I cant clean the virus off of my computer. Here's the symptoms according to my virus removal software packages:

Symantec catches a "Trojan.Elitebar" virus that it is unable to remove or quarantine.

Spybot finds three problems defined as
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdservice, HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdservice, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdservice
Of these three, it will clean the first one (controlset002) but it always returns.

AdWare finds problems but they are not always the same ones. Most recent run found these three:

Win32.Trojandownloader.Qoologic
VX2
Win32.Trojanloader

AdAware cleaned them but it constantly finds more the next time I run it.

XoftSpy finds a data mining file called "ClipGenie" located in C:\Windows\system32\explorer.dll and many "Viewpoint" files. It cleans the Viewpoint files but cannot clean the ClipGenie becasue it claims the file explorer.dll is in use.

Here's the HJT Log.

Logfile of HijackThis v1.99.1
Scan saved at 9:58:56 PM, on 11/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Greg\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://online.lycos.com/att/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin Wireless Network Monitor Utility (USB).lnk = C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://online.lycos.com/att/
O20 - AppInit_DLLs: c:\windows\system32\explorer.dll spoolsv.dll ?
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


Please help.

Hello Greg62157, and welcome to BleepingComputer. I will be handling your log to help you get cleaned up.

Please take note of the following:
1. I will start working on your malware issues, this may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. The process is not instant. Please continue to review my answers until I tell you your machine is clean.
4. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.

Please give me some time to look over your log and I will get back to you as soon as possible.

Thanks

Hi!

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Please run Hijackthis and place a check next to this item:

O20 - AppInit_DLLs: c:\windows\system32\explorer.dll spoolsv.dll ?

Please close all windows and browsers except Hijackthis and click "Fix Checked"

Reboot

Find and delete these Files/folders:
c:\windows\system32\explorer.dll

Reboot and post a new Hijackthislog and the log from ComboFix

Thanks. I will follow your instructions later today when I get home. Thanks for helping.

I ran combofix. Log is below. I ran HJT but this time the 020 App Init line you wanted me to erase did not appear. I rebooted and attempted to erase the explorer.dll file. I found it and attempted to delete it but it denied access saying the file might be in use. I ran HJT again to make sure it wasn't in the 020 line again and it was not. Combofix and HJT logs follow.....

Greg - 06-11-17 17:04:52.57 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Program Files\Mozilla Firefox"

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Yelda Long\Application Data\Sskknwrd.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\redit.cpl
C:\Program Files\Common Files\services.exe
C:\Program Files\Common Files\system32.dll
C:\Program Files\Common Files\mc-67-525-0000166.exe
C:\Program Files\Common Files\inetget2
C:\Program Files\DNS

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Greg\Application Data\CROSOF~1
C:\QooBox\Purity\Documents and Settings\Greg\Application Data\FNTS~1
C:\QooBox\Purity\Documents and Settings\Greg\Application Data\SMANTE~1
C:\QooBox\Purity\Documents and Settings\Greg\My Documents\STEM~1
C:\QooBox\Purity\Program Files\CROSOF~1
C:\QooBox\Purity\Program Files\DOBE~1
C:\QooBox\Purity\Program Files\FNTS~1
C:\QooBox\Purity\Program Files\ICROSO~1
C:\QooBox\Purity\Program Files\SEMBLY~1
C:\QooBox\Purity\Program Files\YMBOLS~1
C:\QooBox\Purity\Program Files\Common Files\CURITY~1
C:\QooBox\Purity\Program Files\Common Files\FNTS~1
C:\QooBox\Purity\Program Files\Common Files\FNTS~2
C:\QooBox\Purity\Program Files\Common Files\RACLE~1
C:\QooBox\Purity\Program Files\Common Files\SKS~1
C:\QooBox\Purity\Program Files\Common Files\YSTEM~1
C:\QooBox\Purity\Program Files\Common Files\CURITY~1\CURITY~1
C:\QooBox\Purity\Program Files\Common Files\CURITY~1\taskmgr.exe
C:\QooBox\Purity\Program Files\Common Files\RACLE~1\msdtc.exe
C:\QooBox\Purity\Program Files\Common Files\RACLE~1\?racle
C:\QooBox\Purity\Program Files\DOBE~1\w?aclt.exe
C:\QooBox\Purity\WINDOWS\ASKS~1
C:\QooBox\Purity\WINDOWS\SKS~1
C:\QooBox\Purity\WINDOWS\ASKS~1\ASKS~1
C:\QooBox\Purity\WINDOWS\ASKS~1\services.exe
C:\QooBox\Purity\WINDOWS\SYSTEM32\ASEMBL~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\DOBE~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\ECURIT~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\MCROSO~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\RACLE~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\SEMBLY~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\SSTEM~1


((((((((((((((((((((((((((((((( Files Created from 2006-10-17 to 2006-11-17 ))))))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-17 17:11 -------- d-------- C:\Program Files\Symantec AntiVirus
2006-11-17 17:07 -------- d-a------ C:\Program Files\Common Files
2006-11-17 17:04 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-16 22:07 -------- d-------- C:\Program Files\Internet Explorer
2006-11-16 19:57 -------- d-------- C:\Documents and Settings\Greg\Application Data\Google
2006-11-16 19:54 -------- d-------- C:\Program Files\WebHost
2006-11-16 18:07 -------- d-------- C:\Program Files\XoftSpy
2006-11-13 15:26 -------- d-------- C:\Program Files\Google
2006-11-11 17:23 -------- d-------- C:\Program Files\SpywareGuard
2006-11-11 17:21 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-11 17:17 -------- d-------- C:\Program Files\Common Files\AOL
2006-11-11 17:17 -------- d-------- C:\Program Files\AOL
2006-11-11 17:11 -------- d-------- C:\Program Files\AIM
2006-11-11 17:09 -------- d-------- C:\Program Files\AOD
2006-11-09 10:14 -------- d-------- C:\Program Files\LimeWire
2006-10-30 07:42 -------- d-------- C:\Documents and Settings\Greg\Application Data\Talkback
2006-10-29 20:43 -------- d-------- C:\Program Files\Adobe
2006-10-29 20:39 -------- d-------- C:\Program Files\Picasa2
2006-10-29 20:20 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-29 20:03 -------- d-------- C:\Program Files\iTunes
2006-10-29 20:02 -------- d-------- C:\Program Files\iPod
2006-10-29 20:00 -------- d-------- C:\Program Files\QuickTime
2006-10-29 16:48 337290 --a------ C:\Documents and Settings\Greg\Application Data\tizupd.bin
2006-10-29 16:48 24356 --a------ C:\Documents and Settings\Greg\Application Data\tizinf.xml
2006-10-29 16:48 10 --a------ C:\Documents and Settings\Greg\Application Data\tizhook.vers
2006-10-13 07:35 142336 --a------ C:\WINDOWS\SYSTEM32\nwprovau.dll
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
2006-08-25 10:45 617472 --a------ C:\WINDOWS\SYSTEM32\comctl32.dll
2006-08-21 07:21 16896 --a------ C:\WINDOWS\SYSTEM32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\SYSTEM32\fltmc.exe
2006-08-17 07:28 721920 --a------ C:\WINDOWS\SYSTEM32\lsasrv.dll
2006-08-17 07:28 132096 --a------ C:\WINDOWS\SYSTEM32\wkssvc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"mmtask"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1125536195\\ee\\AOLHostManager.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Aida"="\"C:\\PROGRA~1\\COMMON~1\\RACLE~1\\msdtc.exe\" -vt ndrv"
@="C:\\PROGRA~1\\DOBE~1\\WACLT~1.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Aida"="\"C:\\PROGRA~1\\COMMON~1\\RACLE~1\\msdtc.exe\" -vt ndrv"
@="C:\\PROGRA~1\\DOBE~1\\WACLT~1.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"fsemibrd.exe"="C:\\WINDOWS\\system\\fsemibrd.exe"
"morurduo.exe"="C:\\WINDOWS\\system\\morurduo.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\XoftSpy.job

Completion time: 06-11-17 17:11:38.81
C:\ComboFix.txt ... 06-11-17 17:11


HJT log was as follows......

Logfile of HijackThis v1.99.1
Scan saved at 5:17:48 PM, on 11/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLServiceHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Documents and Settings\Greg\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://online.lycos.com/att/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin Wireless Network Monitor Utility (USB).lnk = C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://online.lycos.com/att/
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Reboot into safe mode (Press F8 Right after memory count)
In safe mode find and delete this file:

c:\windows\system32\explorer.dll

Reboot and post a new Hijackthislog

While in safe mode, i was able to delete the explorer.dll file. I then ran Spybot and it found the HKEY problems I sent in the first posting and a tracking cookie called "Avenue A". The tracking cookie was removed and one of the three HKEY settings removed. The other two could not be removed. Here's the HJT after running Spybot:

Logfile of HijackThis v1.99.1
Scan saved at 9:36:11 PM, on 11/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Greg\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://online.lycos.com/att/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin Wireless Network Monitor Utility (USB).lnk = C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://online.lycos.com/att/
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Perform an onlinescan with Panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a few minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report together a fresh HijackThis log

Panda found lots of stuff. Here's the Panda and HJT logs:


Incident Status Location

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt[www.burstbeacon.com/]
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Greg\Application Data\tizupd.bin[OINSetup.exe]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Greg\Cookies\greg@com[1].txt
Possible Virus. Not disinfected C:\Documents and Settings\Greg\Desktop\backups\backup-20061116-202406-919.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Greg\Desktop\Virus Removal Software\Nailfix\Nailfix\Process.exe
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.overture.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.atwola.com/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.zedo.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.target.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[stats.drivecleaner.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.winantivirus.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[winantivirus.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt[.did-it.com/]
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Yelda Long\Application Data\tizupd.bin[OINSetup.exe]
Adware:adware/pacimedia Not disinfected C:\Documents and Settings\Yelda Long\Desktop\Click to Find and Fix Errors.url
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\Yelda Long\Desktop\Setup.exe
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\Yelda Long\Desktop\SmileyCentralPFSetup2.1.50.3-3.ZNfox000.exe
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Yelda Long\Local Settings\Temp\!update.exe
Possible Virus. Not disinfected C:\Program Files\Common Files\Authentium Shared\cvinstalled\cvv1.60.514\setup.msi[unk_0006][PrismC.dll.9C21D849_A4DF_4691_A5D0_6B218BE7B881]
Adware:Adware/WUpd Not disinfected C:\Program Files\InetGet\Adperform180safull.exe
Adware:Adware/PurityScan Not disinfected C:\QooBox\Purity\Program Files\Common Files\CURITY~1\taskmgr.exe
Adware:Adware/PurityScan Not disinfected C:\QooBox\Purity\Program Files\Common Files\RACLE~1\msdtc.exe
Possible Virus. Renamed C:\QooBox\Purity\Program Files\DOBE~1\w?aclt.exe
Adware:Adware/PurityScan Not disinfected C:\QooBox\Purity\WINDOWS\ASKS~1\services.exe
Adware:Adware/PurityScan Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-1008\Dc1.dll
Spyware:Spyware/BetterInet Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc12.tmp\thnall1ac.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1318.tmp
Adware:Adware/VirtualBouncer Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1335.exe
Adware:Adware/MediaTickets Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1336.html
Spyware:Spyware/Apropos Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1343\auto_update_uninstall.exe
Spyware:Spyware/Apropos Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1343\setup.inf
Adware:Adware/WinAD Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1349\IncrediMail\imloader.exe
Adware:Adware/WinTools Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1356\Content.IE5\3JMSVGAP\tb3[1].cab[toolbar.dll]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1356\Content.IE5\3JMSVGAP\webservice[1].htm
Adware:Adware/Exact.BargainBuddy Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1356\Content.IE5\3JMSVGAP\webservice[2].htm
Adware:Adware/Exact.BargainBuddy Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1356\Content.IE5\3JMSVGAP\webservice[3].htm
Adware:Adware/Exact.BargainBuddy Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1356\Content.IE5\3JMSVGAP\webservice[4].htm
Spyware:Spyware/Apropos Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1356\Content.IE5\4XIRSHY7\AproposClientInstaller[1].exe
Adware:Adware/Exact.BargainBuddy Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1356\Content.IE5\4XIRSHY7\webservice[1].htm
Adware:Adware/Exact.BargainBuddy Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1356\Content.IE5\4XIRSHY7\webservice[2].htm
Adware:Adware/Exact.BargainBuddy Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1356\Content.IE5\4XIRSHY7\webservice[3].htm
Spyware:Spyware/Apropos Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1356\Content.IE5\UVJ54NN9\auto_update[1]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1356\Content.IE5\UVJ54NN9\newmajorse2[1].cab
Adware:Adware/Exact.BargainBuddy Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1356\Content.IE5\UVJ54NN9\webservice[1].htm
Spyware:Spyware/7r7t Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1365.exe
Spyware:Spyware/Apropos Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1420.exe
Adware:Adware/Pacimedia Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc2266.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc2276.tmp
Spyware:Spyware/SurfSideKick Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc2277.tmp
Spyware:Spyware/SurfSideKick Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc2278.tmp
Adware:Adware/VirtualBouncer Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc2282.exe
Spyware:Spyware/BetterInet Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc29\aurareco.exe
Adware:Adware/Comet Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc59\CC_43.inf
Adware:Adware/Comet Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc59\inst43.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc591.tmp
Spyware:Spyware/SurfSideKick Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc592.tmp
Possible Virus. Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc708.exe
Possible Virus. Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc724.exe
Virus:Trj/Small.QS Disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc725.exe
Spyware:Spyware/7r7t Not disinfected C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc93.exe
Adware:Adware/BookedSpace Not disinfected C:\WINDOWS\cchnsiyv.exe
Adware:adware/bookedspace Not disinfected C:\WINDOWS\cfgmgr52.ini
Adware:Adware/Transponder Not disinfected C:\WINDOWS\htzxlnu.exe
Adware:Adware/Startpage.XM Not disinfected C:\WINDOWS\My404.exe
Adware:Adware/ISearch Not disinfected C:\WINDOWS\SYSTEM32\246765-ventura-hot.exe[²ìÇ]
Virus:Trj/Downloader.BYZ Disinfected C:\WINDOWS\SYSTEM32\dist001.exe
Virus:Trojan Horse.AP3 Disinfected C:\WINDOWS\SYSTEM32\GSM3-0511.exe
Adware:Adware/DealHelper Not disinfected C:\WINDOWS\SYSTEM32\Lhbczj.exe
Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\ntsmsdtc.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\SYSTEM32\spoolsv.dll
Adware:Adware/DealHelper Not disinfected C:\WINDOWS\SYSTEM32\Wtypmk.exe
Spyware:spyware/surfsidekick Not disinfected C:\WINDOWS\Temporary Internet Files\Ssk.log
Adware:Adware/CommAd Not disinfected C:\WINDOWS\WWVsZGEgTG9uZw\qqpPt3H0n36RtT.vbs
Adware:Adware/BookedSpace Not disinfected C:\WINDOWS\zmaosyyh.exe




Logfile of HijackThis v1.99.1
Scan saved at 7:13:38 PM, on 11/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLServiceHost.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\Documents and Settings\Greg\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://online.lycos.com/att/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin Wireless Network Monitor Utility (USB).lnk = C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://online.lycos.com/att/
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

==Download, install, and update AVG Anti-Spyware 7.5

1. Save the installer to desktop
2. Double click the installer, select your language, and then select OK
3. Click NEXT>>Do or don't read the "User License Agreement"
   Select I Agree>>>NEXT>>>INSTALL
4. AVG will now install and afterwards click FINISH
5. AVG Anti-Spyware 7.5 should now Load
6. Click the Update tab at the top. Under Manual Update click Start update.
7. After the update finishes (the status bar at the bottom will display "Update successful")
8. Close AVG Anti-Spyware 7.5. Do not run it yet.

Reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode at the top, on the screen that appears.
Sign in with your normal user account

Once in safe mode

• Then run AVG Anti-Spyware 7.5 and click on the Scanner tab at the top
• Click the "Settings" tab and then change the recommended action to Quarantine and ensure that Automatically generate report after every scan is selected and
  Uncheck "Only if Threats are found"
• Click back to the "Scan" tab and then click on Complete System Scan.
  This scan can take quite a while to run, so be prepared.
• AVG Anti-Spyware 7.5 will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware 7.5 will display "All actions have been applied" on the right hand side.
• Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Ran the AVG in Safe Mode as per your directions. There were a couple of files that it said were part of an archive and asked me if I wanted to quarantine the whole archive. I answered yes to these. Attached is the AVG report. Also attaching a new HJT log.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:26:02 PM 11/22/2006

+ Scan result:



C:\Documents and Settings\Yelda Long\Desktop\Setup.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1343\auto_update_uninstall.exe -> Adware.Apropos : Cleaned with backup (quarantined).
C:\WINDOWS\htzxlnu.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\cchnsiyv.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\zmaosyyh.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\Lhbczj.exe -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\Wtypmk.exe -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc463.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc464.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc465.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc466.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc467.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc468.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc469.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc470.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc471.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc472.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc473.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc474.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc475.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc476.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc477.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc478.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc479.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc480.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc481.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc482.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc483.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc484.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc485.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc486.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc487.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc488.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc489.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc490.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc491.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc492.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc493.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc494.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc495.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc496.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc497.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc498.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc499.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc500.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc501.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc502.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc503.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc504.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc505.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc506.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc507.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc508.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc509.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc510.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc511.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc512.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc513.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc514.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc515.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc516.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc517.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc518.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc519.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc520.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc521.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc522.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc523.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc524.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc525.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc526.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc527.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc528.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc529.tst -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Desktop\SmileyCentralPFSetup2.1.50.3-3.ZNfox000.exe/mwsSrcSp.CommonCodebase.exe -> Adware.FunWeb : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs\Config.xml -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs\db -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs\db\Aliases.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs\db\Sites.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs\dwld -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs\dwld\WhiteList.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs\persist.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs\report -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs\report\ag.xml -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs\report\ag.xml.db -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs\report\send.xml -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs\report\send.xml.db -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs\res1 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\cs\res1\WhiteList.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Application Data\ShopperReports\shprrprt.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\246765-ventura-hot.exe -> Adware.HotSearchBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0111144.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0111145.dll/Catcher.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0111145.dll/cwebpage.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0111148.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc2266.exe -> Adware.Pacer : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Desktop\backups\backup-20061116-202406-919.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-1008\Dc1.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0107446.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0107447.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0107517.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0107520.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP241\A0108040.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP242\A0111053.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\spoolsv.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
HKU\S-1-5-21-2482556158-367380603-2490717038-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1318.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc2276.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc2277.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc2278.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc591.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc592.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1356\Content.IE5\3JMSVGAP\tb3[1].cab/toolbar.dll -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1356\Content.IE5\UVJ54NN9\newmajorse2[1].cab/newmajorse2.txt -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Program Files\InetGet\Adperform180safull.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\InetGet\stubSafull.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\QooBox\Purity\Program Files\Common Files\RACLE~1\msdtc.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Local Settings\Temp\!update.exe -> Downloader.PurityScan.df : Cleaned with backup (quarantined).
C:\QooBox\Purity\Program Files\Common Files\CURITY~1\taskmgr.exe -> Downloader.PurityScan.df : Cleaned with backup (quarantined).
C:\QooBox\Purity\WINDOWS\ASKS~1\services.exe -> Downloader.PurityScan.df : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0111143.cpl -> Downloader.Qoologic.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0111146.exe -> Downloader.Small.bqq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0111147.exe -> Downloader.Small.bqq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246\A0114174.exe -> Downloader.VB.eu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246\A0114173.exe -> Dropper.Small.qn : Cleaned with backup (quarantined).
C:\WINDOWS\My404.exe -> Hijacker.StartPage.yq : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1349\IncrediMail\imloader.exe -> Not-A-Virus.Downloader.Win32.ImLoader.c : Cleaned with backup (quarantined).
:mozilla.561:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.311:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.312:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.313:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.314:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.315:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.316:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.317:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.318:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.319:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.320:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.321:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.322:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.323:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.453:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.454:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.542:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.554:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.274:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.275:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.276:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.157:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.158:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.159:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.160:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.161:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.162:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.163:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.164:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.165:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.240:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.241:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.242:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.243:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.244:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.264:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.268:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.308:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.309:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.310:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.325:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.339:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.340:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.341:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.344:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.345:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.347:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.351:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.359:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.361:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.363:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.365:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.367:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.51:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.52:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.53:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.54:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.55:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.91:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.360:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.436:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.437:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.66:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.67:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.68:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.69:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.78:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.24:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.374:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.377:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.64:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.65:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.66:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.67:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.68:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.69:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Greg\Cookies\greg@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.210:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.587:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.92:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.216:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.217:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.218:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.226:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.227:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.228:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.70:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.71:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.72:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.73:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.74:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.75:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.76:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.302:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.305:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.306:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.478:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.481:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.489:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.490:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.491:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.492:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.501:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.502:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.515:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.579:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.580:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.581:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.80:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.188:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.189:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.170:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.172:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.173:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.192:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.193:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.194:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.195:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.557:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.558:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.166:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.167:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.168:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.54:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.55:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.532:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.536:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.537:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.538:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.539:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.34:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.35:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.36:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.37:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.426:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.235:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.236:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.237:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.238:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.239:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.279:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.280:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.281:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.282:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.283:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.284:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.285:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.286:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.287:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.288:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.289:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.290:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.291:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.292:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.293:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.294:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.295:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.296:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.297:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.298:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.299:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.300:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.330:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.331:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.332:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.514:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.404:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.405:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.406:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.407:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.408:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.409:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.427:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.428:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.89:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.143:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.144:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.145:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.146:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.147:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.148:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.149:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.150:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.151:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.58:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.59:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.59:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.60:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.61:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.62:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.474:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.31:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.32:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.33:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.34:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.35:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.36:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.37:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.39:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.40:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.63:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.370:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.371:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.372:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc1368.tmp1 -> Trojan.EliteBar.d : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc350.tmp1 -> Trojan.EliteBar.d : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc351.tmp1 -> Trojan.EliteBar.d : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc352.tmp1 -> Trojan.EliteBar.d : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2482556158-367380603-2490717038-500\Dc355.tmp1 -> Trojan.EliteBar.d : Cleaned with backup (quarantined).
C:\Documents and Settings\Yelda Long\Desktop\SmileyCentralPFSetup2.1.50.3-3.ZNfox000.exe/mwsSetup.CommonCodebase.exe -> Trojan.Isbar.s : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246\A0114175.exe -> Trojan.Registrator.b : Cleaned with backup (quarantined).


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 2:43:57 PM, on 11/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program File

Can you please post the whole Hijackthis log, thanks

Logfile of HijackThis v1.99.1
Scan saved at 1:09:24 PM, on 11/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLServiceHost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Greg\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://online.lycos.com/att/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin Wireless Network Monitor Utility (USB).lnk = C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://online.lycos.com/att/
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Your log looks clean any problems?

Computer is acting very slow. Takes a long time for screens to refresh. I ran Ad-Aware as a check for viruses. It found 17 critical objects. Ad-aware log is shown below.


Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, November 24, 2006 3:57:01 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R133 16.11.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
AdDestroyer(TAC index:5):1 total references
Adware.Websearch(TAC index:9):1 total references
Ebates MoneyMaker(TAC index:4):1 total references
IBIS Toolbar(TAC index:5):11 total references
Possible Browser Hijack attempt(TAC index:3):1 total references
VirtualBouncer(TAC index:5):1 total references
VX2(TAC index:10):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R133 16.11.2006
Internal build : 167
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 859530 Bytes
Total size : 2788354 Bytes
Signature data size : 2738708 Bytes
Reference data size : 49134 Bytes
Signatures total : 74535
CSI Fingerprints total : 4563
CSI data size : 198590 Bytes
Target categories : 15
Target families : 1011


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:17 %
Total physical memory:260096 kb
Available physical memory:43360 kb
Total page file size:666740 kb
Available on page file:136524 kb
Total virtual memory:2097024 kb
Available virtual memory:2040148 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Don't log streams smaller than 0 Bytes
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


11-24-2006 3:57:01 PM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 356
ThreadCreationTime : 11-23-2006 6:04:07 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 412
ThreadCreationTime : 11-23-2006 6:04:20 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 436
ThreadCreationTime : 11-23-2006 6:04:21 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 480
ThreadCreationTime : 11-23-2006 6:04:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 492
ThreadCreationTime : 11-23-2006 6:04:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 632
ThreadCreationTime : 11-23-2006 6:04:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 716
ThreadCreationTime : 11-23-2006 6:04:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 756
ThreadCreationTime : 11-23-2006 6:04:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 804
ThreadCreationTime : 11-23-2006 6:04:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 852
ThreadCreationTime : 11-23-2006 6:04:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 928
ThreadCreationTime : 11-23-2006 6:04:25 PM
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:12 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 960
ThreadCreationTime : 11-23-2006 6:04:25 PM
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1080
ThreadCreationTime : 11-23-2006 6:04:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [guard.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 1180
ThreadCreationTime : 11-23-2006 6:04:28 PM
BasePriority : Normal
FileVersion : 7, 5, 0, 47
ProductVersion : 7, 5, 0, 47
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware guard
InternalName : AVG Anti-Spyware guard
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : guard.exe

#:15 [cisvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1196
ThreadCreationTime : 11-23-2006 6:04:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:16 [defwatch.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 1216
ThreadCreationTime : 11-23-2006 6:04:30 PM
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright 1998 - 2004 Symantec Corporation. All rights reserved.
OriginalFilename : DefWatch.exe

#:17 [savroam.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 1260
ThreadCreationTime : 11-23-2006 6:04:30 PM
BasePriority : Normal
FileVersion : 1.5.0.0
ProductVersion : 1.5.0.0
ProductName : Symantec SAVRoam
CompanyName : symantec
FileDescription : SAVRoam
InternalName : SAVRoam
LegalCopyright : Copyright 2002 - 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SAVRoam.exe

#:18 [rtvscan.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 1332
ThreadCreationTime : 11-23-2006 6:04:32 PM
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

#:19 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1488
ThreadCreationTime : 11-23-2006 6:04:34 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:20 [hkcmd.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1800
ThreadCreationTime : 11-23-2006 6:04:53 PM
BasePriority : Normal
FileVersion : 3.0.0.4342
ProductVersion : 7.0.0.4342
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : HKCMD.EXE

#:21 [pcmservice.exe]
FilePath : C:\Program Files\Dell\Media Experience\
ProcessID : 1816
ThreadCreationTime : 11-23-2006 6:04:55 PM
BasePriority : Normal
FileVersion : 1.0.0826
ProductVersion : 1.0.0826
ProductName : PCM2Launcher Application
CompanyName : CyberLink Corp.
FileDescription : PowerCinema Resident Program for Dell
InternalName : PowerCinema Resident Program for Dell
LegalCopyright : Copyright c 2003 CyberLink Corp.
OriginalFilename : PCM2Launcher.EXE

#:22 [mmtask.exe]
FilePath : C:\Program Files\MusicMatch\MusicMatch Jukebox\
ProcessID : 1828
ThreadCreationTime : 11-23-2006 6:04:55 PM
BasePriority : Normal
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : mmtask.exe
LegalCopyright : TODO: © <Company name>. All rights reserved.
OriginalFilename : mmtask.exe

#:23 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1852
ThreadCreationTime : 11-23-2006 6:04:57 PM
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:24 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~1\
ProcessID : 1892
ThreadCreationTime : 11-23-2006 6:04:59 PM
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

#:25 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_03\bin\
ProcessID : 1976
ThreadCreationTime : 11-23-2006 6:05:01 PM
BasePriority : Normal


#:26 [aolhostmanager.exe]
FilePath : C:\Program Files\Common Files\AOL\1125536195\ee\
ProcessID : 116
ThreadCreationTime : 11-23-2006 6:05:02 PM
BasePriority : Normal
FileVersion : 1.3.5.0
ProductVersion : 1.3.5.0
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOLHostManager
InternalName : AOLHostManager
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLHostManager.exe

#:27 [aolservicehost.exe]
FilePath : C:\Program Files\Common Files\AOL\1125536195\ee\
ProcessID : 200
ThreadCreationTime : 11-23-2006 6:05:03 PM
BasePriority : Normal
FileVersion : 1.3.5.0
ProductVersion : 1.3.5.0
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLServiceHost
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLServiceHost.exe

#:28 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 220
ThreadCreationTime : 11-23-2006 6:05:03 PM
BasePriority : Normal
FileVersion : 7.1.3
ProductVersion : QuickTime 7.1.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe

#:29 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 344
ThreadCreationTime : 11-23-2006 6:05:08 PM
BasePriority : Normal
FileVersion : 7.0.1.8
ProductVersion : 7.0.1.8
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:30 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1560
ThreadCreationTime : 11-23-2006 6:05:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:31 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 1796
ThreadCreationTime : 11-23-2006 6:05:22 PM
BasePriority : Normal
FileVersion : 7.0.1.8
ProductVersion : 7.0.1.8
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:32 [avgas.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 2056
ThreadCreationTime : 11-23-2006 6:05:23 PM
BasePriority : Normal
FileVersion : 7, 5, 0, 50
ProductVersion : 7, 5, 0, 50
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : avgas.exe

#:33 [dsagnt.exe]
FilePath : C:\Program Files\Dell Support\
ProcessID : 2332
ThreadCreationTime : 11-23-2006 6:05:41 PM
BasePriority : Below Normal
FileVersion : 1, 1, 0, 73
ProductVersion : 1, 1, 0, 73
ProductName : Dell Support
CompanyName : Gteko Ltd.
FileDescription : Dell Support
InternalName : AUAgent
LegalCopyright : Copyright © 2000 - 2004 Gteko Ltd.
OriginalFilename : AUAgent.exe

#:34 [belkinwlanmonitor.exe]
FilePath : C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\
ProcessID : 2372
ThreadCreationTime : 11-23-2006 6:05:47 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 12
ProductVersion : 1, 0, 0, 12
ProductName : Belkin 11Mbps USB Wireless Network Adapter
CompanyName : Belkin Corporation
FileDescription : Belkin 11Mbps USB Wireless Network Monitor Utility
InternalName : BelkinWLANMonitor
LegalCopyright : Copyright © 2003 Belkin Corporation
OriginalFilename : BelkinWLANMonitor.EXE
Comments : Base on SDK 3423

#:35 [dlg.exe]
FilePath : C:\Program Files\Digital Line Detect\
ProcessID : 2384
ThreadCreationTime : 11-23-2006 6:05:48 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2003
OriginalFilename : TestLine.exe

#:36 [googleupdater.exe]
FilePath : C:\Program Files\Google\Google Updater\
ProcessID : 2396
ThreadCreationTime : 11-23-2006 6:05:50 PM
BasePriority : Normal
FileVersion : 1.4.660.29079.beta
ProductVersion : 1.4.660.29079.beta
ProductName : Google Updater
CompanyName : Google
FileDescription : Google Updater
InternalName : Google Updater
LegalCopyright : ©2005-2006 Google. All Rights Reserved.
OriginalFilename : GoogleUpdater.exe
Comments : Google Updater

#:37 [cidaemon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2980
ThreadCreationTime : 11-23-2006 6:11:58 PM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe

#:38 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 3460
ThreadCreationTime : 11-23-2006 6:32:35 PM
BasePriority : Normal


#:39 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 3484
ThreadCreationTime : 11-23-2006 6:32:35 PM
BasePriority : High


#:40 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1492
ThreadCreationTime : 11-23-2006 6:32:45 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:41 [hkcmd.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2972
ThreadCreationTime : 11-23-2006 6:32:54 PM
BasePriority : Normal
FileVersion : 3.0.0.4342
ProductVersion : 7.0.0.4342
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : HKCMD.EXE

#:42 [pcmservice.exe]
FilePath : C:\Program Files\Dell\Media Experience\
ProcessID : 2356
ThreadCreationTime : 11-23-2006 6:32:55 PM
BasePriority : Normal
FileVersion : 1.0.0826
ProductVersion : 1.0.0826
ProductName : PCM2Launcher Application
CompanyName : CyberLink Corp.
FileDescription : PowerCinema Resident Program for Dell
InternalName : PowerCinema Resident Program for Dell
LegalCopyright : Copyright c 2003 CyberLink Corp.
OriginalFilename : PCM2Launcher.EXE

#:43 [mmtask.exe]
FilePath : C:\Program Files\MusicMatch\MusicMatch Jukebox\
ProcessID : 3120
ThreadCreationTime : 11-23-2006 6:32:55 PM
BasePriority : Normal
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : mmtask.exe
LegalCopyright : TODO: © <Company name>. All rights reserved.
OriginalFilename : mmtask.exe

#:44 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 3280
ThreadCreationTime : 11-23-2006 6:32:57 PM
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:45 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~1\
ProcessID : 1432
ThreadCreationTime : 11-23-2006 6:32:58 PM
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

#:46 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_03\bin\
ProcessID : 3528
ThreadCreationTime : 11-23-2006 6:32:58 PM
BasePriority : Normal


#:47 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 3536
ThreadCreationTime : 11-23-2006 6:32:59 PM
BasePriority : Normal
FileVersion : 7.1.3
ProductVersion : QuickTime 7.1.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe

#:48 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 3608
ThreadCreationTime : 11-23-2006 6:33:00 PM
BasePriority : Normal
FileVersion : 7.0.1.8
ProductVersion : 7.0.1.8
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:49 [aolhostmanager.exe]
FilePath : C:\Program Files\Common Files\AOL\1125536195\ee\
ProcessID : 1472
ThreadCreationTime : 11-23-2006 6:33:01 PM
BasePriority : Normal
FileVersion : 1.3.5.0
ProductVersion : 1.3.5.0
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOLHostManager
InternalName : AOLHostManager
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLHostManager.exe

#:50 [aolservicehost.exe]
FilePath : C:\Program Files\Common Files\AOL\1125536195\ee\
ProcessID : 3772
ThreadCreationTime : 11-23-2006 6:33:02 PM
BasePriority : Normal
FileVersion : 1.3.5.0
ProductVersion : 1.3.5.0
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLServiceHost
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLServiceHost.exe

#:51 [avgas.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 2712
ThreadCreationTime : 11-23-2006 6:33:11 PM
BasePriority : Normal
FileVersion : 7, 5, 0, 50
ProductVersion : 7, 5, 0, 50
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : avgas.exe

#:52 [dsagnt.exe]
FilePath : C:\Program Files\Dell Support\
ProcessID : 2340
ThreadCreationTime : 11-23-2006 6:33:27 PM
BasePriority : Below Normal
FileVersion : 1, 1, 0, 73
ProductVersion : 1, 1, 0, 73
ProductName : Dell Support
CompanyName : Gteko Ltd.
FileDescription : Dell Support
InternalName : AUAgent
LegalCopyright : Copyright © 2000 - 2004 Gteko Ltd.
OriginalFilename : AUAgent.exe

#:53 [aim.exe]
FilePath : C:\Program Files\AIM\
ProcessID : 1280
ThreadCreationTime : 11-23-2006 6:33:28 PM
BasePriority : Normal
FileVersion : 5.9.6089
ProductVersion : 5.9.6089
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2006 America Online, Inc.
OriginalFilename : AIM.EXE

#:54 [belkinwlanmonitor.exe]
FilePath : C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\
ProcessID : 3164
ThreadCreationTime : 11-23-2006 6:33:32 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 12
ProductVersion : 1, 0, 0, 12
ProductName : Belkin 11Mbps USB Wireless Network Adapter
CompanyName : Belkin Corporation
FileDescription : Belkin 11Mbps USB Wireless Network Monitor Utility
InternalName : BelkinWLANMonitor
LegalCopyright : Copyright © 2003 Belkin Corporation
OriginalFilename : BelkinWLANMonitor.EXE
Comments : Base on SDK 3423

#:55 [dlg.exe]
FilePath : C:\Program Files\Digital Line Detect\
ProcessID : 3188
ThreadCreationTime : 11-23-2006 6:33:32 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2003
OriginalFilename : TestLine.exe

#:56 [limewire.exe]
FilePath : C:\Program Files\LimeWire\
ProcessID : 3308
ThreadCreationTime : 11-23-2006 6:33:35 PM
BasePriority : Normal


#:57 [aolservicehost.exe]
FilePath : C:\Program Files\Common Files\AOL\1125536195\ee\
ProcessID : 3784
ThreadCreationTime : 11-24-2006 5:11:23 PM
BasePriority : Normal
FileVersion : 1.3.5.0
ProductVersion : 1.3.5.0
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLServiceHost
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLServiceHost.exe

#:58 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1844
ThreadCreationTime : 11-24-2006 8:56:14 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

AdDestroyer Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\vb and vba program settings\addestroyer

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\wintools

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\wintools
Value : hminlzz2ym5hx3rk4irx

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\wintools
Value : a4ix

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\wintools
Value : alk3hm

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\wintools
Value : 4irx2y4mnrk

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\wintools
Value : hrl4nyirlx2j4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\wintools
Value : hr8g8kmi4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\wintools
Value : hrhrirlx2j4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\wintools
Value : hrhrirlx2j25s

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\wintools
Value : hrjy3ralsr4xz

VirtualBouncer Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\vb and vba program settings\vbouncer

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\aurora

Adware.Websearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 9
Category : Adware
Comment : "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\toolbar\urlsearchhooks
Value : {CFBFAE00-17A6-11D0-99CB-00C04FD64497}

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Data Miner
Comment : "AC"
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\lq
Value : AC

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{339BB23F-A864-48C0-A59F-29EA915965EC}"
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\software\microsoft\internet explorer\toolbar\webbrowser
Value : {339BB23F-A864-48C0-A59F-29EA915965EC}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 16
Objects found so far: 16


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : S-1-5-21-2482556158-367380603-2490717038-1009\Software\Microsoft\Internet ExplorerSearchURLsearchmiracle.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchmiracle.com/sp.php"
TAC Rating : 5
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-2482556158-367380603-2490717038-1009\Software\Microsoft\Internet Explorer
Value : SearchURL
Data : "http://searchmiracle.com/sp.php"
<STOP>
4:05:16 PM Scan stopped by user

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:15.328
Objects scanned:83662
Objects identified:17
Objects ignored:0
New critical objects:17


I succesfully quarantined the files. I will run a Panda virus check next and send you the Panda and new HJT log next.

I ran Panda but my daughter cleared the log before I could capture it to send to you. I know it found a lot of stuff but am not able to send you the log. I am out of the country all of this week. I will have another chance this weekend to work on this. Can you please lay out a series of steps I can take in one day? If possible, I'd like to do as much as possible in sequential steps without sending you results between each step in order to avoid the one day delay in our communications. I may be travelling again next week. I am thinking of running the AVG software again, then Panda, then HJT. Is there something else (or a different order) you can recommend? If I do these in this order, which logs would you like to see?

Thanks for your help.

Your log looks clean. Any problems?

This usually happens when viruseschine was very slow at refreshing screen and accessing programs. This usually happens when viruses are present. Could there be another reason?

Try Cleaning your Temp files:

Use Cleanmgr to clean temporary files:
1. Click > start > run and type cleanmgr and click OK
2. Scan your system for files to remove.
3. Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
4. Click OK to remove those files.
5. Click Yes to confirm deletion.

Please hide your files again:
Close all programs so that you are at your desktop.
Double-click on the My Computer icon.
Select the "Tools" menu.
Click "Folder Options".
After the new window appears, select the "View" tab.
Under the "Hidden files and folders" section, select the button labeled "Dont Show hidden files and folders".
Place a checkmark in the checkbox labeled "Hide protected operating system files".
Press the Apply button.
Press the "OK" button
Close "My Computer".

I am back home form my travels. I deleted the temp files, emptied the trash bin as you requested. I then decided to run AVG again to see what if found. It found a lot of stuff. AVG Log will follow. After AVG, I ran HJT. It looks OK to me. Just to be sure, I then ran SpyBot. SpyBot found 125 High risk viruses - like Sidesurf, HotBar, SexCall, etc...It would clean all but 5 of them saying these 5 were in use. My computer shows that both Norton Antivirus and HVG are active protecting me from viruses but somehing isn't right. I keep getting massive infections again. Here's the AVG log followed by the HJT Log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:18:49 PM 12/2/2006

+ Scan result:



C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246\A0115177.exe -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246\A0115180.exe -> Adware.Apropos : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246\A0115184.exe -> Adware.BetterInternet : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246\A0115182.exe -> Adware.BookedSpace : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246\A0115183.exe -> Adware.BookedSpace : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246\A0115186.exe -> Adware.DealHelper : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246\A0115187.exe -> Adware.DealHelper : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246\A0115169.exe/mwsSrcSp.CommonCodebase.exe -> Adware.FunWeb : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246\A0115185.exe -> Adware.HotSearchBar : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246\A0115181.exe -> Adware.Pacer : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246\A0115174.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246\A0115175.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246\A0115176.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246\A0115178.exe -> Adware.WinAD : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246\A0115179.exe -> Adware.WinAD : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246\A0115172.exe -> Downloader.PurityScan.co : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246\A0115170.exe -> Downloader.PurityScan.df : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246\A0115171.exe -> Downloader.PurityScan.df : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246\A0115173.exe -> Hijacker.StartPage.yq : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246\A0115188.exe -> Not-A-Virus.Downloader.Win32.ImLoader.c : Cleaned.
:mozilla.187:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.160:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.161:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.162:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.163:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.165:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.166:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.10:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.11:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.12:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.8:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.9:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.35:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.76:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.58:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.59:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.60:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.61:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.62:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.63:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.14:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.50:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.197:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.198:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.199:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.78:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.79:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.80:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.81:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.82:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.213:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.24:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.77:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.152:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.200:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.201:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.202:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.203:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.175:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.176:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.177:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.22:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.23:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\yyrnjbr5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.188:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.189:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.190:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.191:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.220:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.221:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.222:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.223:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.224:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.207:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.208:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.209:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.210:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.211:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.212:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.182:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.40:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.41:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.42:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.43:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.44:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.45:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.47:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.48:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.71:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.174:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.32:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.33:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.34:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.36:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.37:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.38:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.39:C:\Documents and Settings\Yelda Long\Application Data\Mozilla\Firefox\Profiles\3ybz29ff.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP246\A0115169.exe/mwsSetup.CommonCodebase.exe -> Trojan.Isbar.s : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0107521.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP241\A0108042.exe -> Trojan.Small : Cleaned.
C:\WINDOWS\WWVsZGEgTG9uZw\qqpPt3H0n36RtT.vbs -> Trojan.Small : Cleaned.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 5:30:21 PM, on 12/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLServiceHost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Greg\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://online.lycos.com/att/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin Wireless Network Monitor Utility (USB).lnk = C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://online.lycos.com/att/
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Hi!

Please download the free MWAV antivirus tool from here (Dont run it yet, just save it so you can find it again):
ftp://ftp.microworldsystems.com/download/tools/mwav.exe

Do Start->Control Panel->System, System restore. Tick "Turn off System Restore" and reboot into safe mode (F8 right after memory count). That will erase all restore points.
Go back in System Restore(Start->Control Panel->System, System restore) and turn System Restore back on.
Create a Restore Point:
1. All Programs->Accessories->System Tools->System Restore
2. Press Create a restore point and press Next.
3. In the Restore point description box, type a descriptive name to append to the date and time.
4. Press Create.

Now run the Mwav Scanner. Follow the prompts to scan your system for viruses. Then please post for me the log of infected files from the BOTTOM panel of the scan window.

Windows will not allow me to create a Restore Point while in Safe Mode. I am headed back out of the country tomorrow. Rather than wait for your response, I am going to attempt to run the MWAV scanner from safe mode and will be posting the results.

I ran MWAV in safe Mode. The log it produced is huge (13.4 MB). This reply will not handle that size. I am going to attach an edited version of the log that I made by removing everything that appeared OK. It will take two posts to do this because it is too long. Please read both posts.

