Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Loaded Computer Has Started To Slow.


  • Please log in to reply
8 replies to this topic

#1 Moodshijack

Moodshijack

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 26 December 2007 - 10:18 PM

I am very good with computers, but not the greatest at identifying virus or malware.

Thank you for your much needed help.

I do run Kaspersky and it takes over 7 hours to scour my system. Nothing comes up.

I am also running WinPatrol Plus and I have found this to be EXCELLENT.

I know there is something wrong, because my REGEDIT doesn't work.

I can get to my register bia xp_emergencytool or WinPatrol Plus.

Please help me get my computer speed back.

Here is my Hijack log. I have attached the log file as well. This file was produced via WinPatrol Plus.

Thank you.

Log created by WinPatrol PLUS version 12.2.2007.0:12.2.2007.0
Scan saved at 12:08:10 AM, on 12/26/2007
Platform: Windows XP SP2 Service Pack 2 (Build 2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
F:\PROGRAM FILES\AD-AWARE 2007\AAWSERVICE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\COMMON FILES\Acronis\SCHEDULE2\schedul2.exe
F:\PROGRAM FILES\PHOTOSHOP ELEMENTS 4.0\PHOTOSHOPELEMENTSFILEAGENT.EXE
F:\PROGRAM FILES\KASPERSKY ANTI-VIRUS FOR WORKSTATION 5\kavmm.exe
C:\PROGRAM FILES\LogMeIn\x86\ramaint.exe
C:\PROGRAM FILES\LogMeIn\x86\LogMeIn.exe
F:\PROGRAM FILES\THREATFIRE\TFSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\Acronis\Fomatik\TRUEIMAGETRYSTARTSERVICE.EXE
C:\WINDOWS\system32\SEARCHINDEXER.EXE
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\wmpnetwk.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\explorer.exe
C:\PROGRAM FILES\MICROSOFT INTELLIPOINT\point32.exe
F:\PROGRAM FILES\KASPERSKY ANTI-VIRUS FOR WORKSTATION 5\KWSProd.exe
C:\PROGRAM FILES\LogMeIn\x86\LOGMEINSYSTRAY.EXE
F:\PROGRAM FILES\Acronis\TRUEIMAGEHOME\TRUEIMAGEMONITOR.EXE
F:\PROGRAM FILES\Acronis\TRUEIMAGEHOME\TIMOUNTERMONITOR.EXE
C:\PROGRAM FILES\COMMON FILES\Acronis\SCHEDULE2\schedhlp.exe
F:\PROGRAM FILES\ALLTRACKSGONE\ALLTRACKSGONE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
F:\PROGRAM FILES\MICROSOFT ACTIVESYNC\wcescomm.exe
C:\PROGRAM FILES\Google\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE
F:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\PROGRAM FILES\TECHSMITH\Jing\Jing.exe
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\wmpnscfg.exe
F:\PROGRAM FILES\SnagIt 8\SnagIt32.exe
C:\PROGRAM FILES\WINDOWS DESKTOP SEARCH\WINDOWSSEARCH.EXE
F:\PROGRAM FILES\SnagIt 8\TscHelp.exe
F:\PROGRAM FILES\SnagIt 8\SnagPriv.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\OUTLOOK.EXE
F:\PROGRAM FILES\BROADWORKS\bin\BW_ASSISTANT_ENTERPRISE_SP.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRAM FILES\INTERNET EXPLORER\iexplore.exe
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WLLOGINPROXY.EXE
F:\PROGRAM FILES\FireFox\firefox.exe
C:\WINDOWS\system32\SEARCHPROTOCOLHOST.EXE
C:\WINDOWS\system32\SEARCHFILTERHOST.EXE
F:\PROGRAM FILES\WINPATROL\WINPATROL.EXE
F:\PROGRAM FILES\WINPATROL\WINPATROLEX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 192.168.1.145 HP000D9D0A1B9
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - F:\Program Files\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - f:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll
O2 - BHO: Telephony Toolbar Services - {431A60E6-675F-4b9f-B3F0-66E0FECC8B34} - F:\Program Files\BroadWorks\bin\BW_Assistant_Enterprise_IE_S.dll
O2 - BHO: SDHelper - {53707962-6F74-2D53-2644-206D7942484F} - f:\Program Files\Spybot\SDHelper.dll
O2 - BHO: - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} -
O2 - BHO: Telephony Toolbar Call Control - {8F1FF1A7-C048-4d6b-B052-56E42CE427CB} - F:\Program Files\BroadWorks\bin\BW_Assistant_Enterprise_IE_CC.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\Google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - F:\Program Files\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Telephony Toolbar Call Control - {6F6690B9-C5DB-4F08-8833-F2EF4DEE956B} - F:\Program Files\BroadWorks\bin\BW_Assistant_Enterprise_IE_CC.dll
O3 - Toolbar: Telephony Toolbar Services - {F10D927F-D3DF-4734-98AB-DD258253F5FD} - F:\Program Files\BroadWorks\bin\BW_Assistant_Enterprise_IE_S.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelliPoint]C:\Program Files\Microsoft IntelliPoint\point32.exe
O4 - HKLM\..\Run: [KAV50]F:\Program Files\Kaspersky Anti-Virus for Workstation 5\kwsprod.exe -run -n Workstation -v 5.0.0.0 -chkss
O4 - HKLM\..\Run: [WinPatrol PLUS]F:\Program Files\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [LogMeIn GUI]C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe]F:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor]F:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service]C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
O4 - HKLM\..\Run: [QuickTime Task]C:\Program Files\QuickTime\qttask.exe -atboottime
O4 - HKCU\..\Run: [AllTracksGone]F:\Program Files\AllTracksGone\alltracksgone.exe
O4 - HKCU\..\Run: [ctfmon.exe]C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent]F:\Program Files\Microsoft ActiveSync\wcescomm.exe
O4 - HKCU\..\Run: [swg]C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Jing]C:\Program Files\TechSmith\Jing\Jing.exe
O4 - HKCU\..\Run: [WMPNSCFG]C:\Program Files\Windows Media Player\wmpnscfg.exe
O4 - Global Startup: SnagIt 8.lnk=F:\Program Files\SnagIt 8\SnagIt32.exe
O4 - Global Startup: Windows Desktop Search.lnk=C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Dial - F:\Program Files\BroadWorks\conf\dialIE.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://f:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://f:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://f:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://f:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - f:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [Java (Sun)] Java (Sun) - C:\Program Files\Java\jre1.6.0_03\bin
O11 - Options group: [] -
O14 - IERESET.INF: START_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
O14 - IERESET.INF: SEARCH_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
O14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/5/b...heckControl.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://johnboy.instanetforms.com/inet5_doc...D/RCO/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...wlscbase969.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124748982562
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.firsthometour.com/virtual_tours...geUploader4.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - https://www10.wirelesssync.vzw.com/en/SyncInstall.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} (http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim) - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtech.com/download/files/w...tall/isetup.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (http://acs.pandasoftware.com/activescan/as5free/asinst) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38184.669236) - http://v4.windowsupdate.microsoft.com/CAB/...8184.6692361111
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://merillat.view22.com/view22/roomapp/View22RTE.cab
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Plug-in 1.4.2_05) - http://java.sun.com/products/plugin/autodl...indows-i586.cab
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/flash...ent/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://wsicorporate.webex.com/client/v_myw...bex/ieatgpc.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60/code/iPIX-ImageWell-ipix.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O21 - WPDShServiceObj - WPDShServiceObj Class - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - UPnPMonitor - UPnP Tray Monitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll
O23 - Service: Ad-Aware 2007 Service - Lavasoft AB - F:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 - - F:\Program Files\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kaspersky Anti-Virus Service - - F:\Program Files\Kaspersky Anti-Virus for Workstation 5\kavmm.exe -run bl -n Workstation -v 5.0.0.0 -ttsr 10000000
O23 - Service: Kodak Camera Connection Software - - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LogMeIn Maintenance Service - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\ramaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Macromedia Licensing Service - - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ThreatFire - - f:\Program Files\ThreatFire\TFService.exe service
O23 - Service: Acronis Try And Decide Service - - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - F:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

--- Additional WinPatrol Info ---
Default Browser: Windows® Internet Explorer - Internet Explorer version 7.00.6000.16574
MSIE: Internet Explorer (7.00.6000.16574)
Firefox 2.0.0.9 installed in F:\Program Files\FireFox\.
1696 IE Cookies in Folder: C:\Documents and Settings\User\Cookies\
575 Mozilla Cookies in Folder: C:\Documents and Settings\User\Application Data\Mozilla\FireFox\Profiles\default.8g8

WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS2: BootExecute = autocheck autochk *
WP01 - HKLM\CS1: PendingFileRenameOperations = \??\C:\DOCUME~1\User\LOCALS~1\History\History.IE5\MSHIST~1\index.dat
WP01 - HKLM\CCS: PendingFileRenameOperations = \??\C:\DOCUME~1\User\LOCALS~1\History\History.IE5\MSHIST~1\index.dat
WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe

WP03 - Windows Automatic Update = 4:Automatically download recommended updates for my computer and install them.


WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://

WP31 - Scheduled Tasks: [SyncToy.job]C:\Documents and Settings\User\Start Menu\Programs\SyncToy.lnk 11/15/2007 3:00 AM
WP31 - Scheduled Tasks: [EasyShare Registration Task.job]C:\WINDOWS\system32\rundll32.exe 12/13/2007 5:15 PM
WP31 - Scheduled Tasks: [Check Updates for Windows Live Toolbar.job]C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE 12/26/2007 11:32 AM

WP32 - Hidden File: C:\boot.ini
WP32 - Hidden File: C:\IO.SYS
WP32 - Hidden File: C:\MSDOS.SYS
WP32 - Hidden File: C:\NTDETECT.COM
WP32 - Hidden File: C:\ntldr
WP32 - Hidden File: C:\WINDOWS\QTFont.qfn
WP32 - Hidden File: C:\WINDOWS\Thumbs.db
WP32 - Hidden File: C:\WINDOWS\twain.dll
WP32 - Hidden File: C:\WINDOWS\twain_32.dll
WP32 - Hidden File: C:\WINDOWS\WindowsShell.Manifest
WP32 - Hidden File: C:\WINDOWS\winnt.bmp
WP32 - Hidden File: C:\WINDOWS\winnt256.bmp
WP32 - Hidden File: C:\WINDOWS\system32\cdplayer.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\config\default.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\system.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\TempKey.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\userdiff.LOG
WP32 - Hidden File: C:\WINDOWS\system32\f9t.dat
WP32 - Hidden File: C:\WINDOWS\system32\logonui.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\msvcirt.dll
WP32 - Hidden File: C:\WINDOWS\system32\msvcp60.dll
WP32 - Hidden File: C:\WINDOWS\system32\ncpa.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\nwc.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\regsvr32.exe
WP32 - Hidden File: C:\WINDOWS\system32\Restore\filelist.xml
WP32 - Hidden File: C:\WINDOWS\system32\sapi.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\WindowsLogon.manifest
WP32 - Hidden File: C:\WINDOWS\system32\wuaucpl.cpl.manifest
WP32 - Hidden File: C:\Documents and Settings\User\Local Settings\Temp\.Sony_PMBrowser1000_BrowserDiskCache
WP32 - Hidden File: C:\Documents and Settings\User\Local Settings\Temp\.Sony_PMBrowser1000_BrowserDiskCache.idx
WP32 - Hidden File: C:\Documents and Settings\User\Local Settings\Temp\TempFolder.aaa\Macromedia.lok

WP33 - File Type .AVI: [Video Clip]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
WP33 - File Type .BAT: [MS-DOS Batch File]%1 %*
WP33 - File Type .CAB: [WinZip File]C:\PROGRA~1\WINZIP\winzip32.exe %1
WP33 - File Type .CAT: [Security Catalog]rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]C:\WINDOWS\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows NT Command Script]%1 %*
WP33 - File Type .DOC: [Microsoft Word Document]C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE /n /dde
WP33 - File Type .EML: [Internet E-Mail Message]C:\Program Files\Outlook Express\msimn.exe /eml:%1
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]C:\WINDOWS\System32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JScript Script File]f:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe %1
WP33 - File Type .LOG: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*
WP33 - File Type .MSG: [Outlook Item]C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE /f %1
WP33 - File Type .MID: [MIDI Sequence]C:\Program Files\Windows Media Player\wmplayer.exe /Open %L
WP33 - File Type .MP3: [MP3 Format Sound]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L
WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Format]C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE /n /dde
WP33 - File Type .SBS: [Spyware supplemental file]F:\Program Files\Spybot\SpybotSD.exe %1
WP33 - File Type .SCR: [Screen Saver]%1 /S
WP33 - File Type .TXT: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Internet Shortcut]rundll32.exe ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [VBScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host Settings File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .XLS: [Microsoft Excel Worksheet]C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE /e

Memory currently in use: 76%
Physical Memory Free: 244,124 KB
Paging File Free: 1,691,732 KB
Virtual Memory Free: 2,050,956 KB


--
End of file

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:47 PM

Posted 11 January 2008 - 12:57 PM

Hi Moodshijack, :thumbsup:

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience. :blink:

P.S. Please copy/paste the log into this thread using the Add Reply button.

#3 Moodshijack

Moodshijack
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 11 January 2008 - 01:17 PM

Thank you for your help.



Log created by WinPatrol PLUS version 12.2.2007.0:12.2.2007.0
Scan saved at 1:13:08 PM, on 1/11/2008
Platform: Windows XP SP2 Service Pack 2 (Build 2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
F:\PROGRAM FILES\AD-AWARE 2007\AAWSERVICE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\COMMON FILES\Acronis\SCHEDULE2\schedul2.exe
F:\PROGRAM FILES\PHOTOSHOP ELEMENTS 4.0\PHOTOSHOPELEMENTSFILEAGENT.EXE
C:\PROGRAM FILES\NCH SWIFT SOUND\Axon\axon.exe
C:\PROGRAM FILES\NCH SWIFT SOUND\IVM\ivm.exe
F:\PROGRAM FILES\KASPERSKY ANTI-VIRUS FOR WORKSTATION 5\kavmm.exe
C:\PROGRAM FILES\LogMeIn\x86\ramaint.exe
C:\PROGRAM FILES\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\HPZipm12.exe
F:\PROGRAM FILES\THREATFIRE\TFSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\Acronis\Fomatik\TRUEIMAGETRYSTARTSERVICE.EXE
C:\PROGRAM FILES\NCH SWIFT SOUND\VRS\vrs.exe
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\wmpnetwk.exe
C:\WINDOWS\system32\SEARCHINDEXER.EXE
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\explorer.exe
C:\PROGRAM FILES\MICROSOFT INTELLIPOINT\point32.exe
F:\PROGRAM FILES\KASPERSKY ANTI-VIRUS FOR WORKSTATION 5\KWSProd.exe
F:\PROGRAM FILES\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\LogMeIn\x86\LOGMEINSYSTRAY.EXE
F:\PROGRAM FILES\Acronis\TRUEIMAGEHOME\TRUEIMAGEMONITOR.EXE
F:\PROGRAM FILES\Acronis\TRUEIMAGEHOME\TIMOUNTERMONITOR.EXE
C:\PROGRAM FILES\COMMON FILES\Acronis\SCHEDULE2\schedhlp.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
F:\PROGRAM FILES\ALLTRACKSGONE\ALLTRACKSGONE.EXE
C:\WINDOWS\system32\ctfmon.exe
F:\PROGRAM FILES\MICROSOFT ACTIVESYNC\wcescomm.exe
C:\PROGRAM FILES\Google\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE
C:\PROGRAM FILES\TECHSMITH\Jing\Jing.exe
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\wmpnscfg.exe
F:\PROGRAM FILES\SnagIt 8\SnagIt32.exe
C:\PROGRAM FILES\WINDOWS DESKTOP SEARCH\WINDOWSSEARCH.EXE
F:\Program Files\Microsoft ActiveSync\rapimgr.exe
F:\PROGRAM FILES\SnagIt 8\TscHelp.exe
F:\PROGRAM FILES\SnagIt 8\SnagPriv.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\OUTLOOK.EXE
F:\PROGRAM FILES\BROADWORKS\bin\BW_ASSISTANT_ENTERPRISE_SP.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\WINWORD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\iexplore.exe
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WLLOGINPROXY.EXE
F:\PROGRAM FILES\THREATFIRE\TFTray.exe
F:\PROGRAM FILES\WINPATROL\WINPATROLEX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 192.168.1.145 HP000D9D0A1B9
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - F:\Program Files\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - f:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll
O2 - BHO: SDHelper - {53707962-6F74-2D53-2644-206D7942484F} - f:\Program Files\Spybot\SDHelper.dll
O2 - BHO: - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} -
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\Google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - F:\Program Files\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelliPoint]C:\Program Files\Microsoft IntelliPoint\point32.exe
O4 - HKLM\..\Run: [KAV50]F:\Program Files\Kaspersky Anti-Virus for Workstation 5\kwsprod.exe -run -n Workstation -v 5.0.0.0 -chkss
O4 - HKLM\..\Run: [WinPatrol PLUS]F:\Program Files\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [LogMeIn GUI]C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe]F:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor]F:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service]C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
O4 - HKLM\..\Run: [QuickTime Task]C:\Program Files\QuickTime\qttask.exe -atboottime
O4 - HKLM\..\Run: [IVM]C:\Program Files\NCH Swift Sound\IVM\ivm.exe -logon
O4 - HKLM\..\Run: [VRS]C:\Program Files\NCH Swift Sound\VRS\vrs.exe -logon
O4 - HKLM\..\Run: [Axon]C:\Program Files\NCH Swift Sound\Axon\axon.exe -logon
O4 - HKCU\..\Run: [AllTracksGone]F:\Program Files\AllTracksGone\alltracksgone.exe
O4 - HKCU\..\Run: [ctfmon.exe]C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent]F:\Program Files\Microsoft ActiveSync\wcescomm.exe
O4 - HKCU\..\Run: [swg]C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Jing]C:\Program Files\TechSmith\Jing\Jing.exe
O4 - HKCU\..\Run: [WMPNSCFG]C:\Program Files\Windows Media Player\wmpnscfg.exe
O4 - Global Startup: SnagIt 8.lnk=F:\Program Files\SnagIt 8\SnagIt32.exe
O4 - Global Startup: Windows Desktop Search.lnk=C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Dial - F:\Program Files\BroadWorks\conf\dialIE.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://f:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://f:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://f:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://f:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - f:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [Java (Sun)] Java (Sun) - C:\Program Files\Java\jre1.6.0_03\bin
O11 - Options group: [] -
O14 - IERESET.INF: START_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
O14 - IERESET.INF: SEARCH_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
O14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/5/b...heckControl.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://johnboy.instanetforms.com/inet5_doc...D/RCO/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...wlscbase969.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124748982562
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.firsthometour.com/virtual_tours...geUploader4.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - https://www10.wirelesssync.vzw.com/en/SyncInstall.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} (http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim) - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtech.com/download/files/w...tall/isetup.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (http://acs.pandasoftware.com/activescan/as5free/asinst) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38184.669236) - http://v4.windowsupdate.microsoft.com/CAB/...8184.6692361111
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://merillat.view22.com/view22/roomapp/View22RTE.cab
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Plug-in 1.4.2_05) - http://java.sun.com/products/plugin/autodl...indows-i586.cab
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/flash...ent/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://wsicorporate.webex.com/client/v_myw...bex/ieatgpc.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60/code/iPIX-ImageWell-ipix.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O21 - WPDShServiceObj - WPDShServiceObj Class - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - UPnPMonitor - UPnP Tray Monitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll
O23 - Service: Ad-Aware 2007 Service - Lavasoft AB - F:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 - - F:\Program Files\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Axon - - C:\Program Files\NCH Swift Sound\Axon\axon.exe -service
O23 - Service: Google Updater Service - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IVM Answering Attendant - - C:\Program Files\NCH Swift Sound\IVM\ivm.exe -service
O23 - Service: Kaspersky Anti-Virus Service - - F:\Program Files\Kaspersky Anti-Virus for Workstation 5\kavmm.exe -run bl -n Workstation -v 5.0.0.0 -ttsr 10000000
O23 - Service: Kodak Camera Connection Software - - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LogMeIn Maintenance Service - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\ramaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Macromedia Licensing Service - - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ThreatFire - - f:\Program Files\ThreatFire\TFService.exe service
O23 - Service: Acronis Try And Decide Service - - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - F:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: VRS Recording System - - C:\Program Files\NCH Swift Sound\VRS\vrs.exe -service

--- Additional WinPatrol Info ---
Default Browser: Windows® Internet Explorer - Internet Explorer version 7.00.6000.16574
MSIE: Internet Explorer (7.00.6000.16574)
Firefox 2.0.0.11 installed in F:\Program Files\FireFox\.
2063 IE Cookies in Folder: C:\Documents and Settings\User\Cookies\
604 Mozilla Cookies in Folder: C:\Documents and Settings\User\Application Data\Mozilla\FireFox\Profiles\default.8g8

WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS2: BootExecute = autocheck autochk *
WP01 - HKLM\CS1: PendingFileRenameOperations = \??\C:\DOCUME~1\User\LOCALS~1\History\History.IE5\MSHIST~1\index.dat
WP01 - HKLM\CCS: PendingFileRenameOperations = \??\C:\DOCUME~1\User\LOCALS~1\History\History.IE5\MSHIST~1\index.dat
WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe

WP03 - Windows Automatic Update = 4:Automatically download recommended updates for my computer and install them.


WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://

WP31 - Scheduled Tasks: [SyncToy.job]C:\Documents and Settings\User\Start Menu\Programs\SyncToy.lnk 11/15/2007 3:00 AM
WP31 - Scheduled Tasks: [EasyShare Registration Task.job]C:\WINDOWS\system32\rundll32.exe 01/10/2008 5:15 PM
WP31 - Scheduled Tasks: [Check Updates for Windows Live Toolbar.job]C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE 01/11/2008 12:32 PM

WP32 - Hidden File: C:\boot.ini
WP32 - Hidden File: C:\IO.SYS
WP32 - Hidden File: C:\MSDOS.SYS
WP32 - Hidden File: C:\NTDETECT.COM
WP32 - Hidden File: C:\ntldr
WP32 - Hidden File: C:\WINDOWS\QTFont.qfn
WP32 - Hidden File: C:\WINDOWS\Thumbs.db
WP32 - Hidden File: C:\WINDOWS\twain.dll
WP32 - Hidden File: C:\WINDOWS\twain_32.dll
WP32 - Hidden File: C:\WINDOWS\WindowsShell.Manifest
WP32 - Hidden File: C:\WINDOWS\winnt.bmp
WP32 - Hidden File: C:\WINDOWS\winnt256.bmp
WP32 - Hidden File: C:\WINDOWS\system32\config\default.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\system.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\TempKey.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\userdiff.LOG
WP32 - Hidden File: C:\WINDOWS\system32\f9t.dat
WP32 - Hidden File: C:\WINDOWS\system32\logonui.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\msvcirt.dll
WP32 - Hidden File: C:\WINDOWS\system32\msvcp60.dll
WP32 - Hidden File: C:\WINDOWS\system32\ncpa.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\nwc.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\regsvr32.exe
WP32 - Hidden File: C:\WINDOWS\system32\Restore\filelist.xml
WP32 - Hidden File: C:\WINDOWS\system32\sapi.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\WindowsLogon.manifest
WP32 - Hidden File: C:\WINDOWS\system32\wuaucpl.cpl.manifest
WP32 - Hidden File: C:\Documents and Settings\User\Local Settings\Temp\.Sony_PMBrowser1000_BrowserDiskCache
WP32 - Hidden File: C:\Documents and Settings\User\Local Settings\Temp\.Sony_PMBrowser1000_BrowserDiskCache.idx

WP33 - File Type .AVI: [Video Clip]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
WP33 - File Type .BAT: [MS-DOS Batch File]%1 %*
WP33 - File Type .CAB: [WinZip File]C:\PROGRA~1\WINZIP\winzip32.exe %1
WP33 - File Type .CAT: [Security Catalog]rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]C:\WINDOWS\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows NT Command Script]%1 %*
WP33 - File Type .DOC: [Microsoft Word Document]C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE /n /dde
WP33 - File Type .EML: [Internet E-Mail Message]C:\Program Files\Outlook Express\msimn.exe /eml:%1
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]C:\WINDOWS\System32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JScript Script File]f:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe %1
WP33 - File Type .LOG: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*
WP33 - File Type .MSG: [Outlook Item]C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE /f %1
WP33 - File Type .MID: [MIDI Sequence]C:\Program Files\Windows Media Player\wmplayer.exe /Open %L
WP33 - File Type .MP3: [MP3 Format Sound]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L
WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Format]C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE /n /dde
WP33 - File Type .SBS: [Spyware supplemental file]F:\Program Files\Spybot\SpybotSD.exe %1
WP33 - File Type .SCR: [Screen Saver]%1 /S
WP33 - File Type .TXT: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Internet Shortcut]rundll32.exe ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [VBScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host Settings File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .XLS: [Microsoft Excel Worksheet]C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE /e

Memory currently in use: 64%
Physical Memory Free: 369,564 KB
Paging File Free: 1,813,212 KB
Virtual Memory Free: 2,050,300 KB


--
End of file

#4 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:47 PM

Posted 12 January 2008 - 06:50 AM

Hi Moodshijack, :thumbsup:

Could you please download and install the latest version of HijackThis by following the instructions in Step 9 of the Preparation Guide For Use Before Posting A Hijackthis Log.

As you may know the HijackPatrol Logs from WinPatrol ".... aren't exact duplicates of the popular HijackThis log or meant to replace them...."

:blink:

#5 Moodshijack

Moodshijack
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 12 January 2008 - 07:16 AM

I didn't know that my copy was a different version? Sorry.

I downloaded HiJack and followed Step 9.

Thank you for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:16:58 AM, on 1/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
F:\Program Files\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Kaspersky Anti-Virus for Workstation 5\kavmm.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
f:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
F:\Program Files\Kaspersky Anti-Virus for Workstation 5\kwsprod.exe
F:\Program Files\WinPatrol\winpatrol.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
F:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
F:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\devldr32.exe
F:\Program Files\AllTracksGone\alltracksgone.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TechSmith\Jing\Jing.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\Program Files\SnagIt 8\SnagIt32.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
F:\PROGRA~1\MI3AA1~1\rapimgr.exe
F:\Program Files\SnagIt 8\TSCHelp.exe
F:\Program Files\SnagIt 8\SnagPriv.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
F:\Program Files\BroadWorks\bin\BW_Assistant_Enterprise_SP.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
F:\Program Files\HiJackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - F:\Program Files\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - f:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - f:\Program Files\Spybot\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - F:\Program Files\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [KAV50] "F:\Program Files\Kaspersky Anti-Virus for Workstation 5\kwsprod.exe" -run -n Workstation -v 5.0.0.0 -chkss
O4 - HKLM\..\Run: [WinPatrol] F:\Program Files\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] F:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] F:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AllTracksGone] F:\Program Files\AllTracksGone\alltracksgone.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] f:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - Global Startup: SnagIt 8.lnk = F:\Program Files\SnagIt 8\SnagIt32.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Dial - F:\Program Files\BroadWorks\conf\dialIE.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - f:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - f:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - f:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - f:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - f:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://members.harmonyremote.com
O15 - Trusted Zone: *.instanetforms.com
O15 - Trusted Zone: http://www.nwa.com
O15 - Trusted Zone: http://www.realtor.com
O15 - Trusted Zone: *.transactiondesk.com
O15 - ESC Trusted Zone: *.instanetforms.com
O15 - ESC Trusted Zone: *.transactiondesk.com
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://johnboy.instanetforms.com/inet5_doc...D/RCO/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...wlscbase969.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124748982562
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.firsthometour.com/virtual_tours...geUploader4.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - https://www10.wirelesssync.vzw.com/en/SyncInstall.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtech.com/download/files/w...tall/isetup.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://merillat.view22.com/view22/roomapp/View22RTE.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://wsicorporate.webex.com/client/v_myw...bex/ieatgpc.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60/code/iPIX-ImageWell-ipix.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{A74CFF88-B12F-4133-A5F1-1717D03D96A1}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6B00D07-95DC-4993-92CB-9FD6C96F584B}: NameServer = 192.168.1.1
O18 - Protocol: bw+0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Program Files\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IVM Answering Attendant (IVMService) - NCH Software - C:\Program Files\NCH Swift Sound\IVM\ivm.exe
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Kaspersky Lab - F:\Program Files\Kaspersky Anti-Virus for Workstation 5\kavmm.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ThreatFire - PC Tools - f:\Program Files\ThreatFire\TFService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: VRS Recording System (VRSService) - NCH Software - C:\Program Files\NCH Swift Sound\VRS\vrs.exe

--
End of file - 26512 bytes


Gary Moody

#6 Moodshijack

Moodshijack
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 12 January 2008 - 08:07 PM

Falu:

I ran Adaware and Spybot and here is the latest.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:08:26 PM, on 1/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
F:\Program Files\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Kaspersky Anti-Virus for Workstation 5\kavmm.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\System32\svchost.exe
f:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
F:\Program Files\Kaspersky Anti-Virus for Workstation 5\kwsprod.exe
F:\Program Files\WinPatrol\winpatrol.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
F:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
F:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
F:\Program Files\AllTracksGone\alltracksgone.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TechSmith\Jing\Jing.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\Program Files\Spybot\TeaTimer.exe
F:\Program Files\SnagIt 8\SnagIt32.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
F:\PROGRA~1\MI3AA1~1\rapimgr.exe
F:\Program Files\SnagIt 8\TSCHelp.exe
F:\Program Files\SnagIt 8\SnagPriv.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
F:\Program Files\BroadWorks\bin\BW_Assistant_Enterprise_SP.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
F:\Program Files\HiJackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - F:\Program Files\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - f:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - F:\Program Files\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [KAV50] "F:\Program Files\Kaspersky Anti-Virus for Workstation 5\kwsprod.exe" -run -n Workstation -v 5.0.0.0 -chkss
O4 - HKLM\..\Run: [WinPatrol] F:\Program Files\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] F:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] F:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AllTracksGone] F:\Program Files\AllTracksGone\alltracksgone.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] f:\Program Files\Spybot\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] f:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - Global Startup: SnagIt 8.lnk = F:\Program Files\SnagIt 8\SnagIt32.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Dial - F:\Program Files\BroadWorks\conf\dialIE.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - f:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - f:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - f:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - f:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - f:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://members.harmonyremote.com
O15 - Trusted Zone: *.instanetforms.com
O15 - Trusted Zone: http://www.nwa.com
O15 - Trusted Zone: http://www.realtor.com
O15 - Trusted Zone: *.transactiondesk.com
O15 - ESC Trusted Zone: *.instanetforms.com
O15 - ESC Trusted Zone: *.transactiondesk.com
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://johnboy.instanetforms.com/inet5_doc...D/RCO/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...wlscbase969.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124748982562
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.firsthometour.com/virtual_tours...geUploader4.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - https://www10.wirelesssync.vzw.com/en/SyncInstall.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtech.com/download/files/w...tall/isetup.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://merillat.view22.com/view22/roomapp/View22RTE.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://wsicorporate.webex.com/client/v_myw...bex/ieatgpc.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60/code/iPIX-ImageWell-ipix.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{A74CFF88-B12F-4133-A5F1-1717D03D96A1}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6B00D07-95DC-4993-92CB-9FD6C96F584B}: NameServer = 192.168.1.1
O18 - Protocol: bw+0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Program Files\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IVM Answering Attendant (IVMService) - NCH Software - C:\Program Files\NCH Swift Sound\IVM\ivm.exe
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Kaspersky Lab - F:\Program Files\Kaspersky Anti-Virus for Workstation 5\kavmm.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ThreatFire - PC Tools - f:\Program Files\ThreatFire\TFService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: VRS Recording System (VRSService) - NCH Software - C:\Program Files\NCH Swift Sound\VRS\vrs.exe

--
End of file - 26766 bytes

#7 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:47 PM

Posted 16 January 2008 - 04:54 PM

Hi Moodshijack, :thumbsup:

Welcome to BleepingComputer Forums and thanks again for your patience.

1.

I ran Adaware and Spybot and here is the latest.


Of course I understand but it's better just to stick to the instructions I give you.

2. Are you using a firewall? I see nothing in your log that would indicate that you have. I urge you to install one since it's your first defense against malware. There are several good but for free programmes available like:

Comodo Firewall Pro
Online Armor Free edition
Kerio

For a tutorial on Firewalls click: Understanding and Using Firewalls!

3. I notice from your log that you are running two different Anti-Virus programs (ThreatFire and Kaspersky Anti-Virus for Workstation 5) with Auto-protect enabled. Rather than giving you extra protection, this can actually give problems because of incompatibility issues, can even cause BSODs and decrease reliability seriously!

To be clear never have more than one Anti-Virus,Uninstall the other through the Add or Remove Programs option in Control Panel (Start -> Control Panel -> Add/Remove Programs).

4. I see you are running Teatimer. Of course this is very good but now you have to disable it because it can interfere with the changes you'll make on your system. When your log is clean, you can enable it again: I will let you know.

> Run Spybot S&D, go to the Mode menu and select Advanced Mode;
> On the left hand side choose Tools > Resident;
> Uncheck Resident Teatimer and click Ok (close Spybot).

5. You have Logitech Desktop Messenger installed on your computer.
Once a week, when connected to the internet, Logitech Desktop Messenger will automatically connect with Logitech servers to see if there are any new messages for you. It performs this check during idle time to avoid slowing down other applications that may be accessing the Internet.
If there is a message on the server, then Logitech Desktop Messenger will download the message utilizing bandwidth that would otherwise be unused. After the message is downloaded, Logitech Desktop Messenger will wait for one minute of keyboard and mouse inactivity before displaying the message on your screen. I suggest doing all updates yourself and removing this application!
This will not affect any other Logitech software or hardware in any way.

Click on start, then control panel, and then double-click on add/remove programs.
From within add/remove program uninstall the following if they exist by double-clicking on the following entries:

Logitech Desktop Messenger
Logitech Harmony Remote


6. Run HijackThis, click Scan and checkmark the following entries:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


I am a big believer in having nothing in your trusted sites. The only advantage to have a domain in your trusted sites, is that it wont prompt you when installing software. This also means, that if a new exploit comes out where a site can spoof their domain to one that matches one in your trusted sites, then you will never know when they install software on your machine.
As these sites will still be able to install the software on your machine, even if you dont have the O15 entries, by just hitting yes to the prompt, I suggest leaving those empty. If you agree check the following entries as well:

O15 - Trusted Zone: http://members.harmonyremote.com
O15 - Trusted Zone: *.instanetforms.com
O15 - Trusted Zone: http://www.nwa.com
O15 - Trusted Zone: http://www.realtor.com
O15 - Trusted Zone: *.transactiondesk.com
O15 - ESC Trusted Zone: *.instanetforms.com
O15 - ESC Trusted Zone: *.transactiondesk.com

Close all browsers and windows, except for HijackThis and click the Fix Checked button; close HijackThis!

7. Download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

8. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 4...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Plattform: "Windows".
  • Select your Language: "English".
  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • Click "Continue".
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.
9. Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts. If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your next reply. If you have any problems with the logs, both can be found in C:\Deckard\System Scanner.
10. Run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

Please reboot and post the F-Secure report along with DSS main/extra logs.

#8 Moodshijack

Moodshijack
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 19 January 2008 - 06:56 AM

Falu - THANK YOU.

Here are the files as you requested.

Gary



--------------------------------------- main.txt ---------------------------------------

Deckard's System Scanner v20071014.68
Run by User on 2008-01-18 17:18:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
7: 2008-01-18 22:18:32 UTC - RP1781 - Deckard's System Scanner Restore Point
6: 2008-01-18 22:13:03 UTC - RP1780 - Installed Java™ 6 Update 4
5: 2008-01-18 21:49:12 UTC - RP1779 - Installed Java™ SE Development Kit 6 Update 4
4: 2008-01-18 21:09:01 UTC - RP1778 - Software Distribution Service 3.0
3: 2008-01-18 20:57:23 UTC - RP1777 - Removed Logitech Harmony Remote Software 7


-- First Restore Point --
1: 2008-01-18 11:34:12 UTC - RP1775 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as User.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:21:19 PM, on 1/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
F:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
F:\Program Files\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Kaspersky Anti-Virus for Workstation 5\kavmm.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
F:\Program Files\Kaspersky Anti-Virus for Workstation 5\kwsprod.exe
C:\WINDOWS\system32\devldr32.exe
F:\Program Files\WinPatrol\winpatrol.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
F:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
F:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
F:\Program Files\AllTracksGone\alltracksgone.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TechSmith\Jing\Jing.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\PROGRA~1\MI3AA1~1\rapimgr.exe
F:\Program Files\SnagIt 8\SnagIt32.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
F:\Program Files\SnagIt 8\TSCHelp.exe
F:\Program Files\SnagIt 8\SnagPriv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\H1J930Z6\dss[1].exe
F:\PROGRA~1\HIJACK~1\User.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - F:\Program Files\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - f:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - F:\Program Files\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [KAV50] "F:\Program Files\Kaspersky Anti-Virus for Workstation 5\kwsprod.exe" -run -n Workstation -v 5.0.0.0 -chkss
O4 - HKLM\..\Run: [WinPatrol] F:\Program Files\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] F:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] F:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [AllTracksGone] F:\Program Files\AllTracksGone\alltracksgone.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - Global Startup: SnagIt 8.lnk = F:\Program Files\SnagIt 8\SnagIt32.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - f:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - f:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...wlscbase969.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124748982562
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.firsthometour.com/virtual_tours...geUploader4.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - https://www10.wirelesssync.vzw.com/en/SyncInstall.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtech.com/download/files/w...tall/isetup.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://merillat.view22.com/view22/roomapp/View22RTE.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60/code/iPIX-ImageWell-ipix.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{A74CFF88-B12F-4133-A5F1-1717D03D96A1}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6B00D07-95DC-4993-92CB-9FD6C96F584B}: NameServer = 192.168.1.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Program Files\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IVM Answering Attendant (IVMService) - NCH Software - C:\Program Files\NCH Swift Sound\IVM\ivm.exe
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Kaspersky Lab - F:\Program Files\Kaspersky Anti-Virus for Workstation 5\kavmm.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: VRS Recording System (VRSService) - NCH Software - C:\Program Files\NCH Swift Sound\VRS\vrs.exe

--
End of file - 12551 bytes

-- HijackThis Fixed Entries (F:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20050322-231126-970 O17 - HKLM\System\CCS\Services\Tcpip\..\{A74CFF88-B12F-4133-A5F1-1717D03D96A1}: NameServer = 192.168.1.1
backup-20080118-155949-618 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080118-155949-839 O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
backup-20080118-155949-922 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20080118-160214-111 O15 - Trusted Zone: *.transactiondesk.com
backup-20080118-160214-289 O15 - Trusted Zone: http://www.realtor.com
backup-20080118-160214-300 O15 - Trusted Zone: *.instanetforms.com
backup-20080118-160214-378 O15 - ESC Trusted Zone: *.instanetforms.com
backup-20080118-160214-382 O15 - Trusted Zone: http://members.harmonyremote.com
backup-20080118-160214-474 O15 - Trusted Zone: http://www.nwa.com
backup-20080118-160214-577 O15 - ESC Trusted Zone: *.transactiondesk.com
backup-20080118-160632-291 O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - f:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
backup-20080118-160632-596 O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] f:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
backup-20080118-160708-110 O18 - Protocol: bwv0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-126 O18 - Protocol: bw80 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-134 O18 - Protocol: bwa0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-137 O18 - Protocol: bwk0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-139 O18 - Protocol: bwi0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-146 O18 - Protocol: bw+0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-148 O18 - Protocol: bws0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-149 O18 - Protocol: bwf0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-167 O18 - Protocol: bwu0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-168 O18 - Protocol: bw60 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-200 O18 - Protocol: bw30s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-214 O18 - Protocol: bwx0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-225 O18 - Protocol: bwz0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-240 O18 - Protocol: bwm0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-243 O18 - Protocol: bw90s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-249 O18 - Protocol: bw00 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-258 O18 - Protocol: bw70 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-262 O18 - Protocol: bw40 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-288 O18 - Protocol: bwj0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-289 O18 - Protocol: bwx0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-322 O18 - Protocol: bwp0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-346 O18 - Protocol: bwp0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-358 O18 - Protocol: bw60s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-366 O18 - Protocol: bw-0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-384 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-390 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
backup-20080118-160708-393 O18 - Protocol: bwo0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-399 O18 - Protocol: bwf0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-403 O18 - Protocol: bw20 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-406 O18 - Protocol: bwz0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-416 O18 - Protocol: bw-0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-427 O18 - Protocol: bwe0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-431 O18 - Protocol: bwi0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-438 O18 - Protocol: bwy0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-441 O18 - Protocol: bww0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-462 O18 - Protocol: bwy0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-486 O18 - Protocol: bw80s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-507 O18 - Protocol: bwq0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-540 O18 - Protocol: bwb0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-544 O18 - Protocol: bw10 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-546 O18 - Protocol: bw40s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-548 O18 - Protocol: bwv0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-562 O18 - Protocol: bwd0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-566 O18 - Protocol: bwe0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-571 O18 - Protocol: bwr0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-601 O18 - Protocol: bw00s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-634 O18 - Protocol: bwj0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-643 O18 - Protocol: bwm0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-644 O18 - Protocol: bw+0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-650 O18 - Protocol: bws0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-654 O18 - Protocol: bwt0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-656 O18 - Protocol: bwn0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-658 O18 - Protocol: bwh0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-686 O18 - Protocol: bwl0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-694 O18 - Protocol: bwg0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-713 O18 - Protocol: bwb0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-742 O18 - Protocol: bwk0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-754 O18 - Protocol: bwc0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-765 O18 - Protocol: bwg0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-774 O18 - Protocol: bwl0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-786 O18 - Protocol: bwc0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-815 O18 - Protocol: bwu0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-818 O18 - Protocol: bwh0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-824 O18 - Protocol: bw70s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-842 O18 - Protocol: bwr0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-850 O18 - Protocol: bwd0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-863 O18 - Protocol: bwq0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-873 O18 - Protocol: bw90 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-875 O18 - Protocol: bw20s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-902 O18 - Protocol: bwn0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-917 O18 - Protocol: bwo0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-924 O18 - Protocol: offline-8876480 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-931 O18 - Protocol: bwa0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-932 O18 - Protocol: bwt0s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-959 O18 - Protocol: bw50 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-968 O18 - Protocol: bww0 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-976 O18 - Protocol: bw30 - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-982 O18 - Protocol: bw10s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
backup-20080118-160708-987 O18 - Protocol: bw50s - {0EFA57C2-2967-43FF-8926-CAE882281919} - f:\Program Files\Harmony\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - f:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "f:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Klmc - c:\windows\system32\drivers\klmc.sys <Not Verified; Kaspersky Lab; Kaspersky Anti-Virus 5.0 for Windows Workstations>
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>

S0 IFP700 (iRiver Internet Audio Player IFP-700) - c:\windows\system32\drivers\ifp700.sys (file missing)
S0 IFP800 (iriver Internet Audio Player IFP-800) - c:\windows\system32\drivers\ifp800.sys (file missing)
S1 WinRTUSB (Sony HandyCam Update System USB Driver) - c:\windows\system32\drivers\winrtusb.sys <Not Verified; BSQUARE CORPORATION; WinRT for USB>
S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>
S3 PalmUSBD - c:\windows\system32\drivers\palmusbd.sys (file missing)
S3 SQTECH913D (913D Camera) - c:\windows\system32\drivers\capt913d.sys <Not Verified; Service & Quality Technology.; SQ913D>
S3 sscdbus (SAMSUNG USB Composite Device driver (WDM)) - c:\windows\system32\drivers\sscdbus.sys <Not Verified; MCCI; SAMSUNG USB Composite Device>
S3 sscdmdm (SAMSUNG CDMA Modem Drivers) - c:\windows\system32\drivers\sscdmdm.sys <Not Verified; MCCI; SAMSUNG CDMA Modem>
S3 TSP - c:\windows\system32\drivers\klif.sys <Not Verified; Kaspersky Labs; KLIF>
S3 WWLTECH3241 (WWL 503 Digital Camera) - c:\windows\system32\drivers\capt3241.sys <Not Verified; WWL; SQ915D>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AdobeActiveFileMonitor4.0 (Adobe Active File Monitor V4) - f:\program files\photoshop elements 4.0\photoshopelementsfileagent.exe
R2 KLBLMain (Kaspersky Anti-Virus Service) - "f:\program files\kaspersky anti-virus for workstation 5\kavmm.exe" -run bl -n workstation -v 5.0.0.0 -ttsr 10000000 <Not Verified; Kaspersky Lab; Kaspersky Anti-Virus 5.0 for Windows Workstations>

S3 IVMService (IVM Answering Attendant) - "c:\program files\nch swift sound\ivm\ivm.exe" -service <Not Verified; NCH Software; >
S3 KodakCCS (Kodak Camera Connection Software) - c:\windows\system32\drivers\kodakccs.exe (file missing)
S3 VRSService (VRS Recording System) - "c:\program files\nch swift sound\vrs\vrs.exe" -service <Not Verified; NCH Software; >
S4 TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - f:\program files\tuneup utilities 2004\winstylerthemesvc.exe <Not Verified; TuneUp Software GmbH; TuneUp Utilities>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: C-Media AC97 Audio Device
Device ID: PCI\VEN_10DE&DEV_006A&SUBSYS_414410DE&REV_A1\3&13C0B0C5&0&30
Manufacturer: C-Media
Name: C-Media AC97 Audio Device
PNP Device ID: PCI\VEN_10DE&DEV_006A&SUBSYS_414410DE&REV_A1\3&13C0B0C5&0&30
Service: cmuda


-- Scheduled Tasks -------------------------------------------------------------

2008-01-18 16:32:24 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-01-18 03:00:00 386 --a------ C:\WINDOWS\Tasks\SyncToy.job
2008-01-10 17:15:03 434 --a------ C:\WINDOWS\Tasks\EasyShare Registration Task.job


-- Files created between 2007-12-18 and 2008-01-18 -----------------------------

2008-01-18 17:14:06 0 d-------- C:\Program Files\Sun
2008-01-18 16:44:01 0 d-------- C:\Documents and Settings\User\.SunDownloadManager
2008-01-10 21:56:22 0 d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-12-25 14:49:11 0 d-------- C:\Program Files\APTE Software
2007-12-25 14:42:59 29522 --a------ C:\WINDOWS\system32\drivers\Capt913d.sys <Not Verified; Service & Quality Technology.; SQ913D>
2007-12-25 14:42:59 24363 --a------ C:\WINDOWS\system32\drivers\Camd913d.sys <Not Verified; Service & Quality Technology.; SQ913D>


-- Find3M Report ---------------------------------------------------------------

2008-01-18 17:13:55 0 d-------- C:\Program Files\Java
2008-01-18 15:57:34 0 d-------- C:\Program Files\Common Files
2008-01-18 15:56:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-18 12:04:10 0 d-------- C:\Program Files\LogMeIn
2008-01-11 17:09:03 0 d-------- C:\Program Files\NCH Swift Sound
2008-01-06 19:18:43 0 d-------- C:\Program Files\Microsoft Silverlight
2007-12-18 14:20:14 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-16 12:03:29 0 d-------- C:\Program Files\Google
2007-12-16 00:52:14 0 d-------- C:\Documents and Settings\User\Application Data\Wootalyzer
2007-12-09 11:00:11 0 d-------- C:\Documents and Settings\User\Application Data\NCH Swift Sound
2007-12-01 17:22:19 0 d-------- C:\Program Files\Dvd-cloner
2007-12-01 03:11:22 0 d-------- C:\Program Files\Windows Live Toolbar
2007-12-01 03:10:10 0 d-------- C:\Program Files\Windows Live Favorites
2007-11-28 07:18:30 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-25 19:53:22 0 d-------- C:\Program Files\TrendyFlash Site Builder
2007-11-25 19:49:12 0 d-------- C:\Program Files\TrendyFlash Intro Builder
2007-11-25 19:44:19 0 d-------- C:\Program Files\TrendyFlash Intro Builder Trial
2007-11-15 21:20:09 13235 --a------ C:\logfile
2007-10-19 19:56:16 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-10-19 19:54:28 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-10-19 19:54:28 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-10-19 19:54:12 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-10-19 19:54:12 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-10-19 19:54:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-10-19 19:54:10 739840 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-10-18 04:02:34 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [05/15/2003 03:41 PM]
"KAV50"="F:\Program Files\Kaspersky Anti-Virus for Workstation 5\kwsprod.exe" [08/29/2005 05:38 PM]
"WinPatrol"="F:\Program Files\WinPatrol\winpatrol.exe" [10/26/2007 11:06 AM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [04/17/2007 01:03 PM]
"TrueImageMonitor.exe"="F:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [09/14/2007 01:52 AM]
"AcronisTimounterMonitor"="F:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [09/14/2007 02:02 AM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [09/14/2007 01:55 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/19/2006 09:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [12/14/2007 03:42 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AllTracksGone"="F:\Program Files\AllTracksGone\alltracksgone.exe" [02/28/2005 11:37 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"H/PC Connection Agent"="F:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [11/13/2006 12:39 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/23/2007 08:53 AM]
"Jing"="C:\Program Files\TechSmith\Jing\Jing.exe" [12/17/2007 01:34 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SnagIt 8.lnk - F:\Program Files\SnagIt 8\SnagIt32.exe [5/1/2007 10:11:48 AM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 2:40:46 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
"NoLogoff"=0 (0x0)
"NoWindowsUpdate"=0 (0x0)
"StartMenuLogOff"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 02:39 PM 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 11/21/2007 09:48 PM 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KLBLMain]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON PictureMate]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O5 "LPT1:" /M "PictureMate"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iRiver Updater]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
f:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TUWinStylerThemeSvc"=3 (0x3)
"MDM"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"iPodService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe




-- Hosts -----------------------------------------------------------------------

192.168.1.145 HP000D9D0A1B9E


-- End of Deckard's System Scanner: finished at 2008-01-18 17:23:26 ------------

--------------------------------------- extra.txt ---------------------------------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 3000+
Percentage of Memory in Use: 61%
Physical Memory (total/avail): 1023.48 MiB / 395.14 MiB
Pagefile Memory (total/avail): 2462.06 MiB / 1959.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1919.39 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 41.92 GiB total, 19.85 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 38.33 GiB total, 12.77 GiB free.
H: is CDROM (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
L: is Removable (No Media)

\\.\PHYSICALDRIVE1 - IC35L040AVVN07-0 - 38.34 GiB - 1 partition
\PARTITION0 - Extended w/Extended Int 13 - 38.33 GiB - F:

\\.\PHYSICALDRIVE0 - ITE Disk Array 0 SCSI Disk Device - 41.93 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 41.92 GiB - C:

\\.\PHYSICALDRIVE2 - AFT PRO - 9 CF USB Device

\\.\PHYSICALDRIVE5 - AFT PRO - 9 MS USB Device

\\.\PHYSICALDRIVE3 - AFT PRO - 9 SD USB Device

\\.\PHYSICALDRIVE4 - AFT PRO - 9 SM/XD USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

AV: Kaspersky Anti-Virus 5.0 for Windows Workstations v5.0.228 (Kaspersky Lab)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\Program Files\\Harmony\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="F:\\Program Files\\Harmony\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"F:\\Program Files\\Logitech\\Harmony Remote\\HarmonyClient"="F:\\Program Files\\Logitech\\Harmony Remote\\HarmonyClient:*:Enabled:Logitech Harmony Remote Software V5"
"F:\\Program Files\\Logitech\\Harmony Remote\\PatchHelper.exe"="F:\\Program Files\\Logitech\\Harmony Remote\\PatchHelper.exe:*:Enabled:Remote Control Software Patch Helper"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\\Program Files\\Harmony\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="F:\\Program Files\\Harmony\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"C:\\Program Files\\LogMeIn\\LogMeIn.exe"="C:\\Program Files\\LogMeIn\\LogMeIn.exe:*:Enabled:LogMeIn.exe"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Disabled:Google Talk"
"F:\\Program Files\\Logitech\\Harmony Remote\\HarmonyClient"="F:\\Program Files\\Logitech\\Harmony Remote\\HarmonyClient:*:Disabled:Logitech Harmony Remote Software V5"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"F:\\Program Files\\Logitech\\Harmony Remote\\PatchHelper.exe"="F:\\Program Files\\Logitech\\Harmony Remote\\PatchHelper.exe:*:Disabled:Remote Control Software Patch Helper"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Disabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"F:\\Program Files\\NewsBin\\nbpro.exe"="F:\\Program Files\\NewsBin\\nbpro.exe:*:Enabled:Newsbin"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"f:\\Program Files\\IBP 9\\IBP.exe"="f:\\Program Files\\IBP 9\\IBP.exe:*:Enabled:Internet Business Promoter (IBP)"
"F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"F:\\Program Files\\Skype\\Phone\\Skype.exe"="F:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"F:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="F:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\User\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=EPCOT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\User
LOGONSERVER=\\EPCOT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\Program Files\Microsoft Office\OFFICE11\;f:\program files\imagemagick;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adobe\AGL;F:\Program Files\QuickTime\QTSystem\;f:\Program Files\IsoBuster
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\User\LOCALS~1\Temp
TMP=C:\DOCUME~1\User\LOCALS~1\Temp
USERDOMAIN=EPCOT
USERNAME=User
USERPROFILE=C:\Documents and Settings\User
WecVersionForRosebud.9AC=2
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

User (admin)
LogMeInRemoteUser (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\ITE Raid Driver Setup\Uninst.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Silicon Image Raid\Uninst.isu"
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> f:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> MsiExec.exe /I{C98E5F1B-5C2B-4FD1-BDF9-F3779DCAAA16}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\Setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B7A778E-AF38-4341-9EA0-1FC981106ADA}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B7A778E-AF38-4341-9EA0-1FC981106ADA}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1299C800-5C3B-4300-8686-9BA46748FB8F}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CA432A0-DBC7-4C5D-A6B6-5DF0E2E44BB0}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67FAB34C-7D8D-46A4-9CE4-E94B808ABD6A}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9225EABF-4457-403B-A82B-91614C9DDDF7}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADEF1025-6D3B-485C-9AC9-1A2D81665B7F}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9EFF51A-C925-4F1A-9DEB-DB5F970DE983}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E8581ECC-8BEA-4E91-AB5E-587654EBB2A7}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E9CCEA28-3608-4078-8A07-997646E1A357}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD7FF74D-0AB5-48D6-929C-7E93A5162521}\setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
913D Camera --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B0A5E43A-DBDE-4C9B-BCC5-689CED407B4D}\Setup.exe" -l0x9
AAA Logo 1.0 --> "f:\Program Files\AAALOGO\unins000.exe"
Acronis True Image Home --> MsiExec.exe /X{E5343B27-55DF-40BD-9FCF-A643C1331E8A}
Ad-Aware 2007 --> MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244}
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 6.0.1 Professional --> MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe Acrobat and Reader 6.0.3 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
Adobe Acrobat and Reader 6.0.4 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000604}
Adobe Acrobat and Reader 6.0.5 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000605}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop Elements 4.0 --> msiexec /I {EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}
Adobe Premiere Elements 1.0 --> msiexec /I {6CCDF4E6-D2AE-4DD8-80FD-F9AFF951AEAE}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{47813E93-F2A0-484A-838E-47EC1B28D190}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{BC467935-A9A5-4D0F-BD89-94F36CDF0524}
Allofmp3 Explorer --> F:\PROGRA~1\Allofmp3\UNWISE.EXE F:\PROGRA~1\Allofmp3\INSTALL.LOG
AllTracksGone 2005 Privacy Cop --> "f:\Program Files\AllTracksGone\unins000.exe"
allTunes --> F:\PROGRA~1\allTunes\UNWISE.EXE F:\PROGRA~1\allTunes\INSTALL.LOG
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVS DVDMenu Editor 1.2.1.19 --> "C:\Program Files\Common Files\AVSMedia\AVS DVDMenu Editor\unins000.exe"
AVS Video Tools 5.6 --> "f:\Program Files\AVSMedia\VideoTools\unins000.exe"
Basic Design Template --> MsiExec.exe /I{E05CE6CE-F3FD-46FB-9C2D-568D0A91A24A}
Bejeweled 2 Deluxe 1.0 --> C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log"
Blurb BookSmart 1.2 --> f:\Program Files\BookSmart\uninstall.exe
BroadWorks Assistant - Enterprise RC v13.0.26.1 --> MsiExec.exe /X{4B842A68-42C5-4CBB-9952-39BC078CCD73}
C-Media WDM Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CD/DVD Jewel Case and Label Creator --> F:\PROGRA~1\CDLabel\UNWISE.EXE F:\PROGRA~1\CDLabel\INSTALL.LOG
ChristmasTheme --> MsiExec.exe /X{7523F68F-3DA4-452A-A17F-4AF55A8A25BB}
Cloudmark Desktop for Microsoft Outlook --> MsiExec.exe /X{5FD3FC47-6749-46C9-9246-5DD7C3342809}
CoffeeCup Google SiteMapper --> F:\COFFEE~1\COFFEE~1\UNWISE.EXE F:\COFFEE~1\COFFEE~1\sitemapper.log
CoffeeCup Password Wizard --> F:\PROGRA~1\COFFEE~1\COFFEE~1\UNWISE.EXE F:\PROGRA~1\COFFEE~1\COFFEE~1\INSTALL.LOG
Color LaserJet 2600n --> C:\Program Files\Zenographics\{D73009C5-7449-4EA8-88A1-0E26FB40874C}\setup.exe -u "HPCLJKCInstaller.dll=CLJ2600.INF"
CommentKahuna --> MsiExec.exe /I{F85C7360-582E-4EB8-824B-5B2FBB2BB7FE}
Creative Mass Storage Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\Setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative WebCam Pro Driver (1.02.02.0523) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script Pd1030.uns -unsext NT -plugin P1030Pin.dll -pluginres P1030Pin.crl
Creative Zen Nano Plus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA63612E-0458-416A-ADCD-B2349194F20F}\SETUP.EXE" -l0x9 /remove
Digital-Camera Driver --> C:\Program Files\InstallShield Installation Information\{b0334556-7316-4c5f-9cf1-c9ff01d3bb10}\setup.exe
Diji Album --> "f:\Program Files\Diji Album\unins000.exe"
DiscWizard for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}\Setup.exe"
DIV Calculator --> F:\PROGRA~1\DIV\CALCUL~1\UNWISE.EXE F:\PROGRA~1\DIV\CALCUL~1\INSTALL.LOG
DivX Codec --> f:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> f:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> f:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> f:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> f:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD-CLONER V4.60 Build 924 --> "f:\Program Files\Dvd-cloner\unins000.exe"
DVD-CLONER V5.00 Build 960 --> "C:\Program Files\Dvd-cloner\unins000.exe"
DVD-to-AVI 3.00 Build 806 --> "f:\Program Files\DVD-to-AVI\unins000.exe"
DVD-to-MPEG 3.00 Build 806 --> "f:\Program Files\DVD-to-MPEG\unins000.exe"
DVD-to-SVCD 3.00 Build 805 --> "f:\Program Files\DVD-to-SVCD\unins000.exe"
Easy Thumbnails (Remove only) --> "f:\Program Files\Easy Thumbnails\unins000.exe"
EasyCleaner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
eFax Messenger 4.3 --> C:\Program Files\eFax Messenger 4.3\Uninstall.exe
Enable S3 for USB Device --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Enable S3 for USB Device\Uninst.isu"
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
eSATA300 TX2 Windows Driver 1.0.0260.38 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8014763A-94BD-4CC3-8F86-35BD73C127B9}\setup.exe" -l0x9 -removeonly
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
FileAlyzer --> "f:\Program Files\FileAlyzer\unins000.exe"
FileZilla Client 3.0.0-beta11 --> f:\Program Files\FileZilla\uninstall.exe
Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}
Free-Plan --> F:\PROGRA~1\FREEPLAN\UNWISE.EXE F:\PROGRA~1\FREEPLAN\INSTALL.LOG
FrontLook Page Effects Core Files --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\DPA Software\FrontLookFX\FLFXCoreUninst.isu"
FrontLook Page Effects Files --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\DPA Software\FrontLookFX\PFXUninst.isu"
FrontLook SuperThemes Best of Paul #3 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\DPA Software\SuperThemes\STBOP3Uninst.isu"
FrontLook SuperThemes Browser Files --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\DPA Software\SuperThemes\STCoreUninst.isu"
FW LiveUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2BA2267-91BD-4F3E-90D6-8EBC6127080D}\setup.exe" -l0x9 -removeonly
Games Add-in for Windows Live® Toolbar --> MsiExec.exe /I{C1E26BDC-5299-4F0E-969A-BDD60B3B93B1}
Garmin USB Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C24C3F25-CC7F-41D5-B03D-24F8059BABAD}\setup.exe" -l0x9 AddRemove
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Toolbar for Internet Explorer --> MsiExec.exe /X{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Video Viewer 1.0 (based on VLC 0.8.2 Player) --> C:\Program Files\GoogleVideoViewer\VLC\uninstall.exe
GoToMeeting 2.0.0.127 --> C:\Program Files\Citrix\GoToMeeting\127\G2MInstaller.exe /uninstall
GPS Image Tracker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE35B247-F872-4FFD-BCD1-1970C7E86C84}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Hide My Files 1.0 --> "f:\Program Files\Hide My Files\unins000.exe"
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "F:\Program Files\HiJackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Driver Diagnostics --> MsiExec.exe /I{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}
HP Extended Capabilities 4.7 --> F:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7 --> F:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7 --> "F:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Hummingbird FTP 10 --> MsiExec.exe /I{27B2FC9F-27E4-499C-AD69-D1D269D8EFFC}
IBP 9.2 --> "f:\Program Files\IBP 9\unins000.exe"
ieSpell --> "f:\Program Files\ieSpell\uninst.exe"
ImageMagick 6.3.4-7 Q16 (06/15/07) --> "f:\Program Files\ImageMagick\unins000.exe"
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
Ipswitch WS_FTP Home 2007 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11DE2361-9F73-47B3-B638-2F267927E307}\setup.exe" -l0x9 -removeonly
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
IsoBuster 2.2 --> "f:\Program Files\IsoBuster\Uninst\unins000.exe"
IVM Answering Attendant --> C:\Program Files\NCH Swift Sound\IVM\uninst.exe
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java DB 10.3.1.4 --> MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ SE Development Kit 6 Update 4 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160040}
Jing --> MsiExec.exe /I{50185758-ABE7-4845-98DA-F463744B6E4D}
Kaspersky Anti-Virus 5.0 for Windows Workstations --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{90467142-F6B5-48B5-9A46-AFE61C4598CA}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0002_b5e56\Setup.exe /APR-REMOVE
LabelCreator Pro Trial --> MsiExec.exe /X{C8824683-0BB0-40E9-8022-0A4578569154}
Lizardtech Express View Browser Plug-in --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchiSetup -ether"C:\Program Files\InstallShield Installation Information\{4F8D44E7-3F47-4002-AE6A-BCB6A46A1788}" -l0x9
LogMeIn --> MsiExec.exe /I{FCD06104-04F6-45AA-886B-0FB75C7EED3D}
Lookout --> "f:\Program Files\Lookout\UninstallLookout.exe"
Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Magic Ball --> "C:\Program Files\Oberon Media\Magic Ball\Uninstall.exe" "C:\Program Files\Oberon Media\Magic Ball\install.log"
Magic Button --> F:\Program Files\ActiveSync\Magic Button\Uninstall.exe Magic Button
Magic Vines --> "f:\Program Files\Magic Vines v1\unins000.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Mazaika v.2.4 --> "f:\Program Files\Mazaika24\Uninstall.exe" "f:\Program Files\Mazaika24\install.log"
Messenger Plus! 3 --> "f:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Carioca Rummy --> MsiExec.exe /I{924CCB82-8E0A-4123-B33B-AFDDCF0AFC8F}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Live Meeting 2005 --> MsiExec.exe /I{FFA2B2B6-3BDE-4728-B404-A16E0F853F6A}
Microsoft Office Outlook 2003 Calendar Views Add-in --> MsiExec.exe /I{8DB2C22D-A23A-4C0E-9A56-7D10440B9B40}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{90120409-6000-11D3-8CFE-0150048383C9}
Microsoft Ree Ree Khao San Pack --> MsiExec.exe /X{CE78496E-7E42-45A7-91AE-7A349C97C7E9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Streets and Trips 2004 --> MsiExec.exe /I{8704D51E-25B7-4F23-81E7-AA4F54790210}
Microsoft Student Graphing Calculator --> MsiExec.exe /I{06043840-7A70-4AC6-9340-2EB7E1486914}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Theme Nunavut --> MsiExec.exe /X{047815FB-4E38-42D5-95CB-8A131DDD8668}
Microsoft Windows Theme Ontario --> MsiExec.exe /X{9757283E-3FCA-4F3D-9257-928859318E55}
Microsoft WSE 3.0 Runtime --> MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mozilla Firefox (2.0.0.11) --> F:\Program Files\FireFox\uninstall\helper.exe
MSN Money Toolbar Add-in --> MsiExec.exe /I{8DD01BB5-720A-4161-9A59-8450597FA9AC}
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
My Sirius Studio --> f:\Program Files\Sirius\MySiriusStudio\Uninstall.exe
Nero 6 Ultra Edition --> f:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NetAlyzer 0.3 --> "f:\Program Files\NetAlyzer\unins000.exe"
netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NewsBin Pro V5 --> f:\Program Files\NewsBin\uninst.exe
Nuclear Coffee - VideoGet 2.0.2.26 Trial --> "F:\Program Files\VideoGet\uninstall.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvuaudio.exe UninstallGUI
NVIDIA System Utility --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{6D7D3A9A-4972-4DDE-B4EF-08B2D44D939D}
overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Pagis Viewer 2.0 --> C:\WINDOWS\IsUninst.exe -f"f:\Program Files\XIF Viewer\Uninst.isu"
PayPal Payment Request Wizard (for Outlook) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{302E6499-5A2F-4CFA-BB5F-6F31707C7AEE}\Setup.exe" -l0x9
Pegasus Imaging Corp. "The JPEG Wizard2" --> F:\PROGRA~1\JPEGWI~1\UNWISE.EXE F:\PROGRA~1\JPEGWI~1\INSTALL.LOG
Picasa 2 --> "f:\Program Files\Picasa2\Uninstall.exe"
PokerStars --> f:\Program Files\PokerStars\Uninstall.EXE /u:"PokerStars"
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}
Power Mp3 Editor 2004 --> "f:\Program Files\Power Mp3 Editor 2004\unins000.exe"
Print Server Driver --> C:\WINDOWS\IsUninst.exe -f"f:\Program Files\Print Server\PTP\Uninst.isu"
PuTTY version 0.60 --> "f:\Program Files\PuTTY\unins000.exe"
Puzzle Inlay --> F:\PROGRA~1\PUZZLE~2\UNWISE.EXE F:\PROGRA~1\PUZZLE~2\INSTALL.LOG
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
Quicken Legal Business Pro 2008 --> C:\WINDOWS\unvise32.exe f:\Program Files\Quicken Legal Business Pro 2008\uninstal.log
QuickPar 0.9 --> f:\Program Files\QuickPar\uninst.exe
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
RegAlyzer --> "f:\Program Files\RegAlyzer\unins000.exe"
Remove Hidden Data Tool --> MsiExec.exe /X{90F80409-6000-11D3-8CFE-0150048383C9}
SAMSUNG CDMA Modem Driver Set --> C:\Program Files\SAMSUNG\SAMSUNG CDMA Modem\SSCDUninstall.exe
ServiceProvider --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB411FB3-0E96-4622-84AF-22551967D070}\setup.exe"
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SharpReader 0.9.6.0 --> "f:\Program Files\SharpReader\unins000.exe"
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001 --> MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Skype 3.0 --> "f:\Program Files\Skype\Phone\unins000.exe"
Skype add-on for IE --> rundll32 "f:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll",FriendlyUnregisterServer 0
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Smile Loader --> C:\WINDOWS\IsUninst.exe -f"f:\Program Files\SmileLoader\Uninst.isu"
SnagIt 8 --> MsiExec.exe /I{A900E37C-AAE3-44FB-8EE7-7E61F7087CE7}
SnagIt 8 --> MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
Sonic UDF Reader --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
SopCast 2.0.4 --> f:\Program Files\SopCast\uninst.exe
SpeechRedist --> MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
Spybot - Search & Destroy --> "f:\Program Files\Spybot\unins001.exe"
Spybot - Search & Destroy 1.4 --> "f:\Program Files\Spybot\unins000.exe"
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Studio 9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x9 UNINSTALL
Sunbelt CounterSpy --> MsiExec.exe /I{0AD5AD99-6172-4385-8765-385FBE3A1013}
Swiff Player 1.1 --> "f:\Program Files\Swiff Player\unins000.exe"
SyncToy 2.0 Beta --> MsiExec.exe /I{F3666943-0411-41D1-8015-8B572B6E91A7}
Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{47FBF7F9-FBD3-43EF-823B-7684D56C1962}
The Logo Creator v4 --> C:\WINDOWS\unvise32.exe f:\Program Files\The Logo Creator\uninstal.log
Time Zone Data Update Tool for Microsoft Office Outlook --> MsiExec.exe /X{95120000-0038-0409-0000-0000000FF1CE}
ToolbarBrowser v2.4 --> "C:\Program Files\TRELLIAN\Toolbar\unToolbarBrowser\unins000.exe"
tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Trellian SEO Toolkit v2.0 --> "F:\Program Files\Trellian\unins000.exe"
Trellian SubmitWolf v7.0 --> "f:\Program Files\SubmitWolf\unins000.exe"
Trendyflash Intro Builder --> MsiExec.exe /I{4A6AD9D5-555C-4D23-B1B7-97ACB15B7850}
Trendyflash Site Builder --> MsiExec.exe /I{A143CD52-E5F2-4D22-BE0C-705CAFEDA780}
Trillian --> f:\Program Files\Trillian\trillian.exe /uninstall
TuneUp Utilities 2004 --> MsiExec.exe /I{2C3738C9-56FA-410A-BCB5-79C5DFD238F0}
Turbo Lister --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{99CC78D1-2356-497C-84C1-F239884001EC}
Turbo Lister 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
Turbo Pizza --> "C:\Program Files\MSN Games\Turbo Pizza\Uninstall.exe" "C:\Program Files\MSN Games\Turbo Pizza\install.log"
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Tweaking Toolbox XP --> "f:\Program Files\Tweaking Toolbox XP\unins000.exe"
Unreal Tournament 2004 --> F:\UT2004\System\Setup.exe uninstall "UT2004"
UT2004 Editor's Choice Edition Mod Installer --> MsiExec.exe /I{88D5B052-13BF-44FE-8C17-AC416B323BFE}
UVU Media Player --> MsiExec.exe /X{655FA132-273C-4E0A-B654-98D27485910C}
VideoEgg Publisher --> C:\Documents and Settings\User\Application Data\VideoEgg\Uninstall.exe
VIGOS Gsitemap 0.97a --> "f:\Program Files\VIGOS Gsitemap 0.97a\unins000.exe"
VIGOS Website Analyzer --> "f:\Program Files\Website Analyzer\unins000.exe"
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
VRS Recording System --> C:\Program Files\NCH Swift Sound\VRS\uninst.exe
Web CEO 6.0 --> "f:\Program Files\Web CEO\Uninstall\unins000.exe"
Web Designers Toolkit with Menu Ex --> "f:\Program Files\Web Designers Toolkit with Menu Ex\unins000.exe"
WebEx --> C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Desktop Search 3.01 --> MsiExec.exe /X {E72019B8-1287-4093-BE9B-1CFA7BA1A8D2}
Windows Desktop Search 3.01 --> MsiExec.exe /X{E72019B8-1287-4093-BE9B-1CFA7BA1A8D2}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}
Windows Live Safety Scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Mobile Daylight Saving Time 2007 Updates --> MsiExec.exe /X{AB46C238-3554-4D79-AB06-C393F87FF202}
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinPatrol --> MsiExec.exe /I{3205A978-4A7A-403B-A4B9-D48E6BAFB73B}
WinPatrol 2007 --> F:\PROGRA~1\WINPAT~1\Setup.exe /remove /q0
WinPatrol 9.8 --> MsiExec.exe /I{F46E4DFF-FC47-4862-AC56-B1BE95BA7D7E}
WinRAR archiver --> f:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Wireless Sync Client --> MsiExec.exe /X{FFE5BF59-F0C0-4FAF-A08D-E19837425484}
Wootalyzer --> MsiExec.exe /I{D6500891-AD1C-4E72-AB13-30897FE3C94D}
Wootalyzer --> MsiExec.exe /I{FC338E10-7282-4A5E-9763-ADDD6699F301}
Wootalyzer! --> f:\Program Files\Wootalyzer\Uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type20256 / Warning
Event Submitted/Written: 01/18/2008 04:22:05 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{5FD3FC47-6749-46C9-9246-5DD7C3342809}', feature 'Default_Feature' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Event Record #/Type20255 / Warning
Event Submitted/Written: 01/18/2008 04:22:05 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{5FD3FC47-6749-46C9-9246-5DD7C3342809}', feature 'Default_Feature', component '{98F30EE7-5ED2-490E-9214-DE3E79F4642E}' failed. The resource 'HKEY_CURRENT_USER\Software\Cloudmark\SpamNet\Properties\InstallerLocale' does not exist.

Event Record #/Type20254 / Warning
Event Submitted/Written: 01/18/2008 04:22:05 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{5FD3FC47-6749-46C9-9246-5DD7C3342809}', feature 'Default_Feature' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Event Record #/Type20253 / Warning
Event Submitted/Written: 01/18/2008 04:22:05 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{5FD3FC47-6749-46C9-9246-5DD7C3342809}', feature 'Default_Feature', component '{98F30EE7-5ED2-490E-9214-DE3E79F4642E}' failed. The resource 'HKEY_CURRENT_USER\Software\Cloudmark\SpamNet\Properties\InstallerLocale' does not exist.

Event Record #/Type20252 / Warning
Event Submitted/Written: 01/18/2008 04:22:03 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{5FD3FC47-6749-46C9-9246-5DD7C3342809}', feature 'Default_Feature' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type38915 / Error
Event Submitted/Written: 01/18/2008 04:19:44 PM
Event ID/Source: 11 / Disk
Event Description:
The driver detected a controller error on \Device\Harddisk4\D.

Event Record #/Type38914 / Error
Event Submitted/Written: 01/18/2008 04:19:43 PM
Event ID/Source: 11 / Disk
Event Description:
The driver detected a controller error on \Device\Harddisk4\D.

Event Record #/Type38913 / Error
Event Submitted/Written: 01/18/2008 04:19:43 PM
Event ID/Source: 11 / Disk
Event Description:
The driver detected a controller error on \Device\Harddisk4\D.

Event Record #/Type38912 / Error
Event Submitted/Written: 01/18/2008 04:19:42 PM
Event ID/Source: 11 / Disk
Event Description:
The driver detected a controller error on \Device\Harddisk4\D.

Event Record #/Type38911 / Error
Event Submitted/Written: 01/18/2008 04:19:42 PM
Event ID/Source: 11 / Disk
Event Description:
The driver detected a controller error on \Device\Harddisk4\D.



-- End of Deckard's System Scanner: finished at 2008-01-18 17:23:26 ------------



--------------------------------------- f-secure.txt ---------------------------------------

Scanning Report
Friday, January 18, 2008 20:06:03 - 23:23:39
Computer name: EPCOT
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ F:\


--------------------------------------------------------------------------------

Result: 0 malware found

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 109660
System: 0
Not scanned: 8
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 0
Submitted: 0
Files not scanned:
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{FE9CD64F-2254-4940-A54B-8AFD48B85585}.BIN
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A2B963A9187DBDBFBE611CDDD6596BA_0FB50EE8-F571-42C9-B9D3-907EFAC2C74B
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\81013D1F1518EECE5CBA96FD2A0ED5FF_0FB50EE8-F571-42C9-B9D3-907EFAC2C74B
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AAD0E910B150FD431679666E719CFC41_0FB50EE8-F571-42C9-B9D3-907EFAC2C74B
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C850BFA4A9B7BD8AB453D457DBEB7B34_0FB50EE8-F571-42C9-B9D3-907EFAC2C74B
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\DSS\MACHINEKEYS\A18CA4003DEB042BBEE7A40F15E1970B_0FB50EE8-F571-42C9-B9D3-907EFAC2C74B
F:\PAGEFILE.SYS

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2008-01-18
F-Secure AVP: 7.0.171, 2008-01-18
F-Secure Orion: 1.2.37, 2008-01-18
F-Secure Blacklight: 1.0.64
F-Secure Pegasus: 1.19.0, 2008-00-16
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

#9 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:47 PM

Posted 20 January 2008 - 11:36 AM

Hi Moodshijack, :thumbsup:

Falu - THANK YOU.


You're very welcome.

1. Still no firewall installed. Please do that a.s.a.p. since it's very essential for the security of your computer; see my previous post!!

2. In your original post you stated:

Loaded Computer Has Started To Slow., Kaspersky is taking 7 hours to scan.


Check Help! My computer is slow! and/or Computer and browser slowness are not always malware related and please follow all the instructions given.

3. Click on Start, Settings, Control Panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following programs:

J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_05
Java DB 10.3.1.4
Java™ 6 Update 3
PokerStars


MessengerPlus! 3<<<<<do you remember if you installed it without the sponsor program or not? If you installed the sponsor program, just uninstall Messenger Plus now and then reinstall it, but this time make sure you don't install the sponsor program also.

Messenger Plus! 3

4. Please reboot!

5. Go to Start>Run, type in cmd > Enter

When the Command Prompt window comes up, type: chkdsk D: /f and press ENTER << See the spaces between chkdsk and D: and between D: and /f?

6. You still have ATF Cleaner on your computer, run it once more:

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please post a fresh HijackThis log ans let me know of any complaints!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users