Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

I Don't Know What Is Wrong! [Solved]

Started by bob snelgrove , Jun 24 2009 09:08 PM

This topic is locked

#1
bob snelgrove

Posted 24 June 2009 - 09:08 PM

Member

Member
31 posts

Hi Guys,

I picked up a virus/malware this week. Defender kept finding win32/RENOS.DZ. On bootup, I was getting a bogus Adobe pdf file that seemed to launch an audio commercial from time to time for Lysol, etc!! Sounded like TV or the radio!

When the commercial was playing, I checked my windows mixer and saw a tab called "14792311.tmp" I could mute that to make the sound go away.

After running spybot, that problem seems to be gone by my browsing is still very slow and 2 of my startup programs, login king and feedreader won't run now.

Also, downloading files stopped working.

So, I followed the Cleaning guide (above) and got stuck running anti-malware. It scans, finds 3 bad files and stalls ( over an hour) Exiting the program locks up the pc (vista 32)

I tried rebooting and running the malware program but same thing every time.

So, I shall wait patiently for your help!

thx

bob

#2
chamber

Posted 30 June 2009 - 12:03 PM

Face Burnin' Malware Fighter

Visiting Consultant
2,712 posts

Hello bob snelgrove,

Welcome to GeeksToGo!

My name is chamber and I'll be helping you today.

As I am still in training all of my posts have to checked by an expert so there may be some delay between replies.

Before we proceed to clean your computer from malware there are some points you should consider that will make the process go smoother.

Please have patience, logs take time to properly research so I will not be able to reply immediately.
Make sure that you are set to receive an email when I do reply to this topic, this will ensure that you don't miss any replies.
There are no silly questions so please just ask! Better safe than sorry.
Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, just ask!
Make sure you reply to this thread only, do not start new topics.

Please read my posts completely before following the instructions.

Edited by chamber, 30 June 2009 - 12:15 PM.

#3
bob snelgrove

Posted 30 June 2009 - 01:44 PM

Member

Topic Starter
Member
31 posts

Thanks, chamber

I'll await your reply.

thx

bob

Hello bob snelgrove,

Welcome to GeeksToGo!

My name is chamber and I'll be helping you today.

As I am still in training all of my posts have to checked by an expert so there may be some delay between replies.

Before we proceed to clean your computer from malware there are some points you should consider that will make the process go smoother.
Please have patience, logs take time to properly research so I will not be able to reply immediately.
Make sure that you are set to receive an email when I do reply to this topic, this will ensure that you don't miss any replies.
There are no silly questions so please just ask! Better safe than sorry.
Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, just ask!
Make sure you reply to this thread only, do not start new topics.

Please read my posts completely before following the instructions.

#4
chamber

Posted 30 June 2009 - 04:17 PM

Face Burnin' Malware Fighter

Visiting Consultant
2,712 posts

Hi bob,

Sorry for the delay, things are pretty hectic around here.

1) Malwarebytes

Lets try and get Malwarebytes going,

Please download and run randmbam.exe

It will try to create random names and shortcuts for Malwarebytes Anti Malware(MBAM) which should allow you to run it.

Once done, try running a full scan again

2) ComboFix

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image

--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt so we can continue cleaning the system.

3) Randoms System Information Tool

Download random's system information tool (RSIT) by random/random from here.
It is important that is saved to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

In your reply I would like to see copied and pasted,

1) Malwarebytes log
2) ComboFix log
3) log.txt
4) info.txt

#5
bob snelgrove

Posted 30 June 2009 - 04:42 PM

Member

Topic Starter
Member
31 posts

Thanks!

Malwarebytes won't run.. See attachment.

Try safe mode?

thx

bob

EDIT: No go in safe mode either !!!

Edited by bob snelgrove, 30 June 2009 - 05:30 PM.

#6
bob snelgrove

Posted 30 June 2009 - 05:46 PM

Member

Topic Starter
Member
31 posts

Update: I'm an idiot! I didn't realize it was a zipped file (randmbam) I unzipped it an ran it. All that happened was a info screen came up? Run MALWAREBYTE now ???

thx

bob

#7
chamber

Posted 01 July 2009 - 12:46 AM

Face Burnin' Malware Fighter

Visiting Consultant
2,712 posts

It should have created a new shortcut on your desktop, go ahead and run it. (remember to right click and run as administrator.

Edited by chamber, 01 July 2009 - 12:47 AM.

#8
bob snelgrove

Posted 01 July 2009 - 07:21 AM

Member

Topic Starter
Member
31 posts

This is what I get when I run as admin. It didn't really install, just this messsage:

thx

bob

#9
chamber

Posted 01 July 2009 - 01:57 PM

Face Burnin' Malware Fighter

Visiting Consultant
2,712 posts

Hi bob,

Looks like there is a problem with KiXtart interfering with MBAM.

At this point it would be best if you left Malwarebytes for now and proceeded with the rest of the fix.

Let me know if you have any problems with Combo-Fix.

#10
bob snelgrove

Posted 01 July 2009 - 04:39 PM

Member

Topic Starter
Member
31 posts

chamber,

I ran combofix. It was scanning and I had to leave. When I came back it was asking if i wanted to save log.txt but there was nothing in it. I saved it anyway. Where should the logs be?

Also, I turned off AVG resident shield but couldn't see how to turn off spyware, etc. Does that matter?

thx

bob

#11
chamber

Posted 01 July 2009 - 04:43 PM

Face Burnin' Malware Fighter

Visiting Consultant
2,712 posts

Log should be located at C:\ComboFix.txt

#12
bob snelgrove

Posted 01 July 2009 - 04:49 PM

Member

Topic Starter
Member
31 posts

Only this

thx

bob

#13
chamber

Posted 01 July 2009 - 04:56 PM

Face Burnin' Malware Fighter

Visiting Consultant
2,712 posts

In the C:\ drive there will be a file called ComboFix.txt not in the Combo-Fix folder.

#14
bob snelgrove

Posted 01 July 2009 - 04:59 PM

Member

Topic Starter
Member
31 posts

Sorry!

ComboFix 09-07-01.01 - Bob 07/01/2009 13:44.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3582.2247 [GMT -7:00]
Running from: c:\users\Bob\Desktop\fixpc\geekfix\Combo-Fix.exe
AV: AVG Internet Security 3-pack *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
SP: AVG Anti-Spyware *enabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: AVG Internet Security 3-pack *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
ADS - Windows: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\344.exe
C:\54366.exe
c:\users\Bob\AppData\Roaming\inst.exe
c:\users\Bob\Documents\HELP.EXE
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\Downloaded Program Files\Temp
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\MSIVXmfgtxdqpucqhimdxpeqctmhnxpsiwgub.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXfrodietxiwwpxpnqkdvsuqlenqnapqdb.dll
c:\windows\system32\MSIVXogynpmttnuhxcymvrtqpucisqebttmlq.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys

((((((((((((((((((((((((( Files Created from 2009-06-01 to 2009-07-01 )))))))))))))))))))))))))))))))
.

2009-07-01 21:00 . 2009-07-01 21:00 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-07-01 04:44 . 2009-07-01 04:44 -------- d-----w- c:\users\Bob\AppData\Local\Apple
2009-06-28 23:28 . 2009-06-28 23:28 746744 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-28 14:46 . 2009-07-01 14:49 -------- d-----w- c:\users\Bob\AppData\Local\Adobe
2009-06-27 22:18 . 2009-06-27 22:19 -------- d-----w- c:\users\Bob\AppData\Local\Ahead
2009-06-27 02:28 . 2009-06-28 23:29 117760 ----a-w- c:\users\Bob\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-27 02:27 . 2009-06-27 02:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-06-27 02:27 . 2009-06-27 02:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-27 02:27 . 2009-06-27 02:27 -------- d-----w- c:\users\Bob\AppData\Roaming\SUPERAntiSpyware.com
2009-06-26 05:13 . 2009-06-26 05:16 -------- d-----w- c:\program files\FeedReader30
2009-06-25 00:12 . 2009-06-25 00:12 -------- d-----w- c:\users\Bob\AppData\Roaming\Malwarebytes
2009-06-25 00:12 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-25 00:12 . 2009-06-25 00:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-25 00:12 . 2009-06-25 00:12 -------- d-----w- c:\programdata\Malwarebytes
2009-06-25 00:12 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-25 00:09 . 2009-06-25 00:09 -------- d-----w- c:\program files\ERUNT
2009-06-23 00:54 . 2009-06-23 00:54 -------- d-----w- c:\program files\SlySoft
2009-06-20 13:50 . 2009-06-20 13:50 -------- d-----w- c:\program files\Philips Webcam
2009-06-20 00:36 . 2009-06-20 00:36 98304 ----a-w- c:\windows\system32\SoftAheadCert.dll
2009-06-20 00:35 . 2009-06-20 00:36 -------- d-----w- c:\program files\AV WebCam Morpher GOLD
2009-06-19 23:08 . 2009-06-19 23:08 -------- d-----w- C:\AV_LOGS
2009-06-19 23:06 . 2008-01-12 01:23 13696 ----a-w- c:\windows\system32\drivers\avwebcam.sys
2009-06-19 23:06 . 2009-06-19 23:31 -------- d-----w- c:\program files\AV WebCam Morpher
2009-06-19 22:54 . 2009-06-19 23:04 -------- d-----w- c:\program files\AV Video Morpher
2009-06-19 22:44 . 2009-06-19 22:44 11881356 ----a-w- c:\windows\system32\video-morpher.exe
2009-06-19 22:00 . 2009-06-19 22:00 -------- d-----w- c:\programdata\WebcamMax
2009-06-19 22:00 . 2009-06-19 22:00 -------- d-----w- c:\users\Bob\AppData\Roaming\Webcammax
2009-06-19 21:57 . 2008-03-11 13:14 941784 ----a-w- c:\windows\system32\drivers\CAMTHWDM.sys
2009-06-19 21:57 . 2009-06-19 22:02 -------- d-----w- c:\program files\WebcamMax
2009-06-19 21:17 . 2009-06-16 15:32 2052888 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-06-19 16:12 . 2009-06-19 16:12 -------- d-----w- c:\users\Bob\AppData\Roaming\Creative
2009-06-19 16:11 . 2009-06-19 16:11 76 --sh--r- c:\windows\CT4CET.bin
2009-06-19 16:11 . 2009-06-19 16:11 -------- d-----w- c:\program files\Common Files\Reallusion
2009-06-19 16:09 . 2009-06-19 16:10 -------- d-----w- c:\program files\Creative Live! Cam
2009-06-19 16:09 . 2009-06-19 16:09 -------- d-----w- c:\program files\Dell
2009-06-19 16:08 . 2009-06-19 16:11 -------- d-----w- c:\program files\Creative
2009-06-16 15:32 . 2009-06-10 21:36 3298072 ----a-w- c:\programdata\avg8\update\backup\setup.exe
2009-06-16 15:32 . 2009-06-10 21:36 1261344 ----a-w- c:\programdata\avg8\update\backup\avgwd.dll
2009-06-16 15:32 . 2009-06-10 21:36 829208 ----a-w- c:\programdata\avg8\update\backup\avgcfgx.dll
2009-06-12 13:45 . 2009-06-12 13:45 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb3AA2.tmp.exe
2009-06-11 20:10 . 2009-06-11 20:10 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbD6F7.tmp.exe
2009-06-10 21:36 . 2009-06-10 21:33 1452312 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll
2009-06-10 13:05 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll
2009-06-10 13:04 . 2009-04-21 11:39 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 13:03 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-10 13:03 . 2009-04-23 12:15 828416 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 13:03 . 2009-04-24 16:02 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-09 16:02 . 2009-06-09 16:02 -------- d-----w- c:\windows\userstartmenu
2009-06-09 16:02 . 2009-06-09 16:02 -------- d-----w- c:\windows\userdesktop
2009-06-09 16:02 . 2009-06-09 16:02 -------- d-----w- c:\windows\desktop
2009-06-09 16:02 . 2009-06-09 16:02 -------- d-----w- c:\windows\commondesktop
2009-06-09 16:02 . 2009-06-09 16:02 -------- d-----w- c:\program files\IQcobra

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 19:59 . 2008-01-03 02:01 -------- d-----w- c:\users\Bob\AppData\Roaming\Skype
2009-07-01 19:58 . 2008-01-03 02:04 -------- d-----w- c:\users\Bob\AppData\Roaming\skypePM
2009-06-27 13:04 . 2009-02-08 23:09 -------- d-----w- c:\users\Bob\AppData\Roaming\Feedreader
2009-06-27 02:27 . 2008-04-09 20:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-27 02:22 . 2007-12-02 16:22 -------- d-----w- c:\program files\Google
2009-06-25 21:59 . 2007-12-06 06:46 -------- d-----w- c:\programdata\DVD Shrink
2009-06-24 20:38 . 2009-02-04 23:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-24 20:00 . 2009-02-04 23:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-24 19:50 . 2007-12-02 19:13 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-24 12:30 . 2008-04-10 22:49 -------- d-----w- c:\programdata\avg8
2009-06-24 00:22 . 2007-12-15 19:58 -------- d-----w- c:\users\Bob\AppData\Roaming\uTorrent
2009-06-21 15:32 . 2008-03-30 19:54 -------- d-----w- c:\users\Bob\AppData\Roaming\Move Networks
2009-06-21 15:32 . 2008-03-30 19:54 34062 ----a-w- c:\users\Bob\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
2009-06-21 14:36 . 2007-12-02 16:22 -------- d-----w- c:\program files\Java
2009-06-20 13:50 . 2007-12-06 07:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-16 15:32 . 2008-12-12 01:07 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-15 14:48 . 2008-03-19 20:38 -------- d-----w- c:\programdata\X10 Settings
2009-06-10 21:37 . 2008-12-12 01:07 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-10 13:13 . 2007-12-16 21:08 -------- d-----w- c:\programdata\Microsoft Help
2009-06-08 13:46 . 2008-07-05 04:58 20 ---h--w- c:\programdata\PKP_DLbx.DAT
2009-05-31 23:14 . 2009-05-31 23:14 -------- d-----w- c:\programdata\TomTom
2009-05-31 23:13 . 2009-05-31 23:13 -------- d-----w- c:\users\Bob\AppData\Roaming\TomTom
2009-05-31 23:13 . 2009-05-31 23:13 -------- d-----w- c:\program files\TomTom International B.V
2009-05-31 23:13 . 2009-05-31 23:13 -------- d-----w- c:\program files\TomTom HOME 2
2009-05-27 15:16 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-05-27 15:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-27 15:16 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-05-27 15:16 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal
2009-05-27 15:16 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-05-27 15:16 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-27 15:16 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-05-27 15:14 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-25 21:37 . 2009-05-25 21:37 -------- d-----w- c:\program files\M-Audio
2009-05-25 21:36 . 2009-05-25 21:36 -------- d-----w- c:\users\Bob\AppData\Roaming\InstallShield
2009-05-25 18:33 . 2009-05-25 18:22 -------- d-----w- c:\program files\Samsung
2009-05-25 12:01 . 2009-05-25 12:01 89256 ------w- c:\windows\system32\ElbyCDIO.dll
2009-05-24 15:32 . 2009-05-24 15:32 -------- d-----w- c:\programdata\TechSmith
2009-05-24 15:32 . 2008-02-29 06:29 -------- d-----w- c:\program files\TechSmith
2009-05-23 01:24 . 2009-05-23 01:20 -------- d-----w- c:\program files\SSChart
2009-05-23 01:20 . 2009-05-23 01:20 766 ----a-r- c:\users\Bob\AppData\Roaming\Microsoft\Installer\{56F1869E-0ED0-4E83-8B8C-9B0D45FC7248}\SystemFolder_msiexec.exe
2009-05-23 01:20 . 2009-05-23 01:20 766 ----a-r- c:\users\Bob\AppData\Roaming\Microsoft\Installer\{56F1869E-0ED0-4E83-8B8C-9B0D45FC7248}\SSChart.exe
2009-05-21 18:33 . 2008-12-12 06:01 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-21 02:57 . 2009-05-21 02:57 -------- d-----w- c:\program files\DASTrader DEMO
2009-05-19 01:23 . 2008-10-06 17:17 541696 ----a-w- c:\users\Bob\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdater.exe
2009-05-19 01:04 . 2008-10-06 17:17 79872 ----a-w- c:\users\Bob\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
2009-05-16 06:21 . 2009-05-16 06:21 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-15 14:50 . 2009-05-15 14:50 19456 ----a-r- c:\users\Bob\AppData\Roaming\Microsoft\Installer\{EE38FE26-5C30-44E0-B25E-62CB521A9015}\IconE1F09B4D1.exe
2009-05-15 14:50 . 2009-05-15 14:49 -------- d-----w- c:\program files\NexTrend
2009-05-15 14:17 . 2009-01-06 15:09 -------- d-----w- c:\program files\Starry Night Pro Plus 6
2009-05-12 00:24 . 2009-05-12 00:24 60184 ----a-w- c:\programdata\tmp6CAA.tmp
2009-04-29 15:49 . 2007-12-02 16:19 105872 ----a-w- c:\users\Bob\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-24 16:04 . 2008-12-12 01:07 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-04-24 16:04 . 2008-12-12 01:07 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-04-24 16:04 . 2008-10-23 13:37 23832 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2009-04-24 16:04 . 2008-12-12 01:12 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-19 13:10 . 2007-12-28 23:13 1648 ----a-w- c:\users\Bob\AppData\Local\d3d8caps.dat
2009-04-19 13:10 . 2007-12-17 16:28 3384 ----a-w- c:\users\Bob\AppData\Local\d3d9caps.dat
2009-04-11 06:33 . 2009-05-27 13:48 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-11 06:33 . 2009-05-27 13:48 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-11 06:33 . 2009-05-27 13:48 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-11 06:33 . 2009-05-27 13:48 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-11 06:33 . 2009-05-27 13:48 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-11 06:28 . 2009-05-27 13:48 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-11 06:27 . 2009-05-27 13:49 441344 ----a-w- c:\windows\system32\SearchIndexer.exe
2009-04-11 06:22 . 2009-05-27 13:47 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-11 06:21 . 2009-05-27 13:47 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-11 05:42 . 2009-05-27 13:47 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-11 05:03 . 2009-05-27 13:49 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 05:03 . 2009-05-27 13:49 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 04:57 . 2009-05-27 13:47 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-11 04:54 . 2009-05-27 13:47 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-11 04:52 . 2009-05-27 13:48 248320 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2009-04-11 04:51 . 2009-05-27 13:47 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-11 04:47 . 2009-05-27 13:47 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-11 04:46 . 2009-05-27 13:47 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-11 04:46 . 2009-05-27 13:47 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-11 04:46 . 2009-05-27 13:47 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-11 04:46 . 2009-05-27 13:47 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-11 04:46 . 2009-05-27 13:47 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-11 04:46 . 2009-05-27 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-11 04:45 . 2009-05-27 13:47 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-11 04:45 . 2009-05-27 13:47 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-11 04:45 . 2009-05-27 13:48 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-11 04:45 . 2009-05-27 13:48 401408 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-11 04:45 . 2009-05-27 13:47 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-11 04:45 . 2009-05-27 13:47 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-11 04:43 . 2009-05-27 13:47 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-11 04:43 . 2009-05-27 13:48 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-11 04:42 . 2009-05-27 13:48 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-11 04:42 . 2009-05-27 13:48 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-11 04:42 . 2009-05-27 13:48 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys
2009-04-11 04:42 . 2009-05-27 13:48 73216 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-04-11 04:42 . 2009-05-27 13:48 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-04-11 04:42 . 2009-05-27 13:48 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-04-11 04:42 . 2009-05-27 13:47 12800 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-04-11 04:42 . 2009-05-27 13:47 39424 ----a-w- c:\windows\system32\drivers\hidclass.sys
2009-04-11 04:42 . 2009-05-27 13:47 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2009-04-11 04:42 . 2009-05-27 13:49 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-04-11 04:39 . 2009-05-27 13:47 16384 ----a-w- c:\windows\system32\iscsilog.dll
2009-04-11 04:39 . 2009-05-27 13:47 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2006-06-16 03:33 . 2009-06-19 16:11 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-26 01:43 . 2009-06-19 16:11 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 21:41 . 2009-06-19 16:11 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 20:10 . 2009-06-19 16:11 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 19:19 . 2009-06-19 16:11 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-11 01:35 . 2009-06-19 16:11 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 18:10 . 2009-06-19 16:11 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 18:42 . 2009-06-19 16:11 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 18:22 . 2009-06-19 16:11 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 18:21 . 2009-06-19 16:11 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2006-11-22 14:58 . 2006-11-22 14:58 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2cff8b6a-9a4c-4192-b925-c6ffa19340e4}]
2009-03-20 00:04 1883672 ----a-w- c:\program files\Craigslist\tbCra1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 06:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Fraps"="c:\fraps\FRAPS.EXE" [2006-06-18 2834432]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-02 21898024]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2009-05-26 2893064]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-18 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"feedreader.exe"="c:\program files\FeedReader30\feedreader.exe" [2009-03-29 2058240]
"Google Update"="c:\users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-07 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vsc32cnf.exe"="c:\program files\Roland\VSC32\vsc32cnf.exe" [2000-02-07 36864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13535776]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-10 1948440]
"DeltaIITaskbarApp"="c:\windows\system32\DeltaIITray.exe" [2008-03-03 236040]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-04-11 217088]

c:\users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office Outlook.lnk - c:\program files\Microsoft Office\Office12\OUTLOOK.EXE [2009-4-17 12438896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"WAVE3"=vscapi.dll
"Midi1"=vscapi.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]
backup=c:\windows\pss\MiniEYE-MiniREAD Launch.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MiniEYE-MiniREAD Launch.lnk

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Monitor.lnk
backup=c:\windows\pss\Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TVTonic Control Panel.lnk]
backup=c:\windows\pss\TVTonic Control Panel.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TVTonic Control Panel.lnk

[HKLM\~\startupfolder\C:^Users^Bob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Login King 2007.lnk]
path=c:\users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Login King 2007.lnk
backup=c:\windows\pss\Login King 2007.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Bob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Bob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
path=c:\users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):15,4f,6b,a9,de,de,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{AC3F2441-50DF-4A1C-83E4-9C3418B40327}c:\\users\\bob\\desktop\\unrealtournament\\system\\unrealtournament.exe"= UDP:c:\users\bob\desktop\unrealtournament\system\unrealtournament.exe:unrealtournament.exe
"UDP Query User{DAA09AE4-B243-41B1-B8D2-29B3EEE0A62E}c:\\users\\bob\\desktop\\unrealtournament\\system\\unrealtournament.exe"= TCP:c:\users\bob\desktop\unrealtournament\system\unrealtournament.exe:unrealtournament.exe
"TCP Query User{44CE9C62-5EA4-4AF7-8D79-62F040CE4779}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7C5E1E86-F590-4BE1-8CA7-06A16BDDA6A1}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{71D2A625-D996-4066-81F4-D1898EF56135}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{D165D313-E222-426E-9CA4-D86DF54EBEA6}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{C666E0F1-A8BF-4BCC-9E58-D6893C2C923F}c:\\users\\bob\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\bob\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"UDP Query User{24517824-F260-44A4-BDD9-BCFF5E8B41E7}c:\\users\\bob\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\bob\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"TCP Query User{74065A67-C8B5-4219-89A4-C9621CFFB07B}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{2E11DA8E-FBCD-4311-9F9B-80F619FCD209}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{BAE9600C-4FC7-498E-8866-16B61D072E50}"= UDP:33859:uto
"{B59F4424-BD20-48C3-8747-97CBC4CB80CC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{DBC278E2-D06D-453E-A094-3B1AE83628D1}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C5190341-EBA9-4AF7-8055-2CB2D43CF3C2}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BE5682DB-6ADC-4EFF-9EF2-43A2EEC10FCB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2B413D83-0210-45A3-B088-9437C4A4F70E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BBFEC30D-1FB5-4E07-A483-8D53B620173E}"= UDP:c:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{1241B232-F507-42AF-87EB-61ADB9839035}"= TCP:c:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{C88E12BF-25A3-42D3-A9E8-16F915B5A90F}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{6B9E3997-DAC9-4D25-806E-1493AF867A31}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{C2433638-4325-4F29-BE81-69BF60DB47F0}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{DC2D04D9-A2E5-47E7-881B-F2C2BB6E8B5E}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{2E2881E9-646E-44B3-999A-8DA9CC16B9FA}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{D6914208-F732-4F1A-B98E-C5A5892D93DE}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{C6BCFF91-371F-445F-B066-7F999DFEDF81}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{8EC4DEDB-7FFB-4EFB-90D0-0D7E903B5481}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{8B5DA80F-DAE9-49E6-B61F-BB71533DE86A}c:\\program files\\world of warcraft\\wow-2.3.0.7561-to-2.3.2.7741-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.3.0.7561-to-2.3.2.7741-enus-downloader.exe:Blizzard Downloader
"UDP Query User{18979D48-F47F-496C-B945-61D13CE8899D}c:\\program files\\world of warcraft\\wow-2.3.0.7561-to-2.3.2.7741-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.3.0.7561-to-2.3.2.7741-enus-downloader.exe:Blizzard Downloader
"TCP Query User{EA76A52C-772E-4297-940D-0AB0411C5224}c:\\x-plane 8.64\\x-plane 864.exe"= UDP:c:\x-plane 8.64\x-plane 864.exe:X-Plane 864
"UDP Query User{F67D5579-9883-495C-8813-552E67A2BEF4}c:\\x-plane 8.64\\x-plane 864.exe"= TCP:c:\x-plane 8.64\x-plane 864.exe:X-Plane 864
"TCP Query User{3BEB853E-886C-442F-973E-D06C9B1AA5E1}c:\\program files\\x-plane 8.64\\x-plane 864.exe"= UDP:c:\program files\x-plane 8.64\x-plane 864.exe:X-Plane 864
"UDP Query User{88E17371-A897-406D-9A2C-59A61E0D1171}c:\\program files\\x-plane 8.64\\x-plane 864.exe"= TCP:c:\program files\x-plane 8.64\x-plane 864.exe:X-Plane 864
"TCP Query User{FA15E839-DD9D-4DD6-935B-17925C783B10}c:\\xplane9\\x-plane 9.00 beta-24\\x-plane 900 beta-24.exe"= UDP:c:\xplane9\x-plane 9.00 beta-24\x-plane 900 beta-24.exe:X-Plane 900 Beta-24
"UDP Query User{83D07F77-5068-4653-BBF4-A81585995E73}c:\\xplane9\\x-plane 9.00 beta-24\\x-plane 900 beta-24.exe"= TCP:c:\xplane9\x-plane 9.00 beta-24\x-plane 900 beta-24.exe:X-Plane 900 Beta-24
"TCP Query User{8A24D51E-70AF-45DD-9E44-2F1BE0424E4F}c:\\xplane9\\x-plane 9.00 beta-24\\x-plane.exe"= UDP:c:\xplane9\x-plane 9.00 beta-24\x-plane.exe:X-Plane
"UDP Query User{4FCFB141-84F5-43AE-858F-622DD6A210A1}c:\\xplane9\\x-plane 9.00 beta-24\\x-plane.exe"= TCP:c:\xplane9\x-plane 9.00 beta-24\x-plane.exe:X-Plane
"{906A0383-CFFD-4559-A21A-2A61C2F68DFC}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{7255493F-F417-4D89-9ADB-ADA3C97AB2CE}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"TCP Query User{684FFBEA-E0BE-44E0-9DB6-BB20257EE52F}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{B51E6478-CF87-4DC6-866A-E143D3B1F12A}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{7BC03DFE-C9E6-4BCB-BBCF-4F7C807B8CF7}c:\\program files\\steam\\steamapps\\steelgtr\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\steelgtr\team fortress 2\hl2.exe:hl2
"UDP Query User{0FD8E002-C83E-407C-82F7-452A1D49F54F}c:\\program files\\steam\\steamapps\\steelgtr\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\steelgtr\team fortress 2\hl2.exe:hl2
"{2E05471E-87A1-43FD-AAB0-9166B32F9125}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{0DB1555E-71C7-4BC5-BB82-978EBF7F69D5}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{EF92DC3E-FE6E-4E18-826E-9FACC9B41B12}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{979938A0-6C07-4D8D-85F8-4411B8791056}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{778FE9EE-9B85-4E8F-BCA5-DDDE35E7A745}c:\\xplane9\\x-plane 9\\x-plane.exe"= UDP:c:\xplane9\x-plane 9\x-plane.exe:X-Plane
"UDP Query User{93356F36-1844-44E8-A138-EFC896AAB20F}c:\\xplane9\\x-plane 9\\x-plane.exe"= TCP:c:\xplane9\x-plane 9\x-plane.exe:X-Plane
"{C5C4D346-7C94-45D8-9B27-48F4D9B40464}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"TCP Query User{E486576A-9E7E-43A2-845B-311367388005}c:\\users\\bob\\appdata\\local\\abacastdistributedondemand\\node\\11\\abacastdistributedondemand.exe"= UDP:c:\users\bob\appdata\local\abacastdistributedondemand\node\11\abacastdistributedondemand.exe:abacastdistributedondemand.exe
"UDP Query User{B708C0BA-87B2-4418-9FB8-351B66D53C8F}c:\\users\\bob\\appdata\\local\\abacastdistributedondemand\\node\\11\\abacastdistributedondemand.exe"= TCP:c:\users\bob\appdata\local\abacastdistributedondemand\node\11\abacastdistributedondemand.exe:abacastdistributedondemand.exe
"TCP Query User{6B62861A-AE72-46D6-89B2-ED2C4E71943E}c:\\users\\bob\\appdata\\local\\abacast\\abaclient.exe"= UDP:c:\users\bob\appdata\local\abacast\abaclient.exe:abaclient.exe
