Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slower Than Before


  • Please log in to reply
2 replies to this topic

#1 hoeleelee

hoeleelee

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 31 July 2007 - 03:03 AM

i have no idea whats wrong. I got infected by trojans and spyware the other day but i *think* i cleaned em all up.
But somehow, my trend micro keeps on saying that winantvirus is trying to access a site and some other things.
heres my logfile appreciate it in advance


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:50:41 PM, on 7/31/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Edmund\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ontop.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 212.199.8.12 l2authd.lineage2.com
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\Windows\system32\rqdsvyip.dll",forkonce
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: ontop.exe
O4 - Global Startup: Bluetooth.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE5CD2CC-F579-4FCA-A663-6DE3ACE7DBFC}: NameServer = 202.78.97.41,202.78.97.35
O18 - Protocol: bw+0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: offline-8876480 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 22436 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 31 July 2007 - 07:51 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum hoeleelee :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

* Close all other windows before proceeding.
* Double-click on dss.exe and follow the prompts.
* When it has finished, DSS will open two Notepads: main.txt and extra.txt
* Use Save As to save both Notepad files to your Desktop and post them in your next reply.

Posted Image
Posted Image

#3 hoeleelee

hoeleelee
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 31 July 2007 - 12:14 PM

hey Richie! appreciate it a lot man!
This is all i got :thumbsup:.



Deckard's System Scanner v20070729.57
Run by Edmund on 2007-08-01 at 01:04:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Edmund.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:50:41 PM, on 7/31/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Edmund\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ontop.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 212.199.8.12 l2authd.lineage2.com
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\Windows\system32\rqdsvyip.dll",forkonce
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: ontop.exe
O4 - Global Startup: Bluetooth.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE5CD2CC-F579-4FCA-A663-6DE3ACE7DBFC}: NameServer = 202.78.97.41,202.78.97.35
O18 - Protocol: bw+0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: offline-8876480 - {9B371B9E-F642-45ED-8432-B705F7F61077} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 22436 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>

S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\hp\quickplay\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\hp\quickplay\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Scheduled Tasks -------------------------------------------------------------

2007-07-31 21:06:31 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{ACDD43ED-4B13-4035-B135-9F072D90CA16}.job
2007-07-31 18:28:09 272 --a------ C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-07-31 16:33:54 394 --a------ C:\Windows\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2007-07-01 and 2007-08-01 -----------------------------

2007-07-31 18:42:02 125504 --a------ C:\Windows\system32\qknvvxte.dll
2007-07-31 16:56:25 125504 -----n--- C:\Windows\system32\mrseiovb.dll
2007-07-31 16:39:20 125504 --a------ C:\Windows\system32\ulisnakf.dll
2007-07-31 12:46:25 125504 --a------ C:\Windows\system32\fmgrctee.dll
2007-07-31 02:19:23 125504 --a------ C:\Windows\system32\axgsxptf.dll
2007-07-31 02:17:27 0 d-------- C:\Program Files\Uniblue
2007-07-31 01:30:26 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-07-31 01:08:06 125504 --a------ C:\Windows\system32\bwidclhm.dll
2007-07-30 10:28:47 126016 --a------ C:\Windows\system32\dwnptnoo.dll
2007-07-29 17:10:22 126016 --a------ C:\Windows\system32\tadfvsii.dll
2007-07-29 12:04:15 0 d-------- C:\Users\All Users\Lavasoft
2007-07-29 12:02:08 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-29 11:50:36 126016 --a------ C:\Windows\system32\vxjqlxyi.dll
2007-07-29 09:05:14 126016 --a------ C:\Windows\system32\vycwlrsl.dll
2007-07-28 23:38:15 69184 --a------ C:\Windows\system32\nkgojmbu.dll
2007-07-28 12:22:10 0 d-------- C:\Program Files\Lavasoft
2007-07-28 11:14:51 126016 --a------ C:\Windows\system32\xaerbnci.dll
2007-07-28 10:48:13 126016 -----n--- C:\Windows\system32\pjsuxcna.dll
2007-07-28 10:22:39 0 d-------- C:\Users\All Users\Trend Micro
2007-07-28 10:21:14 0 d-------- C:\Program Files\Trend Micro
2007-07-28 09:27:37 729890 ---hs---- C:\Windows\system32\ilnmp.ini2
2007-07-28 09:26:09 126016 --a------ C:\Windows\system32\ruweeaha.dll
2007-07-27 00:34:51 716703 ---hs---- C:\Windows\system32\ilnmp.bak2
2007-07-26 00:09:26 0 d-------- C:\Program Files\inKline Global
2007-07-26 00:08:37 711359 ---hs---- C:\Windows\system32\ilnmp.bak1
2007-07-25 23:58:22 228960 -----n--- C:\Windows\system32\pmnli.dll
2007-07-25 23:53:34 21504 --a------ C:\Windows\system32\winhun32.dll
2007-07-23 17:24:23 0 d-------- C:\Program Files\FLVPlayer
2007-07-14 11:35:31 0 d-------- C:\Program Files\MSN Messenger


-- Find3M Report ---------------------------------------------------------------

2007-08-01 00:20:47 13072 --a------ C:\Users\Edmund\AppData\Roaming\nvModes.dat
2007-08-01 00:20:47 13072 --a------ C:\Users\Edmund\AppData\Roaming\nvModes.001
2007-07-31 17:35:37 12 --a------ C:\Windows\bthservsdp.dat
2007-07-31 16:54:11 0 d-------- C:\Users\Edmund\AppData\Roaming\Azureus
2007-07-31 16:34:02 0 d-------- C:\Users\Edmund\AppData\Roaming\Uniblue
2007-07-29 12:02:08 0 d-------- C:\Program Files\Common Files
2007-07-28 10:12:15 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-28 10:10:58 0 d-------- C:\Program Files\Symantec
2007-07-26 00:09:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-25 23:42:05 0 d-------- C:\Program Files\Azureus
2007-07-25 14:30:26 0 d-------- C:\Users\Edmund\AppData\Roaming\muvee Technologies
2007-07-17 16:59:43 0 d-------- C:\Program Files\World of Warcraft
2007-07-11 23:01:20 0 d-------- C:\Program Files\Windows Mail
2007-06-19 20:06:19 0 d-------- C:\Program Files\Common Files\Adobe
2007-06-19 00:13:06 1156 --a------ C:\Windows\mozver.dat
2007-06-18 18:48:54 0 --a------ C:\Windows\nsreg.dat
2007-06-18 18:48:49 0 d-------- C:\Users\Edmund\AppData\Roaming\Mozilla
2007-06-16 18:12:18 0 d-------- C:\Program Files\Warcraft III
2007-06-15 17:32:36 0 d-------- C:\Program Files\PowerISO
2007-06-12 21:31:11 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-06-10 01:48:02 0 d-------- C:\Program Files\WC3Banlist
2007-06-10 01:09:28 0 d-------- C:\Program Files\WinPcap
2007-06-07 16:51:54 0 d-------- C:\Users\Edmund\AppData\Roaming\WinRAR
2007-06-05 23:59:23 0 d-------- C:\Program Files\CCleaner
2007-06-05 11:00:37 0 d-------- C:\Program Files\Electronic Arts
2007-06-05 10:56:15 0 d-------- C:\Program Files\Oberon Media
2007-06-05 10:39:03 0 d-------- C:\Program Files\Microsoft Works
2007-06-05 10:38:52 0 d-------- C:\Program Files\MSBuild
2007-06-05 10:37:24 0 d-------- C:\Program Files\Microsoft.NET
2007-06-05 10:35:04 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-06-05 10:27:56 0 d-------- C:\Program Files\MagicISO
2007-06-05 10:21:41 0 d-------- C:\Users\Edmund\AppData\Roaming\Roxio
2007-06-04 16:01:04 0 d-------- C:\Users\Edmund\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2007-06-04 15:51:54 98304 --a------ C:\Windows\system32CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2007-06-04 15:51:54 0 dr-h----- C:\Users\Edmund\AppData\Roaming\SecuROM
2007-06-04 09:26:26 0 d-------- C:\Users\Edmund\AppData\Roaming\Logitech
2007-06-03 23:50:35 0 d-------- C:\Program Files\Logitech
2007-06-03 23:49:03 0 d-------- C:\Program Files\Common Files\Logitech
2007-06-03 23:12:27 0 d-------- C:\Users\Edmund\AppData\Roaming\Adobe
2007-06-03 19:12:53 0 d-------- C:\Users\Edmund\AppData\Roaming\Beep Industries
2007-06-03 17:32:23 0 d-------- C:\Program Files\CONEXANT
2007-06-02 11:58:03 0 d-------- C:\Users\Edmund\AppData\Roaming\CyberLink
2007-06-02 11:16:33 0 d-------- C:\Program Files\Broadcom
2007-06-02 06:38:45 0 d-------- C:\Program Files\William O'Neil + Co. Inc
2007-06-02 06:38:41 0 d-------- C:\Users\Edmund\AppData\Roaming\InstallShield
2007-06-01 23:25:36 1532 --a------ C:\Windows\unins000.dat
2007-06-01 23:25:32 668938 --a------ C:\Windows\unins000.exe <Not Verified; ; Inno Setup>
2007-06-01 16:40:15 76900 --a------ C:\Windows\War3Unin.dat
2007-06-01 16:06:46 2829 --a------ C:\Windows\War3Unin.pif
2007-06-01 16:06:46 139264 --a------ C:\Windows\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2007-06-01 09:08:39 162 --a------ C:\Windows\system32\LOG


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F2EF4E7-CB56-42AA-9A1C-81BE5978FDB7}]
07/25/2007 11:58 PM 228960 --------- C:\Windows\system32\pmnli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]
07/28/2007 11:38 PM 69184 --a------ C:\Windows\system32\nkgojmbu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [05/31/2007 10:40 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/15/2006 02:02 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/17/2005 03:11 PM]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [12/05/2006 04:39 AM]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [10/19/2006 01:56 AM]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [10/19/2006 01:32 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 03:43 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [02/17/2005 08:15 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [01/14/2007 01:40 AM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [01/14/2007 01:40 AM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [01/14/2007 01:40 AM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [04/09/2007 08:23 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [03/28/2006 05:38 PM C:\WINDOWS\KHALMNPR.Exe]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [01/23/2007 02:26 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [03/27/2007 03:22 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [02/17/2005 08:15 AM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [06/03/2007 11:50 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 08:36 PM]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe" [07/05/2007 12:31 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe

C:\Users\Edmund\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]
ontop.exe [1/9/2001 10:16:34 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [11/4/2006 8:55:50 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnli]
C:\Windows\system32\pmnli.dll 07/25/2007 11:58 PM 228960 C:\WINDOWS\System32\pmnli.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhun32]
winhun32.dll 07/25/2007 11:53 PM 21504 C:\WINDOWS\System32\winhun32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\Windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
"C:\Program Files\HP\QuickPlay\QPService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetPoint]
C:\Program Files\Logitech\SetPoint\SetPoint.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28212192-38fc-11dc-ae54-001b2409cf93}]
0pen\command- krag.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL krag.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f206adc1-3a73-11dc-a647-001a6b2a75f8}]
0pen\command- G:\krag.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\krag.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

212.199.8.12 l2authd.lineage2.com


-- End of Deckard's System Scanner: finished at 2007-08-01 at 01:08:37 ---------

Deckard's System Scanner v20070729.57
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T5500 @ 1.66GHz
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 1021.44 MiB / 469.28 MiB
Pagefile Memory (total/avail): 2295.97 MiB / 1115.26 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1943.25 MiB

C: is Fixed (NTFS) - 106.35 GiB total, 70.16 GiB free.
D: is Fixed (NTFS) - 5.44 GiB total, 1.11 GiB free.
E: is CDROM (CDFS)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Trend Micro PC-cillin Internet Security (Firewall) v15 (Trend Micro, Inc.)
AV: Trend Micro PC-cillin Internet Security 2007 v15.30.1151 (Trend Micro, Inc.)
AS: Trend Micro PC-cillin Internet Security 2007 v15.30.1151 (Trend Micro, Inc.)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Edmund\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=EDMAN
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Edmund
LOCALAPPDATA=C:\Users\Edmund\AppData\Local
LOGONSERVER=\\EDMAN
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Pavilion
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Edmund\AppData\Local\Temp
TMP=C:\Users\Edmund\AppData\Local\Temp
USERDOMAIN=Edman
USERNAME=Edmund
USERPROFILE=C:\Users\Edmund
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Edmund (admin)


-- Add/Remove Programs ---------------------------------------------------------

Ad-Aware 2007 --> MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
ASL_HS_Installer32 --> MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Broadcom 802.11 Wireless LAN Adapter --> "C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CitisecOnline IE Plugin 2.4 --> "C:\Windows\unins000.exe"
Command & Conquer 3 --> MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.EXE -U -IwisR30B7.inf
DGOControls --> C:\Program Files\InstallShield Installation Information\{779A19AC-A302-425D-B295-F12116C2D731}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045_SprtHDzm\UIU32m.exe -U -ISprtHDzm.inf
Hewlett-Packard Active Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Active Support Library --> C:\Program Files\InstallShield Installation Information\{21E62565-8639-457C-B64C-A3FF0A8B4D80}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Easy Setup - Core --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support --> MsiExec.exe /I{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}
HP Integrated Module with Bluetooth wireless technology 6.0.1.3100 --> MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
HP Pavilion Webcam Driver for Vista v061.001.00005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CA81D12-9EC2-4082-972B-43ECA63F41F2}\setup.exe" -l0x9 -removeonly
HP Quick Launch Buttons 6.10 B9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 uninst
HP QuickPlay 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guide 0048 --> MsiExec.exe /I{ED4905E3-2B32-4DD8-BC14-7CAFD30E9ECD}
HP Wireless Assistant --> MsiExec.exe /I{355FADAF-55C4-4E08-88D4-A86C4CA6930C}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KhalSetup --> MsiExec.exe /I{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x9 UNINSTALL -removeonly
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.5) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
muvee autoProducer 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99C5770C-1C90-42E7-9B74-D47CFAF14621}\setup.exe" -l0x9
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
PC Booster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA0601E1-B65C-11D5-80A9-0000B494D9A6}\Setup.exe" -l0x9
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive --> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9 --> MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Security Update for Excel 2007 (KB936509) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Trend Micro PC-cillin Internet Security 2007 --> C:\PROGRA~1\TRENDM~1\INTERN~1\remove.exe
Trend Micro PC-cillin Internet Security 2007 --> MsiExec.exe /X{BB4B6355-D38A-492C-873B-A1B2CF6C3832}
Uniblue Registry Booster --> "C:\Program Files\Uniblue\Registry Booster\unins000.exe"
Uniblue SpeedUpMyPC 3 --> "C:\Program Files\Uniblue\SpeedUpMyPC 3\unins000.exe"
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Outlook 2007 (KB937608) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E}
Update for Outlook 2007 Junk Email Filter (kb936558) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B6B2802B-6631-4EBE-A062-44AE0C1F0BED}
Update for Word 2007 (KB934173) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
Warcraft III --> C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Warcraft III: All Products --> C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
WC3Banlist --> "C:\Program Files\WC3Banlist\unins000.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
WinPcap 3.1 --> C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- End of Deckard's System Scanner: finished at 2007-08-01 at 01:08:37 ---------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users