Hello, I am running Windows XP Home SP2 with a Pentium 4, 1 gig of RAM and AVG 7.5 Free Antivirus and it keeps telling me that the file C:/Windows/Sytem32/catsrvp.dll is infected with Trojan Horse PSW.Delf.2.aq. Can anyone help me? It is really bogging my system down. Thanks

Hello requiemvortex, and welcome to Geeks To Go.

Click here to download HJTInstall.exe

• Save HJTInstall.exe to your desktop.
• Doubleclick on the HJTInstall.exe icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed, it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

[font="Arial Black"][/font][size="4"][/size]Here Is the HJT Log File

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:23 AM, on 5/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\Windows-KB890830-V1.41-delta.exe
c:\9521c34788e31cee7727aab5786b\mrtstub.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8C5BDDB7-F215-4066-A15D-AFB3541908E9} - C:\WINDOWS\system32\catsrvp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix:
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p
O15 - Trusted Zone: *.fnismls.com
O15 - Trusted Zone: *.getmedianow.com
O15 - Trusted Zone: *.live.com
O15 - Trusted Zone: *.showingtime.com
O15 - Trusted Zone: *.sitexdata.com
O15 - Trusted Zone: *.spellchecker.net
O15 - Trusted Zone: *.transactionpoint.com
O15 - Trusted Zone: *.trpoint.com
O15 - Trusted Zone: *.virtualearth.net
O16 - DPF: PUFLITE - http://dougaitken.point2agent.com/ColpaCon...rol/PUFLITE.CAB
O16 - DPF: {0854D220-A90A-466D-BC02-6683183802B7} (PrintPreview Class) - http://icbr.fnismls.com/Paragon/Codebase/F...rintControl.cab
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://vs.mcafeeasap.com/SW/ENU/VS40/bin/m...60504183849.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1164374416591
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1164374407598
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: SonicWALL Agent Service (SWAGENT) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe

--
End of file - 10187 bytes

Hello requiemvortex,

If you have any questions please feel free to ask.

Before we begin i see that you have 2 anti-virus running, i need you to remove one of them.Running 2 anti-virus at the same time can slow your computer down and also the anti-virus can conflict with each other.These are the 2 i see you have running.
McAfee and AVG
If you need help removing one of them please let me know.

STEP 1
Please reopen HijackThis and click on Do a system scan only.And put a check next to the following entries.

O2 - BHO: (no name) - {8C5BDDB7-F215-4066-A15D-AFB3541908E9} -
C:\WINDOWS\system32\catsrvp.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

Once you have the checks in those entries please make sure all open windows are closed(keep HijackThis open) and click fix checked on HijackThis.

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  CODE
  C:\WINDOWS\system32\catsrvp.dll
  
  
• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

STEP 2
Did you add the following sites to your trusted zone? Or know any of these sites?
O15 - Trusted Zone: *.fnismls.com
O15 - Trusted Zone: *.getmedianow.com
O15 - Trusted Zone: *.live.com
O15 - Trusted Zone: *.virtualearth.net
O15 - Trusted Zone: *.showingtime.com
O15 - Trusted Zone: *.sitexdata.com
O15 - Trusted Zone: *.spellchecker.net
O15 - Trusted Zone: *.transactionpoint.com
O15 - Trusted Zone: *.trpoint.com

In your next reply please let me know what ones you did not add or do not know, and we will take care of them.

STEP 3
Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

~~~~~~~~~~~~
In your next reply please have these logs.
The OTMoveIt2 log
The info about those sites
And the DSS main.txt and extra.txt

Hello. I have never heard of those sites except the first one but it was just a junk site and I definitely didn't add them to my trusted zone. I tried running DSS after saving it to the desktop, but whenever I tried to run it, as soon as it reached the part that said "Cleaning Temporary Files" my system got very hot and all the fans started running on high. It then would say it was "Not Responding". I tried this about 7 times with the same result every time. However, I did get the OTMoveIt2 log successfully. Here it is:

LoadLibrary failed for C:\WINDOWS\system32\catsrvp.dll
C:\WINDOWS\system32\catsrvp.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\catsrvp.dll scheduled to be moved on reboot.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05162008_233552

Files moved on Reboot...
LoadLibrary failed for C:\WINDOWS\system32\catsrvp.dll
C:\WINDOWS\system32\catsrvp.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\catsrvp.dll scheduled to be moved on reboot.

Hello requiemvortex,

We will try to clean out your Temporary Files then run DSS again.

STEP 1
Please reopen HijackThis and click on Do a system scan only.And put a check next to the following entries.

O15 - Trusted Zone: *.fnismls.com
O15 - Trusted Zone: *.getmedianow.com
O15 - Trusted Zone: *.live.com
O15 - Trusted Zone: *.virtualearth.net
O15 - Trusted Zone: *.showingtime.com
O15 - Trusted Zone: *.sitexdata.com
O15 - Trusted Zone: *.spellchecker.net
O15 - Trusted Zone: *.transactionpoint.com
O15 - Trusted Zone: *.trpoint.com

Once you have the checks in those entries please make sure all open windows are closed(keep HijackThis open) and click fix checked on HijackThis.

STEP 2
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

STEP 3
Please rescan with DSS

• Click on Start, click on Run
• Copy and paste the following in bold in the open window and then click OK
  "%userprofile%\desktop\dss.exe" /config
• This will open up DSS configuration
• Click on Check All
• Click Scan
• DSS will now run again
• When finished, please post back both logs that open in notepad: main.txt and extra.txt

~~~~~~~~~~
In your next reply please have these logs.
The DSS main.txt and extra.txt
(if you can't get DSS to run this time please post a new HijackThis log instead)

Hello. DSS was able to run successfully this time! Here are the logs: main.txt and extra.txt:

Deckard's System Scanner v20071014.68
Run by sim on 2008-05-18 13:10:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
79: 2008-05-18 18:10:24 UTC - RP107 - Deckard's System Scanner Restore Point
78: 2008-05-18 01:17:46 UTC - RP106 - Installed Zune Desktop Theme
77: 2008-05-17 21:35:22 UTC - RP105 - Rollback to an unsigned driver
76: 2008-05-17 18:53:53 UTC - RP104 - Removed QuickTime
75: 2008-05-17 18:43:51 UTC - RP103 - Configured Peachtree Complete Accounting 2004


-- First Restore Point --
1: 2008-02-19 03:36:30 UTC - RP29 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as sim.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:12:18 PM, on 5/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\Documents and Settings\sim\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\sim.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8C5BDDB7-F215-4066-A15D-AFB3541908E9} - C:\WINDOWS\system32\catsrvp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix:
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p
O16 - DPF: PUFLITE - http://dougaitken.point2agent.com/ColpaCon...rol/PUFLITE.CAB
O16 - DPF: {0854D220-A90A-466D-BC02-6683183802B7} (PrintPreview Class) - http://icbr.fnismls.com/Paragon/Codebase/F...rintControl.cab
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://vs.mcafeeasap.com/SW/ENU/VS40/bin/m...60504183849.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1164374416591
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1164374407598
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: SonicWALL Agent Service (SWAGENT) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe

--
End of file - 9770 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080516-233201-803 O2 - BHO: (no name) - {8C5BDDB7-F215-4066-A15D-AFB3541908E9} - C:\WINDOWS\system32\catsrvp.dll
backup-20080516-233202-431 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
backup-20080516-233203-390 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
backup-20080516-233203-422 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
backup-20080518-130616-269 O15 - Trusted Zone: *.live.com
backup-20080518-130616-311 O15 - Trusted Zone: *.trpoint.com
backup-20080518-130616-377 O15 - Trusted Zone: *.virtualearth.net
backup-20080518-130616-642 O15 - Trusted Zone: *.transactionpoint.com
backup-20080518-130616-647 O15 - Trusted Zone: *.spellchecker.net
backup-20080518-130616-664 O15 - Trusted Zone: *.showingtime.com
backup-20080518-130616-713 O15 - Trusted Zone: *.fnismls.com
backup-20080518-130616-848 O15 - Trusted Zone: *.sitexdata.com
backup-20080518-130616-958 O15 - Trusted Zone: *.getmedianow.com

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 drvmcdb - c:\windows\system32\drivers\drvmcdb.sys <Not Verified; VERITAS Software, Inc.; >
R0 efxrraxj - c:\windows\system32\drivers\qfmvmlbd.dat
R1 atitray - c:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys
R1 sscdbhk5 - c:\windows\system32\drivers\sscdbhk5.sys <Not Verified; VERITAS Software, Inc.; >
R1 ssrtln - c:\windows\system32\drivers\ssrtln.sys <Not Verified; VERITAS Software, Inc.; >
R2 drvnddm - c:\windows\system32\drivers\drvnddm.sys <Not Verified; VERITAS Software, Inc.; >
R2 HPGate - c:\windows\system32\drivers\hpgate.sys <Not Verified; Hewlett-Packard Co.; HP TopTools Agent>
R2 tfsnboio - c:\windows\system32\dla\tfsnboio.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsncofs - c:\windows\system32\dla\tfsncofs.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsndrct - c:\windows\system32\dla\tfsndrct.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsndres - c:\windows\system32\dla\tfsndres.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnifs - c:\windows\system32\dla\tfsnifs.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnopio - c:\windows\system32\dla\tfsnopio.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnpool - c:\windows\system32\dla\tfsnpool.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnudf - c:\windows\system32\dla\tfsnudf.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnudfa - c:\windows\system32\dla\tfsnudfa.sys <Not Verified; VERITAS Software, Inc.; >
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 USBIO (USBIO Driver (usbio.sys)) - c:\windows\system32\drivers\usbio.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 HPConfig (HP Configuration Interface Service) - c:\windows\system32\hpconfig.exe <Not Verified; Hewlett-Packard; HPConfig Module>
R2 SWAGENT (SonicWALL Agent Service) - c:\program files\mcafee\managed virusscan\agent\swagent.exe <Not Verified; McAfee, Inc.; McAfee® Total Protection™ for Small Business>
R3 RadioSvr - c:\windows\system32\radiosvr.exe <Not Verified; Hewlett-Packard; RadioSvr Module>

S2 HpRfDev (HP RF Device Service) - c:\windows\system32\hprfdev.exe <Not Verified; Hewlett-Packard; HpRfDev Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\explorer.exe (pid 820)
2007-06-03 02:05:20 159744 --a------ C:\WINDOWS\system32\mmfinfo.dll
2007-06-03 02:04:14 23552 --a------ C:\WINDOWS\system32\mkunicode.dll
2008-04-11 11:24:01 11722752 --a------ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2005-06-08 11:03:46 73728 --a------ C:\Program Files\BeeThink MusicHandle 3.2\TL.dll <Not Verified; ; MusicHandle Module>


-- Scheduled Tasks -------------------------------------------------------------

2008-05-15 13:51:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2002-08-09 15:35:22 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-04-18 and 2008-05-18 -----------------------------

2008-05-17 19:16:10 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-17 13:16:02 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-17 13:09:40 0 d-------- C:\Program Files\MultiRes
2008-05-17 13:09:21 180224 --a------ C:\WINDOWS\system32\atiok3x2.dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component>
2008-05-17 13:09:18 9535488 --a------ C:\WINDOWS\system32\atioglx2.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-05-17 13:09:18 385024 --a------ C:\WINDOWS\system32\atikvmag.dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager>
2008-05-17 13:09:18 368640 --a------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre>
2008-05-17 13:09:18 348160 --a------ C:\WINDOWS\system32\aticds10.dll <Not Verified; ATI Technologies Inc.; ATI Graphics Accelerators>
2008-05-17 13:09:17 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll <Not Verified; ATI Technologies Inc.; eRecord>
2008-05-17 13:09:17 1830912 --a------ C:\WINDOWS\system32\atiadaxx.exe <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2008-05-17 13:09:13 3107788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2008-05-17 13:09:13 887724 --a------ C:\WINDOWS\system32\ativva6x.dat
2008-05-17 13:09:12 3107788 --a------ C:\WINDOWS\system32\ativva5x.dat
2008-05-17 13:09:12 158080 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-05-17 13:08:58 0 d-------- C:\Program Files\Radeon Omega Drivers
2008-05-17 12:35:26 0 d-------- C:\Program Files\DHFPCI
2008-05-16 09:59:41 0 d-------- C:\Program Files\Trend Micro
2008-05-08 15:00:31 0 d-------- C:\!KillBox
2008-05-08 13:38:00 0 d-------- C:\kav
2008-05-07 00:15:45 0 d-------- C:\Program Files\SystemRequirementsLab
2008-05-05 23:39:48 0 d-------- C:\Program Files\ATI Technologies
2008-05-05 19:49:00 6144 --a------ C:\WINDOWS\system32\atiicdxx.sys <Not Verified; ATI Technologies Inc.; ATI Graphics Accelerators>
2008-05-04 22:12:52 0 d-------- C:\ATI
2008-05-02 22:57:53 0 d-------- C:\Fraps


-- Find3M Report ---------------------------------------------------------------

2008-05-18 13:00:21 0 d-------- C:\Program Files\Lx_cats
2008-05-17 21:08:50 0 d-------- C:\Documents and Settings\sim\Application Data\LimeWire
2008-05-17 13:57:19 0 d-------- C:\Program Files\Stamps.com Internet Postage
2008-05-17 13:51:41 0 d-------- C:\Documents and Settings\sim\Application Data\AVG7
2008-05-17 13:49:47 0 d-------- C:\Program Files\Peachtree
2008-05-17 13:49:46 0 d-------- C:\Program Files\Common Files
2008-05-17 13:41:43 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-17 13:37:00 0 d-------- C:\Program Files\CyberLink
2008-05-17 13:30:45 0 d-------- C:\Program Files\LEGO Media
2008-05-17 13:26:19 0 d-------- C:\Program Files\NCH Swift Sound
2008-05-17 13:09:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-16 17:02:56 0 d-------- C:\Documents and Settings\sim\Application Data\U3
2008-05-16 12:07:18 0 d-------- C:\Program Files\Windows NT
2008-05-14 21:33:19 0 d-------- C:\Program Files\Avant Browser
2008-05-07 00:07:41 0 d-------- C:\Documents and Settings\sim\Application Data\Adobe
2008-05-06 20:33:42 0 d-------- C:\Program Files\Britannica
2008-04-21 17:26:19 0 d-------- C:\Program Files\Paint.NET
2008-04-15 20:57:48 0 d-------- C:\Documents and Settings\sim\Application Data\NCH Swift Sound
2008-04-15 20:57:41 0 d-------- C:\Program Files\NCH Software
2008-04-15 15:31:11 0 d-------- C:\Program Files\InterVideo
2008-04-10 15:36:51 0 d-------- C:\Documents and Settings\sim\Application Data\Apple Computer
2008-04-09 22:38:20 0 d-------- C:\Documents and Settings\sim\Application Data\Turbine
2008-04-02 10:38:07 0 d-------- C:\Program Files\Java
2008-03-31 13:28:36 0 d-------- C:\Program Files\Turbine
2008-03-30 19:39:21 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-27 22:45:02 0 d-------- C:\Documents and Settings\sim\Application Data\MSNInstaller
2008-03-27 22:38:48 0 d-------- C:\Program Files\PowerDel
2008-03-27 15:56:32 0 d-------- C:\Documents and Settings\sim\Application Data\Nvu
2008-03-26 23:54:58 0 d-------- C:\Documents and Settings\sim\Application Data\Mozilla
2008-03-26 12:34:14 0 d-------- C:\Program Files\LEGO Interactive
2008-03-19 12:37:20 0 d-------- C:\Documents and Settings\sim\Application Data\gtk-2.0


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C5BDDB7-F215-4066-A15D-AFB3541908E9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [10/26/2007 11:06 AM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [04/12/2002 03:54 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/12/2002 03:53 PM]
"QT4HPOT"="C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE" [04/20/2002 03:56 PM]
"MVS Splash"="C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe" [04/01/2007 10:28 PM]
"McAfee Managed Services Tray"="C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe" [04/01/2007 10:28 PM]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07/19/2001 11:50 PM]
"hpScannerFirstBoot"="c:\hp\drivers\scanners\scannerfb.exe" [12/13/2001 05:24 AM]
"HP TV Now"="C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe" [04/30/2002 04:15 PM]
"hp Silent Service"="C:\Windows\system32\HpSrvUI.exe" [11/29/2001 06:49 AM]
"HP Presentation Ready"="C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe" [04/26/2002 04:20 PM]
"HP Display Settings"="C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe" [03/07/2002 08:57 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/20/2008 05:10 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"AtiPTA"="atiptaxx.exe" [04/23/2002 12:00 AM C:\WINDOWS\system32\atiptaxx.exe]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 12:24 PM C:\WINDOWS\system32\Ati2mdxx.exe]
"LXBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [09/10/2004 06:55 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/23/2007 03:44 AM]
"Fraps"="C:\FRAPS\FRAPS.EXE" [01/14/2008 07:53 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 02:39 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [12/17/2002 5:23:32 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
Debugger="C:\DOCUMENTS AND SETTINGS\SIM\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\1YET5X5G\PROCESSEXPLORER[1]\PROCEXP.EXE"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97c83542-a75d-11dc-a589-00c09f16a320}]
AutoRun\command- E:\LaunchU3.exe -a




-- Hosts -----------------------------------------------------------------------

127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]

17322 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-18 13:14:16 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 38%
Physical Memory (total/avail): 1022.48 MiB / 632 MiB
Pagefile Memory (total/avail): 2458.6 MiB / 2147.69 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1916.34 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 55.87 GiB total, 22.87 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HITACHI_DK23EA-60 - 55.89 GiB - 2 partitions
\PARTITION0 - Unknown - 23.5 MiB
\PARTITION1 (bootable) - Installable File System - 55.87 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: Total Protection for Small Business v4.5.0.464 (McAfee, Inc.) Disabled
AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"="C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe:*:Enabled:Managed Services Agent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"="C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe:*:Enabled:McAfee Managed Services Agent"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\\Program Files\\Avant Browser\\avant.exe"="C:\\Program Files\\Avant Browser\\avant.exe:*:Enabled:Avant Browser"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\lxbucoms.exe"="C:\\WINDOWS\\system32\\lxbucoms.exe:*:Disabled:6200 Series Server"
"C:\\InterActive Vision\\Pacific Warriors\\Pacific Warriors.exe"="C:\\InterActive Vision\\Pacific Warriors\\Pacific Warriors.exe:*:Disabled:Pacific Warriors"
"C:\\Program Files\\Qwest\\QuickConnect\\QuickConnectLaunch.exe"="C:\\Program Files\\Qwest\\QuickConnect\\QuickConnectLaunch.exe:*:Enabled:QuickConnect"
"C:\\Program Files\\Qwest\\QuickCare\\agentui\\quickcare.exe"="C:\\Program Files\\Qwest\\QuickCare\\agentui\\quickcare.exe:*:Enabled:quickcare"
"C:\\Program Files\\RecordNow\\mycd.exe"="C:\\Program Files\\RecordNow\\mycd.exe:*:Enabled:RecordNow"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\WINDOWS\\system32\\dlcxcoms.exe"="C:\\WINDOWS\\system32\\dlcxcoms.exe:*:Enabled:Dell 926 Server"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Turbine\\The Lord of the Rings Online\\TurbineLauncher.exe"="C:\\Program Files\\Turbine\\The Lord of the Rings Online\\TurbineLauncher.exe:*:Enabled:TurbineLauncher.exe"
"C:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"="C:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe:*:Enabled:lotroclient"
"C:\\kav\\kav7\\setup.exe"="C:\\kav\\kav7\\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\sim\Application Data
CLASSPATH="c\QTJava.zip"
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=AITKEN2
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\sim
LOGONSERVER=\\AITKEN2
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~2\sim\LOCALS~1\Temp
TMP=C:\DOCUME~2\sim\LOCALS~1\Temp
USERDOMAIN=AITKEN2
USERNAME=sim
USERPROFILE=C:\Documents and Settings\sim
windir=C:\WINDOWS
_NT_SYMBOL_PATH=


-- User Profiles ---------------------------------------------------------------

McAfeeMVSUser
sim (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Documents and Settings\sim\Local Settings\Application Data\{94FB5242-4A3E-4443-BB8D-C9E397CC6528}\XLDeleteSetup.exe
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3}
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82F248C6-D392-11D5-9EA2-0050BAE317E1}\setup.exe" -uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint Plus --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Action Replay Code Manager --> "C:\Program Files\Datel\Action Replay Code Manager\unins000.exe"
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Shockwave Player --> MsiExec.exe /X{A7DB362E-16DC-4E29-8A34-E74381E00B5B}
ALi FIR Driver --> C:\WINDOWS\System32\ALiFIRUnInst.EXE C:\WINDOWS\IsUninst.exe -y -f"C:\Program Files\ALi\ALi FIR Driver\Uninst.isu"
AnswerWorks Runtime --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x0009 -removeonly
Avant Browser (remove only) --> "C:\Program Files\Avant Browser\uninst.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BeeThink MusicHandle 3.2 --> "C:\Program Files\BeeThink MusicHandle 3.2\unins000.exe"
BIONICLE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B196519A-A2AC-443E-84D1-F336B4E8F304}\setup.exe" -l0x9
Canon iP1700 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1700\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1700 /L0x0009
Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Checkers --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {EF3FD2A1-A567-426D-B22D-571C3E8450F2}
Conexant 56K ACLink Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0029103C\HXFSETUP.EXE -U -IVEN_10B9&DEV_5457&SUBSYS_0029103C
Conexant 56K ACLink Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C\HXFSETUP.EXE -U -Ihpm08505.inf
Conexant AC-Link Audio --> CIAunwdm.exe
Corel Applications --> C:\WINDOWS\Corel\Uninst32.exe
Driverheaven Full PC Info 2 --> C:\Program Files\DHFPCI\Uninst.exe
e-DiagTools for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{38E71FA0-59B0-11D4-BB75-00500478B0F5}\Setup.exe"
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Fraps --> "C:\Fraps\uninstall.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp deskjet 840c series (Remove only) --> C:\Program Files\hp deskjet 840c series\hpfiui.exe -c -vdivid=HPF -vpnum=90 -vinstport=USB/DeskJet 840C/ -vproduct=840c -huninstall
HP Desktop Zoom --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0604F35-314C-4341-A05E-3FEABCFDD470}\SETUP.EXE"
HP DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
HP Notebook Utilities --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8F2DCDE-AE4E-4AC9-BECD-496FB80FBF6A}\Setup.exe" -l0x9
HP One-Touch Buttons --> C:\WINDOWS\UnInst32.exe QT4HPOT.UNI
HP Photo Printing Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\hpiunPC.dll
HP Photo Toolkit --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B23F9FE-C25F-40BF-88B2-5F8E32E8B261}\Setup.exe"
HP Presentation Ready --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05D1A9A0-5E78-11D4-AF53-0080C7CE18D8}\SETUP.EXE"
Hpsetup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6792A59-15B3-4FD4-BE35-45F1E00A51AF}\SETUP.EXE"
Inactive HP Printer Drivers (Remove only) --> RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 prntunin.inf
Inactive HP ScanJet Drivers (Remove only) --> RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 sjunin.inf
Java 2 Runtime Environment Standard Edition v1.3.1_03 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_03\Uninst.isu"
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Lexmark 6200 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbuUNST.EXE -NOLICENSE
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.7 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
McAfee Virus and Spyware Protection Service --> C:\PROGRA~1\McAfee\MANAGE~1\Agent\myinx /Script=C:\PROGRA~1\McAfee\MANAGE~1\VScan\vsasap.inx /Section=DefaultUninstall
Media Player Codec Pack 1.1.0 --> C:\WINDOWS\system32\C2MP\Uninst.exe
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Desktop Engine (SOSHOME22) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Motorola Driver Installation --> MsiExec.exe /I{52F6065D-27D0-4680-B2BC-C49C9A252459}
Motorola Phone Tools --> C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
MultiRes (remove only) --> C:\Program Files\MultiRes\uninstal.exe
Paint.NET v3.30 --> MsiExec.exe /X{FF09A6A1-4DE5-467D-AA26-EF18C0EA4DAB}
PowerDirector Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall
QuickConnect --> C:\Program Files\InstallShield Installation Information\{4998FF95-709A-430A-B104-92A009ABB848}\setup.exe -runfromtemp -l0x0009 -removeonly
Qwest QuickCare 2.0 --> "C:\Program Files\Qwest\QuickCare\unins000.exe"
Radeon Omega Drivers v4.8.442 Setup Files and Tools --> "C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe" "/U:C:\Program Files\Radeon Omega Drivers\v4.8.442\Omega Uninstall.xml"
RecordNow --