Need Help Removing Instant Access Files

Hey Dave,

Thanks for the welcome.
Below is my log. I installed and ran Ad-Aware and Spybot. The only thing is I've been using Gator for about 5 years. And that was before I even realized it was considered spyware. I will eventually get rid of it but at this point I'm not ready to. I don't believe it's the cause of my problems but you would know best.

Here is the log. Thanks for the help Dave.

Logfile of HijackThis v1.97.7
Scan saved at 12:20:31 PM, on 4/3/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMGR.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMON.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\QLCOZMPKF.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\ACCDMOE2.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\GATOR.COM\GATOR\GATOR.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://216.65.101.250/sbms/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://216.65.101.250/sbms/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {593C4683-75A2-4E5E-8829-27B7D8A9B2FD} - C:\WINDOWS\SYSTEM\TMMIUV.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe "
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Eac_Download] C:\PROGRAM FILES\COMMON FILES\EACCELERATION\DOWNLOAD.EXE -k
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE "
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe "
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ndw] C:\WINDOWS\system32\ndw.exe
O4 - HKLM\..\Run: [khyswvvwvdxb] C:\WINDOWS\SYSTEM\msyrvs.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [qlcozmpkf] c:\windows\system\qlcozmpkf.exe
O4 - HKLM\..\Run: [AutoLoaderpz5d1JYSKJIX] "C:\WINDOWS\SYSTEM\AUHTIL.EXE"
O4 - HKLM\..\Run: [p4mX37l] AUHTIL.EXE
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [MSNIA] C:\PROGRA~1\MSN\MSNIA\MSNIASVC.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe "
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe "
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Y357RXJ6R] ACCDMOE2.EXE
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1058.dll,InstantAccess
O4 - HKCU\..\RunServices: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunServices: [Y357RXJ6R] ACCDMOE2.EXE
O4 - HKCU\..\RunServices: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\RunServices: [Instant Access] rundll32.exe EGDACCESS_1058.dll,InstantAccess
O4 - Startup: Gator eWallet.lnk = C:\Program Files\Gator.com\Gator\Gator.exe
O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Dell Home (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com
O16 - DPF: {52ADE293-85E8-11D2-BB22-00104B0EA281} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v7/ticker.cab
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nr1228.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt501/us/win/QuickTimeInstaller.exe
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/Z4/heartbeat.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.102/3078f1585488cd8c5106/netzip/RdxIE.cab
O16 - DPF: {53A1630A-DB38-4316-B18F-911719E1F66E} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v10/ticker.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - http://otx.ifilm.com/OTXMedia/OTXMedia.dll
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38023.9814467593
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-6.0.0.25/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/applet-6.0.0.25/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {15D0E439-4E58-45E1-A9C1-0B1B16749A3C} - http://akamai.downloadv3.com/binaries/IA/netcmp32_EN.cab
O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1058.cab
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN.cab

 

Delete the copy of HijackThis you have. Open C:\Program files and create a new folder. Name it HJT. Download HijackThis.exe (updated version) from here. Save it to the new folder, scan again and post a new log.

Download the GetLog.zip file attached to this post. Save it to your desktop. If it saves as attachment.php, right click and rename to GetLog.zip You may need to enable viewing extensions for known file types to see the zip and php extensions. To do that, open My Computer and click Tools on the menu, then folder options. Click the view tab of the window that opens and uncheck the box to Hide extensions...... and click OK. Now right click the zip and extract the GetLog.bat file to your desktop. Double click to run. It will open a text file when done. Please copy and post the contents.

There was a thread in General Discussion some time ago about Gator/Gain and some better alternatives. I'll see if I can dig it up for you. I also recommend you uninstall Webcelerator (EACCELERATION software). http://castlecops.com/startuplist-1060.html

 

Here is my log information

Hi Dave,

I did as you instructed and here is what I have now. Thanks for looking into alternatives to Gator. With all the user id's and passwords saved on Gator is there a way to save them and use them in the other program that you recommended? So many passwords to remember, ya know? (what did I get myself into??)

Here is my info. It took awhile to do this cause my pc kept freezing and shutting down.

Thanks again.

Recent Log Files:

Logfile of HijackThis v1.97.7
Scan saved at 8:09:24 AM, on 4/2/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMGR.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMON.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\QLCOZMPKF.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\ACCDMOE2.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\GATOR.COM\GATOR\GATOR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://216.65.101.250/sbms/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.supret.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://216.65.101.250/sbms/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {593C4683-75A2-4E5E-8829-27B7D8A9B2FD} - C:\WINDOWS\SYSTEM\TMMIUV.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe "
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Eac_Download] C:\PROGRAM FILES\COMMON FILES\EACCELERATION\DOWNLOAD.EXE -k
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE "
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe "
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ndw] C:\WINDOWS\system32\ndw.exe
O4 - HKLM\..\Run: [khyswvvwvdxb] C:\WINDOWS\SYSTEM\msyrvs.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [qlcozmpkf] c:\windows\system\qlcozmpkf.exe
O4 - HKLM\..\Run: [AutoLoaderpz5d1JYSKJIX] "C:\WINDOWS\SYSTEM\AUHTIL.EXE"
O4 - HKLM\..\Run: [p4mX37l] AUHTIL.EXE
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [MSNIA] C:\PROGRA~1\MSN\MSNIA\MSNIASVC.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe "
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe "
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Y357RXJ6R] ACCDMOE2.EXE
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\RunServices: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunServices: [Y357RXJ6R] ACCDMOE2.EXE
O4 - HKCU\..\RunServices: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: Gator eWallet.lnk = C:\Program Files\Gator.com\Gator\Gator.exe
O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Dell Home (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com
O16 - DPF: {52ADE293-85E8-11D2-BB22-00104B0EA281} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v7/ticker.cab
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nr1228.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt501/us/win/QuickTimeInstaller.exe
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/Z4/heartbeat.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.102/3078f1585488cd8c5106/netzip/RdxIE.cab
O16 - DPF: {53A1630A-DB38-4316-B18F-911719E1F66E} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v10/ticker.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com/OTXMedia/OTXMedia.dll
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38023.9814467593
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-6.0.0.25/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/applet-6.0.0.25/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {15D0E439-4E58-45E1-A9C1-0B1B16749A3C} - http://akamai.downloadv3.com/binaries/IA/netcmp32_EN.cab
O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1058.cab
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN.cab

Here is my Get Log Info:

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry "= "C:\\WINDOWS\\scanregw.exe /autorun "
"TaskMonitor "= "C:\\WINDOWS\\taskmon.exe "
"PCHealth "= "C:\\WINDOWS\\PCHealth\\Support\\PCHSchd.exe -s "
"SystemTray "= "SysTray.Exe "
"LoadPowerProfile "= "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme "
"EM_EXEC "= "C:\\PROGRA~1\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE "
"MadExe "= "C:\\PROGRAM FILES\\DELL\\RESOLUTION ASSISTANT\\COMMON\\BIN\\LaunchRA.exe -boot "
"Microsoft IntelliType Pro "= "\ "C:\\Program Files\\Microsoft Hardware\\Keyboard\\speedkey.exe\" "
"AudioHQ "= "C:\\Program Files\\Creative\\SBLive\\AudioHQ\\AHQTB.EXE "
"UpdReg "= "C:\\WINDOWS\\Updreg.exe "
"LoadQM "= "loadqm.exe "
"Eac_Download "= "C:\\PROGRAM FILES\\COMMON FILES\\EACCELERATION\\DOWNLOAD.EXE -k "
"TkBellExe "= "C:\\Program Files\\Common Files\\Real\\Update_OB\\evntsvc.exe -osboot "
"CMESys "= "\ "C:\\PROGRAM FILES\\COMMON FILES\\CMEII\\CMESYS.EXE\" "
"InCD "= "C:\\Program Files\\Ahead\\InCD\\InCD.exe "
"REGSHAVE "= "C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN "
"Lexmark X74-X75 "= "\ "C:\\Program Files\\Lexmark X74-X75\\lxbbbmgr.exe\" "
"LexStart "= "lexstart.exe "
"MotiveMonitor "= "C:\\Program Files\\Motive\\motmon.exe "
"QuickTime Task "= "\ "C:\\WINDOWS\\SYSTEM\\QTTASK.EXE\" -atboottime "
"ndw "= "C:\\WINDOWS\\system32\\ndw.exe "
"khyswvvwvdxb "= "C:\\WINDOWS\\SYSTEM\\msyrvs.exe "
"Symantec Core LC "= "C:\\Program Files\\Common Files\\Symantec Shared\\CCPD-LC\\symlcsvc.exe start "
"ccApp "= "\ "C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\" "
"Symantec NetDriver Monitor "= "C:\\PROGRA~1\\SYMNET~1\\SNDMON.EXE "
"qlcozmpkf "= "c:\\windows\\system\\qlcozmpkf.exe "
"AutoLoaderpz5d1JYSKJIX "= "\ "C:\\WINDOWS\\SYSTEM\\AUHTIL.EXE\" "
"p4mX37l "= "AUHTIL.EXE "
"devldr16.exe "= "C:\\WINDOWS\\SYSTEM\\devldr16.exe "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange "= "1 "
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed "= "1 "

 

The last HJT log is older than the first one you posted. Please download and run the newer version 1.99.1 from my link above and re-post. Make sure you put it in a new folder of it's own.

The GetLog.txt should have been much larger. Please run the bat file again. If it's the same, copy the command below and click Start>run, then paste it in and hit enter. Then open Local Disk C: and locate GetLog2.txt, open and copy/paste it here.

regedit.exe /e C:\GetLog2.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall "


Haven't been successful finding the thread I was looking for yet, but will keep looking. Is it just a password manager app you need? Several here http://www.webattack.com/freeware/security/fwpass.html
Suggest you read through the privacy statements before choosing, as I don't know anything about any of them.

 

Resending my log (1st part)

Hi Dave,

Not sure what happened the first time but I did as you said. I tried it again and this is what I got this time around. Hope this works....

Logfile of HijackThis v1.99.1
Scan saved at 9:36:49 PM, on 4/3/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMGR.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMON.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
C:\WINDOWS\SYSTEM\QLCOZMPKF.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\ACCDMOE2.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\GATOR.COM\GATOR\GATOR.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\HJT\HIJACKTHIS.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNDAL.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://216.65.101.250/sbms/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://216.65.101.250/sbms/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: TChkBHO Class - {593C4683-75A2-4E5E-8829-27B7D8A9B2FD} - C:\WINDOWS\SYSTEM\TMMIUV.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe "
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Eac_Download] C:\PROGRAM FILES\COMMON FILES\EACCELERATION\DOWNLOAD.EXE -k
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE "
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe "
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ndw] C:\WINDOWS\system32\ndw.exe
O4 - HKLM\..\Run: [khyswvvwvdxb] C:\WINDOWS\SYSTEM\msyrvs.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [qlcozmpkf] c:\windows\system\qlcozmpkf.exe
O4 - HKLM\..\Run: [AutoLoaderpz5d1JYSKJIX] "C:\WINDOWS\SYSTEM\AUHTIL.EXE"
O4 - HKLM\..\Run: [p4mX37l] AUHTIL.EXE
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [MSNIA] C:\PROGRA~1\MSN\MSNIA\MSNIASVC.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe "
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe "
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Y357RXJ6R] ACCDMOE2.EXE
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\RunServices: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunServices: [Y357RXJ6R] ACCDMOE2.EXE
O4 - HKCU\..\RunServices: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: Gator eWallet.lnk = C:\Program Files\Gator.com\Gator\Gator.exe
O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Dell Home - {63D9F689-FA15-4ECF-91BC-C4D0734E14EA} - http://www.dellnet.com (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com
O16 - DPF: {52ADE293-85E8-11D2-BB22-00104B0EA281} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v7/ticker.cab
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nr1228.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt501/us/win/QuickTimeInstaller.exe
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/Z4/heartbeat.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.102/3078f1585488cd8c5106/netzip/RdxIE.cab
O16 - DPF: {53A1630A-DB38-4316-B18F-911719E1F66E} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v10/ticker.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - http://otx.ifilm.com/OTXMedia/OTXMedia.dll
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-6.0.0.25/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/applet-6.0.0.25/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {15D0E439-4E58-45E1-A9C1-0B1B16749A3C} - http://akamai.downloadv3.com/binaries/IA/netcmp32_EN.cab
O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1058.cab
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN.cab

 

Resending my log (2nd part)

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry "= "C:\\WINDOWS\\scanregw.exe /autorun "
"TaskMonitor "= "C:\\WINDOWS\\taskmon.exe "
"PCHealth "= "C:\\WINDOWS\\PCHealth\\Support\\PCHSchd.exe -s "
"SystemTray "= "SysTray.Exe "
"LoadPowerProfile "= "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme "
"EM_EXEC "= "C:\\PROGRA~1\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE "
"MadExe "= "C:\\PROGRAM FILES\\DELL\\RESOLUTION ASSISTANT\\COMMON\\BIN\\LaunchRA.exe -boot "
"Microsoft IntelliType Pro "= "\ "C:\\Program Files\\Microsoft Hardware\\Keyboard\\speedkey.exe\" "
"AudioHQ "= "C:\\Program Files\\Creative\\SBLive\\AudioHQ\\AHQTB.EXE "
"UpdReg "= "C:\\WINDOWS\\Updreg.exe "
"LoadQM "= "loadqm.exe "
"Eac_Download "= "C:\\PROGRAM FILES\\COMMON FILES\\EACCELERATION\\DOWNLOAD.EXE -k "
"TkBellExe "= "C:\\Program Files\\Common Files\\Real\\Update_OB\\evntsvc.exe -osboot "
"CMESys "= "\ "C:\\PROGRAM FILES\\COMMON FILES\\CMEII\\CMESYS.EXE\" "
"InCD "= "C:\\Program Files\\Ahead\\InCD\\InCD.exe "
"REGSHAVE "= "C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN "
"Lexmark X74-X75 "= "\ "C:\\Program Files\\Lexmark X74-X75\\lxbbbmgr.exe\" "
"LexStart "= "lexstart.exe "
"MotiveMonitor "= "C:\\Program Files\\Motive\\motmon.exe "
"QuickTime Task "= "\ "C:\\WINDOWS\\SYSTEM\\QTTASK.EXE\" -atboottime "
"ndw "= "C:\\WINDOWS\\system32\\ndw.exe "
"khyswvvwvdxb "= "C:\\WINDOWS\\SYSTEM\\msyrvs.exe "
"Symantec Core LC "= "C:\\Program Files\\Common Files\\Symantec Shared\\CCPD-LC\\symlcsvc.exe start "
"ccApp "= "\ "C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\" "
"Symantec NetDriver Monitor "= "C:\\PROGRA~1\\SYMNET~1\\SNDMON.EXE "
"qlcozmpkf "= "c:\\windows\\system\\qlcozmpkf.exe "
"AutoLoaderpz5d1JYSKJIX "= "\ "C:\\WINDOWS\\SYSTEM\\AUHTIL.EXE\" "
"p4mX37l "= "AUHTIL.EXE "
"devldr16.exe "= "C:\\WINDOWS\\SYSTEM\\devldr16.exe "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange "= "1 "
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed "= "1 "

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime]
@=" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ICW]
@=" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40]
@=" "
"DisplayName "= "Microsoft Internet Explorer 6 SP1 and Internet Tools "
"UninstallString "= "rundll32 setupwbv.dll,IE6Maintenance C:\\Program Files\\Internet Explorer\\Uninstall Information\\W2KEXCP.EXE /u "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx]
@=" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore]
@=" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX]
@=" "
"QuietDisplayName "= "Advanced Authoring "
"QuietUninstallString "= "rundll32 advpack.dll,LaunchINFSectionEx C:\\WINDOWS\\INF\\unie5bak.inf,,,256 "
"RequiresIESysFile "= "5.00 "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent]
@=" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack]
@=" "
"QuietDisplayName "= "Offline Browsing Pack "
"QuietUninstallString "= "rundll32 advpack.dll,LaunchINFSectionEx C:\\WINDOWS\\INF\\mobilepk.inf,,,256 "
"RequiresIESysFile "= "6.0.2800.1100 "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData]
@=" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MSJavaVM]
@=" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MSTASK]
@=" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data]
@=" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth]
"UninstallString "= "rundll.exe setupx.dll,InstallHinfSection Uninstall 132 C:\\WINDOWS\\INF\\PCHealth.inf "
"QuietUninstallString "= "rundll.exe setupx.dll,InstallHinfSection Uninstall 132 C:\\WINDOWS\\INF\\PCHealth.inf "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting]
"DisplayName "= "NetMeeting 3.01 "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress]
@=" "
"RequiresWABFile "= "5.0 "
"RequiresIESysFile "= "6.0 "
"DisplayName "= "Microsoft Outlook Express 6 "
"UninstallString "= "\ "C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /UNINSTALL /PROMPT "
"QuietUninstallString "= "\ "C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /UNINSTALL "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook]
@=" "
"UninstallString "= "\ "C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /UNINSTALL /PROMPT "
"QuietUninstallString "= "\ "C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /UNINSTALL "
"RequiresIESysFile "= "6.0 "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Branding]
"QuietUninstallString "= "Rundll32 IedkCS32.dll,BrandCleanInstallStubs "
"RequiresIESysFile "= "100.0 "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Interactive Training]
"UninstallString "= "C:\\WINDOWS\\IsUninst.exe -fC:\\WINDOWS\\mrun32.isu "
"ISUninstaller "= "C:\\WINDOWS\\ISUNINST.EXE "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{00030409-78E1-11D2-B60F-006097C998E7}]
"RegOwner "= "Unknown User "
"RegCompany "= "DellComputerCorporation "
"ProductID "= "29700-OEM-0079624-85020 "
"LocalPackage "= "C:\\WINDOWS\\Installer\\735ghrd1.msi "
"AuthorizedCDFPrefix "=" "
"Comments "=" "
"Contact "=" "
"DisplayVersion "= "9.00.3821 "
"HelpLink "=hex(2):68,74,74,70,3a,2f,2f,77,77,77,2e,6d,69,63,72,6f,73,6f,66,74,\
2e,63,6f,6d,2f,73,75,70,70,6f,72,74,00
"HelpTelephone "=" "
"InstallDate "= "20001023 "
"InstallLocation "=" "
"ModifyPath "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,49,7b,30,30,30,33,\
30,34,30,39,2d,37,38,45,31,2d,31,31,44,32,2d,42,36,30,46,2d,30,30,36,30,39,\
37,43,39,39,38,45,37,7d,00
"Publisher "= "Microsoft Corporation "
"Readme "=hex(2):20,43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,4d,69,63,\
72,6f,73,6f,66,74,20,4f,66,66,69,63,65,5c,4f,66,66,69,63,65,5c,6f,66,72,65,\
61,64,39,2e,74,78,74,20,00
"Size "=" "
"UninstallString "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,49,7b,30,30,30,\
33,30,34,30,39,2d,37,38,45,31,2d,31,31,44,32,2d,42,36,30,46,2d,30,30,36,30,\
39,37,43,39,39,38,45,37,7d,00
"URLInfoAbout "=" "
"URLUpdateInfo "=" "
"VersionMajor "=dword:00000009
"VersionMinor "=dword:00000000
"WindowsInstaller "=dword:00000001
"Version "=dword:09000eed
"Language "=dword:00000409
"DisplayName "= "Microsoft Office 2000 SR-1 Small Business "
"InstallSource "= "E:\\ "
"EstimatedSize "=dword:ffffec20

 

Resending my log (3rd part)

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{00040409-78E1-11D2-B60F-006097C998E7}]
"RegOwner "= "Unknown User "
"RegCompany "= "DellComputerCorporation "
"ProductID "= "29700-OEM-0079624-85020 "
"LocalPackage "= "C:\\WINDOWS\\Installer\\735ghrd2.msi "
"AuthorizedCDFPrefix "=" "
"Comments "=" "
"Contact "=" "
"DisplayVersion "= "9.00.3821 "
"HelpLink "=hex(2):68,74,74,70,3a,2f,2f,77,77,77,2e,6d,69,63,72,6f,73,6f,66,74,\
2e,63,6f,6d,2f,73,75,70,70,6f,72,74,00
"HelpTelephone "=" "
"InstallDate "= "20001023 "
"InstallLocation "=" "
"ModifyPath "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,49,7b,30,30,30,34,\
30,34,30,39,2d,37,38,45,31,2d,31,31,44,32,2d,42,36,30,46,2d,30,30,36,30,39,\
37,43,39,39,38,45,37,7d,00
"Publisher "= "Microsoft Corporation "
"Readme "=" "
"Size "=" "
"UninstallString "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,49,7b,30,30,30,\
34,30,34,30,39,2d,37,38,45,31,2d,31,31,44,32,2d,42,36,30,46,2d,30,30,36,30,\
39,37,43,39,39,38,45,37,7d,00
"URLInfoAbout "=" "
"URLUpdateInfo "=" "
"VersionMajor "=dword:00000009
"VersionMinor "=dword:00000000
"WindowsInstaller "=dword:00000001
"Version "=dword:09000eed
"Language "=dword:00000409
"DisplayName "= "Microsoft Office 2000 SR-1 Disc 2 "
"InstallSource "= "E:\\ "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\3CDosBox]
@=" "
"DisplayName "= "U.S. Robotics 56K Voice PCI DOS Box Support "
"UninstallString "= "rundll.exe setupx.dll,InstallHinfSection 3C_Uninstall 2 Dosbox.INF "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Logitech MouseWare]
"UninstallString "= "C:\\WINDOWS\\IsUninst.exe -f\ "C:\\Program Files\\MouseWare\\Uninst.isu\" -c\ "C:\\Program Files\\MouseWare\\System\\MWUnInst.dll\" "
"DisplayName "= "MouseWare 9.01 "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dell Resolution Assistant]
"UninstallString "= "C:\\WINDOWS\\IsUninst.exe -f\ "C:\\Program Files\\Dell\\Resolution Assistant\\Uninst.isu\" -c\ "C:\\Program Files\\Dell\\Resolution Assistant\\UninstDll.dll\" "
"DisplayName "= "Dell Resolution Assistant "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4B0ED720-87D3-11D4-A188-0050DA2DDF19}]
"UninstallString "= "RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\ENGINE\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \ "C:\\Program Files\\InstallShield Installation Information\\{4B0ED720-87D3-11D4-A188-0050DA2DDF19}\\SETUP.EXE\" "
"DisplayName "= "Dell Solution Center "
"LogFile "= "C:\\Program Files\\InstallShield Installation Information\\{4B0ED720-87D3-11D4-A188-0050DA2DDF19}\\setup.ilg "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Modem Test]
"UninstallString "= "C:\\WINDOWS\\IsUninst.exe -f\ "C:\\Program Files\\Modem Test\\Uninst.isu\" "
"DisplayName "= "Modem Test "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F45298E5-0083-426F-A668-1A2C5F04B8A0}]
"UninstallString "= "RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\ENGINE\\6\\INTEL3~1\\ctor.dll,LaunchSetup \ "C:\\Program Files\\InstallShield Installation Information\\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\\setup.exe\" ControlPanel "
"DisplayName "= "PhoneTools "
"LogFile "= "C:\\Program Files\\InstallShield Installation Information\\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\\setup.ilg "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft IntelliType Pro]
"UninstallString "= "C:\\WINDOWS\\IsUninst.exe -f\ "C:\\Program Files\\Microsoft Hardware\\Keyboard\\Uninst.isu\" -c\ "C:\\Program Files\\Microsoft Hardware\\Keyboard\\sutils.dll\" "
"DisplayName "= "Microsoft IntelliType Pro "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sound Blaster Live! Value]
"UninstallString "= "C:\\Program Files\\Creative\\SBLive\\PROGRAM\\CTUNINST.EXE "
"DisplayName "= "Sound Blaster Live! Value "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Launcher]
"UninstallString "= "C:\\WINDOWS\\IsUninst.exe -f\ "C:\\Program Files\\Creative\\Launcher\\Launcher.isu\" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PlayCenter]
"UninstallString "= "C:\\WINDOWS\\IsUninst.exe -f\ "C:\\Program Files\\Creative\\PlayCenter\\Player.isu\" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative Recorder]
"UninstallString "= "C:\\WINDOWS\\IsUninst.exe -f\ "C:\\Program Files\\Creative\\Recorder\\Recorder.isu\" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AudioHQ]
"UninstallString "= "C:\\WINDOWS\\IsUninst.exe -f\ "C:\\Program Files\\Creative\\SBLive\\AudioHQ.isu\" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Diagnostics]
"UninstallString "= "C:\\WINDOWS\\IsUninst.exe -f\ "C:\\Program Files\\Creative\\SBLive\\Diagnose.isu\" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sound Blaster Live! Experience]
"UninstallString "= "C:\\WINDOWS\\IsUninst.exe -f\ "C:\\Program Files\\Creative\\SBLive\\SBLiveXP.isu\" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative Restore Defaults]
"UninstallString "= "C:\\WINDOWS\\IsUninst.exe -f\ "C:\\Program Files\\Creative\\SBLive\\Restore.isu\" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoundFont Banks]
"UninstallString "= "C:\\WINDOWS\\IsUninst.exe -f\ "C:\\Program Files\\Creative\\SBLive\\SoundFont.isu\" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Midi Samples]
"UninstallString "= "C:\\WINDOWS\\IsUninst.exe -f\ "C:\\Program Files\\Creative\\SBLive\\Midi.isu\" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative WaveStudio]
"UninstallString "= "C:\\WINDOWS\\IsUninst.exe -f\ "C:\\Program Files\\Creative\\SBLive\\Wstudio.isu\" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InterVideo WinDVD]
"UninstallString "= "C:\\WINDOWS\\IsUninst.exe -f\ "C:\\Program Files\\InterVideo\\WinDVD\\Uninst.isu\" "
"DisplayName "= "InterVideo WinDVD "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveReg]
"DisplayName "= "LiveReg (Symantec Corporation) "
"UninstallPath "= "C:\\Program Files\\Common Files\\Symantec Shared\\LiveReg\\VCSETUP.EXE "
"UninstallString "= "C:\\Program Files\\Common Files\\Symantec Shared\\LiveReg\\VCSETUP.EXE /REMOVE "
"InstallLocation "= "C:\\Program Files\\Common Files\\Symantec Shared\\LiveReg "
"DisplayVersion "= "3.0.0 "
"Publisher "= "Symantec Corporation "
"NoModify "=dword:00000001
"NoRepair "=dword:00000001
"QuietUninstallString "= "C:\\Program Files\\Common Files\\Symantec Shared\\LiveReg\\VCSETUP.EXE /SILENT /REMOVE "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MSN]
"DisplayName "= "MSN Explorer "
"UninstallString "= "C:\\PROGRA~1\\MSN\\MSNCOR~1\\Setup\\msnunin.exe "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MSNDELL]
"DisplayName "= "DellNet by MSN "
"UninstallString "= "C:\\PROGRA~1\\MSNDELL\\MSNCOR~1\\Setup\\msnunin.exe "

 

Resending my log (4th part)

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8F7C09A4-EBAE-11D3-A9AF-005004D2ECE4}]
"RegOwner "=" "
"RegCompany "=" "
"ProductID "= "None "
"LocalPackage "= "C:\\WINDOWS\\Installer\\d850.msi "
"AuthorizedCDFPrefix "=" "
"Comments "=" "
"Contact "= "Customer Support "
"DisplayVersion "= "2.3.2.0626 "
"HelpLink "=hex(2):61,74,74,75,6e,65,73,75,70,70,6f,72,74,40,61,76,65,6f,2e,63,\
6f,6d,00
"HelpTelephone "=" "
"InstallDate "= "20010226 "
"InstallLocation "=" "
"InstallSource "= "C:\\Aveo\\ "
"ModifyPath "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,49,7b,38,46,37,43,\
30,39,41,34,2d,45,42,41,45,2d,31,31,44,33,2d,41,39,41,46,2d,30,30,35,30,30,\
34,44,32,45,43,45,34,7d,00
"NoRepair "=dword:00000001
"Publisher "= "Aveo Inc "
"Readme "=" "
"Size "=" "
"EstimatedSize "=dword:00003bfb
"UninstallString "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,49,7b,38,46,37,\
43,30,39,41,34,2d,45,42,41,45,2d,31,31,44,33,2d,41,39,41,46,2d,30,30,35,30,\
30,34,44,32,45,43,45,34,7d,00
"URLInfoAbout "= "http://www.aveo.com "
"URLUpdateInfo "= "http://www.aveo.com/download "
"VersionMajor "=dword:00000002
"VersionMinor "=dword:00000003
"WindowsInstaller "=dword:00000001
"Version "=dword:02030002
"Language "=dword:00000409
"DisplayName "= "Attune 2.3.2 "
"DisplayIcon "= "C:\\PROGRA~1\\AVEO\\ATTUNE\\Bin\\Attune.exe "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3137CBA2-97DA-11D3-9C33-00A0C955B56E}]
"UninstallString "= "RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\ENGINE\\6\\INTEL3~1\\ctor.dll,LaunchSetup \ "C:\\Program Files\\InstallShield Installation Information\\{3137CBA2-97DA-11D3-9C33-00A0C955B56E}\\setup.exe\" "
"DisplayName "= "Dell Support Introduction "
"LogFile "= "C:\\Program Files\\InstallShield Installation Information\\{3137CBA2-97DA-11D3-9C33-00A0C955B56E}\\setup.ilg "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3E01D0C8-D715-4F0D-9B89-8B98C2361674}]
"RegOwner "=" "
"RegCompany "=" "
"ProductID "= "None "
"LocalPackage "= "C:\\WINDOWS\\Installer\\17112.msi "
"AuthorizedCDFPrefix "=" "
"Comments "=" "
"Contact "=" "
"DisplayVersion "= "6.0.0.115 "
"HelpLink "=hex(2):68,74,74,70,3a,2f,2f,77,77,77,2e,73,70,69,72,65,2d,69,6e,63,\
2e,63,6f,6d,00
"HelpTelephone "= "800-944-2373 "
"InstallDate "= "20010226 "
"InstallLocation "=" "
"InstallSource "= "C:\\DELL\\10KMY\\ "
"ModifyPath "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,49,7b,33,45,30,31,\
44,30,43,38,2d,44,37,31,35,2d,34,46,30,44,2d,39,42,38,39,2d,38,42,39,38,43,\
32,33,36,31,36,37,34,7d,00
"NoRepair "=dword:00000001
"Publisher "= "Spire Inc. "
"Readme "=" "
"Size "=" "
"EstimatedSize "=dword:0005c50b
"UninstallString "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,49,7b,33,45,30,\
31,44,30,43,38,2d,44,37,31,35,2d,34,46,30,44,2d,39,42,38,39,2d,38,42,39,38,\
43,32,33,36,31,36,37,34,7d,00
"URLInfoAbout "= "http://www.spire-inc.com "
"URLUpdateInfo "= "http://www.spire-inc.com "
"VersionMajor "=dword:00000006
"VersionMinor "=dword:00000000
"WindowsInstaller "=dword:00000001
"Version "=dword:06000000
"Language "=dword:00000409
"DisplayName "= "i-LEARN My Dell PC "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}]
"RegOwner "=" "
"RegCompany "=" "
"ProductID "= "53495-OEM-0000007-00000 "
"LocalPackage "= "C:\\WINDOWS\\Installer\\06rmmrd.msi "
"AuthorizedCDFPrefix "=" "
"Comments "= "The Installation database contains the logic and data required to install Money 2001 "
"Contact "=" "
"DisplayVersion "= "9.0.0.0 "
"HelpLink "=hex(2):68,74,74,70,3a,2f,2f,73,75,70,70,6f,72,74,2e,6d,69,63,72,6f,\
73,6f,66,74,2e,63,6f,6d,00
"HelpTelephone "= "(800) 936-5700 "
"InstallDate "= "20010226 "
"InstallLocation "=" "
"ModifyPath "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,49,7b,44,30,38,35,\
41,31,42,36,2d,39,30,41,34,2d,31,31,44,33,2d,38,32,42,37,2d,30,30,43,30,34,\
46,41,33,30,39,44,45,7d,00
"Publisher "= "Microsoft "
"Readme "=" "
"Size "=" "
"UninstallString "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,49,7b,44,30,38,\
35,41,31,42,36,2d,39,30,41,34,2d,31,31,44,33,2d,38,32,42,37,2d,30,30,43,30,\
34,46,41,33,30,39,44,45,7d,00
"URLInfoAbout "= "http://support.microsoft.com "
"URLUpdateInfo "= "http://www.microsoft.com/money "
"VersionMajor "=dword:00000009
"VersionMinor "=dword:00000000
"WindowsInstaller "=dword:00000001
"Version "=dword:09000000
"Language "=dword:00000409
"DisplayName "= "Microsoft Money 2001 "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MusicMatch Jukebox]
"UninstallString "= "C:\\WINDOWS\\IsUninst.exe -f\ "C:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\Uninst.isu\" -cC:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\unmatch.dll "
"DisplayName "= "MusicMatch Jukebox "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}]
"UninstallString "= "RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\ENGINE\\6\\INTEL3~1\\ctor.dll,LaunchSetup \ "C:\\Program Files\\InstallShield Installation Information\\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\\setup.exe\" "
"DisplayName "= "Dell Documents "
"LogFile "= "C:\\Program Files\\InstallShield Installation Information\\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\\setup.ilg "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Webshots]
"DisplayName "= "Webshots! "
"UninstallString "= "C:\\WINDOWS\\WebshotsUninstall.exe "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Photoshop 6.0 Tryout]
"UninstallString "= "C:\\WINDOWS\\ISUNINST.EXE -f\ "C:\\Program Files\\Adobe\\Photoshop 6.0 Tryout\\Uninst.isu\" -c\ "C:\\Program Files\\Adobe\\Photoshop 6.0 Tryout\\Uninst.dll\" "
"DisplayName "= "Adobe Photoshop 6.0 Tryout "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Photoshop 6.0]
"DisplayVersion "= "6.0 "
"HelpLink "=" "
"HelpTelephone "=" "
"InstallLocation "= "C:\\Program Files\\Adobe\\Photoshop 6.0 Tryout "
"InstallSource "= "C:\\WINDOWS\\TEMP\\~WZS0F52.TMP\\ "
"ModifyPath "= "C:\\WINDOWS\\TEMP\\~WZS0F52.TMP\\Setup.exe "
"ProductID "=" "
"Publisher "= "Adobe Systems, Inc. "
"RegCompany "=" "
"RegOwner "=" "
"URLInfoAbout "= "http:///www.adobe.com//prodindex//photoshop//main.html "
"URLUpdateInfo "= "http:///www.adobe.com//prodindex//photoshop//main.html "
"VersionMajor "=dword:00000006
"VersionMinor "=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash]
"QuietDisplayName "= "Shockwave Flash "
"QuietUninstallString "= "RunDll32 advpack.dll,LaunchINFSection C:\\WINDOWS\\INF\\swflash.inf,DefaultUninstall,5 "
"RequiresIESysFile "= "4.70.0.1155 "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CuteFTP]
"DisplayName "= "CuteFTP "
"UninstallString "= "C:\\PROGRA~1\\GLOBAL~1\\CUTEFTP\\UNWISE32.EXE C:\\PROGRA~1\\GLOBAL~1\\CUTEFTP\\INSTALL.LOG "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\FTP Explorer]
"DisplayName "= "FTP Explorer "
"UninstallString "= "C:\\Program Files\\FTP Explorer\\ftpx.exe /uninstall "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\QuickTime]
"DisplayName "= "QuickTime "
"UninstallString "= "C:\\WINDOWS\\unvise32qt.exe C:\\WINDOWS\\SYSTEM\\QuickTime\\Uninstall.log "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}]
"UninstallString "= "RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\ENGINE\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \ "C:\\Program Files\\InstallShield Installation Information\\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\\setup.exe\" mmUninstall "
"DisplayName "= "Macromedia Extension Manager "
"LogFile "= "C:\\Program Files\\InstallShield Installation Information\\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\\setup.ilg "
"DisplayVersion "= "1.2 "
"HelpLink "= "file://C:\\Program Files\\Macromedia\\Extension Manager\\Help\\package_manager.html "
"HelpTelephone "=" "
"InstallPath "= "C:\\Program Files\\Macromedia\\Extension Manager\\Extension Manager.exe "
"InstallLocation "= "C:\\Program Files\\Macromedia\\Extension Manager\\Extension Manager.exe "
"InstallSource "= "C:\\Program Files\\Macromedia "
"ModifyPath "=" "
"ProductID "=" "
"Publisher "= "Macromedia "
"RegCompany "=" "
"RegOwner "=" "
"VersionMajor "=dword:00000001
"VersionMinor "=dword:00000002
"URLUpdateInfo "= "http://www.macromedia.com/exchange/ "
"URLInfoAbout "= "http://www.macromedia.com/ "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Internet Gaming Zone]
"DisplayName "= "MSN Gaming Zone "
"UninstallString "= "C:\\PROGRA~1\\MSNGAM~1\\ZSETUP.EXE /Uninstall "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ABDA9912-5D00-11D4-BAE7-9367CA097955}]
"UninstallString "= "RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\ENGINE\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \ "C:\\Program Files\\InstallShield Installation Information\\{ABDA9912-5D00-11D4-BAE7-9367CA097955}\\SETUP.EXE\" mmUninstall "
"DisplayName "= "Macromedia Dreamweaver 4 "
"LogFile "= "C:\\Program Files\\InstallShield Installation Information\\{ABDA9912-5D00-11D4-BAE7-9367CA097955}\\setup.ilg "
"DisplayVersion "= "4.0 "
"HelpLink "= "file://C:\\Program Files\\Macromedia\\Dreamweaver 4\\ "
"HelpTelephone "=" "
"InstallPath "= "C:\\Program Files\\Macromedia\\Dreamweaver 4 "
"InstallLocation "= "C:\\Program Files\\Macromedia\\Dreamweaver 4 "
"InstallSource "= "C:\\Program Files\\Macromedia "
"ModifyPath "=" "
"ProductID "=" "
"Publisher "= "Macromedia "
"RegCompany "=" "
"RegOwner "=" "
"VersionMajor "=dword:00000004
"VersionMinor "=dword:00000000
"URLUpdateInfo "= "http://www.macromedia.com/software/dreamweaver/ "
"URLInfoAbout "= "http://www.macromedia.com/ "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Macromedia Generator 2]
"UninstallString "= "C:\\WINDOWS\\IsUninst.exe -f\ "C:\\Program Files\\Macromedia\\Generator 2\\Uninst.isu\" -c\ "C:\\Program Files\\Macromedia\\Generator 2\\bin\\uninstall.dll\" "
"DisplayName "= "Macromedia Generator 2 "
"DisplayVersion "= "2 "
"HelpLink "= "C:\\Program Files\\Macromedia\\Generator 2\\Help\\relnotes.htm "
"HelpTelephone "=" "
"InstallPath "= "C:\\Program Files\\Macromedia\\Generator 2 "
"InstallSource "= "C:\\Program Files\\Macromedia "
"ModifyPath "=" "
"ProductID "=" "
"Publisher "= "Macromedia "
"RegCompany "=" "
"RegOwner "=" "
"VersionMajor "= "2 "
"VersionMinor "= "0 "
"VersionDetail "= "2.1.0g3 "
"URLUpdateInfo "= "http://www.macromedia.com/software/generator/ "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4C93C363-414E-11D4-9756-00C04F8EEB39}]
"UninstallString "= "RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\ENGINE\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \ "C:\\Program Files\\InstallShield Installation Information\\{4C93C363-414E-11D4-9756-00C04F8EEB39}\\SETUP.EXE\" UNINSTALL "
"DisplayName "= "Macromedia Flash 5 "
"LogFile "= "C:\\Program Files\\InstallShield Installation Information\\{4C93C363-414E-11D4-9756-00C04F8EEB39}\\setup.ilg "
"DisplayVersion "= "5 "
"HelpLink "= "C:\\Program Files\\Macromedia\\Flash 5\\Help\\relnotes.htm "
"HelpTelephone "=" "
"InstallPath "= "C:\\Program Files\\Macromedia\\Flash 5 "
"InstallSource "= "C:\\Program Files\\Macromedia "
"ModifyPath "=" "
"ProductID "=" "
"Publisher "= "Macromedia "
"RegCompany "=" "
"RegOwner "=" "
"VersionMajor "= "5 "
"VersionMinor "= "0 "
"URLUpdateInfo "= "http://www.macromedia.com/software/flash/ "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{00000409-78E1-11D2-B60F-006097C998E7}]
"RegOwner "= "Bea Velazquez "
"RegCompany "=" "
"ProductID "= "50106-335-4652902-02992 "
"LocalPackage "= "C:\\WINDOWS\\Installer\\7ab791.msi "
"AuthorizedCDFPrefix "=" "
"Comments "=" "
"Contact "=" "
"DisplayVersion "= "9.00.3821 "
"HelpLink "=hex(2):68,74,74,70,3a,2f,2f,77,77,77,2e,6d,69,63,72,6f,73,6f,66,74,\
2e,63,6f,6d,2f,73,75,70,70,6f,72,74,00
"HelpTelephone "=" "
"InstallDate "= "20011227 "
"InstallLocation "=" "
"InstallSource "= "C:\\WINDOWS\\TEMP\\ "
"ModifyPath "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,49,7b,30,30,30,30,\
30,34,30,39,2d,37,38,45,31,2d,31,31,44,32,2d,42,36,30,46,2d,30,30,36,30,39,\
37,43,39,39,38,45,37,7d,00
"Publisher "= "Microsoft Corporation "
"Readme "=hex(2):20,43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,4d,69,63,\
72,6f,73,6f,66,74,20,4f,66,66,69,63,65,5c,4f,66,66,69,63,65,5c,6f,66,72,65,\
61,64,39,2e,74,78,74,20,00
"Size "=" "
"EstimatedSize "=dword:0002db51
"UninstallString "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,49,7b,30,30,30,\
30,30,34,30,39,2d,37,38,45,31,2d,31,31,44,32,2d,42,36,30,46,2d,30,30,36,30,\
39,37,43,39,39,38,45,37,7d,00
"URLInfoAbout "=" "
"URLUpdateInfo "=" "
"VersionMajor "=dword:00000009
"VersionMinor "=dword:00000000
"WindowsInstaller "=dword:00000001
"Version "=dword:09000eed
"Language "=dword:00000409
"DisplayName "= "Microsoft Office 2000 SR-1 Premium "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WebPost]
"DisplayName "= "Microsoft Web Publishing Wizard 1.6 "
"QuietUninstallString "= "RunDll32 ADVPACK.DLL,LaunchINFSection C:\\WINDOWS\\INF\\wpie5x86.inf,WebPostUninstall,5 "
"RequiresIESysFile "= "4.70.0.1155 "
"UninstallString "= "RunDll32 ADVPACK.DLL,LaunchINFSection C:\\WINDOWS\\INF\\wpie5x86.inf,WebPostUninstall "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ADIELangPack]
"UninstallString "= "RunDll32 advpack.dll,LaunchINFSection C:\\WINDOWS\\INF\\AD.inf, Uninstall "
"QuietUninstallString "= "rundll32 advpack.dll,LaunchINFSection C:\\WINDOWS\\INF\\AD.inf,Uninstall "
"RequiresIESysFile "= "5.00 "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE_EXTRA]
"QuietDisplayName "= "Internet Explorer Browsing Enhancements "
"QuietUninstallString "= "rundll32 advpack.dll,LaunchINFSectionEx C:\\WINDOWS\\INF\\ie_extra.inf,,,256 "
"RequiresIESysFile "= "6.0.2800.1100 "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\expinst]
"QuietDisplayName "= "Internet Explorer Exception pack "
"QuietUninstallString "= "\ "C:\\PROGRA~1\\INTERN~1\\W2K\\expinst.exe\" /EU ieexinst.inf "
"RequiresIESysFile "= "5.50 "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IEREADME]
"QuietDisplayName "= "Internet Explorer ReadMe "
"QuietUninstallString "= "rundll32 advpack.dll,LaunchINFSectionEx C:\\WINDOWS\\INF\\iereadme.inf,,,256 "
"RequiresIESysFile "= "6.0.2800.1106 "

 

Resending my log (5th part)

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RealPlayer 6.0]
@=" "
"UninstallString "= "C:\\Program Files\\Common Files\\Real\\Update_OB\\rnuninst.exe RealNetworks|RealPlayer|6.0 "
"DisplayName "= "RealOne Player "
"DisplayIcon "= "C:\\Program Files\\Real\\RealOne Player\\realplay.exe "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RealJukebox 1.0]
@=" "
"UninstallString "= "C:\\Program Files\\Common Files\\Real\\Update_OB\\rnuninst.exe RealNetworks|RealPlayer|6.0 "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6C8DBEC0-8052-11d5-A9D5-00500413153C}]
"DisplayName "= "Gator eWallet "
"UninstallString "= "C:\\Program Files\\Common Files\\GMT\\GUninstaller.exe /gator "
"InstallLocation "= "C:\\Program Files\\Common Files\\GMT "
"HelpLink "= "http://www.gator.com/help/ "
"Publisher "= "GAIN Publishing "
"URLInfoAbout "= "http://www.gator.com "
"InstallDate "= "March 31, 2005 "
"DisplayVersion "= "7.0.3.5 "
"UninstallPath "= "C:\\Program Files\\Gator.com\\Gator\\Gator.exe "
"DisplayIcon "= "C:\\Program Files\\Common Files\\GMT\\GUninstaller.exe,-10025 "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{456BA350-947F-4406-B091-AA1C6678EBE7}]
"DisplayName "= "OfferCompanion "
"UninstallString "= "C:\\Program Files\\Common Files\\GMT\\GUninstaller.exe /offers "
"InstallLocation "= "C:\\Program Files\\Common Files\\GMT "
"HelpLink "= "http://www.offercompanion.com/help/ "
"Publisher "= "GAIN Publishing "
"URLInfoAbout "= "http://www.offercompanion.com "
"InstallDate "= "March 31, 2005 "
"DisplayVersion "= "7.0.3.5 "
"UninstallPath "= "C:\\Program Files\\Gator.com\\OfferCompanion\\Offers.exe "
"DisplayIcon "= "C:\\Program Files\\Common Files\\GMT\\GUninstaller.exe,-10026 "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Copy Utility]
"UninstallString "= "C:\\WINDOWS\\IsUninst.exe -f\ "C:\\Program Files\\EPSON\\Copy Utility\\Uninst.isu\" "
"DisplayName "= "Copy Utility "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ArcSoft PhotoImpression 3.0]
"UninstallString "= "C:\\WINDOWS\\IsUninst.exe -f\ "C:\\Program Files\\ArcSoft\\PhotoImpression\\Uninst.isu\" "
"DisplayName "= "ArcSoft PhotoImpression 3.0 "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PF1250-1650 Guide]
"UninstallString "= "C:\\WINDOWS\\uninst.exe -f\ "C:\\Program Files\\EPSON\\PF1250-1650\\DeIsL1.isu\" "
"DisplayName "= "PF1250-1650 Guide "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Foto.Eureka]
"UninstallString "= "C:\\WINDOWS\\IsUninst.exe -f\ "C:\\Program Files\\Foto.Eureka\\Uninst.isu\" "
"DisplayName "= "Foto.Eureka "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MP3 CD Burner 1.13]
"DisplayName "= "MP3 CD Burner 1.13 "
"UninstallString "= "C:\\PROGRA~1\\MP3CDB~1\\UNWISE.EXE C:\\PROGRA~1\\MP3CDB~1\\INSTALL.LOG "
"DisplayVersion "= "0.93 "
"HelpLink "= "www.cdburner.com "
"Publisher "= "Acoustica "
"URLInfoAbout "= "www.cdburner.com "
"DisplayIcon "= "C:\\PROGRA~1\\MP3CDB~1\\cdburner.exe,-0 "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinZip]
"DisplayName "= "WinZip "
"UninstallString "= "\ "C:\\PROGRAM FILES\\WINZIP\\WINZIP32.EXE\" /uninstall "
"InstallLocation "= "C:\\PROGRA~1\\WINZIP\\ "
"Publisher "= "WinZip Computing, Inc. "
"VersionMajor "=dword:00000008
"VersionMinor "=dword:00000001
"DisplayVersion "=" 8.1 (4331) "
"HelpLink "= "http://www.winzip.com/xsupport.htm "
"URLInfoAbout "= "http://www.winzip.com "
"URLUpdateInfo "= "http://www.winzip.com "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer]
"DisplayName "= "Viewpoint Media Player "
"UninstallString "= "C:\\PROGRAM FILES\\VIEWPOINT\\VIEWPOINT MEDIA PLAYER\\mtsAxInstaller.exe /u "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2A2766A4-6AE4-11D4-AC8E-52544C1966EE}]
"RegOwner "= "Bea Velazquez "
"RegCompany "=" "
"ProductID "= "None "
"LocalPackage "= "C:\\WINDOWS\\Installer\\110a9f.msi "
"AuthorizedCDFPrefix "=" "
"Comments "=" "
"Contact "=" "
"DisplayVersion "= "2.01.0000 "
"HelpLink "=hex(2):68,74,74,70,3a,2f,2f,53,75,70,70,6f,72,74,2e,2e,44,65,6c,6c,\
2e,63,6f,6d,00
"HelpTelephone "= "1-877-671-3355 "
"InstallDate "= "20021001 "
"InstallLocation "=" "
"InstallSource "= "E:\\setup\\ "
"ModifyPath "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,58,7b,32,41,32,37,\
36,36,41,34,2d,36,41,45,34,2d,31,31,44,34,2d,41,43,38,45,2d,35,32,35,34,34,\
43,31,39,36,36,45,45,7d,00
"NoModify "=dword:00000001
"NoRepair "=dword:00000001
"Publisher "= "Dell "
"Readme "=" "
"Size "=" "
"EstimatedSize "=dword:00000670
"UninstallString "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,58,7b,32,41,32,\
37,36,36,41,34,2d,36,41,45,34,2d,31,31,44,34,2d,41,43,38,45,2d,35,32,35,34,\
34,43,31,39,36,36,45,45,7d,00
"URLInfoAbout "= "http://www.Dell.com "
"URLUpdateInfo "= "http://www.Dell.com "
"VersionMajor "=dword:00000002
"VersionMinor "=dword:00000001
"WindowsInstaller "=dword:00000001
"Version "=dword:02010000
"Language "=dword:00000409
"DisplayName "= "Backup Dell-Installed Programs "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{24ED4D80-8294-11D5-96CD-0040266301AD}]
"LogFile "= "C:\\Program Files\\InstallShield Installation Information\\{24ED4D80-8294-11D5-96CD-0040266301AD}\\Setup.ilg "
"StatusText "= "FinePixViewer Ver.3.2 Setup is preparing the InstallShield®, which will guide you through the program setup process. Please wait. "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Acrobat 5.0]
"UninstallString "= "C:\\WINDOWS\\ISUNINST.EXE -f\ "C:\\Program Files\\Common Files\\Adobe\\Acrobat 5.0\\ME\\Uninst.isu\" -c\ "C:\\Program Files\\Common Files\\Adobe\\Acrobat 5.0\\ME\\Uninst.dll\" "
"DisplayName "= "Adobe Acrobat 4.0, 5.0 "
"InstallSource "= "C:\\WINDOWS\\TEMP\\pft71A4~TMP\\ "
"VersionMinor "=dword:00000000
"DisplayVersion "= "5.0 "
"InstallLocation "= "C:\\Program Files\\Adobe\\Acrobat 5.0 "
"URLInfoAbout "= "http://www.adobe.com/prodindex/acrobat/main.html "
"HelpTelephone "=" "
"VersionMajor "=dword:00000005
"ModifyPath "= "\ "C:\\WINDOWS\\TEMP\\pft71A4~TMP\\Setup.exe\" "
"Publisher "= "Adobe Systems, Inc. "
"DisplayIcon "= "C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe,0 "
"HelpLink "= "http://www.adobe.com/prodindex/acrobat/main.html "
"URLUpdateInfo "= "http://www.adobe.com/prodindex/acrobat/main.html "
"UninstallPath "= "C:\\WINDOWS\\ISUNINST.EXE -f\ "C:\\Program Files\\Common Files\\Adobe\\Acrobat 5.0\\ME\\Uninst.isu\" -c\ "C:\\Program Files\\Common Files\\Adobe\\Acrobat 5.0\\ME\\Uninst.dll\" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CD0159C9-17FB-11D6-A76A-00B0D079AF64}]
"UninstallString "= "RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\ENGINE\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \ "C:\\Program Files\\InstallShield Installation Information\\{CD0159C9-17FB-11D6-A76A-00B0D079AF64}\\SETUP.EXE\" Anytext "
"DisplayName "= "Java 2 Runtime Environment, SE v1.4.1 "
"LogFile "= "C:\\Program Files\\InstallShield Installation Information\\{CD0159C9-17FB-11D6-A76A-00B0D079AF64}\\setup.ilg "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Java Web Start]
"DisplayName "= "Java Web Start "
"UninstallString "= "\ "C:\\Program Files\\Java Web Start\\uninst-javaws.exe\" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1F841A79-8F75-4BD2-B791-6DBB2873E4FE}]
"DisplayIcon "= "C:\\Program Files\\Sonic Foundry\\ACID 3.0\\acid.exe "
"LocalPackage "= "C:\\WINDOWS\\Installer\\7f20e.msi "
"AuthorizedCDFPrefix "=" "
"Comments "=" "
"Contact "=" "
"DisplayVersion "= "3.0.306 "
"HelpLink "=hex(2):68,74,74,70,3a,2f,2f,77,77,77,2e,73,6f,6e,69,63,66,6f,75,6e,\
64,72,79,2e,63,6f,6d,2f,73,75,70,70,6f,72,74,00
"HelpTelephone "=" "
"InstallDate "= "20030118 "
"InstallLocation "=" "
"InstallSource "= "C:\\PROGRAM FILES\\SONIC FOUNDRY SETUP\\ACID 3.0\\ "
"ModifyPath "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,49,7b,31,46,38,34,\
31,41,37,39,2d,38,46,37,35,2d,34,42,44,32,2d,42,37,39,31,2d,36,44,42,42,32,\
38,37,33,45,34,46,45,7d,00
"Publisher "= "Sonic Foundry "
"Readme "=" "
"Size "=" "
"EstimatedSize "=dword:00012b8e
"UninstallString "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,49,7b,31,46,38,\
34,31,41,37,39,2d,38,46,37,35,2d,34,42,44,32,2d,42,37,39,31,2d,36,44,42,42,\
32,38,37,33,45,34,46,45,7d,00
"URLInfoAbout "= "http://www.sonicfoundry.com "
"URLUpdateInfo "= "http://www.sonicfoundry.com/updates "
"VersionMajor "=dword:00000003
"VersionMinor "=dword:00000000
"WindowsInstaller "=dword:00000001
"Version "=dword:03000132
"Language "=dword:00000409
"DisplayName "= "Sonic Foundry ACID XPress 3.0d "

 

Resending my log (6th part)

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A4D7B764-4140-11D4-88EB-0050DA3579C0}]
"RegOwner "= "Bea Velazquez "
"RegCompany "=" "
"ProductID "= "None "
"LocalPackage "= "C:\\WINDOWS\\Installer\\c4ed7.msi "
"AuthorizedCDFPrefix "=" "
"Comments "=" "
"Contact "= "Hotline "
"DisplayVersion "= "5.5.9.7 "
"HelpLink "=hex(2):68,74,74,70,3a,2f,2f,77,77,77,2e,6e,65,72,6f,2e,63,6f,6d,00
"HelpTelephone "=" "
"InstallDate "= "20030118 "
"InstallLocation "=" "
"InstallSource "= "E:\\NEROEXPRESS55\\ "
"ModifyPath "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,58,7b,41,34,44,37,\
42,37,36,34,2d,34,31,34,30,2d,31,31,44,34,2d,38,38,45,42,2d,30,30,35,30,44,\
41,33,35,37,39,43,30,7d,00
"NoModify "=dword:00000001
"NoRepair "=dword:00000001
"Publisher "= "ahead software gmbh "
"Readme "=" "
"Size "=" "
"EstimatedSize "=dword:0001dc18
"UninstallString "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,58,7b,41,34,44,\
37,42,37,36,34,2d,34,31,34,30,2d,31,31,44,34,2d,38,38,45,42,2d,30,30,35,30,\
44,41,33,35,37,39,43,30,7d,00
"URLInfoAbout "= "http://www.nero.com "
"URLUpdateInfo "= "http://www.nero.com "
"VersionMajor "=dword:00000005
"VersionMinor "=dword:00000005
"WindowsInstaller "=dword:00000001
"Version "=dword:05050009
"Language "=dword:00000000
"DisplayName "= "Nero Express "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InCD!UninstallKey]
"UninstallString "= "C:\\WINDOWS\\NuNInst.exe /UNINSTALL "
"DisplayName "= "InCD (Ahead Software) "
"DisplayIcon "= "C:\\Program Files\\Ahead\\InCD\\InCD.exe "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{355E14EC-6961-11D5-BAE5-00E0188E010B}]
"UninstallString "= "RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\ENGINE\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \ "C:\\Program Files\\InstallShield Installation Information\\{355E14EC-6961-11D5-BAE5-00E0188E010B}\\SETUP.EXE\" "
"DisplayName "= "FUJIFILM USB Driver "
"LogFile "= "C:\\Program Files\\InstallShield Installation Information\\{355E14EC-6961-11D5-BAE5-00E0188E010B}\\setup.ilg "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{24ED4D80-8294-11D5-96CD-0040266301AD}]
"LocalPackage "= "C:\\WINDOWS\\Installer\\5e243e.msi "
"AuthorizedCDFPrefix "=" "
"Comments "=" "
"Contact "=" "
"DisplayVersion "= "3.2 "
"HelpLink "=hex(2):20,00
"HelpTelephone "=" "
"InstallDate "= "20030129 "
"InstallLocation "=" "
"InstallSource "= "E:\\VIEWER\\FVIEWER\\ "
"NoModify "=dword:00000001
"NoRemove "=dword:00000001
"NoRepair "=dword:00000001
"Publisher "= "FUJI PHOTO FILM CO.,LTD. "
"Readme "=hex(2):20,00
"Size "=" "
"EstimatedSize "=dword:00006dc1
"SystemComponent "=dword:00000001
"URLInfoAbout "=" "
"URLUpdateInfo "=" "
"VersionMajor "=dword:00000003
"VersionMinor "=dword:00000002
"WindowsInstaller "=dword:00000001
"Version "=dword:03020000
"Language "=dword:00000000
"DisplayName "= "FinePixViewer Ver.3.2 "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{24ED4D80-8294-11D5-96CD-0040266301AD}]
"UninstallString "= "C:\\PROGRAM FILES\\COMMON FILES\\INSTALLSHIELD\\DRIVER\\7\\INTEL 32\\IDRIVER.EXE /M{24ED4D80-8294-11D5-96CD-0040266301AD} /l1033 "
"DisplayName "= "FinePixViewer Ver.3.2 "
"LogFile "= "C:\\Program Files\\InstallShield Installation Information\\{24ED4D80-8294-11D5-96CD-0040266301AD}\\Setup.ilg "
"Comments "=" "
"Contact "=" "
"DisplayVersion "= "3.2 "
"HelpTelephone "=" "
"InstallDate "= "20030129 "
"InstallLocation "=" "
"InstallSource "= "E:\\VIEWER\\FVIEWER\\ "
"ProductID "=" "
"Publisher "= "FUJI PHOTO FILM CO.,LTD. "
"Readme "=" "
"URLInfoAbout "=" "
"URLUpdateInfo "=" "
"HelpLink "=hex(2):20,00
"EstimatedSize "=dword:00006dc1
"Language "=dword:00000000
"Version "=dword:03020000
"VersionMajor "=dword:00000003
"VersionMinor "=dword:00000002
"DisplayIcon "=" "
"RegOwner "= "Bea Velazquez "
"RegCompany "=" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D3AA158A-9421-4883-8767-E771B0964A1D}]
"UninstallString "= "RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\ENGINE\\6\\INTEL3~1\\ctor.dll,LaunchSetup \ "C:\\Program Files\\InstallShield Installation Information\\{D3AA158A-9421-4883-8767-E771B0964A1D}\\setup.exe\" "
"DisplayName "= "ImageMixer VCD for FinePix "
"LogFile "= "C:\\Program Files\\InstallShield Installation Information\\{D3AA158A-9421-4883-8767-E771B0964A1D}\\setup.ilg "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Lexmark X74-X75]
"DisplayName "= "Lexmark X74-X75 "
"UninstallString "= "C:\\WINDOWS\\SYSTEM\\lxbbun9x.exe "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\websearch_cao.xml]
"DisplayName "= "Web Search "
@= "Web Search "
"UninstallString "= "wjview /cp \ "C:\\Program Files\\websearch\\System\\Code\" Main lp: \ "C:\\Program Files\\websearch\" ls: deletefeature ld: feature=websearch_cao.xml "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AOL Instant Messenger]
"DisplayName "= "AOL Instant Messenger "
"UninstallString "= "C:\\PROGRAM FILES\\AIM95\\uninstll.exe -LOG= C:\\PROGRAM FILES\\AIM95\\install.log -OEM= "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Cue Club]
"DisplayName "= "Cue Club "
"UninstallString "= "C:\\PROGRA~1\\OUTERB~1\\CUECLU~1\\UNWISE.EXE C:\\PROGRA~1\\OUTERB~1\\CUECLU~1\\INSTALL.LOG "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\VGX]
"QuietDisplayName "= "Vector Graphics Rendering (VML) "
"QuietUninstallString "= "RunDll32 advpack.dll,LaunchINFSectionEx C:\\WINDOWS\\INF\\vgx.inf,,,256 "
"RequiresIESysFile "= "5.50 "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft NetShow Player 2.0]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ieupdate]
"DisplayName "= "Internet Explorer Q891781 "
"QuietDisplayName "= "Internet Explorer Q891781 "
"UninstallString "= "C:\\WINDOWS\\ieuninst.exe C:\\WINDOWS\\INF\\Q891781.inf "
"RequiresIESysFile "= "6.0.2800.1106 "
"QuietUninstallString "= "C:\\WINDOWS\\ieuninst.exe /d C:\\WINDOWS\\INF\\Q891781.inf "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\oeupdate]
"DisplayName "= "Outlook Express Q837009 "
"QuietDisplayName "= "Outlook Express Q837009 "
"UninstallString "= "C:\\WINDOWS\\oeuninst.exe C:\\WINDOWS\\INF\\Q837009.inf "
"RequiresIESysFile "= "6.0.2800.1106 "
"QuietUninstallString "= "C:\\WINDOWS\\oeuninst.exe /d C:\\WINDOWS\\INF\\Q837009.inf "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Q823559]
@=" "
"DisplayName "= "Windows Millennium Edition Q823559 Update "
"UninstallString "= "RunDll32 advpack.dll,LaunchINFSection C:\\WINDOWS\\INF\\QFE\\WinME\\823559UN.INF "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MSNINST]
"DisplayName "= "MSN "
"UninstallString "= "C:\\Program Files\\MSN\\MsnInstaller\\msninst.exe /Action:ARP "
"DisplayIcon "= "\\msnms.ico "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4F1CECBC-670F-4daa-81D6-944B12450917}]
"RegOwner "= "Bea Velazquez "
"RegCompany "=" "
"ProductID "= "None "
"LocalPackage "= "C:\\WINDOWS\\Installer\\11ddd1e.msi "
"AuthorizedCDFPrefix "=" "
"Comments "=" "
"Contact "=" "
"DisplayVersion "= "9.0.0917.2 "
"HelpLink "=hex(2):68,74,74,70,3a,2f,2f,77,77,77,2e,79,6f,75,72,63,6f,6d,70,61,\
6e,79,2e,63,6f,6d,00
"HelpTelephone "= "555-555-1234 "
"InstallDate "= "20040210 "
"InstallLocation "=" "
"InstallSource "= "C:\\WINDOWS\\Application Data\\MSNInstaller\\ "
"NoModify "=dword:00000001
"NoRemove "=dword:00000001
"NoRepair "=dword:00000001
"Publisher "= "Your Company Name "
"Readme "=" "
"Size "=" "
"EstimatedSize "=dword:000000cc
"SystemComponent "=dword:00000001
"URLInfoAbout "= "http://www.yourcompany.com "
"URLUpdateInfo "= "http://www.yourcompany.com "
"VersionMajor "=dword:00000009
"VersionMinor "=dword:00000000
"WindowsInstaller "=dword:00000001
"Version "=dword:09000395
"Language "=dword:00000409
"DisplayName "= "DIGReqEx "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C769B501-2BE8-46ed-9E69-118F008A0917}]
"RegOwner "= "Bea Velazquez "
"RegCompany "=" "
"ProductID "= "None "
"LocalPackage "= "C:\\WINDOWS\\Installer\\11ddd3d.msi "
"AuthorizedCDFPrefix "=" "
"Comments "=" "
"Contact "=" "
"DisplayVersion "= "9.0.0917.2 "
"HelpLink "=hex(2):68,74,74,70,3a,2f,2f,77,77,77,2e,79,6f,75,72,63,6f,6d,70,61,\
6e,79,2e,63,6f,6d,00
"HelpTelephone "= "555-555-1234 "
"InstallDate "= "20040210 "
"InstallLocation "=" "
"InstallSource "= "C:\\WINDOWS\\Application Data\\MSNInstaller\\ "
"NoModify "=dword:00000001
"NoRemove "=dword:00000001
"NoRepair "=dword:00000001
"Publisher "= "Your Company Name "
"Readme "=" "
"Size "=" "
"EstimatedSize "=dword:000005a6
"SystemComponent "=dword:00000001
"URLInfoAbout "= "http://www.yourcompany.com "
"URLUpdateInfo "= "http://www.yourcompany.com "
"VersionMajor "=dword:00000009
"VersionMinor "=dword:00000000
"WindowsInstaller "=dword:00000001
"Version "=dword:09000395
"Language "=dword:00000409
"DisplayName "= "DIGOpt "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{32F66A20-7614-11D4-BD11-00104BD3F987}]
"DisplayName "= "MathPlayer "
"DisplayIcon "= "C:\\Program Files\\Design Science\\MathPlayer\\Setup.exe "
"UninstallString "= "C:\\Program Files\\Design Science\\MathPlayer\\Setup.exe -u "
"Publisher "= "Design Science, Inc. "
"DisplayVersion "= "1.1 beta 3 "
"VersionMajor "=dword:00000001
"VersionMinor "=dword:0000000a
"HelpLink "= "http://www.dessci.com/support "
"HelpTelephone "= "(562) 433-0685 "
"URLInfoAbout "= "http://www.dessci.com "
"URLUpdateInfo "= "http://www.dessci.com "
"InstallDate "= "20040210 "

 

Resending my log (7th part)

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{00000000-785F-478A-BAA2-87F1A136068C}]
"RegOwner "= "Bea Velazquez "
"RegCompany "=" "
"ProductID "= "none "
"LocalPackage "= "C:\\WINDOWS\\Installer\\11ddd44.msi "
"AuthorizedCDFPrefix "=" "
"Comments "=" "
"Contact "=" "
"DisplayVersion "= "9.0.0801 "
"HelpLink "=" "
"HelpTelephone "=" "
"InstallDate "= "20040210 "
"InstallLocation "=" "
"InstallSource "= "C:\\WINDOWS\\Application Data\\MSNInstaller\\ "
"ModifyPath "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,49,7b,30,30,30,30,\
30,30,30,30,2d,37,38,35,46,2d,34,37,38,41,2d,42,41,41,32,2d,38,37,46,31,41,\
31,33,36,30,36,38,43,7d,00
"Publisher "= "Microsoft Corporation "
"Readme "=" "
"Size "=" "
"EstimatedSize "=dword:00000220
"SystemComponent "=dword:00000001
"UninstallString "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,49,7b,30,30,30,\
30,30,30,30,30,2d,37,38,35,46,2d,34,37,38,41,2d,42,41,41,32,2d,38,37,46,31,\
41,31,33,36,30,36,38,43,7d,00
"URLInfoAbout "=" "
"URLUpdateInfo "=" "
"VersionMajor "=dword:00000009
"VersionMinor "=dword:00000000
"WindowsInstaller "=dword:00000001
"Version "=dword:09000321
"Language "=dword:00000409
"DisplayName "= "MSN Encarta Plus Support Files "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PictureIt_v9]
"DisplayName "= "Microsoft Picture It! Express 9 "
"UninstallString "= "C:\\WINDOWS\\SYSTEM\\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0900} "
"DisplayIcon "= "C:\\Program Files\\Microsoft Picture It! 9\\pi.exe "
"HelpLink "= "http://go.microsoft.com/fwlink/?prd=10964&pver=9.0&plcid=0x409&ar=AddRemove&sar=PictureIt "
"InstallLocation "= "C:\\Program Files\\Microsoft Picture It! 9\\ "
"Publisher "= "Microsoft Corporation "
"UninstallPath "= "C:\\WINDOWS\\SYSTEM\\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0900} "
"DisplayVersion "= "9.0.1305 "
"InstallSource "= "C:\\WINDOWS\\Application Data\\MSNInstaller\\ "
"Language "=dword:00000409
"URLInfoAbout "= "http://go.microsoft.com/fwlink/?prd=10964&pver=9.0&plcid=0x409&ar=AddRemove&sar=Microsoft "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DBA8B9E1-C6FF-4624-9598-73D3B41A0900}]
"RegOwner "= "Bea Velazquez "
"RegCompany "=" "
"ProductID "= "74276-397-3743416-04822 "
"LocalPackage "= "C:\\WINDOWS\\Installer\\11ddd49.msi "
"AuthorizedCDFPrefix "=" "
"Comments "= "Microsoft Picture It! Express 9 "
"Contact "=" "
"DisplayVersion "= "9.0.1305 "
"HelpLink "=hex(2):68,74,74,70,3a,2f,2f,67,6f,2e,6d,69,63,72,6f,73,6f,66,74,2e,\
63,6f,6d,2f,66,77,6c,69,6e,6b,2f,3f,70,72,64,3d,31,30,39,36,34,26,70,76,65,\
72,3d,39,2e,30,26,70,6c,63,69,64,3d,30,78,34,30,39,26,61,72,3d,41,64,64,52,\
65,6d,6f,76,65,26,73,61,72,3d,50,69,63,74,75,72,65,49,74,00
"HelpTelephone "=" "
"InstallDate "= "20040210 "
"InstallLocation "=" "
"InstallSource "= "C:\\WINDOWS\\Application Data\\MSNInstaller\\ "
"NoModify "=dword:00000001
"NoRemove "=dword:00000001
"NoRepair "=dword:00000001
"Publisher "= "Microsoft Corporation "
"Readme "=" "
"Size "=" "
"EstimatedSize "=dword:0000e4bf
"SystemComponent "=dword:00000001
"URLInfoAbout "= "http://go.microsoft.com/fwlink/?prd=10964&pver=9.0&plcid=0x409&ar=AddRemove&sar=Microsoft "
"URLUpdateInfo "=" "
"VersionMajor "=dword:00000009
"VersionMinor "=dword:00000000
"WindowsInstaller "=dword:00000001
"Version "=dword:09000519
"Language "=dword:00000409
"DisplayName "= "Microsoft Picture It! Express 9 "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PictureIt_POD_v9]
"DisplayName "= "Microsoft Picture It! Library 9 "
"UninstallString "= "C:\\WINDOWS\\SYSTEM\\msiexec.exe /i {9F7FC79B-3059-4264-9450-39EB368E3220} "
"DisplayIcon "= "C:\\Program Files\\Microsoft Picture It! 9\\pod9.exe "
"HelpLink "= "http://go.microsoft.com/fwlink/?prd=10964&pver=9.0&plcid=0x409&ar=AddRemove&sar=Library "
"Publisher "= "Microsoft Corporation "
"UninstallPath "= "C:\\WINDOWS\\SYSTEM\\msiexec.exe /i {9F7FC79B-3059-4264-9450-39EB368E3220} "
"DisplayVersion "= "9.0.1305 "
"InstallSource "= "C:\\WINDOWS\\Application Data\\MSNInstaller\\ "
"URLInfoAbout "= "http://go.microsoft.com/fwlink/?prd=10964&pver=9.0&plcid=0x409&ar=AddRemove&sar=Microsoft "
"Language "=dword:00000409

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9F7FC79B-3059-4264-9450-39EB368E3220}]
"RegOwner "= "Bea Velazquez "
"RegCompany "=" "
"ProductID "= "74276-313-3743594-04601 "
"LocalPackage "= "C:\\WINDOWS\\Installer\\11ddd4f.msi "
"AuthorizedCDFPrefix "=" "
"Comments "=" "
"Contact "=" "
"DisplayVersion "= "9.0.1305 "
"HelpLink "=hex(2):68,74,74,70,3a,2f,2f,67,6f,2e,6d,69,63,72,6f,73,6f,66,74,2e,\
63,6f,6d,2f,66,77,6c,69,6e,6b,2f,3f,70,72,64,3d,31,30,39,36,34,26,70,76,65,\
72,3d,39,2e,30,26,70,6c,63,69,64,3d,30,78,34,30,39,26,61,72,3d,41,64,64,52,\
65,6d,6f,76,65,26,73,61,72,3d,4c,69,62,72,61,72,79,00
"HelpTelephone "= "(425) "
"InstallDate "= "20040210 "
"InstallLocation "=" "
"InstallSource "= "C:\\WINDOWS\\Application Data\\MSNInstaller\\ "
"NoModify "=dword:00000001
"NoRemove "=dword:00000001
"NoRepair "=dword:00000001
"Publisher "= "Microsoft Corporation "
"Readme "=" "
"Size "=" "
"EstimatedSize "=dword:00006efb
"SystemComponent "=dword:00000001
"URLInfoAbout "= "http://go.microsoft.com/fwlink/?prd=10964&pver=9.0&plcid=0x409&ar=AddRemove&sar=Microsoft "
"URLUpdateInfo "=" "
"VersionMajor "=dword:00000009
"VersionMinor "=dword:00000000
"WindowsInstaller "=dword:00000001
"Version "=dword:09000519
"Language "=dword:00000409
"DisplayName "= "Microsoft Picture It! Library 9 "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Van Helsing Screensaver]
"DisplayName "= "Van Helsing Screensaver "
"UninstallString "= "C:\\WINDOWS\\Van Helsing Screensaver.scr /u "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\couponsandoffers.xml]
@= "couponsandoffers "
"UninstallString "= "wjview /cp \ "C:\\Program Files\\websearch\\System\\Code\" Main lp: \ "C:\\Program Files\\websearch\" ls: deletefeature ld: feature=couponsandoffers.xml "
"DisplayName "= "couponsandoffers "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{228F6876-A313-40A3-91C0-C3CBE6997D09}]
"RegOwner "= "Bea Velazquez "
"RegCompany "=" "
"ProductID "= "1 "
"LocalPackage "= "C:\\WINDOWS\\Installer\\7d1342.msi "
"AuthorizedCDFPrefix "=" "
"Comments "=" "
"Contact "=" "
"DisplayVersion "= "11.0.2 "
"HelpLink "=" "
"HelpTelephone "=" "
"InstallDate "= "20040925 "
"InstallLocation "=" "
"InstallSource "= "C:\\WINDOWS\\TMP\\NAV\\Support\\MSRedist\\ "
"ModifyPath "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,49,7b,32,32,38,46,\
36,38,37,36,2d,41,33,31,33,2d,34,30,41,33,2d,39,31,43,30,2d,43,33,43,42,45,\
36,39,39,37,44,30,39,7d,00
"Publisher "= "Symantec Corp "
"Readme "=" "
"Size "=" "
"EstimatedSize "=dword:00000c00
"SystemComponent "=dword:00000001
"URLInfoAbout "=" "
"URLUpdateInfo "=" "
"VersionMajor "=dword:0000000b
"VersionMinor "=dword:00000000
"WindowsInstaller "=dword:00000001
"Version "=dword:0b000002
"Language "=dword:00000409
"DisplayName "= "Symantec "
"QuietUninstallString "= "MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09} "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sevinst]
"QuietUninstallString "= "C:\\Program Files\\Common Files\\Symantec Shared\\SEVINST.EXE /U /Q "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5EE9939-259F-4DE2-8023-5C49E16A4F43}]
"RegOwner "= "Bea Velazquez "
"RegCompany "=" "
"ProductID "= "none "
"LocalPackage "= "C:\\WINDOWS\\Installer\\2eb59.msi "
"AuthorizedCDFPrefix "=" "
"Comments "=" "
"Contact "=" "
"DisplayVersion "= "11.0.2 "
"HelpLink "=" "
"HelpTelephone "=" "
"InstallDate "= "20041111 "
"InstallLocation "=" "
"InstallSource "= "C:\\WINDOWS\\TMP\\NAV\\NAV\\ "
"ModifyPath "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,49,7b,45,35,45,45,\
39,39,33,39,2d,32,35,39,46,2d,34,44,45,32,2d,38,30,32,33,2d,35,43,34,39,45,\
31,36,41,34,46,34,33,7d,00
"Publisher "= "Symantec Corp. "
"Readme "=" "
"Size "=" "
"EstimatedSize "=dword:0000030d
"SystemComponent "=dword:00000001
"URLInfoAbout "=" "
"URLUpdateInfo "=" "
"VersionMajor "=dword:0000000b
"VersionMinor "=dword:00000000
"WindowsInstaller "=dword:00000001
"Version "=dword:0b000002
"Language "=dword:00000409
"DisplayName "= "Norton AntiVirus Parent MSI "
"QuietUninstallString "= "MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43} "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}]
"RegOwner "= "Bea Velazquez "
"RegCompany "=" "
"ProductID "= "none "
"LocalPackage "= "C:\\WINDOWS\\Installer\\2eb5e.msi "
"AuthorizedCDFPrefix "=" "
"Comments "=" "
"Contact "=" "
"DisplayVersion "= "11.0.2 "
"HelpLink "=" "
"HelpTelephone "=" "
"InstallDate "= "20041111 "
"InstallLocation "=" "
"InstallSource "= "C:\\WINDOWS\\TMP\\NAV\\NAV\\ "
"ModifyPath "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,49,7b,44,31,46,46,\
37,35,45,37,2d,44,44,34,32,2d,34,43,46,44,2d,42,30,35,32,2d,32,30,42,33,46,\
46,46,34,45,44,42,38,7d,00
"Publisher "= "Symantec Corp. "
"Readme "=" "
"Size "=" "
"EstimatedSize "=dword:000005e4
"SystemComponent "=dword:00000001
"URLInfoAbout "=" "
"URLUpdateInfo "=" "
"VersionMajor "=dword:0000000b
"VersionMinor "=dword:00000000
"WindowsInstaller "=dword:00000001
"Version "=dword:0b000002
"Language "=dword:00000409
"DisplayName "= "Norton AntiVirus SYMLT MSI "
"QuietUninstallString "= "MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8} "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}]
"RegOwner "= "Bea Velazquez "
"RegCompany "=" "
"ProductID "= "none "
"LocalPackage "= "C:\\WINDOWS\\Installer\\2eb65.msi "
"AuthorizedCDFPrefix "=" "
"Comments "=" "
"Contact "=" "
"DisplayVersion "= "103.0.1.26 "
"HelpLink "=" "
"HelpTelephone "=" "
"InstallDate "= "20041111 "
"InstallLocation "=" "
"InstallSource "= "C:\\WINDOWS\\TMP\\NAV\\Support\\ccCommon\\ "
"ModifyPath "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,49,7b,44,43,33,36,\
37,36,30,38,2d,36,34,41,37,2d,34,42,46,37,2d,39,32,46,34,2d,38,42,41,41,32,\
35,42,41,30,32,44,42,7d,00
"Publisher "= "Symantec "
"Readme "=" "
"Size "=" "
"EstimatedSize "=dword:000018b6
"SystemComponent "=dword:00000001
"URLInfoAbout "=" "
"URLUpdateInfo "=" "
"VersionMajor "=dword:00000067
"VersionMinor "=dword:00000000
"WindowsInstaller "=dword:00000001
"Version "=dword:67000001
"Language "=dword:00000409
"DisplayName "= "ccCommon "
"QuietUninstallString "= "MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB} "

 

Resending my log (8th part)

This is the last of it. Is that right? This was so much longer then before. I hope this is what you were looking for. If not let me know.

Thanks Dave. I hope I'm not an idiot.
Continued from 7th part........


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}]
"RegOwner "= "Bea Velazquez "
"RegCompany "=" "
"ProductID "= "1 "
"LocalPackage "= "C:\\WINDOWS\\Installer\\2eb6a.msi "
"AuthorizedCDFPrefix "=" "
"Comments "=" "
"Contact "=" "
"DisplayVersion "= "5.4.0 "
"HelpLink "=" "
"HelpTelephone "=" "
"InstallDate "= "20041111 "
"InstallLocation "=" "
"InstallSource "= "C:\\WINDOWS\\TMP\\NAV\\Support\\SymNet\\ "
"ModifyPath "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,49,7b,32,44,41,38,\
35,42,30,32,2d,31,33,43,30,2d,34,45,36,44,2d,39,41,37,36,2d,32,32,45,36,42,\
33,44,44,30,43,42,32,7d,00
"Publisher "= "Symantec Corporation "
"Readme "=" "
"Size "=" "
"EstimatedSize "=dword:00000b8d
"SystemComponent "=dword:00000001
"URLInfoAbout "=" "
"URLUpdateInfo "=" "
"VersionMajor "=dword:00000005
"VersionMinor "=dword:00000004
"WindowsInstaller "=dword:00000001
"Version "=dword:05040000
"Language "=dword:00000409
"DisplayName "= "SymNet "
"QuietUninstallString "= "MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2} "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}]
"RegOwner "= "Bea Velazquez "
"RegCompany "=" "
"ProductID "= "1 "
"LocalPackage "= "C:\\WINDOWS\\Installer\\2eb6f.msi "
"AuthorizedCDFPrefix "=" "
"Comments "=" "
"Contact "=" "
"DisplayVersion "= "11.0.2 "
"HelpLink "=" "
"HelpTelephone "=" "
"InstallDate "= "20041111 "
"InstallLocation "=" "
"InstallSource "= "C:\\WINDOWS\\TMP\\NAV\\NAV\\ "
"ModifyPath "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,49,7b,32,39,30,38,\
46,30,43,42,2d,43,31,44,34,2d,34,34,37,46,2d,39,37,41,32,2d,43,46,43,31,33,\
35,43,39,46,38,44,34,7d,00
"Publisher "= "Symantec Corp "
"Readme "=" "
"Size "=" "
"EstimatedSize "=dword:00002e05
"SystemComponent "=dword:00000001
"URLInfoAbout "=" "
"URLUpdateInfo "=" "
"VersionMajor "=dword:0000000b
"VersionMinor "=dword:00000000
"WindowsInstaller "=dword:00000001
"Version "=dword:0b000002
"Language "=dword:00000409
"DisplayName "= "Internet Worm Protection "
"QuietUninstallString "= "MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4} "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D327AFC9-7BAA-473A-8319-6EB7A0D40138}]
"RegOwner "= "Bea Velazquez "
"RegCompany "=" "
"ProductID "= "none "
"LocalPackage "= "C:\\WINDOWS\\Installer\\2eb74.msi "
"AuthorizedCDFPrefix "=" "
"Comments "=" "
"Contact "=" "
"DisplayVersion "= "11.0.2 "
"HelpLink "=" "
"HelpTelephone "=" "
"InstallDate "= "20041111 "
"InstallLocation "=" "
"InstallSource "= "C:\\WINDOWS\\TMP\\NAV\\Support\\ScrBlock\\ "
"ModifyPath "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,49,7b,44,33,32,37,\
41,46,43,39,2d,37,42,41,41,2d,34,37,33,41,2d,38,33,31,39,2d,36,45,42,37,41,\
30,44,34,30,31,33,38,7d,00
"Publisher "= "Symantec "
"Readme "=" "
"Size "=" "
"EstimatedSize "=dword:00000240
"SystemComponent "=dword:00000001
"URLInfoAbout "=" "
"URLUpdateInfo "=" "
"VersionMajor "=dword:0000000b
"VersionMinor "=dword:00000000
"WindowsInstaller "=dword:00000001
"Version "=dword:0b000002
"Language "=dword:00000409
"DisplayName "= "Symantec Script Blocking Installer "
"QuietUninstallString "= "MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138} "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C6F5B6CF-609C-428E-876F-CA83176C021B}]
"RegOwner "= "Bea Velazquez "
"RegCompany "=" "
"ProductID "= "1 "
"LocalPackage "= "C:\\WINDOWS\\Installer\\2eb79.msi "
"AuthorizedCDFPrefix "=" "
"Comments "=" "
"Contact "=" "
"DisplayVersion "= "11.0.2 "
"HelpLink "=" "
"HelpTelephone "=" "
"InstallDate "= "20041111 "
"InstallLocation "=" "
"InstallSource "= "C:\\WINDOWS\\TMP\\NAV\\NAV\\ "
"ModifyPath "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,58,7b,43,36,46,35,\
42,36,43,46,2d,36,30,39,43,2d,34,32,38,45,2d,38,37,36,46,2d,43,41,38,33,31,\
37,36,43,30,32,31,42,7d,00
"NoModify "=dword:00000001
"NoRepair "=dword:00000001
"Publisher "= "Symantec Corporation "
"Readme "=" "
"Size "=" "
"EstimatedSize "=dword:0000eef7
"SystemComponent "=dword:00000001
"URLInfoAbout "= "http://www.symantec.com "
"URLUpdateInfo "=" "
"VersionMajor "=dword:0000000b
"VersionMinor "=dword:00000000
"WindowsInstaller "=dword:00000001
"Version "=dword:0b000002
"Language "=dword:00000409
"DisplayName "= "Norton AntiVirus 2005 "
"QuietUninstallString "= "MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B} "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}]
"RegOwner "= "Bea Velazquez "
"RegCompany "=" "
"ProductID "= "none "
"LocalPackage "= "C:\\WINDOWS\\Installer\\2eb7e.msi "
"AuthorizedCDFPrefix "=" "
"Comments "=" "
"Contact "=" "
"DisplayVersion "= "11.00.00 "
"HelpLink "=" "
"HelpTelephone "=" "
"InstallDate "= "20041111 "
"InstallLocation "=" "
"InstallSource "= "C:\\WINDOWS\\TMP\\NAV\\Support\\Help\\ "
"ModifyPath "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,49,7b,33,34,45,45,\
42,31,46,35,2d,45,39,33,39,2d,34,30,41,31,2d,41,36,42,41,2d,39,35,37,32,38,\
32,41,34,42,32,43,38,7d,00
"Publisher "= "Symantec Corp. "
"Readme "=" "
"Size "=" "
"EstimatedSize "=dword:000006c0
"SystemComponent "=dword:00000001
"URLInfoAbout "=" "
"URLUpdateInfo "=" "
"VersionMajor "=dword:0000000b
"VersionMinor "=dword:00000000
"WindowsInstaller "=dword:00000001
"Version "=dword:0b000000
"Language "=dword:00000409
"DisplayName "= "Norton AntiVirus Help "
"QuietUninstallString "= "MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8} "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B}]
"Comments "=" "
"DisplayVersion "= "11.0.2 "
"InstallLocation "= "C:\\Program Files\\Norton AntiVirus "
"Publisher "= "Symantec Corporation "
"DisplayName "= "Norton AntiVirus 2005 (Symantec Corporation) "
"InstallSource "= "C:\\WINDOWS\\TMP\\NAV "
"InstallFileName "= "C:\\WINDOWS\\TMP\\NAV\\NAVSETUP.EXE "
"DisplayIcon "= "C:\\Program Files\\Common Files\\Symantec Shared\\SymSetup\\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe "
"UninstallString "= "C:\\Program Files\\Common Files\\Symantec Shared\\SymSetup\\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X "
"ModifyPath "= "C:\\Program Files\\Common Files\\Symantec Shared\\SymSetup\\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /I "
"URLInfoAbout "= "http://www.symantec.com/techsupp/ "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7169B8E4-2632-46B1-AA5F-167CB5FE5029}]
"RegOwner "= "Bea Velazquez "
"RegCompany "=" "
"ProductID "= "none "
"LocalPackage "= "C:\\WINDOWS\\Installer\\171969.msi "
"AuthorizedCDFPrefix "=" "
"Comments "=" "
"Contact "=" "
"DisplayVersion "= "5.4.3.11 "
"HelpLink "=" "
"HelpTelephone "=" "
"InstallDate "= "20041111 "
"InstallLocation "=" "
"InstallSource "= "C:\\WINDOWS\\All Users\\Application Data\\Symantec\\LiveUpdate\\Downloads\\ExItem2474_symnet$20consumer_5.4.0_english\\ "
"NoModify "=dword:00000001
"NoRemove "=dword:00000001
"NoRepair "=dword:00000001
"Publisher "= "Symantec Corporation "
"Readme "=" "
"Size "=" "
"EstimatedSize "=dword:00000bad
"SystemComponent "=dword:00000001
"URLInfoAbout "=" "
"URLUpdateInfo "=" "
"VersionMajor "=dword:00000005
"VersionMinor "=dword:00000004
"WindowsInstaller "=dword:00000001
"Version "=dword:05040003
"Language "=dword:00000409
"DisplayName "= "Symantec Network Drivers Update "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\vgxupdate]
"DisplayName "= "Microsoft VGX Q833989 "
"QuietDisplayName "= "Microsoft VGX Q833989 "
"UninstallString "= "C:\\WINDOWS\\vgxuninst.exe C:\\WINDOWS\\INF\\Q833989.inf "
"RequiresIESysFile "= "6.0.2800.1106 "
"QuietUninstallString "= "C:\\WINDOWS\\vgxuninst.exe /d C:\\WINDOWS\\INF\\Q833989.inf "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB870669]
"DisplayName "= "Microsoft Data Access Components KB870669 "
"QuietDisplayName "= "Microsoft Data Access Components KB870669 "
"UninstallString "= "C:\\WINDOWS\\muninst.exe C:\\WINDOWS\\INF\\KB870669.inf "
"RequiresIESysFile "= "6.0.2800.1106 "
"QuietUninstallString "= "C:\\WINDOWS\\muninst.exe /d C:\\WINDOWS\\INF\\KB870669.inf "
"HelpLink "= "http://support.microsoft.com?kbid=870669 "
"URLInfoAbout "= "http://support.microsoft.com "
"Publisher "= "Microsoft Corporation "
"NoModify "=dword:00000001
"NoRepair "=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdate]
"UninstallString "= "C:\\Program Files\\Symantec\\LiveUpdate\\LSETUP.EXE /U "
"DisplayName "= "LiveUpdate 2.6 (Symantec Corporation) "
"DisplayIcon "= "C:\\Program Files\\Symantec\\LiveUpdate\\LUALL.EXE "
"DisplayVersion "= "2.6.14.0 "
"URLInfoAbout "= "http://www.symantec.com "
"InstallLocation "= "C:\\Program Files\\Symantec\\LiveUpdate "
"UninstallPath "= "C:\\Program Files\\Symantec\\LiveUpdate "
"VersionMajor "= "2 "
"VersionMinor "= "14 "
"Publisher "= "Symantec Corporation "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ABEB838C-A1A7-4C5D-B7E1-8B4314600205}]
"LocalPackage "= "C:\\WINDOWS\\Installer\\176041.msi "
"AuthorizedCDFPrefix "=" "
"Comments "=" "
"Contact "=" "
"DisplayVersion "= "6.2.0205 "
"HelpLink "=" "
"HelpTelephone "=" "
"InstallDate "= "20050211 "
"InstallLocation "=" "
"InstallSource "= "C:\\WINDOWS\\TMP\\IXP001.TMP\\ "
"ModifyPath "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,49,7b,41,42,45,42,\
38,33,38,43,2d,41,31,41,37,2d,34,43,35,44,2d,42,37,45,31,2d,38,42,34,33,31,\
34,36,30,30,32,30,35,7d,00
"Publisher "= "Microsoft Corporation "
"Readme "=" "
"Size "=" "
"EstimatedSize "=dword:0000616c
"UninstallString "=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,49,7b,41,42,45,\
42,38,33,38,43,2d,41,31,41,37,2d,34,43,35,44,2d,42,37,45,31,2d,38,42,34,33,\
31,34,36,30,30,32,30,35,7d,00
"URLInfoAbout "=" "
"URLUpdateInfo "=" "
"VersionMajor "=dword:00000006
"VersionMinor "=dword:00000002
"WindowsInstaller "=dword:00000001
"Version "=dword:060200cd
"Language "=dword:00000409
"DisplayName "= "MSN Messenger 6.2 "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MSNIAWA]
"DisplayName "= "MSN Dial Up Accelerator "
"DisplayVersion "= "1.0 "
"UninstallString "= "rundll32.exe advpack.dll,LaunchINFSection C:\\Progra~1\\MSN\\MSNIA\\WA\\msniawa.inf,DefaultUninstall "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware SE Personal]
"DisplayName "= "Ad-Aware SE Personal "
"UninstallString "= "C:\\PROGRA~1\\LAVASOFT\\AD-AWA~2\\UNWISE.EXE C:\\PROGRA~1\\LAVASOFT\\AD-AWA~2\\INSTALL.LOG "
"HelpLink "= "http://www.lavasoft.de "
"Publisher "= "Lavasoft "
"DisplayIcon "= "C:\\PROGRA~1\\LAVASOFT\\AD-AWA~2\\Ad-Aware.exe,-0 "
"URLInfoAbout "= "http://www.lavasoft.de "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\891711]
@=" "
"DisplayName "= "Windows Millennium Edition KB891711 Update "
"UninstallString "= "RunDll32 advpack.dll,LaunchINFSection C:\\WINDOWS\\INF\\QFE\\WinME\\891711UN.INF "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\qlcozmpkf]
"UninstallString "= "c:\\windows\\system\\qlcozmpkf.exe -uninstall "
"DisplayName "= "qlcozmpkf "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5AE68DC3-F16E-457D-947A-092D614C7ABD}_is1]
"Inno Setup: Setup Version "= "4.2.1 "
"Inno Setup: App Path "= "C:\\Program Files\\Webroot\\Spy Sweeper "
"Inno Setup: Icon Group "= "Webroot\\Spy Sweeper "
"Inno Setup: User "= "default "
"Inno Setup: Selected Tasks "= "DesktopIcon,AutoStartup,ContextMenu,SpyNews,Messenger "
"Inno Setup: Deselected Tasks "=" "
"DisplayName "= "Spy Sweeper "
"UninstallString "= "\ "C:\\Program Files\\Webroot\\Spy Sweeper\\unins000.exe\" "
"DisplayVersion "= "3.2 "
"Publisher "= "Webroot Software, Inc. "
"URLInfoAbout "= "http://www.webroot.com/ "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spybot - Search & Destroy_is1]
"Inno Setup: Setup Version "= "4.2.2 "
"Inno Setup: App Path "= "C:\\Program Files\\Spybot - Search & Destroy "
"Inno Setup: Icon Group "= "Spybot - Search & Destroy "
"Inno Setup: User "= "default "
"Inno Setup: Setup Type "= "custom "
"Inno Setup: Selected Components "= "main,language,skins "
"Inno Setup: Deselected Components "= "blind "
"Inno Setup: Selected Tasks "= "desktopicon,quicklaunchicon,launchsdhelper "
"Inno Setup: Deselected Tasks "= "launchteatimer "
"DisplayName "= "Spybot - Search & Destroy 1.3 "
"DisplayIcon "= "C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe "
"UninstallString "= "\ "C:\\Program Files\\Spybot - Search & Destroy\\unins000.exe\" "
"DisplayVersion "= "1.3 "
"Publisher "= "Safer Networking Limited "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis]
"DisplayName "= "HijackThis 1.99.1 "
"UninstallString "= "C:\\PROGRAM FILES\\HJT\\HijackThis.exe /uninstall "
"DisplayIcon "= "C:\\PROGRAM FILES\\HJT\\HijackThis.exe "
"DisplayVersion "= "1.99.1 "
"Publisher "= "Soeperman Enterprises Ltd. "
"URLInfoAbout "= "http://www.spywareinfo.com/~merijn/ "

 

Great! Download the RemInstAcc.zip file attached to this post. Save it to your desktop. If it saves as attachment.php, right click and rename to RemInstAcc.zip. Right click the zip and extract the RemInstAcc.bat file to your desktop. Note to others.....the attachment was written specifically for this machine. Please do not use if you have zipzap popups too. Start your own thread and someone will gladly assist you.

Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://216.65.101.250/sbms/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.supret.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://216.65.101.250/sbms/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:9022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {593C4683-75A2-4E5E-8829-27B7D8A9B2FD} - C:\WINDOWS\SYSTEM\TMMIUV.DLL
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file)
O4 - HKLM\..\Run: [Eac_Download] C:\PROGRAM FILES\COMMON FILES\EACCELERATION\DOWNLOAD.EXE -k
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE "
O4 - HKLM\..\Run: [ndw] C:\WINDOWS\system32\ndw.exe
O4 - HKLM\..\Run: [khyswvvwvdxb] C:\WINDOWS\SYSTEM\msyrvs.exe
O4 - HKLM\..\Run: [qlcozmpkf] c:\windows\system\qlcozmpkf.exe
O4 - HKLM\..\Run: [AutoLoaderpz5d1JYSKJIX] "C:\WINDOWS\SYSTEM\AUHTIL.EXE"
O4 - HKLM\..\Run: [p4mX37l] AUHTIL.EXE
O4 - HKCU\..\Run: [Y357RXJ6R] ACCDMOE2.EXE
O4 - HKCU\..\RunServices: [Y357RXJ6R] ACCDMOE2.EXE
O9 - Extra button: Dell Home - {63D9F689-FA15-4ECF-91BC-C4D0734E14EA} - http://www.dellnet.com (file missing) (HKCU)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...meInstaller.exe
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.102/3078f1585488cd...etzip/RdxIE.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {15D0E439-4E58-45E1-A9C1-0B1B16749A3C} - http://akamai.downloadv3.com/binari...netcmp32_EN.cab
O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downloadv3.com/binari...ACCESS_1058.cab
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binari...sysnet32_EN.cab

Turn off System Restore.

Either reboot and repeatedly tap F8 to enable the start menu and select safe mode, or go to start>run and type msconfig, hit enter. On the General tab click the advanced button. Check the box to 'enable start menu' and OK out. Restart and choose safe mode.

Double click the RemInstAcc.bat file to run.

Open C:\Program Files and delete the folder websearch if present.
Open C:\Program Files\Common files and delete the folders CMEIIand EACCELERATION if present.
Open C:\Program Files\Common Files\Real\Update_OB and rename evntsvc.exe to evntsvc.old
Open My Computer and right click Local Disk C:, then choose disk cleanup. Check all boxes and click OK.

If you used msconfig, uncheck the box to 'enable start menu' in msconfig and OK out and reboot. Upon reboot you may be greeted with a message window from the System Configuration Utility. Check the box not to use and don't show, then click OK. If you used F8, just reboot back into Windows.

Scan your PC with RAV. If any files are infected, click the report button then copy and paste it here.

Run another HijackThis scan and post the log. Let us know if the popups stop.

http://www.pcpitstop.com/gator/default.asp
http://www.pcpitstop.com/gator/Replace.asp

 

Thanks for the help!

Hey Dave,

Thanks for that information. That'll be my homework assignment for tonight. I'll let ya know what happens and send you the log.

Thanks again!

Bea

 

After deleting Instant Access files.....

Hey Dave,

How does this look now? I haven't seen a popup yet.
Thanks
Bea

Scan started at 4/6/2005 10:00:46 PM

Scanning memory...
c:\NULL - TrojanDownloader:Win32/Qdown.L -> Infected
c:\WINDOWS\tmlpmg.exe - TrojanDownloader:Win32/Wintrim.CD -> Infected
c:\_RESTORE\TEMP\A0143723.CPY - TrojanDropper:Win32/Siboco -> Infected
c:\_RESTORE\TEMP\A0148714.CPY - TrojanDownloader:Win32/Difuca.BW -> Infected
c:\_RESTORE\TEMP\A0148737.CPY - TrojanDownloader:Win32/Difuca.BW -> Infected
c:\_RESTORE\TEMP\A0156800.CPY - TrojanDownloader:Win32/Difuca.BW -> Infected
c:\_RESTORE\TEMP\A0156825.CPY - TrojanDownloader:Win32/Difuca.BW -> Infected
c:\_RESTORE\TEMP\A0644206.CPY - TrojanDownloader:Win32/Wintrim.CD -> Infected
c:\_RESTORE\TEMP\A0748662.CPY - TrojanDownloader:Win32/Apropo.S -> Infected

Scanned
============================
Objects: 78771
Directories: 3101
Archives: 2085
Size(Kb): -328232
Infected files: 9

Found
============================
Viruses found: 5
Suspicious files: 0
Disinfected files: 0
Mail files: 2763


Logfile of HijackThis v1.99.1
Scan saved at 11:48:28 PM, on 4/6/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMGR.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MSN\MSNIA\MSNIASVC.EXE
C:\PROGRAM FILES\MSN\MSNCOREFILES\MSN.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe "
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe "
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [MSNIA] C:\PROGRA~1\MSN\MSNIA\MSNIASVC.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe "
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe "
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\RunServices: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunServices: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com
O16 - DPF: {52ADE293-85E8-11D2-BB22-00104B0EA281} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v7/ticker.cab
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nr1228.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/Z4/heartbeat.cab
O16 - DPF: {53A1630A-DB38-4316-B18F-911719E1F66E} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v10/ticker.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-6.0.0.25/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/applet-6.0.0.25/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

 

That's great! Delete the following two files.
c:\NULL
c:\WINDOWS\tmlpmg.exe

Empty the recycle bin.

Those other infected files are in System Restore points. You need to turn off system restore (I provided a link above with instructions), reboot and turn it back on.

If you did not configure Proxy settings, fix the following entries with HijackThis.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:9022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;127.0.0.1;<local>

Open Internet Options in the control panel, Connections tab and check the settings for your connection. If dialup, highlight and click Settings. If LAN, click LAN button below. Uncheck and proxy boxes if checked. OK out.

Reboot and post a new HJT log.

Also recommend you open Spybot and click mode on the toolbar, then advanced mode. Click immunize in the left pane, then immunize again, this time from above with the green + beside it (always recheck this setting after downloading updates). Click the link below that for SpywareBlaster, download, install, enable all protection and update. Check for updates regularly and watch for any protection being disabled. Then, still in Spybot, click the tools button, then IE tweaks and at least lock the HOSTS file.
Then download IESpyad.exe, double click to extract (it extracts to C:\IESpyad by default), open the folder, double click the ie-ads.reg file and allow it to merge into the registry.

That will give you some added layers of protection against unwanted parasites

 

Final Questions.......

Hey Dave,
Thanks so much for your help on this. I'll probably thank you again after all my questions below. This has been a huge learning experience for me and I'm grateful to you for the help. You have no idea.

Several things I wanted to mention. You had mentioned when going into safe mode to hit F8 several times. I found out it was F5. Just an FYI. I figured we all can learn from each other little tid bits of information. Also before your last post I encountered the Kernell32.dll message which wouldn't go away after hitting it 20 times (Ok). Had to do a shut down completely (hitting the switch off then on). I tried Ctrl, Alt, Delete but it didn't work either.

I went ahead and did as you instructed in the last post. You said to download Spywareblaster. I actually have Ad-Aware SE. Would that be ok to use instead? Wasn't sure.

You also said....
Then download IESpyad.exe, double click to extract (it extracts to C:\IESpyad by default), open the folder, double click the ie-ads.reg file and allow it to merge into the registry.

I got a little confused about that. I have the folder ie-ads.reg on my desktop now. I don't know what you meant about allowing it to merge into the registry.

Now with all the corrections I've made and all the files I put into my desktop to be able to send you my logs, should I leave them there or can I delete them now?

Sorry, I figured I'd save you more posts from me if I put it all in one. I know you have many others to help out.

Thanks again.

Bea

 

You're very welcome, Bea. I'm happy to help.

Thanks for letting us know about F5. Seems to vary some from PC to PC, which is why I usually recommend the enable start menu method.

Ad-aware is an AntiSpyware program which scans for and removes the junk. SpywareBlaster is a blocking program, which helps to avoid getting it in the first place. IESpyad adds to that protection, as does Spybot's immunize feature. I recommend using all of the above.

If you downloaded IESpyad.exe, when you double click to run, it should bring up an extract to dialog box. By default, the directory shown will be C:\IESpyad. Click OK. Now open the IESpyad folder and double click the iespyad.reg file.

Feel free to delete all of the files saved and created, including the GetLog.txt and GetLog2.txt in C: if present.

Please post 1 more HijackThis log.

Are you still getting a Kernell32.dll message? If so, please give details about when, and post any other information given.

 

Downloaded SpywareBlaster and Hijack This Log

Hey Dave,
After downloading SpywareBlaster and after rebooting, and then getting on this website, this message popped up.

Spyrem has caused an error in Kernel32.DLL.

Her is my log now.
Thanks Dave!!



Logfile of HijackThis v1.99.1
Scan saved at 9:38:58 PM, on 4/11/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMGR.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMON.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\MSN\MSNCOREFILES\MSN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MSN\MSNIA\MSNIASVC.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HJT\HIJACKTHIS.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe "
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe "
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [MSNIA] C:\PROGRA~1\MSN\MSNIA\MSNIASVC.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe "
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe "
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\RunServices: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunServices: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com
O16 - DPF: {52ADE293-85E8-11D2-BB22-00104B0EA281} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v7/ticker.cab
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nr1228.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/Z4/heartbeat.cab
O16 - DPF: {53A1630A-DB38-4316-B18F-911719E1F66E} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v10/ticker.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-6.0.0.25/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/applet-6.0.0.25/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

 

Looks like you got a fake SpywareBlaster. See BPS Spyware & Adware Remover in this list. Did you get it from a search or from the link within Spybot?

Go to Add/Remove programs and uninstall it. Then download SpywareBlaster from here. Install, enable all protections and update.

Post a new HJT log when done.