Sun Dec 03 14:20:56 2006 => **********************************************************
Sun Dec 03 14:20:56 2006 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Sun Dec 03 14:20:56 2006 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Sun Dec 03 14:20:56 2006 => **********************************************************
Sun Dec 03 14:20:56 2006 => Source: C:\DOCUME~1\Greg\Desktop\mwav.exe
Sun Dec 03 14:20:56 2006 => Version 8.7.6 (C:\DOCUME~1\Greg\LOCALS~1\Temp\mexe.com)
Sun Dec 03 14:20:56 2006 => Log File: C:\DOCUME~1\Greg\LOCALS~1\Temp\MWAV.LOG
Sun Dec 03 14:20:56 2006 => MWAV Registered: FALSE.
Sun Dec 03 14:20:56 2006 => User Account: Greg
Sun Dec 03 14:20:56 2006 => OS Type: Windows Workstation
Sun Dec 03 14:20:56 2006 => OS: Windows XP
Sun Dec 03 14:20:56 2006 => Ver: Service Pack 2 (Build 2600)
Sun Dec 03 14:20:56 2006 => Windows Root Folder: C:\WINDOWS
Sun Dec 03 14:20:56 2006 => Windows Sys32 Folder: C:\WINDOWS\system32
Sun Dec 03 14:20:56 2006 => Local Fixed Drives: c:\
Sun Dec 03 14:20:56 2006 => MWAV Mode: Only Scan files.
Sun Dec 03 14:20:57 2006 => Latest Date of files inside MWAV: 30 Nov 2006 07:49:1.
Sun Dec 03 14:21:01 2006 => AV Library Loaded...
Sun Dec 03 14:21:01 2006 => MWAV doing self scanning...
Sun Dec 03 14:21:01 2006 => Scanning File C:\DOCUME~1\Greg\LOCALS~1\Temp\Getvlist.exe
Sun Dec 03 14:21:01 2006 => Scanning File C:\DOCUME~1\Greg\LOCALS~1\Temp\main.avi
Sun Dec 03 14:21:01 2006 => Scanning File C:\DOCUME~1\Greg\LOCALS~1\Temp\virus.avi
Sun Dec 03 14:21:01 2006 => Scanning File C:\DOCUME~1\Greg\LOCALS~1\Temp\ScanningProcess.exe
Sun Dec 03 14:21:01 2006 => Scanning File C:\DOCUME~1\Greg\LOCALS~1\Temp\Kave.dll
Sun Dec 03 14:21:01 2006 => Scanning File C:\DOCUME~1\Greg\LOCALS~1\Temp\prloader.dll
Sun Dec 03 14:21:01 2006 => MWAV files are clean.
Sun Dec 03 14:21:07 2006 => Virus Database Date: 11/30/2006
Sun Dec 03 14:21:07 2006 => Virus Database Count: 246832

Sun Dec 03 14:22:06 2006 => **********************************************************
Sun Dec 03 14:22:06 2006 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Sun Dec 03 14:22:06 2006 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Sun Dec 03 14:22:06 2006 =>
Sun Dec 03 14:22:06 2006 => Support: support@mwti.net
Sun Dec 03 14:22:06 2006 => Web: http://www.mwti.net
Sun Dec 03 14:22:06 2006 => **********************************************************
Sun Dec 03 14:22:06 2006 => Version 8.7.6 (C:\DOCUME~1\Greg\LOCALS~1\Temp\mexe.com)
Sun Dec 03 14:22:06 2006 => Log File: C:\DOCUME~1\Greg\LOCALS~1\Temp\MWAV.LOG
Sun Dec 03 14:22:06 2006 => User Account: Greg
Sun Dec 03 14:22:06 2006 => Windows Root Folder: C:\WINDOWS
Sun Dec 03 14:22:06 2006 => Windows Sys32 Folder: C:\WINDOWS\system32
Sun Dec 03 14:22:06 2006 => OS: Windows XP
Sun Dec 03 14:22:06 2006 => Ver: Service Pack 2 (Build 2600)
Sun Dec 03 14:22:06 2006 => Latest Date of files inside MWAV: 30 Nov 2006 07:49:1.

Sun Dec 03 14:22:06 2006 => Options Selected by User:
Sun Dec 03 14:22:06 2006 => Memory Check: Enabled
Sun Dec 03 14:22:06 2006 => Registry Check: Enabled
Sun Dec 03 14:22:06 2006 => StartUp Folder Check: Enabled
Sun Dec 03 14:22:06 2006 => System Folder Check: Enabled
Sun Dec 03 14:22:06 2006 => System Area Check: Disabled
Sun Dec 03 14:22:06 2006 => Services Check: Enabled
Sun Dec 03 14:22:06 2006 => Drive Check: Disabled
Sun Dec 03 14:22:06 2006 => All Drive Check :Enabled
Sun Dec 03 14:22:06 2006 => Folder Check: Disabled

Sun Dec 03 14:22:06 2006 => ***** Scanning Memory Files *****

(MWAV Listed them, there was nothing found so I deleted the list)

Sun Dec 03 14:22:18 2006 => ***** Scanning Registry Files *****

Sun Dec 03 14:22:23 2006 => Invalid Entry DllName = appmgmts.dll (in key SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}). Deleting Registry Key {c6dc5466-785a-11d2-84d0-00c04fb169f7}...

Sun Dec 03 14:22:24 2006 => Scanning HKCU\Control Panel\Desktop
Sun Dec 03 14:22:24 2006 => ERROR!!! Invalid Entry SCRNSAVE.EXE = C:\WINDOWS\SYSTEM32\gbsaver.scr (in key Control Panel\Desktop). No Action Taken.

Sun Dec 03 14:22:24 2006 => ERROR!!! Invalid Entry StubPath = C:\WINDOWS\system32\baqdmqx.exe (in key SOFTWARE\Microsoft\Active Setup\Installed Components\bb3582aa-9e5b-47c1-aef5-40eb57087e50). No Action Taken.

Sun Dec 03 14:22:24 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Sun Dec 03 14:22:24 2006 => ERROR!!! Invalid Entry fsemibrd.exe = C:\WINDOWS\system\fsemibrd.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run). No Action Taken.
Sun Dec 03 14:22:24 2006 => ERROR!!! Invalid Entry morurduo.exe = C:\WINDOWS\system\morurduo.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run). No Action Taken.


Sun Dec 03 14:22:27 2006 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sun Dec 03 14:22:27 2006 => ERROR!!! Invalid Entry Aida = "C:\PROGRA~1\COMMON~1\RACLE~1\msdtc.exe" -vt ndrv (in key .DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
Sun Dec 03 14:22:27 2006 => ERROR!!! Invalid Entry = C:\PROGRA~1\DOBE~1\WACLT~1.EXE (in key .DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.

Sun Dec 03 14:22:27 2006 => ***** Scanning StartUp Folders *****

Sun Dec 03 14:22:27 2006 => ***** Scanning C:\Documents and Settings\Greg\Start Menu\Programs\Startup Folder *****
Sun Dec 03 14:22:27 2006 => Scanning Folder: C:\Documents and Settings\Greg\Start Menu\Programs\Startup\*.*
Sun Dec 03 14:22:27 2006 => Scanning File C:\Documents and Settings\Greg\Start Menu\Programs\Startup\DESKTOP.INI

Sun Dec 03 14:22:27 2006 => ***** Scanning C:\Documents and Settings\Greg\Desktop Folder *****
Sun Dec 03 14:22:27 2006 => Scanning Folder: C:\Documents and Settings\Greg\Desktop\*.*
Sun Dec 03 14:22:27 2006 => Scanning Folder: C:\Documents and Settings\Greg\Desktop\backups\*.*
Sun Dec 03 14:22:53 2006 => ***** Scanning C:\Documents and Settings\All Users\Start Menu\Programs\Startup Folder *****
Sun Dec 03 14:22:53 2006 => Scanning Folder: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\*.*
Sun Dec 03 14:22:53 2006 => Scanning File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
Sun Dec 03 14:22:53 2006 => Scanning File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Network Monitor Utility (USB).lnk
Sun Dec 03 14:22:53 2006 => Scanning File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
Sun Dec 03 14:22:53 2006 => Scanning File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
Sun Dec 03 14:22:53 2006 => Scanning File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk

Sun Dec 03 14:22:53 2006 => ***** Scanning C:\Documents and Settings\Administrator\Start menu\Programs\Startup Folder *****
Sun Dec 03 14:22:53 2006 => Scanning Folder: C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\*.*
Sun Dec 03 14:22:53 2006 => Scanning File C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\DESKTOP.INI

Sun Dec 03 14:22:53 2006 => ***** Scanning C:\Documents and Settings\Default User\Start menu\Programs\Startup Folder *****
Sun Dec 03 14:22:53 2006 => Scanning Folder: C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\*.*
Sun Dec 03 14:22:53 2006 => Scanning File C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\DESKTOP.INI

Sun Dec 03 14:22:53 2006 => ***** Scanning Service Files *****
Sun Dec 03 14:22:58 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
Sun Dec 03 14:22:59 2006 => ERROR!!! Invalid Entry System32\DRIVERS\wATV03nt.sys in SYSTEM\CurrentControlSet\Services\iAimTV2...
Sun Dec 03 14:23:07 2006 => ERROR!!! Invalid Entry System32\DRIVERS\wanatw4.sys in SYSTEM\CurrentControlSet\Services\wanatw...
Sun Dec 03 14:23:07 2006 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD

Sun Dec 03 14:23:07 2006 => ***** Scanning Registry and File system for Adware/Spyware *****
Sun Dec 03 14:23:07 2006 => Loading Spyware Signatures from new External Database (Size: 187864).
Sun Dec 03 14:23:09 2006 => Indexed Spyware Databases Successfully Created...

Sun Dec 03 14:57:29 2006 => System found infected with hotbar.shopperreports Toolbar ({946b3e9e-e21a-49c8-9f63-900533fafe14})! Action taken: No Action Taken.
Sun Dec 03 14:57:29 2006 => System found infected with hotbar.shopperreports Toolbar ({e77eda01-3c56-4a96-8d08-02b42891c169})! Action taken: No Action Taken.
Sun Dec 03 14:57:31 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bargainbuddy !!!
Sun Dec 03 14:57:31 2006 => Object "bargainbuddy Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Dec 03 14:57:31 2006 => Offending Key found: HKLM\Software\magnet !!!
Sun Dec 03 14:57:31 2006 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Dec 03 14:57:31 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buddylinks.net !!!
Sun Dec 03 14:57:31 2006 => Object "buddylinks Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Dec 03 14:57:31 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\web3000.com !!!
Sun Dec 03 14:57:31 2006 => Object "web3000 Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Dec 03 14:57:31 2006 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\web search tools !!!
Sun Dec 03 14:57:31 2006 => Object "websearch Toolbar" found in File System! Action Taken: No Action Taken.

Sun Dec 03 14:57:32 2006 => Offending Key found: HKCU\\curver !!!
Sun Dec 03 14:57:32 2006 => Object "qabar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Dec 03 14:57:32 2006 => Offending Key found: HKCU\\magnet !!!
Sun Dec 03 14:57:32 2006 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Dec 03 14:57:32 2006 => Offending Key found: HKLM\System\CurrentControlSet\Services\cmdservice !!!
Sun Dec 03 14:57:32 2006 => Object "wareout Adware" found in File System! Action Taken: No Action Taken.

Sun Dec 03 14:57:32 2006 => Offending Key found: HKLM\System\ControlSet001\Services\cmdservice !!!
Sun Dec 03 14:57:32 2006 => Object "wareout Adware" found in File System! Action Taken: No Action Taken.

Sun Dec 03 14:57:32 2006 => Offending Key found: HKLM\System\ControlSet002\Services\cmdservice !!!
Sun Dec 03 14:57:32 2006 => Object "wareout Adware" found in File System! Action Taken: No Action Taken.

Sun Dec 03 14:57:37 2006 => Offending Folder found: C:\Documents and Settings\Greg\Application Data\aim\ungbjnab\bartcache\1024
Sun Dec 03 14:57:37 2006 => Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken.

Sun Dec 03 14:57:53 2006 => Checking CLSID Reference Entries...
Sun Dec 03 14:57:53 2006 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.

Sun Dec 03 14:57:53 2006 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.

Sun Dec 03 14:57:53 2006 => Entry "HKCR\CoachDM.WebCoachDownload" refers to invalid object "{E04EAE82-14AD-41CB-BF5A-45556ABB8347}". Action Taken: No Action Taken.

Sun Dec 03 14:57:53 2006 => Entry "HKCR\CoachDM.WebCoachDownload.1" refers to invalid object "{E04EAE82-14AD-41CB-BF5A-45556ABB8347}". Action Taken: No Action Taken.

Sun Dec 03 14:57:53 2006 => Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.

Sun Dec 03 14:57:53 2006 => Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.

Sun Dec 03 14:57:53 2006 => Entry "HKCR\Context.test" refers to invalid object "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}". Action Taken: No Action Taken.

Sun Dec 03 14:57:53 2006 => Entry "HKCR\Context.test.1" refers to invalid object "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}". Action Taken: No Action Taken.

Sun Dec 03 14:57:54 2006 => Entry "HKCR\Downloader.IMDownloader" refers to invalid object "{F00F4763-7355-4725-82F7-0DA94A256D46}". Action Taken: No Action Taken.

Sun Dec 03 14:57:54 2006 => Entry "HKCR\Downloader.IMDownloader.1" refers to invalid object "{F00F4763-7355-4725-82F7-0DA94A256D46}". Action Taken: No Action Taken.

Sun Dec 03 14:57:54 2006 => Entry "HKCR\Groove.Groove" refers to invalid object "{77e32299-629f-43c6-ab77-6a1e6d7663f6}". Action Taken: No Action Taken.

Sun Dec 03 14:57:54 2006 => Entry "HKCR\Groove.Groove.1" refers to invalid object "{77e32299-629f-43c6-ab77-6a1e6d7663f6}". Action Taken: No Action Taken.

Sun Dec 03 14:57:54 2006 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.

Sun Dec 03 14:57:54 2006 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.

Sun Dec 03 14:57:54 2006 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.

Sun Dec 03 14:57:55 2006 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.

Sun Dec 03 14:57:55 2006 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.

Sun Dec 03 14:57:55 2006 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.

Sun Dec 03 14:57:55 2006 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.

Sun Dec 03 14:57:55 2006 => Entry "HKCR\SpyDoctor.EBankProblem" refers to invalid object "{AE612304-E8F9-45D9-A444-32409D33E954}". Action Taken: No Action Taken.

Sun Dec 03 14:57:55 2006 => Entry "HKCR\SpyDoctor.QuarantinedItemProxy" refers to invalid object "{C2CE6266-0404-4C54-96B4-8829852E3537}". Action Taken: No Action Taken.

Sun Dec 03 14:57:55 2006 => Entry "HKCR\SpyDoctor.ScripterProxy" refers to invalid object "{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}". Action Taken: No Action Taken.

Sun Dec 03 14:57:55 2006 => Entry "HKCR\Symantec.NavSniff.1" refers to invalid object "{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}". Action Taken: No Action Taken.

Sun Dec 03 14:57:55 2006 => Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.

Sun Dec 03 14:57:56 2006 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

Sun Dec 03 14:57:56 2006 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

Sun Dec 03 14:57:56 2006 => Checking Module Usage Entries...
Sun Dec 03 14:57:56 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\asinst.dll". Action Taken: No Action Taken.

Sun Dec 03 14:57:56 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\GrooveAX.dll". Action Taken: No Action Taken.

Sun Dec 03 14:57:56 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\imloader.exe". Action Taken: No Action Taken.

Sun Dec 03 14:57:56 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx". Action Taken: No Action Taken.

Sun Dec 03 14:57:56 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WebInst.Dll". Action Taken: No Action Taken.

Sun Dec 03 14:57:56 2006 => Checking User Trusted External App Entries...
Sun Dec 03 14:57:56 2006 => Checking Shared DLL Entries...
Sun Dec 03 14:57:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WebInst.Dll". Action Taken: No Action Taken.

Sun Dec 03 14:57:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll". Action Taken: No Action Taken.

Sun Dec 03 14:57:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\Setup.dll". Action Taken: No Action Taken.

Sun Dec 03 14:57:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll". Action Taken: No Action Taken.

Sun Dec 03 14:57:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll". Action Taken: No Action Taken.

Sun Dec 03 14:57:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll". Action Taken: No Action Taken.

Sun Dec 03 14:57:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\IGDI.dll". Action Taken: No Action Taken.

Sun Dec 03 14:57:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\imloader.exe". Action Taken: No Action Taken.

Sun Dec 03 14:57:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx". Action Taken: No Action Taken.

Sun Dec 03 14:57:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\GrooveAX.dll". Action Taken: No Action Taken.

Sun Dec 03 14:58:01 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\AOL\AOL Toolbar\bullet.gid". Action Taken: No Action Taken.

Sun Dec 03 14:58:01 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\asinst.dll". Action Taken: No Action Taken.

Sun Dec 03 14:58:01 2006 => Checking Installer Entries...
Sun Dec 03 14:58:01 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Favorites\Financial Links\". Action Taken: No Action Taken.

Sun Dec 03 14:58:01 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Dell\Support\bin\". Action Taken: No Action Taken.

Sun Dec 03 14:58:01 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Dell\Support\Alert\bin\". Action Taken: No Action Taken.

Sun Dec 03 14:58:01 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Dell\Support\Alert\". Action Taken: No Action Taken.

Sun Dec 03 14:58:01 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Application Data\Dell\DSLogDB\". Action Taken: No Action Taken.

Sun Dec 03 14:58:01 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Application Data\Dell\Support\". Action Taken: No Action Taken.

Sun Dec 03 14:58:01 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Application Data\Dell\Alert\0\". Action Taken: No Action Taken.

Sun Dec 03 14:58:01 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Application Data\Dell\Alert\". Action Taken: No Action Taken.

Sun Dec 03 14:58:02 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\". Action Taken: No Action Taken.

Sun Dec 03 14:58:02 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Jasc Software Inc\Paint Shop Pro 8\". Action Taken: No Action Taken.

Sun Dec 03 14:58:02 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Jasc Software Inc\". Action Taken: No Action Taken.

Sun Dec 03 14:58:02 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\My Documents\My PSP8 Files\Scripts-Restricted\". Action Taken: No Action Taken.

Sun Dec 03 14:58:02 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\My Documents\My PSP8 Files\". Action Taken: No Action Taken.

Sun Dec 03 14:58:02 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\My Documents\My PSP8 Files\Workspaces\". Action Taken: No Action Taken.

Sun Dec 03 14:58:02 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Norton Internet Security\". Action Taken: No Action Taken.

Sun Dec 03 14:58:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Checking Shared Tools Entries...
Sun Dec 03 14:58:05 2006 => Checking File Extension Entries...
Sun Dec 03 14:58:05 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sav". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".zoo". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Checking Application Cache Entries...
Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "America Online us". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AolCoach". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "BargainBuddy". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Curtains for Windows 1.5". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Google Desktop". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Google Pack Screensaver". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB817611". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824105". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826939". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826942". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826959". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB833407". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839643-DirectX9". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840374". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB842773". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB890923-IE6SP1-20050225.103456". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LiveReg". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q828026". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "QuickTime". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "RSyncMon". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ScreensaversInstaller". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Spyware Doctor_is1". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WAFAIE". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WinTools". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2D4B1196-07AB-44D1-A246-D3475EADA631}". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{43FCA273-9534-40DB-B7C5-D7758875616A}". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{7BF7B688-4A95-4003-BA98-EA8A79DA0ABA}". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{9C2EDC9C-EF3B-443A-BB2C-3488DAC7247E}". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1033-7B44-A00000000001}". Action Taken: No Action Taken.

Sun Dec 03 14:58:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B005394D-5A4D-6AE4-CB08-F59CDC9A255C}". Action Taken: No Action Taken.


Sun Dec 03 14:58:05 2006 => ***** Scanning System32 Folders *****
Sun Dec 03 14:59:28 2006 => Scanning File C:\WINDOWS\system32\ntsmsdtc.exe
Sun Dec 03 14:59:28 2006 => File C:\WINDOWS\system32\ntsmsdtc.exe infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.

Sun Dec 03 15:00:03 2006 => Scanning File C:\WINDOWS\system32\weirdontheweb_ventura.exe
Sun Dec 03 15:00:03 2006 => File C:\WINDOWS\system32\weirdontheweb_ventura.exe tagged as "not-a-virus:AdWare.Win32.WeirWeb.a". Action Taken: No Action Taken.

This is the second post that has the remainder of the MWAV log I edited. Please read the explanation on the earlier posting.

Sun Dec 03 15:00:15 2006 => Scanning C:\DOCUME~1\Greg\LOCALS~1\Temp Directory

Sun Dec 03 15:00:39 2006 => Scanning C:\DOCUME~1\Greg\LOCALS~1\TEMPOR~1\Content.IE5 Directory


Sun Dec 03 15:00:58 2006 => ***** Scanning All Drives *****
Sun Dec 03 15:03:38 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\20050522192146.zip
Sun Dec 03 15:03:38 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\20050522192146.zip: Scanning Failure!!!
Sun Dec 03 15:03:38 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\AUTHEN~1\CURTAI~1\QUARAN~1\QUARAN~1\200505~1.ZIP
Sun Dec 03 15:03:38 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\20050530193539.zip
Sun Dec 03 15:03:40 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\20050530193539.zip: Scanning Failure!!!
Sun Dec 03 15:03:40 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\AUTHEN~1\CURTAI~1\QUARAN~1\QUARAN~1\200505~2.ZIP
Sun Dec 03 15:03:40 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\20050530232709.zip
Sun Dec 03 15:03:40 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\20050530232709.zip: Scanning Failure!!!
Sun Dec 03 15:03:40 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\AUTHEN~1\CURTAI~1\QUARAN~1\QUARAN~1\200505~3.ZIP
Sun Dec 03 15:04:36 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AbetterInternet.zip
Sun Dec 03 15:04:36 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AbetterInternet.zip: Scanning Failure!!!
Sun Dec 03 15:04:36 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\ABETTE~1.ZIP
Sun Dec 03 15:04:36 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AbetterInternet1.zip
Sun Dec 03 15:04:36 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AbetterInternet1.zip: Scanning Failure!!!
Sun Dec 03 15:04:36 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\ABETTE~2.ZIP
Sun Dec 03 15:04:36 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace.zip
Sun Dec 03 15:04:36 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace.zip: Scanning Failure!!!
Sun Dec 03 15:04:36 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\BOOKED~1.ZIP
Sun Dec 03 15:04:36 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace1.zip
Sun Dec 03 15:04:36 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace1.zip: Scanning Failure!!!
Sun Dec 03 15:04:36 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\BOOKED~2.ZIP
Sun Dec 03 15:04:36 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace2.zip
Sun Dec 03 15:04:36 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace2.zip: Scanning Failure!!!
Sun Dec 03 15:04:36 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\BOOKED~3.ZIP
Sun Dec 03 15:04:36 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace3.zip
Sun Dec 03 15:04:36 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace3.zip: Scanning Failure!!!
Sun Dec 03 15:04:36 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\BOOKED~4.ZIP
Sun Dec 03 15:04:36 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace4.zip
Sun Dec 03 15:04:36 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace4.zip: Scanning Failure!!!
Sun Dec 03 15:04:36 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\BOBC6A~1.ZIP
Sun Dec 03 15:04:36 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace5.zip
Sun Dec 03 15:04:36 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace5.zip: Scanning Failure!!!
Sun Dec 03 15:04:36 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\BOBC6E~1.ZIP
Sun Dec 03 15:04:36 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService.zip
Sun Dec 03 15:04:36 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService.zip: Scanning Failure!!!
Sun Dec 03 15:04:36 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\COMMAN~1.ZIP
Sun Dec 03 15:04:36 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService1.zip
Sun Dec 03 15:04:36 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService1.zip: Scanning Failure!!!
Sun Dec 03 15:04:36 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\COMMAN~2.ZIP
Sun Dec 03 15:04:36 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService10.zip
Sun Dec 03 15:04:36 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService10.zip: Scanning Failure!!!
Sun Dec 03 15:04:36 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\COB5A9~1.ZIP
Sun Dec 03 15:04:36 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService11.zip
Sun Dec 03 15:04:36 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService11.zip: Scanning Failure!!!
Sun Dec 03 15:04:36 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\COB5AD~1.ZIP
Sun Dec 03 15:04:36 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService12.zip
Sun Dec 03 15:04:36 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService12.zip: Scanning Failure!!!
Sun Dec 03 15:04:36 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\COB5A1~1.ZIP
Sun Dec 03 15:04:36 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService13.zip
Sun Dec 03 15:04:36 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService13.zip: Scanning Failure!!!
Sun Dec 03 15:04:36 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\COB5A5~1.ZIP
Sun Dec 03 15:04:36 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService14.zip
Sun Dec 03 15:04:36 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService14.zip: Scanning Failure!!!
Sun Dec 03 15:04:36 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\COC5A9~1.ZIP
Sun Dec 03 15:04:36 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService15.zip
Sun Dec 03 15:04:36 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService15.zip: Scanning Failure!!!
Sun Dec 03 15:04:36 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\COC5AD~1.ZIP
Sun Dec 03 15:04:36 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService16.zip
Sun Dec 03 15:04:37 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService16.zip: Scanning Failure!!!
Sun Dec 03 15:04:37 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\COC5A1~1.ZIP
Sun Dec 03 15:04:37 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService17.zip
Sun Dec 03 15:04:37 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService17.zip: Scanning Failure!!!
Sun Dec 03 15:04:37 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\COC5A5~1.ZIP
Sun Dec 03 15:04:37 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService18.zip
Sun Dec 03 15:04:37 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService18.zip: Scanning Failure!!!
Sun Dec 03 15:04:37 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\COD5A9~1.ZIP
Sun Dec 03 15:04:37 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService19.zip
Sun Dec 03 15:04:37 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService19.zip: Scanning Failure!!!
Sun Dec 03 15:04:37 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\COD5AD~1.ZIP
Sun Dec 03 15:04:37 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService2.zip
Sun Dec 03 15:04:37 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService2.zip: Scanning Failure!!!
Sun Dec 03 15:04:37 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\COMMAN~3.ZIP
Sun Dec 03 15:04:37 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService20.zip
Sun Dec 03 15:04:37 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService20.zip: Scanning Failure!!!
Sun Dec 03 15:04:37 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\COB9A9~1.ZIP
Sun Dec 03 15:04:37 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService21.zip
Sun Dec 03 15:04:37 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService21.zip: Scanning Failure!!!
Sun Dec 03 15:04:37 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\COB9AD~1.ZIP
Sun Dec 03 15:04:37 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService22.zip
Sun Dec 03 15:04:37 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService22.zip: Scanning Failure!!!
Sun Dec 03 15:04:37 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\COB9A1~1.ZIP
Sun Dec 03 15:04:37 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService3.zip
Sun Dec 03 15:04:37 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService3.zip: Scanning Failure!!!
Sun Dec 03 15:04:37 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\COMMAN~4.ZIP
Sun Dec 03 15:04:37 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService4.zip
Sun Dec 03 15:04:37 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService4.zip: Scanning Failure!!!
Sun Dec 03 15:04:37 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\CO2A7C~1.ZIP
Sun Dec 03 15:04:37 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService5.zip
Sun Dec 03 15:04:37 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService5.zip: Scanning Failure!!!
Sun Dec 03 15:04:37 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\CO2E7C~1.ZIP
Sun Dec 03 15:04:37 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService6.zip
Sun Dec 03 15:04:37 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService6.zip: Scanning Failure!!!
Sun Dec 03 15:04:37 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\CO228C~1.ZIP
Sun Dec 03 15:04:37 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService7.zip
Sun Dec 03 15:04:37 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService7.zip: Scanning Failure!!!
Sun Dec 03 15:04:37 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\CO268C~1.ZIP
Sun Dec 03 15:04:37 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService8.zip
Sun Dec 03 15:04:37 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService8.zip: Scanning Failure!!!
Sun Dec 03 15:04:37 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\CO2A8C~1.ZIP
Sun Dec 03 15:04:37 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService9.zip
Sun Dec 03 15:04:37 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService9.zip: Scanning Failure!!!
Sun Dec 03 15:04:37 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\CO2E8C~1.ZIP
Sun Dec 03 15:04:37 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank.zip
Sun Dec 03 15:04:37 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank.zip: Scanning Failure!!!
Sun Dec 03 15:04:37 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\COOLWW~1.ZIP
Sun Dec 03 15:04:37 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank1.zip
Sun Dec 03 15:04:37 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank1.zip: Scanning Failure!!!
Sun Dec 03 15:04:37 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\COOLWW~2.ZIP
Sun Dec 03 15:04:37 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar.zip
Sun Dec 03 15:04:37 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar.zip: Scanning Failure!!!
Sun Dec 03 15:04:37 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\ELITUM~1.ZIP
Sun Dec 03 15:04:37 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar1.zip
Sun Dec 03 15:04:37 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar1.zip: Scanning Failure!!!
Sun Dec 03 15:04:37 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\ELITUM~2.ZIP
Sun Dec 03 15:04:37 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar2.zip
Sun Dec 03 15:04:37 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar2.zip: Scanning Failure!!!
Sun Dec 03 15:04:37 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\ELITUM~3.ZIP
Sun Dec 03 15:04:37 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar3.zip
Sun Dec 03 15:04:37 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar3.zip: Scanning Failure!!!
Sun Dec 03 15:04:37 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\ELITUM~4.ZIP
Sun Dec 03 15:04:37 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar4.zip
Sun Dec 03 15:04:38 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar4.zip: Scanning Failure!!!
Sun Dec 03 15:04:38 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\ELA9E5~1.ZIP
Sun Dec 03 15:04:38 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar5.zip
Sun Dec 03 15:04:38 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar5.zip: Scanning Failure!!!
Sun Dec 03 15:04:38 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\ELADE5~1.ZIP
Sun Dec 03 15:04:38 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar6.zip
Sun Dec 03 15:04:38 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar6.zip: Scanning Failure!!!
Sun Dec 03 15:04:38 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\ELA1F5~1.ZIP
Sun Dec 03 15:04:38 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar7.zip
Sun Dec 03 15:04:38 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar7.zip: Scanning Failure!!!
Sun Dec 03 15:04:38 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\ELA5F5~1.ZIP
Sun Dec 03 15:04:38 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar.zip
Sun Dec 03 15:04:38 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar.zip: Scanning Failure!!!
Sun Dec 03 15:04:38 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\Hotbar.zip
Sun Dec 03 15:04:38 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar1.zip
Sun Dec 03 15:04:38 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar1.zip: Scanning Failure!!!
Sun Dec 03 15:04:38 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\Hotbar1.zip
Sun Dec 03 15:04:38 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar10.zip
Sun Dec 03 15:04:38 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar10.zip: Scanning Failure!!!
Sun Dec 03 15:04:38 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\Hotbar10.zip
Sun Dec 03 15:04:38 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar11.zip
Sun Dec 03 15:04:38 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar11.zip: Scanning Failure!!!
Sun Dec 03 15:04:38 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\Hotbar11.zip
Sun Dec 03 15:04:38 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar12.zip
Sun Dec 03 15:04:38 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar12.zip: Scanning Failure!!!
Sun Dec 03 15:04:38 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\Hotbar12.zip
Sun Dec 03 15:04:38 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar13.zip
Sun Dec 03 15:04:38 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar13.zip: Scanning Failure!!!
Sun Dec 03 15:04:38 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\Hotbar13.zip
Sun Dec 03 15:04:38 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar14.zip
Sun Dec 03 15:04:38 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar14.zip: Scanning Failure!!!
Sun Dec 03 15:04:38 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\Hotbar14.zip
Sun Dec 03 15:04:38 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar15.zip
Sun Dec 03 15:04:39 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar15.zip: Scanning Failure!!!
Sun Dec 03 15:04:39 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\Hotbar15.zip
Sun Dec 03 15:04:39 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar16.zip
Sun Dec 03 15:04:39 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar16.zip: Scanning Failure!!!
Sun Dec 03 15:04:39 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\Hotbar16.zip
Sun Dec 03 15:04:39 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar17.zip
Sun Dec 03 15:04:39 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar17.zip: Scanning Failure!!!
Sun Dec 03 15:04:39 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\Hotbar17.zip
Sun Dec 03 15:04:39 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar18.zip
Sun Dec 03 15:04:39 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar18.zip: Scanning Failure!!!
Sun Dec 03 15:04:39 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\Hotbar18.zip
Sun Dec 03 15:04:39 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar19.zip
Sun Dec 03 15:04:39 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar19.zip: Scanning Failure!!!
Sun Dec 03 15:04:39 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\Hotbar19.zip
Sun Dec 03 15:04:39 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar2.zip
Sun Dec 03 15:04:39 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar2.zip: Scanning Failure!!!
Sun Dec 03 15:04:39 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\Hotbar2.zip
Sun Dec 03 15:04:39 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar20.zip
Sun Dec 03 15:04:39 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar20.zip: Scanning Failure!!!
Sun Dec 03 15:04:39 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\Hotbar20.zip
Sun Dec 03 15:04:39 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar21.zip
Sun Dec 03 15:04:39 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar21.zip: Scanning Failure!!!
Sun Dec 03 15:04:39 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\Hotbar21.zip
Sun Dec 03 15:04:39 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar22.zip
Sun Dec 03 15:04:39 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar22.zip: Scanning Failure!!!
Sun Dec 03 15:04:39 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\Hotbar22.zip
Sun Dec 03 15:04:39 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar23.zip
Sun Dec 03 15:04:39 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar23.zip: Scanning Failure!!!
Sun Dec 03 15:04:39 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\Hotbar23.zip
Sun Dec 03 15:04:39 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar24.zip
Sun Dec 03 15:04:39 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar24.zip: Scanning Failure!!!
Sun Dec 03 15:04:39 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\Hotbar24.zip
Sun Dec 03 15:04:39 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar25.zip
Sun Dec 03 15:04:39 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar25.zip: Scanning Failure!!!
Sun Dec 03 15:04:39 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\Hotbar25.zip
Sun Dec 03 15:04:39 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar3.zip
Sun Dec 03 15:04:39 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar3.zip: Scanning Failure!!!
Sun Dec 03 15:04:39 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\Hotbar3.zip
Sun Dec 03 15:04:39 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar4.zip
Sun Dec 03 15:04:39 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar4.zip: Scanning Failure!!!
Sun Dec 03 15:04:39 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\Hotbar4.zip
Sun Dec 03 15:04:39 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar5.zip
Sun Dec 03 15:04:39 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar5.zip: Scanning Failure!!!
Sun Dec 03 15:04:39 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\Hotbar5.zip
Sun Dec 03 15:04:39 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar6.zip
Sun Dec 03 15:04:39 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar6.zip: Scanning Failure!!!
Sun Dec 03 15:04:39 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\Hotbar6.zip
Sun Dec 03 15:04:39 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar7.zip
Sun Dec 03 15:04:39 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar7.zip: Scanning Failure!!!
Sun Dec 03 15:04:39 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\Hotbar7.zip
Sun Dec 03 15:04:39 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar8.zip
Sun Dec 03 15:04:39 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar8.zip: Scanning Failure!!!
Sun Dec 03 15:04:39 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\Hotbar8.zip
Sun Dec 03 15:04:39 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar9.zip
Sun Dec 03 15:04:40 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar9.zip: Scanning Failure!!!
Sun Dec 03 15:04:40 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\Hotbar9.zip
Sun Dec 03 15:04:40 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotSearchBar.zip
Sun Dec 03 15:04:40 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotSearchBar.zip: Scanning Failure!!!
Sun Dec 03 15:04:40 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\HOTSEA~1.ZIP
Sun Dec 03 15:04:40 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotSearchBar1.zip
Sun Dec 03 15:04:40 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotSearchBar1.zip: Scanning Failure!!!
Sun Dec 03 15:04:40 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\HOTSEA~2.ZIP
Sun Dec 03 15:04:40 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotSearchBar10.zip
Sun Dec 03 15:04:40 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotSearchBar10.zip: Scanning Failure!!!
Sun Dec 03 15:04:40 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\HO5059~1.ZIP
Sun Dec 03 15:04:40 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotSearchBar11.zip
Sun Dec 03 15:04:40 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotSearchBar11.zip: Scanning Failure!!!
Sun Dec 03 15:04:40 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\HO505D~1.ZIP
Sun Dec 03 15:04:40 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotSearchBar12.zip
Sun Dec 03 15:04:40 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotSearchBar12.zip: Scanning Failure!!!
Sun Dec 03 15:04:40 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\HO5051~1.ZIP
Sun Dec 03 15:04:40 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotsearchBar13.zip
Sun Dec 03 15:04:40 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotsearchBar13.zip: Scanning Failure!!!
Sun Dec 03 15:04:40 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\HO6059~1.ZIP
Sun Dec 03 15:04:40 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotSearchBar2.zip
Sun Dec 03 15:04:40 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotSearchBar2.zip: Scanning Failure!!!
Sun Dec 03 15:04:40 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\HOTSEA~3.ZIP
Sun Dec 03 15:04:40 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotSearchBar3.zip
Sun Dec 03 15:04:40 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotSearchBar3.zip: Scanning Failure!!!
Sun Dec 03 15:04:40 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\HOTSEA~4.ZIP
Sun Dec 03 15:04:40 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotSearchBar4.zip
Sun Dec 03 15:04:40 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotSearchBar4.zip: Scanning Failure!!!
Sun Dec 03 15:04:40 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\HOC42C~1.ZIP
Sun Dec 03 15:04:40 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotSearchBar5.zip
Sun Dec 03 15:04:40 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotSearchBar5.zip: Scanning Failure!!!
Sun Dec 03 15:04:40 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\HOC82C~1.ZIP
Sun Dec 03 15:04:40 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotSearchBar6.zip
Sun Dec 03 15:04:40 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotSearchBar6.zip: Scanning Failure!!!
Sun Dec 03 15:04:40 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\HOCC2C~1.ZIP
Sun Dec 03 15:04:40 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotSearchBar7.zip
Sun Dec 03 15:04:40 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotSearchBar7.zip: Scanning Failure!!!
Sun Dec 03 15:04:40 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\HOC03C~1.ZIP
Sun Dec 03 15:04:40 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotSearchBar8.zip
Sun Dec 03 15:04:40 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotSearchBar8.zip: Scanning Failure!!!
Sun Dec 03 15:04:40 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\HOC43C~1.ZIP
Sun Dec 03 15:04:40 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotSearchBar9.zip
Sun Dec 03 15:04:40 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotSearchBar9.zip: Scanning Failure!!!
Sun Dec 03 15:04:40 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\HOC83C~1.ZIP
Sun Dec 03 15:04:40 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HuntBar.zip
Sun Dec 03 15:04:40 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HuntBar.zip: Scanning Failure!!!
Sun Dec 03 15:04:40 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\HuntBar.zip
Sun Dec 03 15:04:40 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HuntBar1.zip
Sun Dec 03 15:04:40 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HuntBar1.zip: Scanning Failure!!!
Sun Dec 03 15:04:40 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\HuntBar1.zip
Sun Dec 03 15:04:40 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HuntBar2.zip
Sun Dec 03 15:04:40 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HuntBar2.zip: Scanning Failure!!!
Sun Dec 03 15:04:40 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\HuntBar2.zip
Sun Dec 03 15:04:40 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HuntBar3.zip
Sun Dec 03 15:04:40 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HuntBar3.zip: Scanning Failure!!!
Sun Dec 03 15:04:40 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\HuntBar3.zip
Sun Dec 03 15:04:40 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HuntBar4.zip
Sun Dec 03 15:04:41 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HuntBar4.zip: Scanning Failure!!!
Sun Dec 03 15:04:41 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\HuntBar4.zip
Sun Dec 03 15:04:41 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HuntBar5.zip
Sun Dec 03 15:04:41 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HuntBar5.zip: Scanning Failure!!!
Sun Dec 03 15:04:41 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\HuntBar5.zip
Sun Dec 03 15:04:41 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HuntbarWebSearch.zip
Sun Dec 03 15:04:41 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HuntbarWebSearch.zip: Scanning Failure!!!
Sun Dec 03 15:04:41 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\HUNTBA~1.ZIP
Sun Dec 03 15:04:41 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HuntbarWebSearch1.zip
Sun Dec 03 15:04:41 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HuntbarWebSearch1.zip: Scanning Failure!!!
Sun Dec 03 15:04:41 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\HUNTBA~2.ZIP
Sun Dec 03 15:04:41 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IBISToolbar.zip
Sun Dec 03 15:04:41 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IBISToolbar.zip: Scanning Failure!!!
Sun Dec 03 15:04:41 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\IBISTO~1.ZIP
Sun Dec 03 15:04:41 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IBISToolbar1.zip
Sun Dec 03 15:04:41 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IBISToolbar1.zip: Scanning Failure!!!
Sun Dec 03 15:04:41 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\IBISTO~2.ZIP
Sun Dec 03 15:04:41 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LSA.zip
Sun Dec 03 15:04:41 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LSA.zip: Scanning Failure!!!
Sun Dec 03 15:04:41 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\LSA.zip
Sun Dec 03 15:04:41 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LSA1.zip
Sun Dec 03 15:04:41 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LSA1.zip: Scanning Failure!!!
Sun Dec 03 15:04:41 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\LSA1.zip
Sun Dec 03 15:04:41 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MaxSearch.zip
Sun Dec 03 15:04:41 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MaxSearch.zip: Scanning Failure!!!
Sun Dec 03 15:04:41 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\MAXSEA~1.ZIP
Sun Dec 03 15:04:41 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MaxSearch1.zip
Sun Dec 03 15:04:41 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MaxSearch1.zip: Scanning Failure!!!
Sun Dec 03 15:04:41 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\MAXSEA~2.ZIP
Sun Dec 03 15:04:41 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MaxSearch2.zip
Sun Dec 03 15:04:41 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MaxSearch2.zip: Scanning Failure!!!
Sun Dec 03 15:04:41 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\MAXSEA~3.ZIP
Sun Dec 03 15:04:41 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MaxSearch3.zip
Sun Dec 03 15:04:41 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MaxSearch3.zip: Scanning Failure!!!
Sun Dec 03 15:04:41 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\MAXSEA~4.ZIP
Sun Dec 03 15:04:41 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip
Sun Dec 03 15:04:41 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip: Scanning Failure!!!
Sun Dec 03 15:04:41 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\MICROS~2.ZIP
Sun Dec 03 15:04:41 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride1.zip
Sun Dec 03 15:04:41 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride1.zip: Scanning Failure!!!
Sun Dec 03 15:04:41 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\MIC9F9~1.ZIP
Sun Dec 03 15:04:41 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride2.zip
Sun Dec 03 15:04:41 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride2.zip: Scanning Failure!!!
Sun Dec 03 15:04:41 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\MIC9FD~1.ZIP
Sun Dec 03 15:04:41 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityInternetExplorer.zip
Sun Dec 03 15:04:41 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityInternetExplorer.zip: Scanning Failure!!!
Sun Dec 03 15:04:41 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\MICROS~1.ZIP
Sun Dec 03 15:04:41 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityInternetExplorer1.zip
Sun Dec 03 15:04:41 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityInternetExplorer1.zip: Scanning Failure!!!
Sun Dec 03 15:04:41 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\MICROS~3.ZIP
Sun Dec 03 15:04:41 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityInternetExplorer2.zip
Sun Dec 03 15:04:41 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityInternetExplorer2.zip: Scanning Failure!!!
Sun Dec 03 15:04:41 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\MICROS~4.ZIP
Sun Dec 03 15:04:41 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Overview.ini [**]
Sun Dec 03 15:04:41 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Pacimedia.zip
Sun Dec 03 15:04:41 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Pacimedia.zip: Scanning Failure!!!
Sun Dec 03 15:04:42 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Recovery\PACIME~1.ZIP
Sun Dec 03 15:04:42 2006 => Scanning File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Pacimedia1.zip
Sun Dec 03 15:04:42 2006 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recover

Open Norton AntiVirus by double clicking the 'Shield' icon located in the right hand bottom corner of your computer screen.
Double click the 'View' folder. It is located on the left side of the Norton AntiVirus window. This will expand the folder and display the contents. Click on the 'Quarantine' icon. The right side of the Norton AntiVirus window will now list the contents of your quarantine folder.
Select the item you wish to remove and click on RED 'X' icon to delete it. This will open the 'Take Action' window. Click the 'Start Delete' button to remove the infected file from your computer.
Repeat for any other quarantined files you want to remove.
When you are done removing files, click the 'Exit' button in the bottom left hand corner of the Norton AntiVirus window. Also delete the content of the spybot recovery folder.

Download Silent Runners.zip and extract it to a new folder on your Desktop.

• Run the Silent Runners.vbs file.
• You will receive a prompt: "Do you want to skip supplementary searches?" - click "NO."
• If your antivirus has a script blocker, you will get a warning asking if you want to allow Silent Runners.vbs to run.
• This script is not malicious so please allow it.
• A text file will appear in the folder - it's not done, let it run. (It won't appear to be doing anything!)
• Once the "All Done!" prompt flashes up, open the text file, and copy & paste it in your next reply.

Please download F-Secure Blacklight ph34r.gif from here: https://europe.f-secure.com/blacklight/try.shtml

Save the program to o folder, for example c:\black

Click blbetac.exe. A DOS Window will open. Follow the instructions on the screen.

When you get the message: "Do you accept the End User License Agreement (y/N):" press Y if you accept the agreement.

Open the c:\black folder and you will find a log. Please post the content of that log.

There were no quarantined files in Symantec. Cleared the quarantined files in SpyBot. Below is the log files for silent runners and blacklight. The log for Blacklight is really small...I guess it is what you wanted:

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"fsemibrd.exe" = "C:\WINDOWS\system\fsemibrd.exe" [file not found]
"morurduo.exe" = "C:\WINDOWS\system\morurduo.exe" [file not found]

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"DellSupport" = ""C:\Program Files\Dell Support\DSAgnt.exe" /startup" ["Gteko Ltd."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"PCMService" = ""C:\Program Files\Dell\Media Experience\PCMService.exe"" ["CyberLink Corp."]
"mmtask" = "c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" ["TODO: <Company name>"]
"HostManager" = "C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe" ["America Online, Inc."]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"vptray" = "C:\PROGRA~1\SYMANT~1\VPTray.exe" ["Symantec Corporation"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" ["Sun Microsystems, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions"
-> {HKLM...CLSID} = "VpshellEx Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
<<!>> NavLogon\DLLName = "C:\WINDOWS\system32\NavLogon.dll" ["Symantec Corporation"]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
fykmxksq\(Default) = "{ef88960d-0304-4be9-8eb7-6b0e26d9e03a}"
-> {HKLM...CLSID} = "exjorjfi.class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\pmqou.dll" [file not found]
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
-> {HKLM...CLSID} = "VpshellEx Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
QuickFinderMenu\(Default) = "{C0E10002-0028-0004-C0E1-C0E1C0E1C0E1}"
-> {HKLM...CLSID} = "QuickFinder Shell Extension"
\InProcServer32\(Default) = "c:\Program Files\WordPerfect Office 11\Programs\PFSE110.DLL" ["Novell, Inc., c/o Corel Corporation Limited"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
-> {HKLM...CLSID} = "VpshellEx Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{Prevent access to registry editing tools}

HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\

"ResetWebSettings" = (REG_DWORD) hex:0x00000000
{Disable the Reset Web Settings feature}

"Settings" = (REG_DWORD) hex:0x00000000
{Prevent the deletion of temporary Internet files and cookies}

"CertifPers" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"CertifSite" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"CertifPub" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"Profiles" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"FormSuggest" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"Ratings" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"ConnWiz Admin Lock" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\

"NoBrowserOptions" = (REG_DWORD) hex:0x00000000
{Tools menu: Disable Internet Options... menu option}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\SYSTEM32\gbsaver.scr" [file not found]


Startup items in "Greg" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Belkin Wireless Network Monitor Utility (USB)" -> shortcut to: "C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe" ["Belkin Corporation"]
"Digital Line Detect" -> shortcut to: "C:\Program Files\Digital Line Detect\DLG.exe" ["BVRP Software"]
"Google Updater" -> shortcut to: "C:\Program Files\Google\Google Updater\GoogleUpdater.exe -systray -startup" ["Google"]


Enabled Scheduled Tasks:
------------------------

"XoftSpy" -> launches: "C:\Program Files\XoftSpy\XoftSpy.exe -t" ["ParetoLogic Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = (no title provided)
-> {HKLM...CLSID} = "&Research"
\InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL" [MS]

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Real.com"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://online.lycos.com/att/

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]
iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]
SAVRoam, SavRoam, ""C:\Program Files\Symantec AntiVirus\SavRoam.exe"" ["symantec"]
Symantec AntiVirus, Symantec AntiVirus, ""C:\Program Files\Symantec AntiVirus\Rtvscan.exe"" ["Symantec Corporation"]
Symantec AntiVirus Definition Watcher, DefWatch, ""C:\Program Files\Symantec AntiVirus\DefWatch.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
EPSON V6 2KMonitor\Driver = "EBPMON24.DLL" ["SEIKO EPSON CORPORATION"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 127 seconds.
---------- (total run time: 185 seconds)

12/10/06 20:22:06 [Info]: BlackLight Engine 1.0.47 initialized
12/10/06 20:22:06 [Info]: OS: 5.1 build 2600 (Service Pack 2)
12/10/06 20:22:07 [Note]: 7019 4
12/10/06 20:22:07 [Note]: 7005 0
12/10/06 20:22:08 [Note]: 7006 0
12/10/06 20:22:08 [Note]: 7011 1668
12/10/06 20:22:08 [Note]: 7026 0
12/10/06 20:22:08 [Note]: 7026 0
12/10/06 20:22:19 [Note]: FSRAW library version 1.7.1020
12/10/06 20:32:11 [Note]: 2000 1012
12/10/06 20:32:11 [Note]: 7007 0

Copy paste this in notepad:



save as fix.reg file, save as type all files( not txt )

how to run the regfile.. doubleclick, answer yes/ok to prompts that follow. if succesful you should see a message like merged succesfully.

another way: right click, select "merge", answer yes/ok to prompts that follow. if succesful you should see a message like merged succesfully.

Find and delete these files:
C:\WINDOWS\system\fsemibrd.exe
C:\WINDOWS\system\morurduo.exe

Reboot and post a new Hijackthislog in normal mode

Created and ran the RegEdit file succesfully. Could not locate the two files. I manually looked in the C:\Windows\system folder and then tried the Windows file search to see if they could be located anywhere. They were not found.

Rebooted and here's the HJT log produced after reboot in the normal mode:

Logfile of HijackThis v1.99.1
Scan saved at 6:41:07 PM, on 12/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLServiceHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Greg\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://online.lycos.com/att/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin Wireless Network Monitor Utility (USB).lnk = C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://online.lycos.com/att/
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Please read message above as well as this one. After performing the action you requested, I ran several programs. Xoftspy found one low risk toolbar and 11 Viewpoint adware problems. All removed succesfully. I then ran AdWare. It found 15 low risk "MRU" files. Removed them successfully. Then ran Spybot. It found some tracking cookies, a Microsoft Security Antivirus overide issue, and three "Command Service" registries:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\cmdservice
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\cmdservice
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\cmdservice

I did an internet search on "cmdService" and it may be the root cause of all my problems. There were software programs on the net to detect and remove it but not for free. I did find one web site with instructions for manual removal but it looked fairly complicated. I would prefer your advice on removing this program.

1. Download gmer.zip and unzip it to your desktop: right click on it, and choose "Extract All".

Run gmer.exe, select the Rootkit tab and click the "Scan" button.

Please copy/paste the report in your reply.

Please rename Hijackthis.exe to Alternative.exe
because some spyware can hide when a process named hijackthis.exe runs
After renaming post a new Hijackthislog

Unable to connect to the server at gmer.net. Tried from a couple of computers over a 2 hour period.......

mirror link:
http://www.majorgeeks.com/GMER_d5198.html

OK. This link worked. Ran GMER. Output follows. Then renamed HJT EXE file and ran it. Log follows GMER output below.

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2006-12-22 07:59:18
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT E1B2D250 ZwConnectPort
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE EEF2AC8A
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE EEF277C8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ EEF2360A
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE EEF23AED
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION EEF2E958
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION EEF31821
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA EEF3A38A
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA EEF39D49
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS EEF33BBE
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION EEF34331
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION EEF424F4
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL EEF2AB37
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL EEF26948
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL EEF3046B
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN EEF4179D
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL EEF40C4A
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP EEF272FD
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP EEF411DB
Device \FileSystem\Fastfat \Fat FastIoCheckIfPossible EEF3C1F9

---- EOF - GMER 1.0.12 ----

Logfile of HijackThis v1.99.1
Scan saved at 8:02:59 AM, on 12/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLServiceHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Greg\Desktop\Alternative.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://online.lycos.com/att/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin Wireless Network Monitor Utility (USB).lnk = C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://online.lycos.com/att/
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Hi user please do this:
Navigate to:

Start > Run

Type:
sc stop cmdService

Press Ok and go back to the run command box, type:
sc delete cmdService

Press Ok and go back to the run command box, type:
sc config cmdService start= disabled

Press Ok and reboot

After reboot please post a new Hijackthislog

Done. HJT Log follows:

Logfile of HijackThis v1.99.1
Scan saved at 4:51:48 PM, on 12/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLServiceHost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Greg\Desktop\Alternative.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://online.lycos.com/att/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin Wireless Network Monitor Utility (USB).lnk = C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://online.lycos.com/att/
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Ignor eralier HJT - I did not reboot before I ran it. Here's a n HJT after reboot. Also, I ran SpyBot again after the reboot. It found about 15-20 viruses, cleaned all of them except the CommandService files I described earlier. I think the problem is still there. Here's the HJT:

Logfile of HijackThis v1.99.1
Scan saved at 5:40:12 PM, on 12/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Greg\Desktop\Alternative.exe.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLServiceHost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\AOL\1125536195\ee\AOLServiceHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://online.lycos.com/att/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin Wireless Network Monitor Utility (USB).lnk = C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://online.lycos.com/att/
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Can you post the Spybot log?

Spybot log is too long to post in one reply. Here's the 1st half. Note Command Service problem is still there. When I attempt to immunize, it will clear ControlSet002 but not the other two. ContolSet002 reappears later, however.


--- Search result list ---
Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService

Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService

Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-11-16 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-12-29 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2006-12-29 Includes\DialerC.sbi (*)
2006-11-24 Includes\Hijackers.sbi (*)
2006-12-29 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2006-12-29 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-12-22 Includes\Malware.sbi (*)
2006-12-29 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-12-29 Includes\PUPSC.sbi (*)
2006-12-29 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2006-12-29 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-12-29 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-12-08 Includes\Trojans.sbi (*)
2006-12-29 Includes\TrojansC.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB890923
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player: Windows Media Update 817787
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB917734)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922760)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923694)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB925454)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)


--- Startup entries list ---
Located: HK_LM:Run, !AVG Anti-Spyware
command: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
file: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
size: 6266880
MD5: 01d90ae5dccbce0c7b52874fec35a608

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 66680
MD5: 371d2fa0dfeb9767b3cc7cae1ab21a5a

Located: HK_LM:Run, HostManager
command: C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
file: C:\Program Files\Common Files\AOL\1125536195\ee\AOLHostManager.exe
size: 159832
MD5: bd4cec11c8b9c1e2b1e60bd67b90eb40

Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 126976
MD5: e4cf942a4aea9d27c87f190f65e7d0f6

Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 155648
MD5: 093d3ee722542ba2e7ad929aa3ca6abc

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 229952
MD5: ceccc68b54e8e27c93dbede85f160c96

Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep.exe
size: 10752
MD5: 13922eb54890c77005268882629a31fe

Located: HK_LM:Run, mmtask
command: c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
file: c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
size: 53248
MD5: 3cf6c2e6547095578ca268b88640c274

Located: HK_LM:Run, PCMService
command: "C:\Program Files\Dell\Media Experience\PCMService.exe"
file: C:\Program Files\Dell\Media Experience\PCMService.exe
size: 204800
MD5: 3f22eaad167797f2de16fa7968593d59

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: d2c900031fd445b5464abb5629388be3

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
size: 36975
MD5: bd902d0d7ed7c2d5fc327567ce96b97c

Located: HK_LM:Run, vptray
command: C:\PROGRA~1\SYMANT~1\VPTray.exe
file: C:\PROGRA~1\SYMANT~1\VPTray.exe
size: 124128
MD5: 5972a3384ebceaeb99f4216e77ebed59

Located: HK_CU:Run, AIM
command: C:\Program Files\AIM\aim.exe -cnetwait.odl
file:

Located: HK_CU:Run, DellSupport
command: "C:\Program Files\Dell Support\DSAgnt.exe" /startup
file: C:\Program Files\Dell Support\DSAgnt.exe
size: 306688
MD5: cea4715092cb7984420dbc9f51fb4c35

Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0

Located: Startup (common), Belkin Wireless Network Monitor Utility (USB).lnk
command: C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
file: C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
size: 192512
MD5: 9fa9576f996d83740f4e2244251ef8c6

Located: Startup (common), Digital Line Detect.lnk
command: C:\Program Files\Digital Line Detect\DLG.exe
file: C:\Program Files\Digital Line Detect\DLG.exe
size: 24576
MD5: b66e56733e2cd6a10fda5919625fbf46

Located: Startup (common), Google Updater.lnk
command: C:\Program Files\Google\Google Updater\GoogleUpdater.exe
file: C:\Program Files\Google\Google Updater\GoogleUpdater.exe
size: 114616
MD5: 86b4eb00e9844fdc05a3c6f17b3beb69

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll

Located: System.ini, NavLogon
command: C:\WINDOWS\system32\NavLogon.dll
file: C:\WINDOWS\system32\NavLogon.dll
size: 83176
MD5: 55dc54c87fa324a4cd32b3b407307671

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 4/28/2005 11:30:50 AM
Date (last access): 12/29/2006 5:39:26 PM
Date (last write): 12/13/2006 7:20:28 PM
Filesize: 2133056
Attributes: readonly archive
MD5: 21DBD36987339A871211E4E0552FFB76
CRC32: 2D72F52D
Version: 4.0.1020.6156



--- ActiveX list ---


--- Process list ---
PID: 0 ( 0) [System]
PID: 372 ( 4) \SystemRoot\System32\smss.exe
PID: 756 ( 372) \??\C:\WINDOWS\system32\csrss.exe
PID: 780 ( 372) \??\C:\WINDOWS\system32\winlogon.exe
PID: 824 ( 780) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 836 ( 780) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 996 ( 824) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1052 ( 824) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1196 ( 824) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1264 ( 824) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1344 ( 824) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1716 ( 824) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
size: 242808
MD5: BD565B4456DBCE6E02182F35586FD5BF
PID: 1940 ( 824) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 255096
MD5: 08D26906C74805BEE8DECA4C7BE8C7F5
PID: 416 ( 824) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 584 ( 824) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
size: 204800
MD5: E8FBDCC8D618D1BB84B828F247A6244B
PID: 600 ( 824) C:\WINDOWS\system32\cisvc.exe
size: 5632
MD5: 3192BD04D032A9C4A85A3278C268A13A
PID: 620 ( 824) C:\Program Files\Symantec AntiVirus\DefWatch.exe
size: 29928
MD5: A3985A8DED49F67E3E25D2D2921B4DAC
PID: 680 ( 824) C:\Program Files\Symantec AntiVirus\SavRoam.exe
size: 169192
MD5: 40F6C7DD9228E62AA54F25DF23585634
PID: 1128 ( 824) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
size: 1221864
MD5: 91C4579E77ABDFAC02C16E0D0736123E
PID: 2016 ( 824) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 1024 ( 600) C:\WINDOWS\system32\cidaemon.exe
size: 8192
MD5: 582304F6F1946FA5068CF143D729D7ED
PID: 564 (1196) C:\WINDOWS\system32\wscntfy.exe
size: 13824
MD5: 49911DD39E023BB6C45E4E436CFBD297
PID: 1224 (1824) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1828 (1224) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 1604 (1828) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10MT1.EXE
size: 105984
MD5: EDBB6979778F415C3F59B6C92E181561
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 1/2/2007 6:57:33 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\@
www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.yahoo.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.dell4me.com/myway
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://online.lycos.com/att/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---


--- Uninstall list ---
3D Groove Playback Engine (3DGroove)
uninstall cmd: RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16

(ABBYY FineReader 5.0 Sprint)

Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

(AddressBook)

Adobe Download Manager 1.2 (Remove Only) (AdobeESD)
uninstall cmd: "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"

AOL Instant Messenger (AOL Instant Messenger)
uninstall cmd: C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=

AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
publisher: Grisoft Ltd.
help link: http://www.grisoft.com

(Branding)

Conexant D850 56K V.9x DFVc Modem (CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1)
uninstall cmd: C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf

(Connection Manager)

Dell Digital Jukebox Driver (Dell Digital Jukebox Driver)
uninstall cmd: C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s

Dell Support 5.0.0 (766) (DellSupport)
uninstall cmd: rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

EPSON Printer Software (EPSON Printer and Utilities)
uninstall cmd: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R

(Fontcore)

Google Updater 1.4.697.28342 (Google Updater)
uninstall cmd: "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
publisher: Google Inc.
help link: http://pack.google.com:80/pack-support?hl=en&gl=us

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\DOCUME~1\Greg\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

iPod for Windows 2005-09-23 4.3.0 (InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC})
version: 67305472
version (major): 4
version (minor): 3
estimated size: 54420
install date: 20051225
install location: C:\Program Files\iPod\
install source: C:\WINDOWS\Downloaded Installations\{B9C0ED57-3C59-4B31-9AE9-50E12D0357DD}\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
publisher: Apple Computer, Inc.
contact: AppleCare
help link: http://www.info.apple.com
readme: http://www.info.apple.com/support/downloads.html

Windows XP Hotfix - KB873333 20050114.005213 (KB873333)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873333

Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

Security Update for Windows XP (KB883939) 1 (KB883939)
install date: 20050618
uninstall cmd: "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=883939

(KB884016)

Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250

Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185

Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472

Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742

Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113

Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302

Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20050618
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046

Windows XP Hotfix - KB890175 20041201.233338 (KB890175)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890175

Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20050520
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859

Windows XP Hotfix - KB890923 1 (KB890923)
install date: 20050523
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890923

Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

Windows XP Hotfix - KB893066 1 (KB893066)
install date: 20050520
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066

Windows XP Hotfix - KB893086 1 (KB893086)
install date: 20050520
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893086

Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20050814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756

Windows Installer 3.1 (KB893803) 3.1 (KB893803)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Update for Windows XP (KB894391) 1 (KB894391)
install date: 20050814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391

Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20050618
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

Security Update for Windows XP (KB896422) 1 (KB896422)
install date: 20050618
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422

Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20050814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423

Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20051111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424

Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20050618
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428

Security Update for Windows XP (KB896688) 1 (KB896688)
install date: 20051022
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896688

Update for Windows XP (KB896727) 1 (KB896727)
install date: 20050814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896727

Security Update for Step By Step Interactive Training (KB898458) 20050502.101010 (KB898458)
install date: 20050618
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/898458

Update for Windows XP (KB898461) 1 (KB898461)
install date: 20050629
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20050814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587

Security Update for Windows XP (KB899588) 1 (KB899588)
install date: 20050814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899588

Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20050814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591

Update for Windows XP (KB900485) 2 (KB900485)
install date: 20060623
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485

Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20051022
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725

Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20051022
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017

Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20050721
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214

Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20051022
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400

Security Update for Windows XP (KB903235) 1 (KB903235)
install date: 20050721
uninstall cmd: "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=903235

Security Update for Windows XP (KB904706) 1 (KB904706)
install date: 20051022
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706

Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20051022
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414

Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20051022
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749

Security Update for Windows XP (KB905915) 1 (KB905915)
install date: 20051222
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905915

Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20060111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519

Security Update for Windows XP (KB908531) 1 (KB908531)
install date: 20060416
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531

Update for Windows XP (KB910437) 1 (KB910437)
install date: 20051222
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437

Update for Windows XP (KB911280) 2 (KB911280)
install date: 20060628
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911280

Security Update for Windows XP (KB911562) 1 (KB911562)
install date: 20060416
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562

Security Update for Windows XP (KB911567) 1 (KB911567)
install date: 20060416
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911567

Security Update for Windows XP (KB912812) 1 (KB912812)
install date: 20060416
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912812

Security Update for Windows XP (KB912919) 1 (KB912919)
install date: 20060107
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919

Security Update for Windows XP (KB913580) 1 (KB913580)
install date: 20060623
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913580

Security Update for Windows XP (KB914388) 1 (KB914388)
install date: 20060715
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914388

Security Update for Windows XP (KB914389) 1 (KB914389)
install date: 20060623
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914389

Security Update for Windows XP (KB916281) 1 (KB916281)
install date: 20060623
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916281

Update for Windows XP (KB916595) 1 (KB916595)
install date: 20060715
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916595

Security Update for Windows XP (KB917159) 1 (KB917159)
install date: 20060715
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917159

Security Update for Windows XP (KB917344) 1 (KB917344)
install date: 20060623
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917344

Security Update for Windows XP (KB917422) 1 (KB917422)
install date: 20060811
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917422

Security Update for Windows Media Player 9 (KB917734) (KB917734_WMP9)
install date: 20060623
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=917734

Security Update for Windows XP (KB917953) 1 (KB917953)
install date: 20060623
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917953

Security Update for Windows XP (KB918439) 1 (KB918439)
install date: 20060623
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918439

Security Update for Windows XP (KB918899) 1 (KB918899)
install date: 20060811
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918899

Security Update for Windows XP (KB919007) 1 (KB919007)
install date: 20060918
uninstall cmd: "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=919007

Security Update for Windows XP (KB920213) 1 (KB920213)
install date: 20061117
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920213

Security Update for Windows XP (KB920214) 1 (KB920214)
install date: 20060811
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920214

Security Update for Windows XP (KB920670) 1 (KB920670)
install date: 20060811
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920670

Security Update for Windows XP (KB920683) 1 (KB920683)
install date: 20060811
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920683

Security Update for Windows XP (KB920685) 1 (KB920685)
install date: 20060918
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920685

Update for Windows XP (KB920872) 1 (KB920872)
install date: 20060918
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920872

Security Update for Windows XP (KB921398) 1 (KB921398)
install date: 20060811
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921398

Security Update for Windows XP (KB921883) 1 (KB921883)
install date: 20060809
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921883

Update for Windows XP (KB922582) 1 (KB922582)
install date: 20060915
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922582

Security Update for Windows XP (KB922616) 1 (KB922616)
install date: 20060811
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922616

Security Update for Windows XP (KB922760) 1 (KB922760)
install date: 20061117
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922760

Security Update for Windows XP (KB922819) 1 (KB922819)
install date: 20061030
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922819

Security Update for Windows XP (KB923191) 1 (KB923191)
install date: 20061030
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923191

Security Update for Windows XP (KB923414) 1 (KB923414)
install date: 20061030
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923414

Security Update for Windows XP (KB923689) (KB923689)
install date: 20061215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923689

Security Update for Windows XP (KB923694) 1 (KB923694)
install date: 20061215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923694

Security Update for Windows XP (KB923980) 1 (KB923980)
install date: 20061117
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923980

Security Update for Windows XP (KB924191) 1 (KB924191)
install date: 20061030
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924191

Security Update for Windows XP (KB924270) 1 (KB924270)
install date: 20061117
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924270

Security Update for Windows XP (KB924496) 1 (KB924496)
install date: 20061030
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924496

Security Update for Windows Media Player 6.4 (KB925398) (KB925398_WMP64)
install date: 20061215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=925398

Security Update for Windows XP (KB925454) 1 (KB925454)
install date: 20061215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925454

Security Update for Windows XP (KB925486) 1 (KB925486)
install date: 20061030
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925486

Security Update for Windows XP (KB926255) 1 (KB926255)
install date: 20061215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926255

Lavasoft VX2 Cleaner (Lavasoft VX2 Cleaner)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\INSTALL.LOG

LimeWire 4.12.4 4.12.4 (LimeWire)
uninstall cmd: "C:\Program Files\LimeWire\uninstall.exe"
publisher: Lime Wire, LLC
help link: http://www.limewire.com/support

LiveUpdate 2.0 (Symantec Corporation) 2.0.39.0 (LiveUpdate)
install location: C:\Program Files\Symantec\LiveUpdate
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation

(Microsoft Interactive Training)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

(Microsoft NetShow Player 2.0)

(MobileOptionPack)

Mozilla Firefox (1.5.0.9) 1.5.0.9 (en-US) (Mozilla Firefox (1.5.0.9))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.9 (en-US)"
publisher: Mozilla

(MPlayer2)

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(MsJavaVM)

(NetMeeting)

(OutlookExpress)

Panda ActiveScan (Panda ActiveScan)
uninstall cmd: C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
publisher: Panda Software S.L.

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Picasa 2 2.0 (Picasa2)
uninstall cmd: "C:\Program Files\Picasa2\Uninstall.exe"
publisher: Google, Inc.
help link: http://www.picasa.com/

RealArcade (RealArcade 1.2)
uninstall cmd: C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2

(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

RealPlayer (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

(SchedulingAgent)

(Sevinst)

Shockwave (Shockwave)
uninstall cmd: C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\Install.log

(ShockwaveFlash)

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

SpywareBlaster v3.4 3.4.0 (SpywareBlaster_is1)
install location: C:\Program Files\SpywareBlaster\
uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
publisher: Javacool Software LLC

Learn2 Player (Uninstall Only) (StreetPlugin)
uninstall cmd: C:\Program Files\Learn2.com\StRunner\stuninst.exe

(UNZD1201USB)

(Viewpoint Manager)

(ViewpointMediaPlayer)

Windows Genuine Advantage Validation Tool (KB892130) 1.5.0530.0 (WGA)
install date: 20061029
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130

Windows XP Service Pack 2 20040803.231319 (Windows XP Service Pack)
uninstall cmd: C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=811113

XoftSpy (XoftSpy)
uninstall cmd: C:\Program Files\XoftSpy\uninstal

Here's the remainder of the SpyBot log:

Service (registry key): iPod Service
Display name: iPod Service
Description: iPod hardware management services
Object name: LocalSystem
Image path: "C:\Program Files\iPod\bin\iPodService.exe"
Image size: 451136
Image MD5: 216D2B5F6B9B81E5422E67416C7CE91C
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): IPSec
Display name: IPSEC driver
Description: IPSEC driver
Image path: System32\DRIVERS\ipsec.sys
Image size: 74752
Image MD5: 64537AA5C003A6AFEEE1DF819062D0D1
Start: 1
Type: 1
Error Control: 1

Service (registry key): IRENUM
Display name: IR Enumerator Service
Image path: System32\DRIVERS\irenum.sys
Image size: 11264
Image MD5: 50708DAA1B1CBB7D6AC1CF8F56A24410
Start: 3
Type: 1
Error Control: 1

Service (registry key): ISAPISearch
Start: 0
Type: 0
Error Control: 0

Service (registry key): isapnp
Display name: PnP ISA/EISA Bus Driver
Image path: System32\DRIVERS\isapnp.sys
Image size: 35840
Image MD5: E504F706CCB699C2596E9A3DA1596E87
Start: 0
Type: 1
Error Control: 3

Service (registry key): Kbdclass
Display name: Keyboard Class Driver
Image path: System32\DRIVERS\kbdclass.sys
Image size: 24576
Image MD5: EBDEE8A2EE5393890A1ACEE971C4C246
Start: 1
Type: 1
Error Control: 1

Service (registry key): kmixer
Display name: Microsoft Kernel Wave Audio Mixer
Image path: system32\drivers\kmixer.sys
Image size: 172416
Image MD5: BA5DEDA4D934E6288C2F66CAF58D2562
Start: 3
Type: 1
Error Control: 1

Service (registry key): KSecDD
Start: 0
Type: 1
Error Control: 1

Service (registry key): lanmanserver
Display name: Server
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): lanmanworkstation
Display name: Workstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): lbrtfdc
Start: 1
Type: 1
Error Control: 0

Service (registry key): ldap
Start: 0
Type: 0
Error Control: 0

Service (registry key): LicenseService
Start: 0
Type: 0
Error Control: 0

Service (registry key): LmHosts
Display name: TCP/IP NetBIOS Helper
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd

Service (registry key): mdmxsdk
Image path: System32\DRIVERS\mdmxsdk.sys
Image size: 11043
Image MD5: EEAEA6514BA7C9D273B5E87C4E1AAB30
Start: 2
Type: 1
Error Control: 0

Service (registry key): Messenger
Display name: Messenger
Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,NetBIOS,PlugPlay,RpcSS

Service (registry key): mnmdd
Start: 1
Type: 1
Error Control: 0

Service (registry key): mnmsrvc
Display name: NetMeeting Remote Desktop Sharing
Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\mnmsrvc.exe
Image size: 32768
Image MD5: F6415361201915B9FE3896B0E4E724FF
Start: 3
Type: 272
Error Control: 1

Service (registry key): Modem
Start: 3
Type: 1
Error Control: 0

Service (registry key): MODEMCSA
Display name: Unimodem Streaming Filter Device
Image path: system32\drivers\MODEMCSA.sys
Image size: 16128
Image MD5: 1992E0D143B09653AB0F9C5E04B0FD65
Start: 3
Type: 1
Error Control: 1

Service (registry key): Mouclass
Display name: Mouse Class Driver
Image path: System32\DRIVERS\mouclass.sys
Image size: 23040
Image MD5: 34E1F0031153E491910E12551400192C
Start: 1
Type: 1
Error Control: 1

Service (registry key): MountMgr
Display name: Mount Point Manager
Start: 0
Type: 1
Error Control: 1

Service (registry key): mraid35x
Display name: mraid35x
Image path: \SystemRoot\System32\DRIVERS\mraid35x.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): MRxDAV
Display name: WebDav Client Redirector
Description: WebDav Client Redirector
Image path: System32\DRIVERS\mrxdav.sys
Image size: 181248
Image MD5: 46EDCC8F2DB2F322C24F48785CB46366
Start: 3
Type: 2
Error Control: 1

Service (registry key): MRxSmb
Display name: MRXSMB
Description: MRXSMB
Image path: System32\DRIVERS\mrxsmb.sys
Image size: 453120
Image MD5: 025AF03CE51645C62F3B6907A7E2BE5E
Start: 1
Type: 2
Error Control: 1

Service (registry key): MSDTC
Display name: Distributed Transaction Coordinator
Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT Authority\NetworkService
Image path: C:\WINDOWS\System32\msdtc.exe
Image size: 6144
Image MD5: C7C3D89EB0A6F3DBA622EA737FA335B1
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS

Service (registry key): Msfs
Start: 1
Type: 2
Error Control: 1

Service (registry key): MSIServer
Display name: Windows Installer
Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\msiexec.exe /V
Image size: 78848
Image MD5: F5F0146580E7023ADB963879840777F8
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): MSKSSRV
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 7552
Image MD5: AE431A8DD3C1D0D0610CDBAC16057AD0
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPCLOCK
Display name: Microsoft Streaming Clock Proxy
Image path: system32\drivers\MSPCLOCK.sys
Image size: 5376
Image MD5: 13E75FEF9DFEB08EEDED9D0246E1F448
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPQM
Display name: Microsoft Streaming Quality Manager Proxy
Image path: system32\drivers\MSPQM.sys
Image size: 4992
Image MD5: 1988A33FF19242576C3D0EF9CE785DA7
Start: 3
Type: 1
Error Control: 1

Service (registry key): mssmbios
Display name: Microsoft System Management BIOS Driver
Image path: System32\DRIVERS\mssmbios.sys
Image size: 15488
Image MD5: 469541F8BFD2B32659D5D463A6714BCE
Start: 3
Type: 1
Error Control: 1

Service (registry key): Mup
Display name: Mup
Start: 0
Type: 2
Error Control: 1

Service (registry key): MxlW2k
Display name: MxlW2k
Start: 3
Type: 1
Error Control: 1

Service (registry key): NAVENG
Display name: NAVENG
Image path: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061227.017\naveng.sys
Image size: 80408
Image MD5: BD8898ECB2F507F6C029A8C7D94E944A
Start: 3
Type: 1
Error Control: 1

Service (registry key): NAVEX15
Display name: NAVEX15
Image path: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061227.017\navex15.sys
Image size: 833048
Image MD5: D294639BEF45A623B9B8C1F144A54C59
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDIS
Display name: NDIS System Driver
Start: 0
Type: 1
Error Control: 1

Service (registry key): NdisTapi
Display name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Image path: System32\DRIVERS\ndistapi.sys
Image size: 9600
Image MD5: 08D43BBDACDF23F34D79E44ED35C1B4C
Start: 3
Type: 1
Error Control: 1

Service (registry key): Ndisuio
Display name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Image path: System32\DRIVERS\ndisuio.sys
Image size: 12928
Image MD5: 34D6CD56409DA9A7ED573E1C90A308BF
Start: 3
Type: 1
Error Control: 1

Service (registry key): NdisWan
Display name: Remote Access NDIS WAN Driver
Description: Remote Access NDIS WAN Driver
Image path: System32\DRIVERS\ndiswan.sys
Image size: 91776
Image MD5: 0B90E255A9490166AB368CD55A529893
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDProxy
Start: 3
Type: 1
Error Control: 1

Service (registry key): NetBIOS
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: System32\DRIVERS\netbios.sys
Image size: 34560
Image MD5: 3A2ACA8FC1D7786902CA434998D7CEB4
Start: 1
Type: 2
Error Control: 1

Service (registry key): NetBT
Display name: NetBios over Tcpip
Description: NetBios over Tcpip
Image path: System32\DRIVERS\netbt.sys
Image size: 162816
Image MD5: 0C80E410CD2F47134407EE7DD19CC86B
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): NetDDE
Display name: Network DDE
Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: 05AFB5AD06462257BEA7495283C86D50
Start: 4
Type: 32
Error Control: 1
Depends On services: NetDDEDSDM

Service (registry key): NetDDEdsdm
Display name: Network DDE DSDM
Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: 05AFB5AD06462257BEA7495283C86D50
Start: 4
Type: 32
Error Control: 1

Service (registry key): Netlogon
Display name: Net Logon
Description: Supports pass-through authentication of account logon events for computers in a domain.
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): Netman
Display name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): Nla
Display name: Network Location Awareness (NLA)
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd

Service (registry key): Npfs
Start: 1
Type: 2
Error Control: 1

Service (registry key): Ntfs
Start: 4
Type: 2
Error Control: 1

Service (registry key): NtLmSsp
Display name: NT LM Security Support Provider
Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 3
Type: 32
Error Control: 1

Service (registry key): NtmsSvc
Display name: Removable Storage
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Null
Start: 1
Type: 1
Error Control: 1

Service (registry key): nv
Image path: System32\DRIVERS\nv4_mini.sys
Image size: 1897408
Image MD5: 2B298519EDBFCF451D43E0F1E8F1006D
Start: 3
Type: 1
Error Control: 0

Service (registry key): NwlnkFlt
Display name: IPX Traffic Filter Driver
Description: IPX Traffic Filter Driver
Image path: System32\DRIVERS\nwlnkflt.sys
Image size: 12416
Image MD5: B305F3FAD35083837EF46A0BBCE2FC57
Start: 3
Type: 1
Error Control: 1
Depends On services: NwlnkFwd

Service (registry key): NwlnkFwd
Display name: IPX Traffic Forwarder Driver
Description: IPX Traffic Forwarder Driver
Image path: System32\DRIVERS\nwlnkfwd.sys
Image size: 32512
Image MD5: C99B3415198D1AAB7227F2C88FD664B9
Start: 3
Type: 1
Error Control: 1

Service (registry key): omci
Display name: OMCI WDM Device Driver
Image path: System32\DRIVERS\omci.sys
Image size: 17217
Image MD5: 53D5F1278D9EDB21689BBBCECC09108D
Start: 1
Type: 1
Error Control: 1

Service (registry key): ose
Display name: Office Source Engine
Description: Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.
Object name: LocalSystem
Image path: C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
Image size: 89136
Image MD5: 7A56CF3E3F12E8AF599963B16F50FB6A
Start: 3
Type: 16
Error Control: 1

Service (registry key): Outlook
Start: 0
Type: 0
Error Control: 0

Service (registry key): P3
Display name: Intel PentiumIII Processor Driver
Image path: System32\DRIVERS\p3.sys
Image size: 42496
Image MD5: 3E16EFF2A6FED2D8D7F5A66DFE65D183
Start: 1
Type: 1
Error Control: 1

Service (registry key): Parport
Display name: Parallel port driver
Image path: System32\DRIVERS\parport.sys
Image size: 80128
Image MD5: 29744EB4CE659DFE3B4122DEB45BC478
Start: 3
Type: 1
Error Control: 1

Service (registry key): PartMgr
Display name: Partition Manager
Start: 0
Type: 1
Error Control: 1

Service (registry key): ParVdm
Start: 2
Type: 1
Error Control: 0
Depends On services: Parport
Depends On group: "Parallel arbitrator"

Service (registry key): PCI
Display name: PCI Bus Driver
Image path: System32\DRIVERS\pci.sys
Image size: 68224
Image MD5: 8086D9979234B603AD5BC2F5D890B234
Start: 0
Type: 1
Error Control: 3

Service (registry key): PCIDump
Start: 1
Type: 1
Error Control: 0

Service (registry key): PCIIde
Image path: System32\DRIVERS\pciide.sys
Image size: 3328
Image MD5: CCF5F451BB1A5A2A522A76E670000FF0
Start: 0
Type: 1
Error Control: 1

Service (registry key): Pcmcia
Start: 4
Type: 1
Error Control: 1

Service (registry key): PDCOMP
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDFRAME
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDRELI
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDRFRAME
Start: 3
Type: 1
Error Control: 0

Service (registry key): perc2
Display name: perc2
Image path: \SystemRoot\System32\DRIVERS\perc2.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): perc2hib
Display name: perc2hib
Image path: \SystemRoot\System32\DRIVERS\perc2hib.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): PerfDisk
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfNet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfOS
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfProc
Start: 0
Type: 0
Error Control: 0

Service (registry key): PlugPlay
Display name: Plug and Play
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 108032
Image MD5: C6CE6EEC82F187615D1002BB3BB50ED4
Start: 2
Type: 32
Error Control: 1

Service (registry key): PolicyAgent
Display name: IPSEC Services
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,Tcpip,IPSec

Service (registry key): PptpMiniport
Display name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Image path: System32\DRIVERS\raspptp.sys
Image size: 48384
Image MD5: 1C5CC65AAC0783C344F16353E60B72AC
Start: 3
Type: 1
Error Control: 1

Service (registry key): Processor
Display name: Processor Driver
Image path: System32\DRIVERS\processr.sys
Image size: 35328
Image MD5: 0D97D88720A4087EC93AF7DBB303B30A
Start: 1
Type: 1
Error Control: 1

Service (registry key): ProtectedStorage
Display name: Protected Storage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): PSched
Display name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Image path: System32\DRIVERS\psched.sys
Image size: 69120
Image MD5: 48671F327553DCF1D27F6197F622A668
Start: 3
Type: 1
Error Control: 1
Depends On services: Gpc

Service (registry key): Ptilink
Display name: Direct Parallel Link Driver
Description: Direct Parallel Link Driver
Image path: System32\DRIVERS\ptilink.sys
Image size: 17792
Image MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD
Start: 3
Type: 1
Error Control: 1

Service (registry key): PxHelp20
Display name: PxHelp20
Image path: System32\Drivers\PxHelp20.sys
Image size: 36560
Image MD5: F7BB4E7A7C02AB4A2672937E124E306E
Start: 0
Type: 1
Error Control: 1

Service (registry key): ql1080
Display name: ql1080
Image path: \SystemRoot\System32\DRIVERS\ql1080.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): Ql10wnt
Display name: Ql10wnt
Image path: \SystemRoot\System32\DRIVERS\ql10wnt.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql12160
Display name: ql12160
Image path: \SystemRoot\System32\DRIVERS\ql12160.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql1240
Display name: ql1240
Image path: \SystemRoot\System32\DRIVERS\ql1240.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql1280
Display name: ql1280
Image path: \SystemRoot\System32\DRIVERS\ql1280.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): RasAcd
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: System32\DRIVERS\rasacd.sys
Image size: 8832
Image MD5: FE0D99D6F31E4FAD8159F690D68DED9C
Start: 1
Type: 1
Error Control: 1

Service (registry key): RasAuto
Display name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RasMan,Tapisrv

Service (registry key): Rasl2tp
Display name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Image path: System32\DRIVERS\rasl2tp.sys
Image size: 51328
Image MD5: 98FAEB4A4DCF812BA1C6FCA4AA3E115C
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasMan
Display name: Remote Access Connection Manager
Description: Creates a network connection.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: Tapisrv

Service (registry key): RasPppoe
Display name: Remote Access PPPOE Driver
Description: Remote Access PPPOE Driver
Image path: System32\DRIVERS\raspppoe.sys
Image size: 41472
Image MD5: 7306EEED8895454CBED4669BE9F79FAA
Start: 3
Type: 1
Error Control: 1

Service (registry key): Raspti
Display name: Direct Parallel
Description: Direct Parallel
Image path: System32\DRIVERS\raspti.sys
Image size: 16512
Image MD5: FDBB1D60066FCFBB7452FD8F9829B242
Start: 3
Type: 1
Error Control: 1

Service (registry key): Rdbss
Display name: Rdbss
Description: Rdbss
Image path: System32\DRIVERS\rdbss.sys
Image size: 174592
Image MD5: 03B965B1CA47F6EF60EB5E51CB50E0AF
Start: 1
Type: 2
Error Control: 1

Service (registry key): RDPCDD
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 4224
Image MD5: 4912D5B403614CE99C28420F75353332
Start: 1
Type: 1
Error Control: 0

Service (registry key): RDPDD
Start: 0
Type: 0
Error Control: 0

Service (registry key): rdpdr
Display name: Terminal Server Device Redirector Driver
Image path: System32\DRIVERS\rdpdr.sys
Image size: 196864
Image MD5: A2CAE2C60BC37E0751EF9DDA7CEAF4AD
Start: 3
Type: 1
Error Control: 1

Service (registry key): RDPNP
Start: 0
Type: 0
Error Control: 0

Service (registry key): RDPWD
Start: 3
Type: 1
Error Control: 0

Service (registry key): RDSessMgr
Display name: Remote Desktop Help Session Manager
Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\sessmgr.exe
Image size: 140800
Image MD5: 729798E0933076B8FCFCD9934698F164
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): redbook
Display name: Digital CD Audio Playback Filter Driver
Image path: System32\DRIVERS\redbook.sys
Image size: 57472
Image MD5: B31B4588E4086D8D84ADBF9845C2402B
Start: 1
Type: 1
Error Control: 1

Service (registry key): RemoteAccess
Display name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSS
Depends On group: NetBIOSGroup

Service (registry key): RpcLocator
Display name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\locator.exe
Image size: 75264
Image MD5: 793F04A09B15E7C6C11DBDFFAF06C0AB
Start: 3
Type: 16
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): RpcSs
Display name: Remote Procedure Call (RPC)
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\svchost -k rpcss
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): RSVP
Display name: QoS RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Object name: LocalSystem
Image path: %SystemRoot%\System32\rsvp.exe
Image size: 132608
Image MD5: 471B3F9741D762ABE75E9DEEA4787E47
Start: 3
Type: 16
Error Control: 1
Depends On services: TcpIp,Afd,RpcSs

Service (registry key): SamSs
Display name: Security Accounts Manager
Description: Stores security information for local user accounts.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): SavRoam
Display name: SAVRoam
Description: Symantec AntiVirus Roaming Service
Object name: LocalSystem
Image path: "C:\Program Files\Symantec AntiVirus\SavRoam.exe"
Image size: 169192
Image MD5: 40F6C7DD9228E62AA54F25DF23585634
Start: 2
Type: 16
Error Control: 0

Service (registry key): SAVRT
Display name: SAVRT
Image path: \??\C:\Program Files\Symantec AntiVirus\savrt.sys
Image size: 301200
Image MD5: C8023BE4DDA22A52CD2F60D9CB9B3985
Start: 1
Type: 1
Error Control: 1
Depends On services: SAVRTPEL

Service (registry key): SAVRTPEL
Display name: SAVRTPEL
Image path: \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
Image size: 37008
Image MD5: 30547FD7692DC799A0B397B2B918A158
Start: 2
Type: 1
Error Control: 1

Service (registry key): SCardSvr
Display name: Smart Card
Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\SCardSvr.exe
Image size: 95744
Image MD5: 25D8DE134DF108E3DBC8D7D23B1AA58E
Start: 3
Type: 32
Error Control: 0
Depends On services: PlugPlay

Service (registry key): Schedule
Display name: Task Scheduler
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): ScsiPort
Image path: %SystemRoot%\system32\drivers\scsiport.sys
Image size: 96256
Image MD5: D7FD0FF761E28AC0EA35AD71E0CD67E9
Start: 0
Type: 0
Error Control: 0

Service (registry key): Secdrv
Display name: Secdrv
Description: SafeDisc driver
Image path: System32\DRIVERS\secdrv.sys
Image size: 12464
Image MD5: 890CADA2AB7ACF53A5F9CCE7515522A2
Start: 2
Type: 1
Error Control: 1

Service (registry key): seclogon
Display name: Secondary Logon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 288
Error Control: 0

Service (registry key): SENS
Display name: System Event Notification
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem

Service (registry key): serenum
Display name: Serenum Filter Driver
Image path: System32\DRIVERS\serenum.sys
Image size: 15488
Image MD5: A2D868AEEFF612E70E213C451A70CAFB
Start: 3
Type: 1
Error Control: 1

Service (registry key): Serial
Display name: Serial port driver
Image path: System32\DRIVERS\serial.sys
Image size: 64896
Image MD5: CD9404D115A00D249F70A371B46D5A26
Start: 1
Type: 1
Error Control: 0

Service (registry key): Sfloppy
Start: 1
Type: 1
Error Control: 0
Depends On group: "SCSI miniport"

Service (registry key): SharedAccess
Display name: Windows Firewall/Internet Connection Sharing (ICS)
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Netman,WinMgmt

Service (registry key): ShellHWDetection
Display name: Shell Hardware Detection
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): Simbad
Start: 4
Type: 1
Error Control: 1

Service (registry key): sisagp
Display name: SIS AGP Bus Filter
Image path: \SystemRoot\System32\DRIVERS\sisagp.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): smwdm
Image path: system32\drivers\smwdm.sys
Image size: 591808
Image MD5: 99A9E1EF62F955C82A5001AC94B4B77B
Start: 3
Type: 1
Error Control: 1

Service (registry key): SNDSrvc
Display name: Symantec Network Drivers Service
Description: Symantec Network Drivers Service
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
Image size: 193760
Image MD5: E6D3841A12FACE16E2EBA24E714CA203
Start: 3
Type: 16
Error Control: 0

Service (registry key): SONYPVU1
Display name: Sony USB Filter Driver (SONYPVU1)
Image path: System32\DRIVERS\SONYPVU1.SYS
Image size: 7552
Image MD5: A1ECEEAA5C5E74B2499EB51D38185B84
Start: 3
Type: 1
Error Control: 1

Service (registry key): Sparrow
Display name: Sparrow
Image path: \SystemRoot\System32\DRIVERS\sparrow.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): splitter
Display name: Microsoft Kernel Audio Splitter
Image path: system32\drivers\splitter.sys
Image size: 6400
Image MD5: 0CE218578FFF5F4F7E4201539C45C78F
Start: 3
Type: 1
Error Control: 1

Service (registry key): Spooler
Display name: Print Spooler
Description: Loads files to memory for later printing.
Object name: LocalSystem
Image path: %SystemRoot%\system32\spoolsv.exe
Image size: 57856
Image MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS

Service (registry key): sr
Display name: System Restore Filter Driver
Image path: System32\DRIVERS\sr.sys
Image size: 73472
Image MD5: E41B6D037D6CD08461470AF04500DC24
Start: 0
Type: 2
Error Control: 1

Service (registry key): srservice
Display name: System Restore Service
Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Srv
Display name: Srv
Description: Srv
Image path: System32\DRIVERS\srv.sys
Image size: 332928
Image MD5: EA554A3FFC3F536FE8320EB38F5E4843
Start: 3
Type: 2
Error Control: 1

Service (registry key): SSDPSRV
Display name: SSDP Discovery Service
Description: Enables discovery of UPnP devices on your home network.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP

Service (registry key): stisvc
Display name: Windows Image Acquisition (WIA)
Description: Provides image acquisition services for scanners and cameras.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k imgsvc
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): swenum
Display name: Software Bus Driver
Image path: System32\DRIVERS\swenum.sys
Image size: 4352
Image MD5: 03C1BAE4766E2450219D20B993D6E046
Start: 3
Type: 1
Error Control: 1

Service (registry key): swmidi
Display name: Microsoft Kernel GS Wavetable Synthesizer
Image path: system32\drivers\swmidi.sys
Image size: 54272
Image MD5: 94ABC808FC4B6D7D2BBF42B85E25BB4D
Start: 3
Type: 1
Error Control: 1

Service (registry key): SwPrv
Display name: MS Software Shadow Copy Provider
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\dllhost.exe /Processid:{F79A1568-D6C5-4C69-A086-936CF52DBBE3}
Image size: 5120
Image MD5: DD87DB7387B9EB441C5674888A0D840C
Start: 3
Type: 16
Error Control: 0
Depends On services: rpcss

Service (registry key): swwd
Start: 0
Type: 0
Error Control: 0

Service (registry key): Symantec AntiVirus
Display name: Symantec AntiVirus
Description: Provides real-time virus scanning, reporting, and management functionality for Symantec AntiVirus.
Object name: LocalSystem
Image path: "C:\Program Files\Symantec AntiVirus\Rtvscan.exe"
Image size: 1221864
Image MD5: 91C4579E77ABDFAC02C16E0D0736123E
Start: 2
Type: 272
Error Control: 0

Service (registry key): symc810
Display name: symc810
Image path: \SystemRoot\System32\DRIVERS\symc810.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): symc8xx
Display name: symc8xx
Image path: \SystemRoot\System32\DRIVERS\symc8xx.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): SymEvent
Image path: \??\C:\Program Files\Symantec\SYMEVENT.SYS
Image size: 82832
Image MD5: 42123611A49C33536AB29BDD852A9F5E
Start: 3
Type: 1
Error Control: 1

Service (registry key): SYMREDRV
Image path: \SystemRoot\System32\Drivers\SYMREDRV.SYS
Start: 3
Type: 1
Error Control: 0

Service (registry key): SYMTDI
Display name: SYMTDI
Image path: \SystemRoot\System32\Drivers\SYMTDI.SYS
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): sym_hi
Display name: sym_hi
Image path: \SystemRoot\System32\DRIVERS\sym_hi.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): sym_u3
Display name: sym_u3
Image path: \SystemRoot\System32\DRIVERS\sym_u3.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): sysaudio
Display name: Microsoft Kernel System Audio Device
Image path: system32\drivers\sysaudio.sys
Image size: 60800
Image MD5: 650AD082D46BAC0E64C9C0E0928492FD
Start: 3
Type: 1
Error Control: 1

Service (registry key): SysmonLog
Display name: Performance Logs and Alerts
Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\smlogsvc.exe
Image size: 89600
Image MD5: 8B54AA346D1B1B113FFAA75501B8B1B2
Start: 3
Type: 16
Error Control: 1

Service (registry key): TapiSrv
Display name: Telephony
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): Tcpip
Display name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Image path: System32\DRIVERS\tcpip.sys
Image size: 359808
Image MD5: 1DBF125862891817F374F407626967F4
Start: 1
Type: 1
Error Control: 1
Depends On services: IPSec

Service (registry key): TDPIPE
Start: 3
Type: 1
Error Control: 0

Service (registry key): TDTCP
Start: 3
Type: 1
Error Control: 0

Service (registry key): TermDD
Display name: Terminal Device Driver
Image path: System32\DRIVERS\termdd.sys
Image size: 40840
Image MD5: A540A99C281D933F3D69D55E48727F47
Start: 1
Type: 1
Error Control: 1

Service (registry key): TermService
Display name: Terminal Services
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost -k DComLaunch
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): Themes
Display name: Themes
Description: Provides user experience theme management.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): TosIde
Display name: TosIde
Image path: \SystemRoot\System32\DRIVERS\toside.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): TrkWks
Display name: Distributed Link Tracking Client
Description: Maintains links between NTFS files within a computer or across computers in a network domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): TSDDD
Start: 0
Type: 0
Error Control: 0

Service (registry key): Udfs
Start: 4
Type: 2
Error Control: 1

Service (registry key): ultra
Display name: ultra
Image path: \SystemRoot\System32\DRIVERS\ultra.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): Update
Display name: Microcode Update Driver
Image path: System32\DRIVERS\update.sys
Image size: 209408
Image MD5: AFF2E5045961BBC0A602BB6F95EB1345
Start: 3
Type: 1
Error Control: 1

Service (registry key): upnphost
Display name: Universal Plug and Play Device Host
Description: Provides support to host Universal Plug and Play devices.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: SSDPSRV,HTTP

Service (registry key): UPS
Display name: Uninterruptible Power Supply
Description: Manages an uninterruptible power supply (UPS) connected to the computer.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\ups.exe
Image size: 18432
Image MD5: 3F5DF65B0758675F95A2D43918A740A3
Start: 3
Type: 16
Error Control: 1

Service (registry key): usbehci
Display name: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
Image path: System32\DRIVERS\usbehci.sys
Image size: 26624
Image MD5: 15E993BA2F6946B2BFBBFCD30398621E
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbhub
Display name: USB2 Enabled Hub
Image path: System32\DRIVERS\usbhub.sys
Image size: 57600
Image MD5: C72F40947F92CEA56A8FB532EDF025F1
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbprint
Display name: Microsoft USB PRINTER Class
Image path: System32\DRIVERS\usbprint.sys
Image size: 25856
Image MD5: A42369B7CD8886CD7C70F33DA6FCBCF5
Start: 3
Type: 1
Error Control: 1

Service (registry key): USBSTOR
Display name: USB Mass Storage Driver
Image path: System32\DRIVERS\USBSTOR.SYS
Image size: 26496
Image MD5: 6CD7B22193718F1D17A47A1CD6D37E75
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbuhci
Display name: Microsoft USB Universal Host Controller Miniport Driver
Image path: System32\DRIVERS\usbuhci.sys
Image size: 20480
Image MD5: F8FD1400092E23C8F2F31406EF06167B
Start: 3
Type: 1
Error Control: 1

Service (registry key): VgaSave
Display name: VGA Display Controller.
Description: Controls the VGA display adapter to provide basic display capabilities.
Image path: \SystemRoot\System32\drivers\vga.sys
Start: 1
Type: 1
Error Control: 0

Service (registry key): viaagp
Display name: VIA AGP Bus Filter
Image path: \SystemRoot\System32\DRIVERS\viaagp.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): ViaIde
Display name: ViaIde
Image path: \SystemRoot\System32\DRIVERS\viaide.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): VolSnap
Start: 0
Type: 1
Error Control: 1

Service (registry key): VSS
Display name: Volume Shadow Copy
Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\vssvc.exe
Image size: 289792
Image MD5: 3EE00364AE0FD8D604F46CBAF512838A
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): w32time
Display name: Windows Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): W3SVC
Start: 0
Type: 0
Error Control: 0

Service (registry key): Wanarp
Display name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Image path: System32\DRIVERS\wanarp.sys
Image size: 34560
Image MD5: 984EF0B9788ABF89974CFED4BFBAACBC
Start: 3
Type: 1
Error Control: 1

Service (registry key): wanatw
Display name: WAN Miniport (ATW)
Image path: System32\DRIVERS\wanatw4.sys
Start: 3
Type: 1
Error Control: 1

Service (registry key): WDICA
Start: 3
Type: 1
Error Control: 0

Service (registry key): wdmaud
Display name: Microsoft WINMM WDM Audio Compatibility Driver
Image path: system32\drivers\wdmaud.sys
Image size: 82944
Image MD5: EFD235CA22B57C81118C1AEB4798F1C1
Start: 3
Type: 1
Error Control: 1

Service (registry key): WebClient
Display name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: MRxDAV

Service (registry key): winachsf
Image path: System32\DRIVERS\HSF_CNXT.sys
Image size: 680704
Image MD5: F59ED5A43B988A18EF582BB07B2327A7
Start: 3
Type: 1
Error Control: 0

Service (registry key): winmgmt
Display name: Windows Management Instrumentation
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS,Eventlog

Service (registry key): Winsock
Start: 3
Type: 4
Error Control: 1

Service (registry key): WinSock2
Start: 0
Type: 0
Error Control: 0

Service (registry key): WinTrust
Start: 0
Type: 0
Error Control: 0

Service (registry key): WmdmPmSN
Display name: Portable Media Serial Number Service
Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1

Service (registry key): Wmi
Start: 0
Type: 0
Error Control: 0

Service (registry key): WmiApRpl
Start: 0
Type: 0
Error Control: 0

Service (registry key): WmiApSrv
Display name: WMI Performance Adapter
Description: Provides performance library information from WMI HiPerf providers.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\wbem\wmiapsrv.exe
Image size: 126464
Image MD5: BA8CECC3E813E1F7C441B20393D4F86C
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): wscsvc
Display name: Security Center
Description: Monitors system security settings and configurations.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,winmgmt

Service (registry key): wuauserv
Display name: Automatic Updates
Description: Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): WZCSVC
Display name: Wireless Zero Configuration
Description: Provides automatic configuration for the 802.11 adapters
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio

Service (registry key): xmlprov
Display name: Network Provisioning Service
Description: Manages XML configuration files on a domain basis for automatic network provisioning.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): ZDNDIS5
Display name: ZDNDIS5 Protocol Driver
Image path: \??\C:\WINDOWS\System32\ZDNDIS5.SYS
Image size: 16157
Image MD5: 400D51F003643E5399D5AAC6A93B813E
Start: 3
Type: 1
Error Control: 1

Service (registry key): {214B92E3-C145-4026-9CF0-6192506E2466}
Start: 0
Type: 0
Error Control: 0

Service (registry key): {2E4445EF-E3BD-4FB7-874B-FB837D6A4D89}

When I reread the log I noticed the first copy of SpyBot log got clipped. Here's the missing middle section of the log:


XoftSpy (XoftSpy)
uninstall cmd: C:\Program Files\XoftSpy\uninstall.exe

Zoo Tycoon: Complete Collection (Zoo Tycoon 1.0)
uninstall cmd: "C:\Program Files\Microsoft Games\Zoo Tycoon\UNINSTAL.EXE" /runtemp /addremove

Adobe Photoshop Album 2.0 Starter Edition 2.00.100 ({11B569C2-4BF6-4ED0-9D17-A4273943CB24})
version: 33554532
version (major): 2
estimated size: 15645
install date: 20041119
install source: C:\WINDOWS\Downloaded Installations\{574598EF-8D3C-45D3-85AE-E15F91F27985}\
uninstall cmd: MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
publisher: Adobe Systems, Inc.
readme: C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\readme.txt

Dell Solution Center 1.00.0000 ({11F1920A-56A2-4642-B6E0-3B31A12C9288})
version: 16777216
version (major): 1
install date: 20040122
uninstall cmd: MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
publisher: Dell
help link: http://www.support.dell.com
help telephone: http://www.support.dell.com

Mathathon 1.00.0000 ({1C118C8D-DB12-4DBE-8F0A-2FAE4393C86E})
version: 16777216
version (major): 1
estimated size: 70617
install date: 20041214
install source: D:\
publisher: St. Jude Childrens' Research Hospital
comments: None
contact: None
help link: http://www.mathathon.org
help telephone: None
readme: Readme.txt

Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

Dell Media Experience ({2637C347-9DAD-11D6-9EA2-00055D0CA761})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall

Google Toolbar for Firefox 2.1.20060807 ({2CCBABCB-6427-4A55-B091-49864623C43F})
version: 20060807
version (major): 2
version (minor): 1
estimated size: 980
install date: 20061030
install source: C:\DOCUME~1\Greg\LOCALS~1\Temp\GGSE.tmp\
uninstall cmd: MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
publisher: Google

J2SE Runtime Environment 5.0 Update 3 1.5.0.30 ({3248F0A8-6813-11D6-A77B-00B0D0150030})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 120681
install date: 20060801
install source: http://java.sun.com/webapps/download/GetFi...7/windows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_03\README.txt

WebFldrs XP 9.50.6513 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154278257
version (major): 9
version (minor): 50
estimated size: 2508
install date: 20020903
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

Internet Explorer Default Page 1.00.03 ({35BDEFF1-A610-4956-A00D-15453C116395})
version: 16777219
version (major): 1
install date: 20040509
uninstall cmd: MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
publisher: Dell Inc.
comments: Your Comments
contact: Customer Support Department
help link: http://support.dell.com
help telephone: 0

Google Earth 4.0.2693 ({3DE5E7D4-7B88-403C-A3FD-2017A8240C5B})
version: 67111557
install date: 20061221
install location: C:\Program Files\Google\Google Earth
install source: C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\TMODGFYO\GoogleEarthWin[1].exe
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
publisher: Google

NetWaiting 2.5.12 ({3F92ABBB-6BBF-11D5-B229-002078017FBF})
version (major): 2
version (minor): 5
install location: C:\Program Files\NetWaiting
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
publisher: BVRP Software, Inc

MUSICMATCH® Jukebox ({45EBDA59-D33B-433A-956E-B2F236468B56})
uninstall cmd: C:\PROGRA~1\MUSICM~1\MUSICM~2\unmatch.exe

Banctec Service Agreement 1.00.0005 ({4B9F45E8-E3CE-40B4-9463-80A9B3481DEF})
version: 16777221
version (major): 1
install date: 20040509
publisher: Dell
comments: Go to http://support.dell.com.
contact: Dell Support
help link: http://support.dell.com
help telephone: 0

WordPerfect Office 11 11.0 ({54F90B55-BEB3-4F0D-8802-228822FA5921})
version: 184549376
version (major): 11
install date: 20040122
install location: c:\Program Files\WordPerfect Office 11\
uninstall cmd: MsiExec.exe /I{54F90B55-BEB3-4F0D-8802-228822FA5921}
publisher: Corel Corporation
comments:
contact: Corel Customer Service
help link: http://www.corel.com
help telephone: U.S. 1-800-772-6735 Outside U.S. 1-800-267-35127
readme: c:\Program Files\WordPerfect Office 11\Readme.htm

QuickTime 7.1.3.130 ({55BF0E5F-EA8E-4C13-A8B4-9E4857F5A2DE})
version: 117506051
version (major): 7
version (minor): 1
estimated size: 71795
install date: 20061029
install location: C:\Program Files\QuickTime\
install source: C:\DOCUME~1\Greg\LOCALS~1\Temp\IXP403.TMP\
uninstall cmd: MsiExec.exe /I{55BF0E5F-EA8E-4C13-A8B4-9E4857F5A2DE}
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

iTunes 7.0.1.8 ({5878FF02-3B8F-4309-B4E5-0D3DB6F2E8E6})
version: 117440513
version (major): 7
estimated size: 48669
install date: 20061029
install location: C:\Program Files\iTunes\
install source: C:\DOCUME~1\Greg\LOCALS~1\Temp\IXP403.TMP\
uninstall cmd: MsiExec.exe /I{5878FF02-3B8F-4309-B4E5-0D3DB6F2E8E6}
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

Dell Networking Guide 1.00.0001 ({68D60342-7686-45C9-B8EB-40EF843D0460})
version: 16777217
version (major): 1
install date: 20040509
publisher: Dell
comments: Go to http://support.dell.com.
contact: Dell Support
help link: http://support.dell.com
help telephone: 0
readme: 0

Java 2 Runtime Environment, SE v1.4.2 1.4.2 ({7148F0A8-6813-11D6-A77B-00B0D0142000})
version: 17039362
version (major): 1
version (minor): 4
estimated size: 86372
install date: 20040509
install source: C:\Documents and Settings\Owner\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142000}\
uninstall cmd: MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
publisher: Sun Microsystems, Inc.
comments: http://www.java.com
contact: http://www.java.com
help link: http://www.java.com
help telephone: http://www.java.com
readme: Readme.txt

Modem Helper 2.25 ({7F142D56-3326-11D5-B229-002078017FBF})
install location: C:\Program Files\Modem Helper
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
publisher: BVRP Software

Jasc Paint Shop Pro 8 Dell Edition 8.10.0000 ({81A34902-9D0B-4920-A25C-4CDC5D14B328})
version: 134873088
version (major): 8
version (minor): 10
install date: 20040509
uninstall cmd: MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
publisher: Jasc Software Inc
comments: Jasc Software Inc Paint Shop Pro 8
contact: Customer Support Department
help link: http://www.jasc.com/support2.asp
help telephone: (952) 930-9171

Pharaoh and Cleopatra ({821DABD6-26F2-49E5-AE55-40A589ADBE6D})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{821DABD6-26F2-49E5-AE55-40A589ADBE6D}\Setup.exe"

Symantec AntiVirus 9.0.0.338 ({848AC794-8B81-440A-81AE-6474337DB527})
version: 150994944
version (major): 9
estimated size: 38964
install date: 20051222
install location: C:\Program Files\Symantec AntiVirus\
install source: C:\DOCUME~1\Greg\LOCALS~1\Temp\SYMWINST\SCS\webinst\
uninstall cmd: MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
publisher: Symantec Corporation
comments: Thank you for using Symantec security products.
contact: Technical Support
help link: http://www.symantec.com/techsupp
help telephone: 1 (800) 721-3934

Intel® Extreme Graphics Driver ({8A708DD8-A5E6-11D4-A706-000629E95E20})
uninstall cmd: RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562

Help and Support Customization 1.00.0000 ({90D55A3F-1D99-4C94-A77E-46DC14F0BF08})
version: 16777216
version (major): 1
install date: 20040122
publisher: Dell
contact: http://www.support.dell.com
help link: http://www.support.dell.com
help telephone: http://www.support.dell.com
readme: 0

Microsoft Office Standard Edition 2003 11.0.6361.0 ({91120409-6000-11D3-8CFE-0150048383C9})
version: 184555737
version (major): 11
estimated size: 255339
install date: 20041119
install source: C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\
uninstall cmd: MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\OFFICE11\1033\OFREADME.HTM

Belkin Wireless Network Monitor Utility and Driver (USB) 1.00.3D02.1b ({99696302-30F0-4A9B-B0CC-90385FAE90AF})
version: 16777219
install location: C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99696302-30F0-4A9B-B0CC-90385FAE90AF}\Setup.exe" -l0x9

Adobe Reader 7.0.8 7.0.8 ({AC76BA86-7AD7-1033-7B44-A70800000002})
version: 117440520
version (major): 7
estimated size: 66675
install date: 20061029
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig708\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm

DA920EN 1.0.0.0 ({C1E5DF32-8248-4347-908C-E030EDAE4368})
version: 16777216
version (major): 1
estimated size: 24482
install date: 20040509
install source: C:\DELL\T0625\
uninstall cmd: MsiExec.exe /X{C1E5DF32-8248-4347-908C-E030EDAE4368}
publisher: Dell

Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 37963
install date: 20040509
install source: C:\DELL\6w650\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

Jasc Paint Shop Photo Album 4.0.3 ({CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0})
version: 67108867
version (major): 4
install date: 20040509
uninstall cmd: MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
publisher: Jasc Software, Inc.
comments:
contact: Customer Support Department
help link: http://www.jasc.com
help telephone: (952) 930 - 9171
readme: readme.html

ABBYY FineReader 5.0 Sprint 5.0.482.3421 ({D1696920-9794-4BBC-8A30-7A88763DE5A2})
version: 83886562
version (major): 5
install date: 20040509
uninstall cmd: MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
publisher: ABBYY Software House
contact: support@abbyy.com
help link: http://www.abbyy.com/support
help telephone: +7 (095) 234 44 00

iPod for Windows 2005-09-23 4.3.0 ({D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC})
version: 67305472
version (major): 4
version (minor): 3
estimated size: 54420
install date: 20051225
install location: C:\Program Files\iPod\
install source: C:\WINDOWS\Downloaded Installations\{B9C0ED57-3C59-4B31-9AE9-50E12D0357DD}\
publisher: Apple Computer, Inc.
contact: AppleCare
help link: http://www.info.apple.com
readme: http://www.info.apple.com/support/downloads.html

Digital Line Detect 1.10 ({E646DCF0-5A68-11D5-B229-002078017FBF})
version (major): 1
version (minor): 10
install location: C:\Program Files\Digital Line Detect
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
publisher: BVRP Software, Inc

Banctec Service Agreement 1.00.00 ({FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B})
version: 16777216
version (major): 1
install date: 20040122
publisher: Dell
comments: Go to http://support.dell.com.
contact: Dell Support
help link: http://support.dell.com
help telephone: 0



--- System Services ---
Service (registry key): .NET CLR Data
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NETFramework
Start: 0
Type: 0
Error Control: 0

Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0

Service (registry key): abp480n5
Display name: abp480n5
Image path: \SystemRoot\System32\DRIVERS\ABP480N5.SYS
Start: 4
Type: 1
Error Control: 1

Service (registry key): ACPI
Display name: Microsoft ACPI Driver
Image path: System32\DRIVERS\ACPI.sys
Image size: 187776
Image MD5: A10C7534F7223F4A73A948967D00E69B
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu160m
Display name: adpu160m
Image path: \SystemRoot\System32\DRIVERS\adpu160m.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): aeaudio
Image path: system32\drivers\aeaudio.sys
Image size: 4816
Image MD5: 11C04B17ED2ABBB4833694BCD644AC90
Start: 3
Type: 1
Error Control: 1

Service (registry key): aec
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Image size: 142464
Image MD5: 1EE7B434BA961EF845DE136224C30FEC
Start: 3
Type: 1
Error Control: 1

Service (registry key): AFD
Display name: AFD Networking Support Environment
Description: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): agp440
Display name: Intel AGP Bus Filter
Image path: \SystemRoot\System32\DRIVERS\agp440.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): agpCPQ
Display name: Compaq AGP Bus Filter
Image path: \SystemRoot\System32\DRIVERS\agpCPQ.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): Aha154x
Display name: Aha154x
Image path: \SystemRoot\System32\DRIVERS\aha154x.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78u2
Display name: aic78u2
Image path: \SystemRoot\System32\DRIVERS\aic78u2.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78xx
Display name: aic78xx
Image path: \SystemRoot\System32\DRIVERS\aic78xx.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): Alerter
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): ALG
Display name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 44544
Image MD5: F1958FBF86D5C004CF19A5951A9514B7
Start: 3
Type: 16
Error Control: 1

Service (registry key): AliIde
Display name: AliIde
Image path: \SystemRoot\System32\DRIVERS\aliide.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): alim1541
Display name: ALI AGP Bus Filter
Image path: \SystemRoot\System32\DRIVERS\alim1541.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): amdagp
Display name: AMD AGP Bus Filter Driver
Image path: \SystemRoot\System32\DRIVERS\amdagp.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): amsint
Display name: amsint
Image path: \SystemRoot\System32\DRIVERS\amsint.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): AppMgmt
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1

Service (registry key): asc
Display name: asc
Image path: \SystemRoot\System32\DRIVERS\asc.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3350p
Display name: asc3350p
Image path: \SystemRoot\System32\DRIVERS\asc3350p.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3550
Display name: asc3550
Image path: \SystemRoot\System32\DRIVERS\asc3550.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): ASP.NET
Start: 0
Type: 0
Error Control: 0

Service (registry key): ASP.NET_1.1.4322
Start: 0
Type: 0
Error Control: 0

Service (registry key): aspnet_state
Display name: ASP.NET State Service
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
Image size: 32768
Image MD5: A986FCFDAC587E68478DB51547B90800
Start: 3
Type: 16
Error Control: 1

Service (registry key): AsyncMac
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: System32\DRIVERS\asyncmac.sys
Image size: 14336
Image MD5: 02000ABF34AF4C218C35D257024807D6
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: System32\DRIVERS\atapi.sys
Image size: 95360
Image MD5: CDFE4411A69C224BD1D11B2DA92DAC51
Start: 0
Type: 1
Error Control: 1

Service (registry key): Atdisk
Start: 4
Type: 1
Error Control: 0

Service (registry key): ati2mtag
Image path: System32\DRIVERS\ati2mtag.sys
Image size: 701440
Image MD5: 8759322FFC1A50569C1E5528EE8026B7
Start: 3
Type: 1
Error Control: 0

Service (registry key): Atmarpc
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: System32\DRIVERS\atmarpc.sys
Image size: 59904
Image MD5: EC88DA854AB7D7752EC8BE11A741BB7F
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): AudioSrv
Display name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): audstub
Display name: Audio Stub Driver
Image path: System32\DRIVERS\audstub.sys
Image size: 3072
Image MD5: D9F724AA26C010A217C97606B160ED68
Start: 3
Type: 1
Error Control: 1

Service (registry key): AVG Anti-Spyware Driver
Display name: AVG Anti-Spyware Driver
Image path: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
Image size: 4096
Image MD5: 7D78B7FD0EBE00F177B053A08C78E35B
Start: 1
Type: 1
Error Control: 1

Service (registry key): AVG Anti-Spyware Guard
Display name: AVG Anti-Spyware Guard
Object name: LocalSystem
Image path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Image size: 204800
Image MD5: E8FBDCC8D618D1BB84B828F247A6244B
Start: 2
Type: 16
Error Control: 1

Service (registry key): AvgAsCln
Display name: AVG Anti-Spyware Clean Driver
Image path: System32\DRIVERS\AvgAsCln.sys
Image size: 3968
Image MD5: 6D4A1DA6E6D522B3EBBCBFF4A3589EC5
Start: 1
Type: 1
Error Control: 1

Service (registry key): BattC
Start: 0
Type: 0
Error Control: 0

Service (registry key): bcm4sbxp
Display name: Broadcom 440x 10/100 Integrated Controller XP Driver
Image path: System32\DRIVERS\bcm4sbxp.sys
Image size: 43136
Image MD5: 068523D2CD260069B19AD68ADEA0D739
Start: 3
Type: 1
Error Control: 1

Service (registry key): Beep
Start: 1
Type: 1
Error Control: 1

Service (registry key): BEL6051(Belkin)
Display name: Belkin 11Mbps Wireless USB Network Adapter Driver(Belkin)
Image path: System32\DRIVERS\BEL6051.SYS
Image size: 53376
Image MD5: 31DA80C1C76FCEE26AA032C8623DBD5B
Start: 3
Type: 1
Error Control: 1

Service (registry key): BITS
Display name: Background Intelligent Transfer Service
Description: Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Rpcss

Service (registry key): Browser
Display name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): bvrp_pci
Start: 3
Type: 1
Error Control: 1

Service (registry key): cbidf
Display name: cbidf
Image path: \SystemRoot\System32\DRIVERS\cbidf2k.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): cbidf2k
Start: 4
Type: 1
Error Control: 1

Service (registry key): ccEvtMgr
Display name: Symantec Event Manager
Description: Symantec Event Manager
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
Image size: 255096
Image MD5: 08D26906C74805BEE8DECA4C7BE8C7F5
Start: 2
Type: 16
Error Control: 0
Depends On services: RPCSS,ccSetMgr

Service (registry key): ccPwdSvc
Display name: Symantec Password Validation
Description: Symantec Password Validation Service
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
Image size: 87160
Image MD5: 15E9AB7C078059998933E235A9742502
Start: 3
Type: 16
Error Control: 0

Service (registry key): ccSetMgr
Display name: Symantec Settings Manager
Description: Symantec Settings Manager
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
Image size: 242808
Image MD5: BD565B4456DBCE6E02182F35586FD5BF
Start: 2
Type: 16
Error Control: 0
Depends On services: RPCSS

Service (registry key): cd20xrnt
Display name: cd20xrnt
Image path: \SystemRoot\System32\DRIVERS\cd20xrnt.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): Cdaudio
Start: 1
Type: 1
Error Control: 0

Service (registry key): Cdfs
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): Cdrom
Display name: CD-ROM Driver
Image path: System32\DRIVERS\cdrom.sys
Image size: 49536
Image MD5: AF9C19B3100FE010496B1A27181FBF72
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): Changer
Start: 1
Type: 1
Error Control: 0

Service (registry key): CiSvc
Display name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Object name: LocalSystem
Image path: %SystemRoot%\system32\cisvc.exe
Image size: 5632
Image MD5: 3192BD04D032A9C4A85A3278C268A13A
Start: 2
Type: 288
Error Control: 1
Depends On services: RPCSS

Service (registry key): ClipSrv
Display name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\clipsrv.exe
Image size: 33280
Image MD5: C8DEC22C4137D7A90F8BDF41CA4B82AE
Start: 4
Type: 16
Error Control: 1
Depends On services: NetDDE

Service (registry key): CmdIde
Display name: CmdIde
Image path: \SystemRoot\System32\DRIVERS\cmdide.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): cmdService
Start: 0
Type: 0
Error Control: 0

Service (registry key): COMSysApp
Display name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 5120
Image MD5: DD87DB7387B9EB441C5674888A0D840C
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss

Service (registry key): ContentFilter
Start: 0
Type: 0
Error Control: 0

Service (registry key): ContentIndex
Start: 0
Type: 0
Error Control: 0

Service (registry key): Cpqarray
Display name: Cpqarray
Image path: \SystemRoot\System32\DRIVERS\cpqarray.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): CryptSvc
Display name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): dac2w2k
Display name: dac2w2k
Image path: \SystemRoot\System32\DRIVERS\dac2w2k.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): dac960nt
Display name: dac960nt
Image path: \SystemRoot\System32\DRIVERS\dac960nt.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): DcomLaunch
Display name: DCOM Server Process Launcher
Description: Provides launch functionality for DCOM services.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost -k DcomLaunch
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): DefWatch
Display name: Symantec AntiVirus Definition Watcher
Description: Monitors and maintains virus definitions.
Object name: LocalSystem
Image path: "C:\Program Files\Symantec AntiVirus\DefWatch.exe"
Image size: 29928
Image MD5: A3985A8DED49F67E3E25D2D2921B4DAC
Start: 2
Type: 272
Error Control: 0

Service (registry key): Dhcp
Display name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd,NetBT

Service (registry key): Disk
Display name: Disk Driver
Image path: System32\DRIVERS\disk.sys
Image size: 36352
Image MD5: 00CA44E4534865F8A3B64F7C0984BFF0
Start: 0
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): dmadmin
Display name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Object name: LocalSystem
Image path: %SystemRoot%\System32\dmadmin.exe /com
Image size: 224768
Image MD5: 554C7CB178FE3BD12450B81AD63ADBC3
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay,DmServer

Service (registry key): dmboot
Image path: System32\drivers\dmboot.sys
Image size: 799744
Image MD5: C0FBB516E06E243F0CF31F597E7EBF7D
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmio
Image path: System32\drivers\dmio.sys
Image size: 153344
Image MD5: F5E7B358A732D09F4BCF2824B88B9E28
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmload
Image path: System32\drivers\dmload.sys
Image size: 5888
Image MD5: E9317282A63CA4D188C0DF5E09C6AC5F
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmserver
Display name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay

Service (registry key): DMusic
Display name: Microsoft Kernel DLS Syntheiszer
Image path: system32\drivers\DMusic.sys
Image size: 52864
Image MD5: A6F881284AC1150E37D9AE47FF601267
Start: 3
Type: 1
Error Control: 1

Service (registry key): Dnscache
Display name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip

Service (registry key): dpti2o
Display name: dpti2o
Image path: \SystemRoot\System32\DRIVERS\dpti2o.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): drmkaud
Display name: Microsoft Kernel DRM Audio Descrambler
Image path: system32\drivers\drmkaud.sys
Image size: 2944
Image MD5: 1ED4DBBAE9F5D558DBBA4CC450E3EB2E
Start: 3
Type: 1
Error Control: 1

Service (registry key): EL90XBC
Display name: 3Com EtherLink XL 90XB/C Adapter Driver
Image path: System32\DRIVERS\el90xbc5.sys
Image size: 66591
Image MD5: 6E883BF518296A40959131C2304AF714
Start: 3
Type: 1
Error Control: 1

Service (registry key): ERSvc
Display name: Error Reporting Service
Description: Allows error reporting for services and applictions running in non-standard environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): Eventlog
Display name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 108032
Image MD5: C6CE6EEC82F187615D1002BB3BB50ED4
Start: 2
Type: 32
Error Control: 1

Service (registry key): EventSystem
Display name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): Fastfat
Start: 4
Type: 2
Error Control: 1

Service (registry key): FastUserSwitchingCompatibility
Display name: Fast User Switching Compatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: TermService

Service (registry key): Fdc
Display name: Floppy Disk Controller Driver
Image path: System32\DRIVERS\fdc.sys
Image size: 27392
Image MD5: CED2E8396A8838E59D8FD529C680E02C
Start: 3
Type: 1
Error Control: 1

Service (registry key): Fips
Start: 1
Type: 1
Error Control: 1

Service (registry key): Flpydisk
Display name: Floppy Disk Driver
Image path: System32\DRIVERS\flpydisk.sys
Image size: 20480
Image MD5: 0DD1DE43115B93F4D85E889D7A86F548
Start: 3
Type: 1
Error Control: 1

Service (registry key): FltMgr
Display name: FltMgr
Description: File System Filter Manager Driver
Image path: system32\drivers\fltmgr.sys
Image size: 128896
Image MD5: 3D234FB6D6EE875EB009864A299BEA29
Start: 0
Type: 2
Error Control: 1

Service (registry key): Fs_Rec
Start: 1
Type: 8
Error Control: 0

Service (registry key): Ftdisk
Display name: Volume Manager Driver
Image path: System32\DRIVERS\ftdisk.sys
Image size: 125056
Image MD5: 6AC26732762483366C3969C9E4D2259D
Start: 0
Type: 1
Error Control: 1

Service (registry key): GEARAspiWDM
Display name: GEARAspiWDM
Image path: System32\Drivers\GEARAspiWDM.sys
Image size: 14448
Image MD5: 8C18F85EDD5D47F34068F3EFD5689FA9
Start: 3
Type: 1
Error Control: 1

Service (registry key): gmer
Image path: System32\DRIVERS\gmer.sys
Image size: 68961
Image MD5: 7FC03A5FE35957111CF6DB522B3BC675
Start: 3
Type: 1
Error Control: 1

Service (registry key): Gpc
Display name: Generic Packet Classifier
Description: Generic Packet Classifier
Image path: System32\DRIVERS\msgpc.sys
Image size: 35072
Image MD5: C0F1D4A21DE5A415DF8170616703DEBF
Start: 3
Type: 1
Error Control: 1

Service (registry key): gusvc
Display name: Google Updater Service
Object name: LocalSystem
Image path: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
Image size: 135608
Image MD5: E107655EC28796BF9CEF106BC5B13865
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS

Service (registry key): helpsvc
Display name: Help and Support
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): HidServ
Display name: Human Interface Device Access
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): hpn
Display name: hpn
Image path: \SystemRoot\System32\DRIVERS\hpn.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): HSFHWBS2
Image path: System32\DRIVERS\HSFHWBS2.sys
Image size: 212224
Image MD5: 77E4FF0B73BC0AEAAF39BF0C8104231F
Start: 3
Type: 1
Error Control: 0

Service (registry key): HSF_DP
Image path: System32\DRIVERS\HSF_DP.sys
Image size: 1042432
Image MD5: 60E1604729A15EF4A3B05F298427B3B1
Start: 3
Type: 1
Error Control: 0

Service (registry key): HTTP
Display name: HTTP
Description: This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start.
Image path: System32\Drivers\HTTP.sys
Image size: 262784
Image MD5: CB77BB47E67E84DEB17BA29632501730
Start: 3
Type: 1
Error Control: 1

Service (registry key): HTTPFilter
Display name: HTTP SSL
Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k HTTPFilter
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP

Service (registry key): i2omgmt
Start: 1
Type: 1
Error Control: 1

Service (registry key): i2omp
Display name: i2omp
Image path: \SystemRoot\System32\DRIVERS\i2omp.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): i8042prt
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: System32\DRIVERS\i8042prt.sys
Image size: 52736
Image MD5: 5502B58EEF7486EE6F93F3F164DCB808
Start: 1
Type: 1
Error Control: 1

Service (registry key): i81x
Image path: System32\DRIVERS\i81xnt5.sys
Image size: 161020
Image MD5: 06B7EF73BA5F302EECC294CDF7E19702
Start: 3
Type: 1
Error Control: 0

Service (registry key): iAimFP0
Image path: System32\DRIVERS\wADV01nt.sys
Image size: 12415
Image MD5: 7B5B44EFE5EB9DADFB8EE29700885D23
Start: 3
Type: 1
Error Control: 0

Service (registry key): iAimFP1
Image path: System32\DRIVERS\wADV02NT.sys
Image size: 12127
Image MD5: EB1F6BAB6C22EDE0BA551B527475F7E9
Start: 3
Type: 1
Error Control: 0

Service (registry key): iAimFP2
Image path: System32\DRIVERS\wADV05NT.sys
Image size: 11775
Image MD5: 03CE989D846C1AA81145CB22FCB86D06
Start: 3
Type: 1
Error Control: 0

Service (registry key): iAimFP3
Image path: System32\DRIVERS\wSiINTxx.sys
Image size: 12063
Image MD5: 525849B4469DE021D5D61B4DB9BE3A9D
Start: 3
Type: 1
Error Control: 0

Service (registry key): iAimFP4
Image path: System32\DRIVERS\wVchNTxx.sys
Image size: 19455
Image MD5: 589C2BCDB5BD602BF7B63D210407EF8C
Start: 3
Type: 1
Error Control: 0

Service (registry key): iAimTV0
Image path: System32\DRIVERS\wATV01nt.sys
Image size: 29311
Image MD5: D83BDD5C059667A2F647A6BE5703A4D2
Start: 3
Type: 1
Error Control: 0

Service (registry key): iAimTV1
Image path: System32\DRIVERS\wATV02NT.sys
Image size: 19551
Image MD5: ED968D23354DAA0D7C621580C012A1F6
Start: 3
Type: 1
Error Control: 0

Service (registry key): iAimTV2
Image path: System32\DRIVERS\wATV03nt.sys
Start: 3
Type: 1
Error Control: 0

Service (registry key): iAimTV3
Image path: System32\DRIVERS\wATV04nt.sys
Image size: 33599
Image MD5: D738273F218A224C1DDAC04203F27A84
Start: 3
Type: 1
Error Control: 0

Service (registry key): iAimTV4
Image path: System32\DRIVERS\wCh7xxNT.sys
Image size: 23615
Image MD5: 0052D118995CBAB152DAABE6106D1442
Start: 3
Type: 1
Error Control: 0

Service (registry key): ialm
Image path: System32\DRIVERS\ialmnt5.sys
Image size: 807998
Image MD5: 44B7D5A4F2BD9FE21AEA0BB0BACE38C4
Start: 3
Type: 1
Error Control: 0

Service (registry key): IDriverT
Display name: InstallDriver Table Manager
Description: Provides support for the Running Object Table for InstallShield Drivers
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
Image size: 69632
Image MD5: 1CF03C69B49ACB70C722DF92755C0C8C
Start: 3
Type: 16
Error Control: 0

Service (registry key): Imapi
Display name: CD-Burning Filter Driver
Image path: System32\DRIVERS\imapi.sys
Image size: 41856
Image MD5: F8AA320C6A0409C0380E5D8A99D76EC6
Start: 1
Type: 1
Error Control: 1

Service (registry key): ImapiService
Display name: IMAPI CD-Burning COM Service
Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\imapi.exe
Image size: 150016
Image MD5: FA788520BCAC0F5D9D5CDE5615C0D931
Start: 3
Type: 16
Error Control: 1

Service (registry key): inetaccs
Start: 0
Type: 0
Error Control: 0

Service (registry key): ini910u
Display name: ini910u
Image path: \SystemRoot\System32\DRIVERS\ini910u.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): Inport
Start: 0
Type: 0
Error Control: 0

Service (registry key): IntelIde
Display name: IntelIde
Image path: \SystemRoot\System32\DRIVERS\intelide.sys
Start: 4
Type: 1
Error Control: 1

Service (registry key): intelppm
Display name: Intel Processor Driver
Image path: System32\DRIVERS\intelppm.sys
Image size: 36096
Image MD5: 279FB78702454DFF2BB445F238C048D2
Start: 1
Type: 1
Error Control: 1

Service (registry key): ip6fw
Display name: IPv6 Windows Firewall Driver
Description: Provides intrusion prevention service for a home or small office network.
Image path: system32\drivers\ip6fw.sys
Image size: 29056
Image MD5: 4448006B6BC60E6C027932CFC38D6855
Start: 3
Type: 1
Error Control: 1

Service (registry key): IpFilterDriver
Display name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Image path: System32\DRIVERS\ipfltdrv.sys
Image size: 32896
Image MD5: 731F22BA402EE4B62748ADAF6363C182
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IpInIp
Display name: IP in IP Tunnel Driver
Description: IP in IP Tunnel Driver
Image path: System32\DRIVERS\ipinip.sys
Image size: 20992
Image MD5: E1EC7F5DA720B640CD8FB8424F1B14BB
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IpNat
Display name: IP Network Address Translator
Description: IP Network Address Translator
Image path: System32\DRIVERS\ipnat.sys
Image size: 134912
Image MD5: E2168CBC7098FFE963C6F23F472A3593
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip