).
  • Click Configure (left).
  • Click Computer & Files (top left).
  • VirusScan can be disabled in the right-hand module and set when it should resume or you can do that manually later on.
  • Do the same via Internet & Network for Firewall Plus.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Advertisement Virus

Unread postby luckyguy457321 » September 7th, 2009, 8:41 pm

I can't disable the McAfee centre
When i double click it comes up with the on access scan status
right click will not work either

It says that the flash disinfector is not a valid win 32 application

The m1eqos3.exe has been removed by McAfee

I think i'm going to reinstall windows

What do you suggest

Also i'm only going to reimage the C: Drive and not the Z: Drive so are they any viruses on the Z: Drive?
luckyguy457321
Regular Member
 
Posts: 56
Joined: September 2nd, 2009, 10:16 am
Location: Perth,Western Australia

Re: Advertisement Virus

Unread postby askey127 » September 13th, 2009, 7:08 am

This topic is now closed. If you wish it to be reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.
Please do not contact us to reopen this topic if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 289 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware