Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack/Malware


  • This topic is locked This topic is locked
37 replies to this topic

#1 boratt1599

boratt1599

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 18 December 2008 - 02:56 PM

Ive noticed that when I do a google search and click on one of the links that come up, I get redirected to other seach sites, anti-virus sites or sometimes sites trying to sell a product. In addition, I am not allowed to go to any sites dealing with the topic/removal/download of updates to virses/malware/spyware like AVG or even bleepingcomputer.com. I've ran both Ad-aware and AVG in normal, and in safe mode but found nothing but tracking cookies. I also ran a RSIT scan and have attached the log files below but it said HijackThis download failed, so I updated my HijackThis.exe and pasted the log file at the very bottom. I am running Windows XP SP2. Any suggestions?


Logfile of random's system information tool 1.05 (written by random/random)
Run by bobby at 2008-12-18 14:23:32
Microsoft Windows XP Professional Service Pack 2
System drive C: has 7 GB (12%) free of 54 GB
Total RAM: 1023 MB (41% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}]
C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll [2005-06-14 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-09-13 155648]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-30 385024]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2005-09-01 684032]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-12-09 225280]
"LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe [2005-12-07 489472]
"LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe [2005-12-07 73728]
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe [2004-11-01 262144]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-04-03 777424]
"PlayNowGames"=C:\Program Files\PlayNow\PlayNowClient.exe []
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [2008-10-17 590848]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2008-11-29 1796856]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8 -reboot 1 []
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe /P DellSupportCenter []
"SVCHOST.EXE"=C:\WINDOWS\system32\drivers\svchost.exe [2008-11-24 39424]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
BounceBack Launcher.lnk - C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Documents and Settings\bobby\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Sprint media monitor.lnk - C:\WINDOWS\RM.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-04 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-04-03 81616]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-12-15 79408]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG Free\avgemc.exe"="C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Java\jdk1.5.0_09\jre\bin\java.exe"="C:\Program Files\Java\jdk1.5.0_09\jre\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\PlayNow\PlayNowClient.exe"="C:\Program Files\PlayNow\PlayNowClient.exe:*:Enabled:PlayNow 1.0.22"
"C:\Documents and Settings\bobby\Shared\[ PC Games ] - Age of Empires II(FULL)\empires2.exe"="C:\Documents and Settings\bobby\Shared\[ PC Games ] - Age of Empires II(FULL)\empires2.exe:*:Enabled:Age of Empires II"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe"="C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe:*:Enabled:3 USB Modem"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b994f9c-2a5c-11dd-9411-806d6172696f}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e4c9732-3003-11dd-9416-0013ceaeca77}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c37bd746-756f-11da-a504-001422e23944}]
shell\AutoRun\command - Iexplores.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0f2736d-63a4-11da-a4e4-001422e23944}]
shell\AutoRun\command - E:\JDSecure\Windows\JDSecure20.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc6ed4e5-205d-11dd-a5f2-0013ceaeca77}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e75b5090-2015-11dd-a5f1-0013ceaeca77}]
shell\AutoRun\command - F:\AutoRun.exe

======File associations======
.js - open - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"
======List of files/folders created in the last 1 months======
2008-12-18 14:23:34 ----D---- C:\Program Files\trend micro
2008-12-18 14:23:32 ----D---- C:\rsit
2008-12-17 14:15:02 ----A---- C:\WINDOWS\system32\SET12F.tmp
2008-12-12 11:36:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 11:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 11:29:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 11:29:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-11-29 18:45:42 ----D---- C:\Documents and Settings\All Users\Application Data\comodo
2008-11-29 18:45:41 ----A---- C:\WINDOWS\system32\guard32.dll
2008-11-29 18:45:39 ----D---- C:\Program Files\COMODO
2008-11-25 02:46:40 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-25 02:45:48 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-22 13:57:43 ----A---- C:\WINDOWS\ModemLog_SAMSUNG Mobile Modem.txt
2008-11-22 13:40:20 ----D---- C:\Documents and Settings\bobby\Application Data\Smith Micro
2008-11-22 13:27:52 ----D---- C:\Program Files\Samsung
2008-11-22 13:26:17 ----N---- C:\WINDOWS\RM.exe
2008-11-22 13:26:10 ----D---- C:\Program Files\Sprint Instinct Applications
2008-11-22 13:26:09 ----D---- C:\Documents and Settings\All Users\Application Data\Tarma Installer
======List of files/folders modified in the last 1 months======
2008-12-18 14:23:34 ----D---- C:\Program Files
2008-12-18 14:04:55 ----D---- C:\WINDOWS\temp
2008-12-18 14:04:18 ----D---- C:\WINDOWS
2008-12-18 12:15:39 ----A---- C:\WINDOWS\ModemLog_Conexant D110 MDC V.9x Modem.txt
2008-12-18 12:15:24 ----D---- C:\WINDOWS\system32
2008-12-18 12:14:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-18 12:01:25 ----HD---- C:\WINDOWS\inf
2008-12-18 12:01:06 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-18 12:00:11 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-18 11:56:27 ----AC---- C:\WINDOWS\ntbtlog.txt
2008-12-18 11:39:07 ----D---- C:\Program Files\Mozilla Firefox
2008-12-18 10:40:22 ----A---- C:\WINDOWS\imsins.BAK
2008-12-18 10:40:08 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-18 10:39:48 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-17 12:40:09 ----D---- C:\WINDOWS\Prefetch
2008-12-15 10:36:08 ----SHD---- C:\WINDOWS\Installer
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 11:35:28 ----D---- C:\Program Files\Internet Explorer
2008-12-09 18:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-05 15:47:55 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-04 16:24:13 ----D---- C:\Documents and Settings\bobby\Application Data\Adobe
2008-11-29 18:45:41 ----D---- C:\WINDOWS\system32\drivers
2008-11-28 00:40:47 ----RHD---- C:\$VAULT$.AVG
2008-11-27 21:02:48 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
2008-11-25 02:47:21 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-25 02:47:21 ----D---- C:\Documents and Settings\bobby\Application Data\Lavasoft
2008-11-25 02:46:41 ----D---- C:\Program Files\Lavasoft
2008-11-25 02:45:48 ----D---- C:\Program Files\Common Files
2008-11-24 22:50:03 ----A---- C:\WINDOWS\system32\winlogon.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-03 16128]
R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-10-28 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2006-10-31 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-02-24 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-30 10760]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2008-11-29 99216]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2008-11-29 31504]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2005-06-16 37150]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.0.1; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-11-24 17056]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2006-10-31 4960]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2005-03-31 38673]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 portD;CMS PortIO Service; C:\WINDOWS\system32\DRIVERS\portd2k.sys [2004-02-23 14976]
R2 rttfsfilt;R-TT FS Filter; C:\WINDOWS\system32\DRIVERS\rttfsfilt.sys [2004-11-19 27936]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-08-31 11354]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-16 108791]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-05-26 44928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-06-17 200064]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-21 3210496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
S1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys []
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2005-03-31 152081]
S3 alqwuny9;alqwuny9; C:\WINDOWS\system32\drivers\alqwuny9.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\D:\INSTAL~E\Core\BVRPMPR5.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2005-03-31 61564]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2005-03-31 8022]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2005-03-31 70262]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2005-12-05 14080]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys []
S3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys []
S3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys []
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2005-12-05 2010240]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-12-05 39424]
S3 LVUVC;QuickCam for Notebooks Pro(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2005-12-05 1103488]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-04 11136]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-04 10240]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 sscdserd;SAMSUNG Mobile Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2007-07-03 86824]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-12-15 312880]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [2007-10-28 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [2006-10-31 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [2007-12-30 406528]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2008-11-29 618232]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-09-07 86016]
R2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2005-12-09 81920]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-06-09 356352]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-12-26 66872]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-09-07 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-09-07 360521]
R2 WLANKEEPER;WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2004-09-07 225353]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-04 163840]
S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2005-03-30 411920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 WinDefend;Windows Defender Service; C:\Program Files\Windows Defender\MsMpEng.exe [2006-04-03 14032]
-----------------EOF-----------------



