Inactive [InActive] My computer is Infectred : I THINK !

Hi

My computer is infected i think and i download RIST.EXE and here are my log.txt and info.txt attached.

Thanks
Zeeshan

 

Logfile of random's system information tool 1.04 (written by random/random)
Run by Zeeshan at 2008-11-15 18:29:47
Microsoft Windows XP Professional Service Pack 2
System drive C: has 16 GB (43%) free of 38 GB
Total RAM: 1013 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:29:54 PM, on 11/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
E:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\n\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\n\Desktop\Downloads\RSIT.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Zeeshan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.116.0.1:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: VS_IEHlprObj Class - {829CAB51-A4EA-4a15-87B6-4B7D0747939C} - C:\Program Files\Network Associates\VirusScan\bho.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BitAccelerator module - {92860A02-4D69-48c1-82D7-EF6B2C609502} - C:\Program Files\BitAccelerator\BitAccelerator.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe "
O4 - HKLM\..\Run: [iKeyWorks] e:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe "
O4 - HKLM\..\Run: [Prefs] D:\PROGRA~1\oDesk\oDeskLaunch.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\n\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9524 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{829CAB51-A4EA-4a15-87B6-4B7D0747939C}]
VS_IEHlprObj Class - C:\Program Files\Network Associates\VirusScan\bho.dll [2004-05-27 19456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92860A02-4D69-48c1-82D7-EF6B2C609502}]
BitAccelerator Class - C:\Program Files\BitAccelerator\BitAccelerator.dll [2007-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "=C:\WINDOWS\system32\igfxtray.exe [2005-04-06 94208]
"HotKeysCmds "=C:\WINDOWS\system32\hkcmd.exe [2005-04-06 77824]
"Persistence "=C:\WINDOWS\system32\igfxpers.exe [2005-04-06 114688]
"RTHDCPL "=C:\WINDOWS\RTHDCPL.EXE [2007-03-13 16116224]
"SkyTel "=SkyTel.EXE []
"Alcmtr "=ALCMTR.EXE []
"AGRSMMSG "=C:\WINDOWS\AGRSMMSG.exe [2005-06-30 88203]
"LtMoh "=C:\Program Files\ltmoh\Ltmoh.exe [2005-05-18 188416]
"ShStatEXE "=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-05-27 90112]
"McAfeeUpdaterUI "=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2004-05-21 135224]
"Network Associates Error Reporting Service "=C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe [2003-10-07 147514]
" "= []
"iKeyWorks "=e:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe [2006-09-07 65536]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"iTunesHelper "=E:\Program Files\iTunes\iTunesHelper.exe [2007-09-07 267064]
"PCSuiteTrayApplication "=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-06-15 229376]
"Sony Ericsson PC Suite "=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"Acrobat Assistant 8.0 "=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]
"Prefs "=D:\PROGRA~1\oDesk\oDeskLaunch.exe [2008-06-21 357856]
"WinampAgent "=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
"Aim6 "= []
"H/PC Connection Agent "=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"Skype "=C:\Program Files\Skype\Phone\Skype.exe [2008-05-30 21718312]
"Google Update "=C:\Documents and Settings\n\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 133104]
"Orb "=C:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-04-01 507904]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-04-06 131072]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\MSN Messenger\msnmsgr.exe "= "C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\Program Files\MSN Messenger\livecall.exe "= "C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "
"E:\Program Files\iTunes\iTunes.exe "= "E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
"C:\Program Files\Yahoo!\Messenger\YServer.exe "= "C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"C:\Program Files\AIM6\aim6.exe "= "C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM "
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe "= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe "= "C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe "= "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "
"C:\Program Files\WinSCP\WinSCP.exe "= "C:\Program Files\WinSCP\WinSCP.exe:*:Enabled:Windows SFTP, FTP and SCP client "
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe "= "C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*isabled:Framework Service "
"C:\Program Files\Winamp Remote\bin\Orb.exe "= "C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb "
"C:\Program Files\Winamp Remote\bin\OrbTray.exe "= "C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray "
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe "= "C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client "
"C:\Program Files\Skype\Phone\Skype.exe "= "C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\MSN Messenger\msnmsgr.exe "= "C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\Program Files\MSN Messenger\livecall.exe "= "C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe "= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe "= "C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe "= "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - K:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
shell\AutoRun\command - M:\WD_Windows_Tools\Setup.exe


======File associations======

.js - edit - "D:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1 "
.js - open -

======List of files/folders created in the last 3 months======

2008-11-15 18:29:47 ----D---- C:\rsit
2008-11-12 21:29:14 ----SHD---- C:\FOUND.028
2008-11-10 13:24:22 ----D---- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-11-10 13:24:18 ----D---- C:\Program Files\Winamp Remote
2008-11-10 13:23:20 ----D---- C:\WINDOWS\RegisteredPackages
2008-11-10 13:05:49 ----D---- C:\Program Files\Winamp
2008-11-10 13:05:49 ----D---- C:\Documents and Settings\n\Application Data\Winamp
2008-11-06 23:58:46 ----D---- C:\Documents and Settings\n\Application Data\yoclient
2008-10-26 00:26:37 ----D---- C:\Documents and Settings\n\Application Data\Viewpoint
2008-10-24 21:05:59 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-24 21:05:59 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-24 21:05:59 ----A---- C:\WINDOWS\system32\java.exe
2008-10-20 22:16:07 ----D---- C:\Program Files\ClearAllHistory
2008-09-29 19:49:42 ----SHD---- C:\FOUND.027
2008-09-15 06:49:12 ----D---- C:\Program Files\OpenTTD
2008-09-13 16:35:32 ----N---- C:\WINDOWS\UniFISH.exe
2008-09-13 15:11:43 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-09-13 15:11:41 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-09-13 15:11:41 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-09-13 15:11:40 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-09-13 15:11:38 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-09-13 15:11:38 ----A---- C:\WINDOWS\system32\x3daudio1_2.dll
2008-09-13 15:11:35 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-09-13 15:11:35 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-09-13 15:11:33 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-09-13 15:11:31 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-09-13 15:11:29 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-09-13 15:11:25 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-09-13 15:11:25 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-09-13 15:11:19 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-09-13 15:11:18 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-09-13 15:11:17 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-09-13 15:11:17 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-09-13 15:11:16 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-09-13 15:11:16 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-09-13 15:11:16 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-09-13 15:11:15 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-09-13 15:11:15 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-09-13 15:11:14 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-09-13 15:11:14 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-09-13 15:11:13 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-09-13 15:11:13 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-09-13 15:11:11 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-09-13 15:11:11 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-09-13 15:11:11 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-09-13 15:11:10 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-09-13 15:11:09 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-09-13 15:11:09 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-09-13 15:11:08 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-09-13 15:11:07 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-09-13 15:11:04 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-09-07 23:13:29 ----D---- C:\Program Files\DivX
2008-08-31 22:44:36 ----D---- C:\Program Files\The Logo Creator v5
2008-08-31 22:42:40 ----A---- C:\WINDOWS\unvise32.exe
2008-08-31 22:42:26 ----D---- C:\Program Files\The Logo Creator v4

======List of files/folders modified in the last 3 months======

2008-11-15 08:03:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-08-20 14:26:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-05-27 55520]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-06-30 1094848]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-03-13 165760]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-06 830684]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-13 4474368]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2004-05-27 105664]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2007-11-09 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2007-11-09 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2007-11-09 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2007-11-09 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2007-11-09 79488]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2006-05-29 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-05-29 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-05-29 127488]
S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2006-05-29 13312]
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-04-04 35712]
S3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\sthda.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2004-05-21 102463]
R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\Mcshield.exe [2004-05-27 221191]
R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe [2004-05-27 27648]
R2 MSFtpsvc;FTP Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt --defaults-file=C:\Program Files\MySQL\MySQL Server 5.0\my.ini MySQL []
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2004-08-04 32768]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-05 24652]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-12-22 654848]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-09-07 503608]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-09-10 72704]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2005-07-25 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2004-08-04 8704]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

 

Now it is info.txt
-----------------

info.txt logfile of random's system information tool 1.04 2008-11-15 18:29:56

======Uninstall list======

Moyea SWF to Video Converter Pro version 1.25.2.6--> "C:\Program Files\Moyea\SWF to Video Pro\unins000.exe "
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
A4Tech iKeyWorks 7.72-->e:\Program Files\A4Tech\Keyboard\Uninst32.exe
AAA Logo 1.22--> "e:\Program Files\AAALOGO\unins000.exe "
Adobe Acrobat 7.0.5 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Acrobat 8.1.2 Professional-->msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe InDesign CS Time Limited Trial-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll ",LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E300EFF-F690-4B24-ACEA-6A09F1D7F5FA}\zidxp.exe "
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\ADOBE\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\ADOBE\SHOCKW~1\INSTALL.LOG
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Advanced Flash Player-->C:\WINDOWS\iun6002.exe "e:\Program Files\Mohsoft\Advanced Flash Player\irunin.ini "
Advanced RAR Password Recovery (remove only)-->i:\Program Files\ElcomSoft\ARPR\uninstall.exe
Agere Systems PCI Soft Modem-->agrsmdel
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AudioEdit Deluxe--> "C:\Documents and Settings\All Users\Application Data\{0B9E3B72-FCE7-4B76-9F99-94E66A8C5760}\setup_aed.exe" REMOVE=TRUE MODIFY=FALSE
BilliardMaster-->C:\Program Files\Microsoft ActiveSync\BilliardMaster\Uninstall.exe BilliardMaster
BitAccelerator--> "C:\Program Files\BitAccelerator\Uninstall.exe "
ClearAllHistory-->MsiExec.exe /X{620797B0-A022-4B57-A95E-DD7DD0327026}
CoffeeCup StyleSheet Maker-->C:\PROGRA~1\COFFEE~1\STYLES~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\STYLES~1\styleinst.log
ConnectionServices--> "C:\Program Files\ConnectionServices\Uninstall.exe "
Core FTP LE 2.1-->C:\PROGRA~1\COREFTP\UNWISE.EXE C:\PROGRA~1\COREFTP\INSTALL.LOG
CorelDRAW 10-->C:\WINDOWS\Corel\uninst32.exe
CorelDRAW 10-->MsiExec.exe /I{9E50DEC9-081B-441F-B647-98DBEA8B01DD}
DeepBurner Pro v1.8.0.225--> "C:\Program Files\Astonsoft\DeepBurner Pro\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner Pro\install.log "
Digital Audio Editor v7.8.11 Build 633--> "e:\Program Files\Digital Audio Editor\unins000.exe "
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driver Updater Pro--> "C:\Documents and Settings\All Users\Application Data\{BB55CB49-6330-4B53-B9A7-7ACBC2E8F14F}\DriverUpdaterPro.exe" REMOVE=TRUE MODIFY=FALSE
Driver Updater Pro-->C:\Documents and Settings\All Users\Application Data\{BB55CB49-6330-4B53-B9A7-7ACBC2E8F14F}\DriverUpdaterPro.exe
Flash Optimizer--> "e:\Program Files\Eltima Software\Flash Optimizer\unins000.exe "
FlashPeak BlazeFtp 2.0--> "e:\Program Files\BlazeFtp\unins000.exe "
FLV Player--> "C:\WINDOWS\FLV Player\uninstall.exe" "/U:e:\Program Files\FLV Player\Uninstall\uninstall.xml "
High Definition Audio Driver Package - KB888111--> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe "
HijackThis 2.0.2--> "G:\HijackThis.exe" /uninstall
HotDocs 2008 Player Edition-->MsiExec.exe /I{66AB582D-65BB-4EC4-AFFB-F80A7CC97874}
HotDocs 2008 Professional Edition-->MsiExec.exe /I{453EE94F-FC9F-4BFB-A6C7-42969C7423A5}
Hotfix for Windows XP (KB909394)--> "C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe "
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Intel(R) PRO Network Connections 11.2.0.69-->MsiExec.exe /i{2222B364-0854-4265-B32E-A142DB9DC7BB} ARPREMOVE=1
iTunes-->MsiExec.exe /I{B8A204BC-7177-470E-BBDD-47256D05B325}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x9 -removeonly
LG_Mobile Sync-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B7BA3EE-D7AC-494E-999D-DA58D6D01DAC}\setup.exe" -l0x9 -removeonly
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
McAfee VirusScan Enterprise-->MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
MCRetire (version 1.2)--> "d:\Program Files\Efficient Solutions\MCRetire\unins000.exe "
MFZ0 codec (Remove Only)-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\MFZ0Vfw.INF
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft DirectX 9.0 SDK Update (October 2004)-->MsiExec.exe /I{EE03B0F1-7579-4CDD-BA63-BA37A8B9E2DB}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MySQL Server 5.0-->MsiExec.exe /I{1944C6DC-0F0C-472A-8D0F-047297EE7B0A}
MySQL Tools for 5.0-->MsiExec.exe /I{EC561602-C0B9-4FAA-A175-1B3273639AC3}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3}
Nokia Nseries Skin for Microsoft Windows Media Player-->MsiExec.exe /I{73E30715-9EC4-4DAE-BE67-64500AEB8012}
Nokia PC Connectivity Solution-->MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite-->MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
oDesk Extras 2.0.44-->D:\PROGRA~1\oDesk\oDeskCommonPrefs.exe -uninst Extras
oDesk MiniCam 2.0.55-->D:\PROGRA~1\oDesk\oDeskCommonPrefs.exe -uninst MiniCam
oDesk ScreenSnap 2.0.70-->D:\PROGRA~1\oDesk\oDeskCommonPrefs.exe -uninst ScreenSnap
oDesk Share 2.0.64-->D:\PROGRA~1\oDesk\oDeskCommonPrefs.exe -uninst Share
oDesk Team 2.0.84-->D:\PROGRA~1\oDesk\oDeskCommonPrefs.exe -uninst Team
PasswordTools-->C:\Program Files\PasswordTools\unsetup.exe /u
pgAdmin III 1.8-->MsiExec.exe /I{B4A52A73-B0B7-4BDA-BAED-83D054F63FAE}
PHP 5.2.1-->MsiExec.exe /I{EF812FEC-6B0C-4B1C-8C4F-C88FEB415EFE}
Pool Rebel--> "C:\Program Files\Pool Rebel\unins000.exe "
PoolStars--> "C:\Program Files\PoolStars\Uninstall.exe" "C:\Program Files\PoolStars\install.log" -u
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Riva FLV Encoder 2.0--> "e:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe "
Security Update for Windows XP (KB921883)--> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe "
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Ericsson PC Suite 1.20.173-->MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794}
The Font Thing-->C:\WINDOWS\uninst.exe -fi:\tft\DeIsL1.isu -ci:\tft\_ISREG32.DLL
The Logo Creator v4-->C:\WINDOWS\unvise32.exe C:\Program Files\The Logo Creator v4\uninstal.log
Update for Windows XP (KB894391)--> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe "
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WD FAT32 Formatter-->MsiExec.exe /I{22EF56B3-DF41-41E8-823E-5FAE0B97F60F}
Winamp Remote--> "C:\Program Files\Winamp Remote\uninstall.exe "
Winamp--> "C:\Program Files\Winamp\UninstWA.exe "
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_62A340731F8930057B44B8864F236850B0D49D65\nokbtmdm.inf
Windows Installer 3.1 (KB893803)--> "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe "
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format Runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Mobile Resources-->C:\Program Files\Windows Mobile Resources\Windows Mobile Device Handbook\Bin\DHUninstall.exe
WinRAR archiver-->e:\Program Files\WinRAR\uninstall.exe
WinSCP 4.1.6--> "C:\Program Files\WinSCP\unins000.exe "
WinUHA 2.0 RC1 (2005.02.27)--> "C:\Program Files\WinUHA\unins000.exe "
WinWAP Smartphone Browser Emulator--> "C:\Program Files\Winwap Technologies\Smartphone Browser Emulator\unins000.exe "
Wisdom-soft AutoScreenRecorder 3.0 Free-->MsiExec.exe /I{087D7A3A-9A2E-494B-A9B1-89EC337D0E4D}
Word Password Recovery Master 3.0--> "C:\Program Files\Word Password Recovery Master\unins000.exe "
XVid;-)-->e:\Program Files\XVid;-)\Uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=E:\PHP\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Teleca Shared
"windir "=%SystemRoot%
"FP_NO_HOST_CHECK "=NO
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=6
"PROCESSOR_IDENTIFIER "=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION "=0f02
"NUMBER_OF_PROCESSORS "=2
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"DXSDK_DIR "=C:\Program Files\Microsoft DirectX 9.0 SDK (October 2004)\
"CLASSPATH "=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA "=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"DEFAULT_CA_NR "=CA6
"PHPRC "=E:\PHP\

-----------------EOF-----------------

 

Hi zeeshanhashmi
Welcome to WindowsBBS

What makes you believe you are infected?

Did you get some warnings?

Thanks
Geri

 

Thanks for the reply.

I have McAfee VirusScan Enterprise 8.0.0, last week i was trying to install a software from a CD and my Antivirus, shown me an ALERT of some virus, but by that time, I already had clicked on the SETUP.EXE which was an infected file.

Later, I eject the CD and thrown that.
Now, here the the aftermaths.

1) When I click to SHUT DOWN, it keep showing me the Windows Shutting Down message and never Turns Off, the light of Hard Disk on my CPU blinks randomly as if there is a process is carried out.

2) Some of my programs are slower. Like FireFox and Internet Explorer, and sometimes, it seems that FireFox or the IE has stop working, but after few seconds (may be 20-30) it start working again.

3) Randomly, (not oftenly) when I type any thing on browser, it stop working, but after 10-15 seconds it shows me what I have typed.

these are the issues. Especially for the No.1 above, I think it is infected as earlier, my PC always shut down properly.

Please guide me, is there any thing suspicious in the logs I have posted ?

 

Hi

Can you tell me what software you were installing.

Nothing really jumping out at me from your logs.

Geri

 

it was SPSS version 16

But it was not installed as I ejected the CD immediately when I get the alert from my anti virus. But, by that alert, I have already executed the infected file.

If there is nothing wrong, what is the likely reason, that my computer do not shutdown now ? and only shows the shutdown message. ? even if i leave it for 10 minutes, it will keep showing the shutdown message.

 

Hi
OK lets get a on line scan to see if anything shows.

Please do this.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Now this.

Please do an online scan with Kaspersky WebScanner

It's best to disable real time protection applications as they sometimes interfere with the scan.
Check this link for any applicable programs you may have.

Click on “Accept” If your pop –up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the “Scan Report” On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

 

Thanks a lot Geri !

For all your good help, you are a good man, i will definately do what you have suggested and will respond the result today.

 

Hi
We want to make sure you are clean, then we will deal with the shut down issue.

Geri

 

Okay thanks a lot Sir !

 

Hello Geri

I tried to run that online antivirus for so many times, but during the scanning process when about 20000 files are scanned, my computer restarts automatically.

It happened today once when i was browsing the internet for about 4-5 hours, and suddenly i saw a blue screen filled with some text from TOP LEFT to down. (Not the traditional Blue Death Screen) and quickly restarted. Even I didnt get a chance to read.

At the time it was restarting, I see an error Invalid Disk, etc. and then I power off my computer. Later after 10 minutes, i restarted it with "START WINDOWS NORMALLY" option.

I cant understand whats going on with my PC :-(

 

Hi
OK lets see if Combofix will pick anything up.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - Allow ComboFix to update if prompted.

Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

Thanks
Geri

 

Hello Geri

I am in very very tensed situation. You know, i run that ComboFix and it run and then my computer restarted and then it took about 30 minutes to load the windows.

My windows is too slow, any program when i click to run, it seems like my computer is hanged and after 1-2 minutes the program loads.

 

Hi
Please post the contents of the log from Combofix.

It is located here.

C:\combofix.txt

Thanks

 

sir, but combo fix did not finished properly, is that still ok to send the log ?

 

No Sir, there is no combofix.txt file in my computer.

1 thing i want to ask, it prompted me to install Microsoft Recovery thing, and i click on OK but when it downlaodad and trying to install it gives me some low memory error.

 

Hi
OK please post a new RSIT.exe log.

Thanks

 

when trying to run combofix again my antivirus gives me following popup.

I am now posting the rist things.

008-12-03 08:01 Not scanned (scan timed out) N-4E3ADF971EC84\Zeeshan Explorer.EXE C:\Program Files\Skype\Phone\Skype.exe (Virus)
2008-12-03 08:07 Deleted N-4E3ADF971EC84\Zeeshan firefox.exe C:\ComboFix\psexec.cfexe RemAdm-ProcLaunch!171 (Remote Admin Tool)
2008-12-03 08:12 Deleted N-4E3ADF971EC84\Zeeshan ComboFix.exe C:\32788R22FWJFW\psexec.cfexe RemAdm-ProcLaunch!171 (Remote Admin Tool)
2008-12-03 08:13 Deleted N-4E3ADF971EC84\Zeeshan ComboFix.exe C:\32788R22FWJFW\psexec.cfexe RemAdm-ProcLaunch!171 (Remote Admin Tool)
2008-12-03 08:13 Deleted N-4E3ADF971EC84\Zeeshan ComboFix.exe C:\32788R22FWJFW\psexec.cfexe RemAdm-ProcLaunch!171 (Remote Admin Tool)

 

RIST Logs (INFO.TXT)

info.txt logfile of random's system information tool 1.04 2008-12-03 08:26:08

======Uninstall list======

Moyea SWF to Video Converter Pro version 1.25.2.6--> "C:\Program Files\Moyea\SWF to Video Pro\unins000.exe "
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
A4Tech iKeyWorks 7.72-->e:\Program Files\A4Tech\Keyboard\Uninst32.exe
AAA Logo 1.22--> "e:\Program Files\AAALOGO\unins000.exe "
Adobe Acrobat 7.0.5 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Acrobat 8.1.2 Professional-->msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe InDesign CS Time Limited Trial-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll ",LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E300EFF-F690-4B24-ACEA-6A09F1D7F5FA}\zidxp.exe "
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\ADOBE\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\ADOBE\SHOCKW~1\INSTALL.LOG
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Advanced Flash Player-->C:\WINDOWS\iun6002.exe "e:\Program Files\Mohsoft\Advanced Flash Player\irunin.ini "
Advanced RAR Password Recovery (remove only)-->i:\Program Files\ElcomSoft\ARPR\uninstall.exe
Agere Systems PCI Soft Modem-->agrsmdel
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AudioEdit Deluxe--> "C:\Documents and Settings\All Users\Application Data\{0B9E3B72-FCE7-4B76-9F99-94E66A8C5760}\setup_aed.exe" REMOVE=TRUE MODIFY=FALSE
BilliardMaster-->C:\Program Files\Microsoft ActiveSync\BilliardMaster\Uninstall.exe BilliardMaster
BitAccelerator--> "C:\Program Files\BitAccelerator\Uninstall.exe "
ClearAllHistory-->MsiExec.exe /X{620797B0-A022-4B57-A95E-DD7DD0327026}
CoffeeCup StyleSheet Maker-->C:\PROGRA~1\COFFEE~1\STYLES~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\STYLES~1\styleinst.log
ConnectionServices--> "C:\Program Files\ConnectionServices\Uninstall.exe "
Core FTP LE 2.1-->C:\PROGRA~1\COREFTP\UNWISE.EXE C:\PROGRA~1\COREFTP\INSTALL.LOG
CorelDRAW 10-->C:\WINDOWS\Corel\uninst32.exe
CorelDRAW 10-->MsiExec.exe /I{9E50DEC9-081B-441F-B647-98DBEA8B01DD}
DeepBurner Pro v1.8.0.225--> "C:\Program Files\Astonsoft\DeepBurner Pro\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner Pro\install.log "
Digital Audio Editor v7.8.11 Build 633--> "e:\Program Files\Digital Audio Editor\unins000.exe "
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driver Updater Pro--> "C:\Documents and Settings\All Users\Application Data\{BB55CB49-6330-4B53-B9A7-7ACBC2E8F14F}\DriverUpdaterPro.exe" REMOVE=TRUE MODIFY=FALSE
Driver Updater Pro-->C:\Documents and Settings\All Users\Application Data\{BB55CB49-6330-4B53-B9A7-7ACBC2E8F14F}\DriverUpdaterPro.exe
Flash Optimizer--> "e:\Program Files\Eltima Software\Flash Optimizer\unins000.exe "
FlashPeak BlazeFtp 2.0--> "e:\Program Files\BlazeFtp\unins000.exe "
FLV Player--> "C:\WINDOWS\FLV Player\uninstall.exe" "/U:e:\Program Files\FLV Player\Uninstall\uninstall.xml "
High Definition Audio Driver Package - KB888111--> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe "
HijackThis 2.0.2--> "G:\HijackThis.exe" /uninstall
HotDocs 2008 Player Edition-->MsiExec.exe /I{66AB582D-65BB-4EC4-AFFB-F80A7CC97874}
HotDocs 2008 Professional Edition-->MsiExec.exe /I{453EE94F-FC9F-4BFB-A6C7-42969C7423A5}
Hotfix for Windows XP (KB909394)--> "C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe "
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Intel(R) PRO Network Connections 11.2.0.69-->MsiExec.exe /i{2222B364-0854-4265-B32E-A142DB9DC7BB} ARPREMOVE=1
iTunes-->MsiExec.exe /I{B8A204BC-7177-470E-BBDD-47256D05B325}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x9 -removeonly
LG_Mobile Sync-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B7BA3EE-D7AC-494E-999D-DA58D6D01DAC}\setup.exe" -l0x9 -removeonly
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
McAfee VirusScan Enterprise-->MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
MCRetire (version 1.2)--> "d:\Program Files\Efficient Solutions\MCRetire\unins000.exe "
MFZ0 codec (Remove Only)-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\MFZ0Vfw.INF
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft DirectX 9.0 SDK Update (October 2004)-->MsiExec.exe /I{EE03B0F1-7579-4CDD-BA63-BA37A8B9E2DB}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MySQL Server 5.0-->MsiExec.exe /I{1944C6DC-0F0C-472A-8D0F-047297EE7B0A}
MySQL Tools for 5.0-->MsiExec.exe /I{EC561602-C0B9-4FAA-A175-1B3273639AC3}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3}
Nokia Nseries Skin for Microsoft Windows Media Player-->MsiExec.exe /I{73E30715-9EC4-4DAE-BE67-64500AEB8012}
Nokia PC Connectivity Solution-->MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite-->MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
oDesk Extras 2.0.44-->D:\PROGRA~1\oDesk\oDeskCommonPrefs.exe -uninst Extras
oDesk MiniCam 2.0.55-->D:\PROGRA~1\oDesk\oDeskCommonPrefs.exe -uninst MiniCam
oDesk ScreenSnap 2.0.70-->D:\PROGRA~1\oDesk\oDeskCommonPrefs.exe -uninst ScreenSnap
oDesk Share 2.0.64-->D:\PROGRA~1\oDesk\oDeskCommonPrefs.exe -uninst Share
oDesk Team 2.0.84-->D:\PROGRA~1\oDesk\oDeskCommonPrefs.exe -uninst Team
PasswordTools-->C:\Program Files\PasswordTools\unsetup.exe /u
pgAdmin III 1.8-->MsiExec.exe /I{B4A52A73-B0B7-4BDA-BAED-83D054F63FAE}
PHP 5.2.1-->MsiExec.exe /I{EF812FEC-6B0C-4B1C-8C4F-C88FEB415EFE}
Pool Rebel--> "C:\Program Files\Pool Rebel\unins000.exe "
PoolStars--> "C:\Program Files\PoolStars\Uninstall.exe" "C:\Program Files\PoolStars\install.log" -u
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Riva FLV Encoder 2.0--> "e:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe "
Security Update for Windows XP (KB921883)--> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe "
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Ericsson PC Suite 1.20.173-->MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794}
SPSS Statistics 17.0-->MsiExec.exe /X{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}
The Font Thing-->C:\WINDOWS\uninst.exe -fi:\tft\DeIsL1.isu -ci:\tft\_ISREG32.DLL
The Logo Creator v4-->C:\WINDOWS\unvise32.exe C:\Program Files\The Logo Creator v4\uninstal.log
Update for Windows XP (KB894391)--> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe "
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WD FAT32 Formatter-->MsiExec.exe /I{22EF56B3-DF41-41E8-823E-5FAE0B97F60F}
Winamp Remote--> "C:\Program Files\Winamp Remote\uninstall.exe "
Winamp--> "C:\Program Files\Winamp\UninstWA.exe "
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_62A340731F8930057B44B8864F236850B0D49D65\nokbtmdm.inf
Windows Installer 3.1 (KB893803)--> "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe "
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format Runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Mobile Resources-->C:\Program Files\Windows Mobile Resources\Windows Mobile Device Handbook\Bin\DHUninstall.exe
WinRAR archiver-->e:\Program Files\WinRAR\uninstall.exe
WinSCP 4.1.6--> "C:\Program Files\WinSCP\unins000.exe "
WinUHA 2.0 RC1 (2005.02.27)--> "C:\Program Files\WinUHA\unins000.exe "
WinWAP Smartphone Browser Emulator--> "C:\Program Files\Winwap Technologies\Smartphone Browser Emulator\unins000.exe "
Wisdom-soft AutoScreenRecorder 3.0 Free-->MsiExec.exe /I{087D7A3A-9A2E-494B-A9B1-89EC337D0E4D}
Word Password Recovery Master 3.0--> "C:\Program Files\Word Password Recovery Master\unins000.exe "
XVid;-)-->e:\Program Files\XVid;-)\Uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;E:\PHP;C:\Program Files\Intel\DMIX;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Teleca Shared
"windir "=%SystemRoo?$

-----------------EOF-----------------