info.txt logfile of random's system information tool 1.05 2008-12-18 14:23:39
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Illustrator CS-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support-->MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Auto Gordian Knot 2.45-->C:\Program Files\AutoGK\uninst.exe
AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVG Free Edition-->C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BounceBack Express-->C:\WINDOWS\BBUninstall.exe
Broadcom Management Programs 2-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64A77F14-0E08-4A97-A859-E93CFF428756} /l1033
CardRd81-->MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
COMODO Internet Security-->C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe -u
Conexant D110 MDC V.9x Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Consumer Complete Care Services Agreement-->MsiExec.exe /X{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}
Core FTP LE 1.3c-->C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
EarthLink setup files-->MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT-->MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSEMAIL-->MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp-->MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
ESSTUTOR-->MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
essvcpt-->MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
ESSvpaht-->MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot-->MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Get High Speed Internet!-->MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
GTK+ 2.8.18-1 runtime environment-->"C:\Program Files\Common Files\GTK\2.0\unins000.exe"
HijackThis 1.99.1-->C:\Documents and Settings\bobby\Desktop\HijackThis.exe /uninstall
HLPIndex-->MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK-->MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPSFO-->MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
Internal Network Card Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
ISO Recorder-->MsiExec.exe /I{DFC6573E-124D-4026-BFA4-B433C9D3FF21}
iTunes-->MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
J2SE Development Kit 5.0 Update 6-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150060}
J2SE Development Kit 5.0 Update 9-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150090}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java 2 Runtime Environment, SE v1.4.2_13-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142130}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_a0005_b392f95\Setup.exe /APR-REMOVE
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Little Fighter 2 1.9c-->C:\Program Files\LittleFighter2\LF2_v1.9c\uninst.exe
Logitech QuickCam Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C191BE7C-8542-4A61-973A-714EF76C5995}\setup.exe" -l0x9
Logitech® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Macromedia Dreamweaver MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Device Emulator version 1.0 - ENU-->MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005-->C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Project Professional 2003-->MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Publisher 2003-->MsiExec.exe /I{91190409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools-->MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA-->MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Player Utilities 4.12-->MsiExec.exe /I{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
mToolkit-->MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
MyWay Search Assistant-->MsiExec.exe /X{E7559288-223B-453C-9F06-340E3BE21E39}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP-->MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK-->MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4 - ALL
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
R-DriveImage (remove only)-->"C:\Program Files\R-TT\R-DriveImage\uninst-R-DriveImage.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roguescanfix 1.5-->"C:\Program Files\Roguescanfix\unins000.exe"
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{E9ED0801-253D-4FE9-AB20-F63DEFE72547}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001-->MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Skype 2.0-->"C:\Program Files\Skype\Phone\unins000.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sprint media manager -->C:\DOCUME~1\ALLUSE~1\APPLIC~1\TARMAI~1\{8912A~1\Setup.exe /remove /q0
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Defender-->MsiExec.exe /I{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
XviD MPEG4 Video Codec (remove only)-->"C:\WINDOWS\system32\xvid-uninstall.exe"
Hosts File Missing
======Security center information======
AV: AVG 7.5.549 (outdated)
FW: COMODO Firewall
System event log
Computer Name: DF35QW81
Event Code: 7035
Message: The Remote Access Connection Manager service was successfully sent a start control.
Record Number: 5
Source Name: Service Control Manager
Time Written: 20081202110203.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM
Computer Name: DF35QW81
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
AVG Anti-Spyware Driver
AvgAsCln
Record Number: 4
Source Name: Service Control Manager
Time Written: 20081202110203.000000-300
Event Type: error
User:
Computer Name: DF35QW81
Event Code: 7035
Message: The Fax service was successfully sent a stop control.
Record Number: 3
Source Name: Service Control Manager
Time Written: 20081202110203.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM
Computer Name: DF35QW81
Event Code: 6005
Message: The Event log service was started.
Record Number: 2
Source Name: EventLog
Time Written: 20081202110152.000000-300
Event Type: information
User:
Computer Name: DF35QW81
Event Code: 6009
Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 2 Uniprocessor Free.
Record Number: 1
Source Name: EventLog
Time Written: 20081202110152.000000-300
Event Type: information
User:
Application event log
Computer Name: DF35QW81
Event Code: 1800
Message: The Windows Security Center Service has started.
Record Number: 5
Source Name: SecurityCenter
Time Written: 20080506112115.000000-240
Event Type: information
User:
Computer Name: DF35QW81
Event Code: 0
Message:
Record Number: 4
Source Name: RegSrvc
Time Written: 20080506112115.000000-240
Event Type: information
User:
Computer Name: DF35QW81
Event Code: 1
Message: Service started
Record Number: 3
Source Name: AVGEMS
Time Written: 20080506112115.000000-240
Event Type: information
User:
Computer Name: DF35QW81
Event Code: 1
Message: Service started
Record Number: 2
Source Name: Avg7UpdSvc
Time Written: 20080506112113.000000-240
Event Type: information
User:
Computer Name: DF35QW81
Event Code: 0
Message:
Record Number: 1
Source Name: EvtEng
Time Written: 20080506112110.000000-240
Event Type: information
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Java\jdk1.5.0_06\bin;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0d08
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
-----------------EOF-----------------


*Extra Hijack This Log as previously indicated

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:42:35 PM, on 12/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\winlogon.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\CameraAssistant.exe

C:\WINDOWS\system32\ElkCtrl.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\WINDOWS\system32\drivers\svchost.exe

C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Sprint Instinct Applications\MEMonitor.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PlayNowGames] C:\Program Files\PlayNow\PlayNowClient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Sprint media monitor.lnk = C:\WINDOWS\RM.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.12\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.12\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 11753 bytes

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 24 December 2008 - 10:48 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
Also in Notepad make sure Word Wrap is not checked. To find out open notepad and click Format, under Format make sure Word Wrap is not checked.

Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Run Kaspersky Online Scanner
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

In your next reply please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 boratt1599

boratt1599
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 24 December 2008 - 11:49 PM

Thanks! I have pasted the two log files, but it gives me the ol' "Internet explorer cannot display the webpage". It does that for all websites involving anti virus/malware/spyware stuff that I know of :-( I have even tried the normal www.kaspersky.com, but same thing.

Bo

OTViewIt logfile created on: 12/24/2008 11:34:48 PM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\bobby\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.40 Mb Total Physical Memory | 160.54 Mb Available Physical Memory | 15.69% Memory free
2.40 Gb Paging File | 1.62 Gb Available in Paging File | 67.35% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.27 Gb Total Space | 6.23 Gb Free Space | 11.92% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DF35QW81
Current User Name: bobby
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/08/04 05:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2004/09/07 17:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[2004/09/07 17:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
[2004/09/07 17:12:32 | 00,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2005/12/09 15:37:42 | 00,081,920 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
[2008/07/10 08:47:18 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/12/15 15:51:50 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
[2007/10/28 20:20:20 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
[2006/10/31 11:03:16 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
[2007/12/30 11:27:28 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgemc.exe
[2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/11/29 18:45:38 | 00,618,232 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
[2005/06/09 09:53:18 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
[2007/12/26 13:46:27 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2004/09/07 17:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[2004/09/07 17:08:02 | 00,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[2005/08/04 05:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2004/08/04 06:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/02/22 03:25:21 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[2004/09/13 17:33:20 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
[2004/10/30 15:59:54 | 00,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[2004/09/07 17:03:40 | 00,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
[2005/08/05 22:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[2004/04/11 21:15:14 | 00,290,816 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
[2005/09/01 18:24:08 | 00,684,032 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe
[2005/02/23 17:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[2004/12/06 02:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
[2005/06/10 11:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2005/12/09 15:32:18 | 00,225,280 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
[2005/12/07 10:26:30 | 00,489,472 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\CameraAssistant.exe
[2004/11/01 17:22:22 | 00,262,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\ElkCtrl.exe
[2008/10/17 11:14:20 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgcc.exe
[2008/07/10 09:51:32 | 00,289,064 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/11/29 18:45:38 | 01,796,856 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
[2007/03/15 10:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
[2005/05/20 11:23:18 | 00,098,304 | ---- | M] () -- C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
[2003/10/29 04:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
[2005/09/03 08:45:28 | 00,176,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
[2004/08/19 15:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
[2008/07/30 06:04:09 | 01,258,840 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Sprint Instinct Applications\MEMonitor.exe
[2008/07/10 09:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/12/23 22:49:11 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2004/08/04 06:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/11/24 22:23:19 | 00,039,424 | ---- | M] () -- C:\WINDOWS\system32\drivers\svchost.exe
[2008/12/24 23:25:36 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bobby\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/07/10 08:47:18 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/08/04 05:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2007/12/15 15:51:50 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard [Auto | Running])
[2007/10/28 20:20:20 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe -- (Avg7Alrt [Auto | Running])
[2006/10/31 11:03:16 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe -- (Avg7UpdSvc [Auto | Running])
[2007/12/30 11:27:28 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgemc.exe -- (AVGEMS [Auto | Running])
[2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/11/29 18:45:38 | 00,618,232 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent [Auto | Running])
[2007/03/07 14:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
[2004/09/07 17:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
[2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2006/01/04 22:06:02 | 00,163,840 | ---- | M] (Alex Feinman) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper [On_Demand | Stopped])
[2008/07/10 09:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2005/03/30 17:46:56 | 00,411,920 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS [On_Demand | Stopped])
[2005/12/09 15:37:42 | 00,081,920 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
[2005/06/09 09:53:18 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe -- (NICCONFIGSVC [Auto | Running])
[2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/12/26 13:46:27 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2004/09/07 17:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
[2004/09/07 17:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
[2006/04/03 17:12:14 | 00,014,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Disabled | Stopped])
[2004/09/07 17:12:32 | 00,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2005/11/24 20:20:36 | 00,017,056 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2004/08/04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [Disabled | Stopped])
[2004/11/16 17:03:52 | 00,108,791 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2005/08/03 11:44:16 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV [System | Running])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2005/08/04 05:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007/10/28 20:20:14 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7core.sys -- (Avg7Core [System | Running])
[2006/10/31 11:03:22 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7rsw.sys -- (Avg7RsW [System | Running])
[2007/02/24 08:09:48 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7rsxp.sys -- (Avg7RsXP [System | Running])
[2007/12/30 11:27:30 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avgclean.sys -- (AvgClean [System | Running])
[2006/10/31 11:03:24 | 00,004,960 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdi.sys -- (AvgTdi [Auto | Running])
[2004/05/26 21:18:18 | 00,044,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2008/11/29 18:45:39 | 00,099,216 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard [System | Running])
[2008/11/29 18:45:39 | 00,031,504 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp [System | Running])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2005/06/16 15:41:02 | 00,037,150 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam [System | Running])
[2005/03/31 08:47:42 | 00,061,564 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint [On_Demand | Stopped])
[2005/03/31 08:47:48 | 00,038,673 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K [Auto | Running])
[2005/03/31 08:47:50 | 00,008,022 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps [On_Demand | Stopped])
[2005/03/31 08:47:56 | 00,070,262 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP [On_Demand | Stopped])
[2004/12/01 04:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2004/11/23 03:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
[2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
[2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2005/03/31 09:00:08 | 00,152,081 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit [System | Stopped])
[2005/12/05 19:28:40 | 00,014,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService [On_Demand | Stopped])
[2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2004/06/17 21:57:02 | 00,200,064 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
[2004/06/17 21:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2008/11/29 18:45:39 | 00,079,504 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect [Boot | Running])
[2004/08/12 09:44:04 | 00,234,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA [On_Demand | Running])
[2005/12/09 15:35:54 | 02,174,464 | ---- | M] () -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap [On_Demand | Stopped])
[2005/12/09 15:37:42 | 02,400,256 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv [On_Demand | Stopped])
[2005/12/05 19:26:56 | 02,010,240 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt [On_Demand | Stopped])
[2005/12/09 15:37:42 | 00,016,768 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon [On_Demand | Running])
[2005/12/05 19:26:18 | 00,039,424 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Stopped])
[2005/12/05 19:28:34 | 01,103,488 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC [On_Demand | Stopped])
[2004/03/17 19:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/02/13 17:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\omci.sys -- (omci [System | Running])
[2004/02/23 08:40:38 | 00,014,976 | ---- | M] (CMS Peripherals, Inc.) -- C:\WINDOWS\system32\drivers\portd2k.sys -- (portD [Auto | Running])
[2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/04/25 03:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2004/11/19 09:11:56 | 00,027,936 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\rttfsfilt.sys -- (rttfsfilt [Auto | Running])
[2004/11/19 09:11:57 | 00,200,512 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\rttmntr.sys -- (rttmntr [Boot | Running])
[2004/08/31 09:53:04 | 00,011,354 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])
[2004/08/04 06:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2004/06/09 11:29:56 | 00,006,977 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2 [On_Demand | Stopped])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2004/08/04 06:00:00 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffdisk.sys -- (sffdisk [On_Demand | Stopped])
[2004/08/04 06:00:00 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2004/08/04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [Disabled | Stopped])
[2004/11/19 09:11:58 | 00,078,624 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\snaprtt.sys -- (snaprtt [Boot | Running])
[2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2006/11/16 15:56:50 | 00,611,064 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2004/07/14 12:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2007/07/03 19:54:24 | 00,080,552 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus [On_Demand | Stopped])
[2007/07/03 19:57:24 | 00,011,944 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl [On_Demand | Stopped])
[2007/07/03 19:58:20 | 00,106,792 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm [On_Demand | Stopped])
[2007/07/03 19:59:10 | 00,086,824 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd [On_Demand | Stopped])
[2004/07/14 12:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
[2005/03/10 23:56:06 | 00,273,168 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97 [On_Demand | Running])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2004/12/06 02:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2004/12/06 02:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2004/12/06 02:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2004/12/06 02:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2004/12/06 02:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2004/12/06 02:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2004/12/06 02:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2004/12/06 02:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2004/12/06 02:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/07/10 08:35:22 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Stopped])
[2004/10/21 21:56:04 | 03,210,496 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51 [On_Demand | Running])
[2004/06/17 21:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.msn.com/?wl=true

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4D25F926-B9FE-4682-BF72-8AB8210D6D75}" (HKLM) -- C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (MyWay.com)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"First Home Page"=http://www.dell4me.com/myway
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.dell4me.com/myway

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"First Home Page"=http://www.dell4me.com/myway
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.dell4me.com/myway

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-2092311261-2850462530-1942554042-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.msn.com/?wl=true

[HKEY_USERS\S-1-5-21-2092311261-2850462530-1942554042-1005\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_USERS\S-1-5-21-2092311261-2850462530-1942554042-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4D25F926-B9FE-4682-BF72-8AB8210D6D75}" (HKLM) -- C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (MyWay.com)

[HKEY_USERS\S-1-5-21-2092311261-2850462530-1942554042-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2092311261-2850462530-1942554042-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

Hosts file not found

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{4D25F921-B9FE-4682-BF72-8AB8210D6D75} (HKLM) -- C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (MyWay.com)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2092311261-2850462530-1942554042-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Apoint"=C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP (GRISOFT, s.r.o.)
"COMODO Internet Security"="C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h ()
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe ()
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless (Intel Corporation)
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe (Logitech Inc.)
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe /automation (Logitech Inc.)
"LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe /inspect (Logitech Inc.)
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" (CyberLink Corp.)
"PlayNowGames"=C:\Program Files\PlayNow\PlayNowClient.exe File not found
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.)
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" /startup (Gteko Ltd.)
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
"nah_Shell"=C:\Documents and Settings\bobby\nah_etvu.exe File not found
"SVCHOST.EXE"=C:\WINDOWS\system32\drivers\svchost.exe ()
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (GRISOFT, s.r.o.)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (GRISOFT, s.r.o.)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (GRISOFT, s.r.o.)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (GRISOFT, s.r.o.)

[HKEY_USERS\S-1-5-21-2092311261-2850462530-1942554042-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" /startup (Gteko Ltd.)
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
"nah_Shell"=C:\Documents and Settings\bobby\nah_etvu.exe File not found
"SVCHOST.EXE"=C:\WINDOWS\system32\drivers\svchost.exe ()
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 File not found

========== (O4) RunOnceEx Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
""= File not found

========== (O4) Startup Folders ==========

[2003/10/14 01:11:40 | 00,110,592 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2005/05/20 11:23:18 | 00,098,304 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BounceBack Launcher.lnk = C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
[2003/10/29 04:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
[2005/09/03 08:45:28 | 00,176,128 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
[2003/10/14 01:11:40 | 00,110,592 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\bobby\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2008/06/05 02:59:49 | 00,222,552 | ---- | M] () -- C:\Documents and Settings\bobby\Start Menu\Programs\Startup\Sprint media monitor.lnk = C:\WINDOWS\RM.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-2092311261-2850462530-1942554042-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-2092311261-2850462530-1942554042-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Add to AMV Converter...: C:\Program Files\MP3 Player Utilities 4.12\AMVConverter\grab.html [2006/02/16 09:37:38 | 00,000,890 | ---- | M] ()
Add to Media Manager...: C:\Program Files\MP3 Player Utilities 4.12\MediaManager\grab.html [2006/02/15 08:30:44 | 00,000,890 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2001/02/16 02:05:38 | 09,164,192 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2092311261-2850462530-1942554042-1005\Software\Microsoft\Internet Explorer\MenuExt\]
Add to AMV Converter...: C:\Program Files\MP3 Player Utilities 4.12\AMVConverter\grab.html [2006/02/16 09:37:38 | 00,000,890 | ---- | M] ()
Add to Media Manager...: C:\Program Files\MP3 Player Utilities 4.12\MediaManager\grab.html [2006/02/15 08:30:44 | 00,000,890 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2001/02/16 02:05:38 | 09,164,192 | R--- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{d81ca86b-ef63-42af-bee3-4502d9a03c2d}: Button: MUSICMATCH MX Web Player -- File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/2008.1...toUploader5.cab -- Facebook Photo Uploader 5 Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}: http://acs.pandasoftware.com/activescan/as5free/asinst.cab -- ActiveScan Installer Class
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_03
{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_13
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_09
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{601A3ECF-7B81-412D-BB60-DC1ABC82AC8B} (Servers: | Description: 1394 Net Adapter)
{605A6098-DA2F-46B5-A24A-B7A5111B1E30} (Servers: | Description: )
{8E9AC736-A86C-4C5A-9BF9-7ACECFA6E6F0} (Servers: | Description: Intel® PRO/Wireless 2200BG Network Connection)
{A774DB81-E010-4CC0-A113-B88129D4DF62} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\WINDOWS\system32\guard32.dll
>[2008/11/29 18:45:39 | 00,143,096 | ---- | M] () -- C:\WINDOWS\system32\guard32.dll

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit"=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
>File not found -- C:\WINDOWS\system32\twext.exe


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
IntelWireless: "DllName" = C:\Program Files\Intel\Wireless\Bin\LgNotify.dll -- C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" (HKLM) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/11 18:15:00 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b994f9c-2a5c-11dd-9411-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b994f9c-2a5c-11dd-9411-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b994f9c-2a5c-11dd-9411-806d6172696f}\Shell\AutoRun\command]
""=F:\AutoRun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e4c9732-3003-11dd-9416-0013ceaeca77}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e4c9732-3003-11dd-9416-0013ceaeca77}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e4c9732-3003-11dd-9416-0013ceaeca77}\Shell\AutoRun\command]
""=F:\AutoRun.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c37bd746-756f-11da-a504-001422e23944}\Shell\AutoRun\command]
""=Iexplores.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0f2736d-63a4-11da-a4e4-001422e23944}\Shell\AutoRun\command]
""=E:\JDSecure\Windows\JDSecure20.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc6ed4e5-205d-11dd-a5f2-0013ceaeca77}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc6ed4e5-205d-11dd-a5f2-0013ceaeca77}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc6ed4e5-205d-11dd-a5f2-0013ceaeca77}\Shell\AutoRun\command]
""=F:\AutoRun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e75b5090-2015-11dd-a5f1-0013ceaeca77}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e75b5090-2015-11dd-a5f1-0013ceaeca77}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e75b5090-2015-11dd-a5f1-0013ceaeca77}\Shell\AutoRun\command]
""=F:\AutoRun.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[8 C:\Documents and Settings\bobby\My Documents\*.tmp files]
[2008/12/24 23:34:05 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bobby\Desktop\OTViewIt.exe
[2008/12/19 20:20:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\bobby\Local Settings\Application Data\Greyfirst
[2008/12/19 20:20:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\bobby\Application Data\Greyfirst
[2008/12/19 20:20:29 | 00,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Celtx.lnk
[2008/12/19 20:20:21 | 00,000,000 | ---D | C] -- C:\Program Files\Celtx
[2008/12/18 14:41:59 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2008/12/18 14:23:34 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2008/12/18 14:23:32 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/18 14:22:01 | 00,781,851 | ---- | C] () -- C:\Documents and Settings\bobby\Desktop\RSIT.exe
[2008/12/18 11:58:03 | 10,731,80672 | -HS- | C] () -- C:\hiberfil.sys
[2008/12/14 23:43:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\bobby\My Documents\NWA_lost_items
[2008/11/30 15:24:53 | 01,743,031 | ---- | C] () -- C:\Documents and Settings\bobby\Desktop\100_5537_clipped.jpg
[2008/11/29 20:44:15 | 00,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2008/11/29 18:45:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\comodo
[2008/11/29 18:45:41 | 00,143,096 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2008/11/29 18:45:41 | 00,099,216 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2008/11/29 18:45:41 | 00,079,504 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2008/11/29 18:45:41 | 00,031,504 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2008/11/29 18:45:39 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2008/11/26 10:44:09 | 00,042,539 | ---- | C] () -- C:\Documents and Settings\bobby\Desktop\n1628760288_82353_3147.jpg
[2008/11/26 10:42:22 | 00,044,483 | ---- | C] () -- C:\Documents and Settings\bobby\Desktop\n1628760288_87145_435.jpg
[2008/11/26 10:42:07 | 00,033,805 | ---- | C] () -- C:\Documents and Settings\bobby\Desktop\n1628760288_87144_9333.jpg
[2008/11/25 02:46:44 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/11/25 02:46:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/11/25 02:45:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[8 C:\Documents and Settings\bobby\My Documents\*.tmp files]
[2008/12/24 23:25:36 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bobby\Desktop\OTViewIt.exe
[2008/12/24 03:28:04 | 19,282,944 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2008/12/24 03:27:54 | 14,004,224 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2008/12/24 03:26:02 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/24 03:25:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/24 03:25:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/24 03:25:42 | 10,731,80672 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/23 22:55:12 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/12/19 20:20:29 | 00,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Celtx.lnk
[2008/12/19 19:40:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/18 14:11:14 | 00,781,851 | ---- | M] () -- C:\Documents and Settings\bobby\Desktop\RSIT.exe
[2008/12/18 10:40:22 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/13 01:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/13 01:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/09 18:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/11/30 15:37:58 | 01,084,476 | -HS- | M] () -- C:\Documents and Settings\bobby\Desktop\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\bobby\Desktop\Thumbs.db:encryptable
[2008/11/30 15:24:56 | 01,743,031 | ---- | M] () -- C:\Documents and Settings\bobby\Desktop\100_5537_clipped.jpg
[2008/11/29 20:44:15 | 00,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2008/11/29 18:45:39 | 00,143,096 | ---- | M] () -- C:\WINDOWS\System32\guard32.dll
[2008/11/29 18:45:39 | 00,099,216 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2008/11/29 18:45:39 | 00,079,504 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2008/11/29 18:45:39 | 00,031,504 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2008/11/26 10:44:10 | 00,042,539 | ---- | M] () -- C:\Documents and Settings\bobby\Desktop\n1628760288_82353_3147.jpg
[2008/11/26 10:42:23 | 00,044,483 | ---- | M] () -- C:\Documents and Settings\bobby\Desktop\n1628760288_87145_435.jpg
[2008/11/26 10:42:08 | 00,033,805 | ---- | M] () -- C:\Documents and Settings\bobby\Desktop\n1628760288_87144_9333.jpg
[2008/11/25 16:16:26 | 00,588,288 | ---- | M] () -- C:\Documents and Settings\bobby\My Documents\Resume_London_BP_pic.doc
[2008/11/25 02:46:44 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/11/25 02:10:09 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
< End of report >


OTViewIt Extras logfile created on: 12/24/2008 11:34:48 PM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\bobby\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.40 Mb Total Physical Memory | 160.54 Mb Available Physical Memory | 15.69% Memory free
2.40 Gb Paging File | 1.62 Gb Available in Paging File | 67.35% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.27 Gb Total Space | 6.23 Gb Free Space | 11.92% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DF35QW81
Current User Name: bobby
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 06:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
File not found -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
File not found -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 06:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
[2005/09/03 08:45:28 | 00,176,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
[2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/09/18 13:50:21 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008/10/17 11:14:21 | 00,514,560 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe
[2007/10/28 20:20:20 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe
[2008/10/17 11:14:20 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe
[2007/12/30 11:27:28 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe
[2006/10/12 01:35:14 | 00,049,248 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jdk1.5.0_09\jre\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary
File not found -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
File not found -- C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget
File not found -- C:\Program Files\PlayNow\PlayNowClient.exe:*:Enabled:PlayNow 1.0.22
File not found -- C:\Documents and Settings\bobby\Shared\[ PC Games ] - Age of Empires II(FULL)\empires2.exe:*:Enabled:Age of Empires II
File not found -- C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III
File not found -- C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe:*:Enabled:3 USB Modem
File not found -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
File not found -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
File not found -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/07/10 09:51:26 | 20,246,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2006/02/23 16:37:18 | 19,544,104 | ---- | M] () -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2008/11/24 22:23:19 | 00,039,424 | ---- | M] () -- C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost
[2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/01/22 04:25:24 | 00,872,448 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/09/23 04:28:18 | 00,866,304 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/04/19 19:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/03/14 12:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 12:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}"=Notifier
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}"=mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic RecordNow Data
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}"=mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}"=Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}"=ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}"=HLPPDOCK
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}"=Internal Network Card Power Management
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}"=mProSafe
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}"=Dell Media Experience
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}"=J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{32A3A4F4-B792-11D6-A78A-00B0D0150060}"=J2SE Development Kit 5.0 Update 6
"{32A3A4F4-B792-11D6-A78A-00B0D0150090}"=J2SE Development Kit 5.0 Update 9
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}"=Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}"=Apple Mobile Device Support
"{35BDEFF1-A610-4956-A00D-15453C116395}"=Internet Explorer Default Page
"{38441BE7-79B0-42B8-8297-833704F949FE}"=HLPIndex
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}"=Macromedia Flash MX
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}"=OTtBPSDK
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}"=mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{432C3720-37BF-4BD7-8E49-F38E090246D0}"=CR2
"{44D4AF75-6870-41F5-9181-662EA05507E1}"=Microsoft Document Explorer 2005
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}"=ESSvpot
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}"=mHlpDell
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}"=ESSSONIC
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}"=CardRd81
"{605A4E39-613C-4A12-B56F-DEFBE6757237}"=SHASTA
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}"=Microsoft .NET Compact Framework 2.0
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}"=AOLIcon
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{643EAE81-920C-4931-9F0B-4B343B225CA6}"=ESSBrwr
"{64A77F14-0E08-4A97-A859-E93CFF428756}"=Broadcom Management Programs 2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD 5.5
"{6C531060-84FB-4F96-8F33-29DF020632EB}"=Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}"=Digital Content Portal
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}"=mCore
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}"=mIWCA
"{7148F0A8-6813-11D6-A77B-00B0D0142030}"=Java 2 Runtime Environment, SE v1.4.2_03
"{7148F0A8-6813-11D6-A77B-00B0D0142130}"=Java 2 Runtime Environment, SE v1.4.2_13
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}"=EarthLink setup files
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}"=Microsoft Device Emulator version 1.0 - ENU
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}"=Get High Speed Internet!
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}"=DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}"=ESShelp
"{8912A802-1DD4-41F3-8450-B3209081BDB9}"=Sprint media manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}"=ESSTOOLS
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8B4AB829-DFD3-436D-B808-D9733D76C590}"=Macromedia Dreamweaver MX
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}"=mPfMgr
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}"=MP3 Player Utilities 4.12
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}"=ESSCT
"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}"=HLPSFO
"{8E92D746-CD9F-4B90-9668-42B74C14F765}"=ESSini
"{903B0409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Visio Professional 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}"=mPfWiz
"{91110409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional
"{91190409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Publisher 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}"=ESSgui
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}"=Adobe Illustrator CS
"{930B2432-43D4-11D5-9871-00C04F8EEB39}"=Macromedia Fireworks MX
"{94658027-9F16-4509-BBD7-A59FE57C3023}"=mZConfig
"{95632566-071E-4A02-92C1-4BD907065736}"=BounceBack Express
"{999D43F4-9709-4887-9B1A-83EBB15A8370}"=VPRINTOL
"{9CC89556-3578-48DD-8408-04E66EBEF401}"=mXML
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}"=ESScore
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}"=ALPS Touch Pad Driver
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}"=ESSvpaht
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}"=Macromedia Extension Manager
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}"=Windows Defender Signatures
"{A683A2C0-821C-486F-858C-FA634DB5E864}"=EducateU
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}"=ESSCDBK
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic RecordNow Copy
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}"=OfotoXMI
"{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}"=Windows Defender
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}"=CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}"=KSU
"{C191BE7C-8542-4A61-973A-714EF76C5995}"=Logitech QuickCam Software
"{C5074CC4-0E26-4716-A307-960272A90040}"=QuickSet
"{CA60320D-6A16-49C8-A34F-84EEF4799567}"=ESSTUTOR
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}"=mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}"=essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}"=Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}"=SFR
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}"=ISO Recorder
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{E7559288-223B-453C-9F06-340E3BE21E39}"=MyWay Search Assistant
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}"=Consumer Complete Care Services Agreement
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}"=SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{EF6C4600-306D-4F6A-A119-C2A877D25B4A}"=iTunes
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}"=mMHouse
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}"=SKINXSDK
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}"=mDrWiFi
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}"=OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}"=WIRELESS
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}"=mWlsSafe
"{FCDB1C92-03C6-4C76-8625-371224256091}"=ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}"=SKIN0001
"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}"=ESSEMAIL
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Photoshop 7.0"=Adobe Photoshop 7.0
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"Adobe SVG Viewer"=Adobe SVG Viewer 3.0
"ATI Display Driver"=ATI Display Driver
"AutoGK"=Auto Gordian Knot 2.45
"AVG7Uninstall"=AVG Free Edition
"AVGAntiSpyware75"=AVG Anti-Spyware 7.5
"AviSynth"=AviSynth 2.5
"Celtx (1.0)"=Celtx (1.0)
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1"=Conexant D110 MDC V.9x Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
"ComcastHSI"=Comcast High-Speed Internet Install Wizard
"COMODO Internet Security"=COMODO Internet Security
"Core FTP LE 1.3c"=Core FTP LE 1.3c
"Dell Digital Jukebox Driver"=Dell Digital Jukebox Driver
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}"=Broadcom Management Programs 2
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}"=SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"InterActual Player"=InterActual Player
"LimeWire"=LimeWire 4.18.8
"Little Fighter 2"=Little Fighter 2 1.9c
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft Document Explorer 2005"=Microsoft Document Explorer 2005
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST"=MSN
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Panda ActiveScan"=Panda ActiveScan
"ProInst"=Intel® PROSet/Wireless Software
"QcDrv"=Logitech® Camera Driver
"R-DriveImage"=R-DriveImage (remove only)
"RealPlayer 6.0"=RealPlayer
"Roguescanfix_is1"=Roguescanfix 1.5
"Skype_is1"=Skype 2.0
"StreetPlugin"=Learn2 Player (Uninstall Only)
"Trillian"=Trillian
"ViewpointMediaPlayer"=Viewpoint Media Player
"VLC media player"=VideoLAN VLC media player 0.8.6f
"VobSub"=VobSub v2.23 (Remove Only)
"WebCyberCoach_wtrb"=WebCyberCoach 3.2 Dell
"WGA"=Windows Genuine Advantage Validation Tool
"WildTangent CDA"=WildTangent Web Driver
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinGTK-2_is1"=GTK+ 2.8.18-1 runtime environment
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD MPEG4 Video Codec"=XviD MPEG4 Video Codec (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/18/2008 3:05:02 PM | Computer Name = DF35QW81 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 12/18/2008 5:13:30 PM | Computer Name = DF35QW81 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 12/19/2008 8:50:06 PM | Computer Name = DF35QW81 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 12/20/2008 12:24:41 PM | Computer Name = DF35QW81 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 12/20/2008 3:16:24 PM | Computer Name = DF35QW81 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 12/22/2008 6:08:42 PM | Computer Name = DF35QW81 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 12/22/2008 7:56:40 PM | Computer Name = DF35QW81 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 12/23/2008 11:49:00 PM | Computer Name = DF35QW81 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 12/23/2008 11:49:26 PM | Computer Name = DF35QW81 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 12/24/2008 4:27:05 AM | Computer Name = DF35QW81 | Source = Application Hang | ID = 1002
Description = Hanging application BBBackup.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/20/2008 2:41:30 AM | Computer Name = DF35QW81 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVG Anti-Spyware Driver AvgAsCln

Error - 12/22/2008 6:07:02 PM | Computer Name = DF35QW81 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVG Anti-Spyware Driver AvgAsCln

Error - 12/23/2008 4:30:42 PM | Computer Name = DF35QW81 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0013CEAECA77. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 12/23/2008 11:46:07 PM | Computer Name = DF35QW81 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVG Anti-Spyware Driver AvgAsCln

Error - 12/24/2008 4:26:14 AM | Computer Name = DF35QW81 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVG Anti-Spyware Driver AvgAsCln

Error - 12/24/2008 4:26:17 AM | Computer Name = DF35QW81 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%2147500053

Error - 12/24/2008 4:31:00 AM | Computer Name = DF35QW81 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 12/24/2008 12:58:44 PM | Computer Name = DF35QW81 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0013CEAECA77. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 12/24/2008 4:03:18 PM | Computer Name = DF35QW81 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0013CEAECA77. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 12/24/2008 10:14:06 PM | Computer Name = DF35QW81 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0013CEAECA77. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.


< End of report >

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 25 December 2008 - 09:59 AM

Hi again.

Posted ImageBackdoor Threat
Unfortunatly One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. I'll assume you wish to continue please follow the instructions below please.


Thanks! I have pasted the two log files, but it gives me the ol' "Internet explorer cannot display the webpage". It does that for all websites involving anti virus/malware/spyware stuff that I know of :-( I have even tried the normal www.kaspersky.com, but same thing.

Don't worry about the Kaspersky scan. You are really infected with some nasty malware that we need to deal with here..
Let's see if you can download and run Combofix..

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
    Alternate Download Site 1
    Alternate Download Site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
Important!:Please do not select the Show all checkbox during the scan..

Tell me if there were any problems when running any of the scans. Also do you have another clean computer? IT would be better if we could use that.. Also do you have any spare CD's and a CDBurner Software if you do have a clean machine?

Please post back with:
-Combofix log
-GMER log
-Answers to my question


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 boratt1599

boratt1599
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 25 December 2008 - 05:27 PM

Happy Holidays,

I am using a clean computer to download and transfer the files to the infected one. When I tried to download ComboFix and run it, it downloads fine, but when the executable is clicked, it does nothing. It will give me the hour glass symbol for about 5 seconds and then just stop. When I check task manager, there are no apps running. (also, I was doing this with all firewalls and anti-software disabled, and I tried two of the links). I couldnt get my flash card to load on the clean computer, so I was transfering the files by email (zipped, because Hotmail nor Gmail accept exe's)...I noticed that I have no problem on any of the previous files, but ComboFix does. Hotmail states that it could not run a virus scan on the file due to its compression format, but it will upload it fine. Not sure if that matters, but thought I'd tell you. Finally, should I still run Gmer.exe even if the first scan didnt work though?

In addition to the clean computer, I do have CD's and a burnable drive.

Bo

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 25 December 2008 - 05:58 PM

Hello.

Thanks for letting me know the situation right now.

I wouldn't want you to attach Combofix.exe through e-mail unless you get permission from the author.. Please do not do it again.

In addition to the clean computer, I do have CD's and a burnable drive.

That's good. I don't like people using flash-drives due to two reasons.
1. Using a flash-drive to transfer from infected to clean can lead the malware to spread onto your flash-drive and then infect your clean machine.
2. Using a flash-drive sometimes can cause trouble especially if a computer is infected with a flash-drive infection.

I prefer you burn the files we used onto a CD and then transfer it to your infected machine as CD's are not writable :thumbsup:


Please disregard the previous post as I wasn't sure whether or not you internet works.

Let's try this again.

Download and Run Combofix and install Recovery Console

**Please download the tools I tell you on your clean machine, burn it to a spare CD and then transfer it to your infected machine.

Download Combofix from any of the links below.
Link 1
Link 2
Link 3

Next download the Microsoft Package to allow Combofix to install the Recovery Console later.

Go to this link and download that package.

After you have downloaded those 2 files (Combofix.exe and the Microsoft package) please burn them to a spare CD and then transfer it to your desktop of your infected machine.

ON YOUR INFECTED MACHINE DO THE FOLLOWING:

Once those 2 files is on your infected machine's desktop please drag Microsoft's package onto Combofix.exe as shown in the figure below:
Posted Image

Combofix will begin to run.

When ComboFix is finished, a log report (C:\ComboFix.txt) will open. Post back with it.

Please refer to this page for full instructions on how to run ComboFix.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

**Extra Note: If Combofix doesn't run like last time, please rename Combofix.exe to Combo-fix.exe and then try dragging the package ontop of Combo-fix.exe

Run GMER scan With Rootkit Tab

After Combofix is finished, please run GMER scan for me. Please refer to previous post on how to do so. As usual burn it onto a CD and then transfer it to your infected machine as your internet doesn't work.

Tell me how it goes.

Post back with:
-Combofix log
-GMER log
-New OTViewIT logs


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 boratt1599

boratt1599
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 25 December 2008 - 08:00 PM

Hey there,

Unfortunately, Im still stuck with the issue with ComboFix. I've tried to drag the windows XP Bootdisk package on to both ComboFix.exe and Combo-Fix.exe, as well as trying to start it up with both names and it is still giving me the hour glass for a few seconds, then nothing. Also, I did download, burn, and transefer all files by CD this time :-)

Bo

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 25 December 2008 - 08:25 PM

Hello.

Try rebooting into Safe Mode and see if you can run Combofix. Refer below for instructions on how to do so.

Boot into Safe Mode

I suggest you read over the instructions on how to boot into Safe Mode and then print these instructions out or save them in Notepad because you won't have access to this page while in Safe Mode.

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use your arrow keys to navigate and highlight Safe Mode.
  • Hit Enter.
  • You will now be asked to choose your operating system. Again, use the arrow keys to select Microsoft Windows XP.
  • Hit Enter.
Your computer will proceed to booting into Safe Mode. During the boot process, you may see random code go past your screen. Simply wait for it to pass. Your computer should boot like usually, except with Safe Mode written in the corners of your screen. Your screen may also appear to be a different size because the video drivers are not loaded properly in Safe Mode.

After the boot, you will be asked whether you wish to use system restore, or to continue to Safe Mode. Select OK to choose Safe mode.

In Safe Mode do the same thing and see if you can run Combofix and GMER.

Tell me how it goes and post back with the logs I need.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 boratt1599

boratt1599
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 25 December 2008 - 09:42 PM

Bummer...still not working for either ComboFix.exe or Combo-Fix.exe in safemode (without networking) :thumbsup:

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 25 December 2008 - 11:02 PM

Hello.

Could you please post me the GMER log? Does GMER.exe work? I need to see what's going on right now..

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 boratt1599

boratt1599
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 25 December 2008 - 11:32 PM

Hey,

gmer.exe will not load in safe mode or normal either. It is doing the exact same thing as the ComboFix. I've tried rebooting as well.

Bo

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 26 December 2008 - 11:04 AM

Hello.

Hey,

gmer.exe will not load in safe mode or normal either. It is doing the exact same thing as the ComboFix. I've tried rebooting as well.

Bo

Before I ask my peers for some input on this, I want to see a new OTViewIT log and try to clear some of the mess up.

Also try renaming GMER.exe to something else such as Scanner.exe , and now try running it. If that fails try it in Safe Mode. Also if OTViewIT doesn't work either, rename it as well and if that doesn't work please go into safe mode and see if it works.

Also, regarding Combofix. Please delete the copy of Combofix you have on your infected and clean machine. Please follow the instructions below on renaming Combofix before saving it and then transfer it to your infected machine and see if it works now..

Download and Run ComboFix (Rename before Saving)

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image

Posted Image

Refer to the page below for further instructions on running ComboFix. This includes installing the Recovery Console. Note that you do not need your Windows XP disk to install it.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Transfer Combo-fix.exe to your infected machine and drag the Microsoft Package unto Combo-Fix.exe & follow the prompts.

When finished, it will produce a open a report for you. Post back with it. It is at C:\ComboFix.txt.

Do not mouseclick the ComboFix window while it's running. That may cause it to stall.

Just wondering do you have an XP CD anywhere?

Please post back with:
-OTViewIT log
-GMER log <- If possbile.

-Combofix log <- If Possible

Tell me how it goes.

With Regards,
Extremeboy

Edited by extremeboy, 26 December 2008 - 02:35 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 boratt1599

boratt1599
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 26 December 2008 - 07:18 PM

Well, Combo-Fix worked. It went through the normal steps, and then popped up a message thatstated something like the following (the file is correct though):

Parasite found!

The following file tried to attach to ComboFix. It will be stopped.
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

...then after rebooting, it deleted a bunch of files and then within about 15 seconds, told me that it needs the Windows XP CD to replace the files, but as I grabbed the CD and placed it in the drive, It gave me a message that said something like "are you sure you dont want to replace the Windows files", and then it rebooted (that quickly!). When it came back up, it blue screened...now even when rebooted it bluescreens with the same message:

STOP: c000021a {Fatal System Error}
The Windows Logon Process system process terminated unexpectedly with a status of 0xc0000034 (0x00000000 0x00000000).
The system has been shut down.

...I guess Im just going to pray my data on my computer can be recovered. :thumbsup: Plese help.

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 26 December 2008 - 08:03 PM

...then after rebooting, it deleted a bunch of files and then within about 15 seconds, told me that it needs the Windows XP CD to replace the files, but as I grabbed the CD and placed it in the drive, It gave me a message that said something like "are you sure you dont want to replace the Windows files", and then it rebooted (that quickly!). When it came back up, it blue screened...now even when rebooted it bluescreens with the same message:

What did you EXACTLY delete?? You should NOT just go around deleting stuff....... This causes problems for me and you..
Sorry, I didn't read what you said, I apologize. Do you know what it deleted though?

That messages usually occurs when winlogon.exe or Csrss.exe fails.. Anyways, it's good that you have a Windows CD encase we ever need it. I believe you are posting this from another computer as you said that blue screen doesn't go away even when you reboot and reboot..

Please boot your computer using the Last Known Good Configuration and see if that works.

How to boot your computer using the Last Known Good Configuration
  • Reboot your computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use your arrow keys to navigate and highlight Last Known Good Configuration (your most recent settings that worked), and then press ENTER.
  • You will now be asked to choose your operating system. Again, use the arrow keys to select Microsoft Windows XP
  • Hit Enter
See if your computer loads now. If so please give me back any logs that you were able to retrieve. This is getting a bit serious. Also see if you can post back with C:\Combofix.txt

With Regards,
Extremeboy

Edited by extremeboy, 26 December 2008 - 08:05 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 boratt1599

boratt1599
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 26 December 2008 - 10:04 PM

I just tried Last Known Good Configuration but it still gives me the same blue screen :-( The only thing I recall from the Combo-Fix before it crashed was it deleting files with the extension .dll ...I think I saw at leas 5 or so of these.

Do you think there might be another way to remove some data from the computer if we have to do a reinstall?

Also, just a heads up, I will be out of town and away from the infected computer starting today, and I will be able to do more to the computer on the 31st when I arrive back (within the 5 day max response time).

Bo

Edited by boratt1599, 27 December 2008 - 08:05 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users