"UDP Query User{9FB085ED-0AFE-4EE8-9840-0D9D582E403E}c:\\users\\bob\\appdata\\local\\abacast\\abaclient.exe"= TCP:c:\users\bob\appdata\local\abacast\abaclient.exe:abaclient.exe
"{850556A5-BE4F-4F37-A32F-CCEF4D647ADB}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0715A489-21A2-4D78-A67E-C697CD020C57}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C430BCB0-3354-4BBB-890B-93C9C26EDFD1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{6AF5ABBE-607F-44E3-8880-443E4774977B}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{0EBACF12-AFE2-48AE-B54F-B52A3BE5A84D}"= UDP:c:\program files\IncredibleCharts\IncredibleCharts.exe:IncredibleCharts Pro
"{C24D597E-1B57-4AA8-9839-6F41986E8224}"= TCP:c:\program files\IncredibleCharts\IncredibleCharts.exe:IncredibleCharts Pro
"{0E55863B-448A-4EB8-AB6D-E8AA397514D6}"= UDP:c:\program files\NexTrend\SeamFTP.exe:SeamFTP.exe
"{77870B97-B91E-4E32-84B5-7103EBCF2BF9}"= TCP:c:\program files\NexTrend\SeamFTP.exe:SeamFTP.exe
"{5A630500-2FA5-42F7-BBE1-6D1259905DC3}"= UDP:c:\program files\NexTrend\Analysis.exe:Analysis.exe
"{1A2FA544-83D1-4906-A42F-27F3E000F98E}"= TCP:c:\program files\NexTrend\Analysis.exe:Analysis.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [12/11/2008 06:07 PM 12552]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [10/23/2008 06:37 AM 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [12/11/2008 06:07 PM 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [12/11/2008 06:12 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4/24/2009 09:04 AM 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/8/2009 08:17 AM 298776]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [4/24/2009 09:04 AM 1368952]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\System32\drivers\CAMTHWDM.sys [6/19/2009 02:57 PM 941784]
R2 dvdmmg;dvdmmg;c:\windows\System32\drivers\dvdmmg.sys [9/6/2007 03:15 AM 5504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2/4/2009 04:20 PM 1153368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/24/2009 04:57 AM 92008]
R2 WebCamHelper;WebCamHelper;c:\progra~1\AVWEBC~2\WebCamHelper.sys [6/19/2009 05:35 PM 2688]
R2 WXRSS;TVTonic RSS;c:\program files\Wavexpress\TVTonic\WXRSS.exe [8/2/2008 11:53 AM 142336]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\System32\drivers\deltaII.sys [5/25/2009 02:37 PM 302728]
R3 vsc32;Virtual Sound Canvas 3.2;c:\windows\System32\drivers\vsc.sys [2/27/2008 05:41 PM 951284]
S2 AVWEBCAM;AV WebCam, WDM Video Capture;c:\windows\System32\drivers\avwebcam.sys [6/19/2009 04:06 PM 13696]
S2 gupdate1c98f36efb071e5;Google Update Service (gupdate1c98f36efb071e5);c:\program files\Google\Update\GoogleUpdate.exe [2/14/2009 11:30 PM 133104]
S3 camvid20;Philips ToUcam Camera; Video;c:\windows\System32\drivers\camdrv21.sys [1/2/2008 06:54 PM 253909]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [6/24/2009 05:12 PM 38160]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
S3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [11/4/2008 01:12 PM 4415488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder

2009-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 06:30]

2009-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 06:30]

2009-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1047655440-825837936-2561869621-1000Core.job
- c:\users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-07 19:12]

2009-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1047655440-825837936-2561869621-1000UA.job
- c:\users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-07 19:12]

2009-07-01 c:\windows\Tasks\User_Feed_Synchronization-{AB01CD49-63E2-4B8F-9933-1A51F6A39BA0}.job
- c:\windows\system32\msfeedssync.exe [2008-04-04 06:33]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-RegistryMechanic - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://slickdeals.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Settings,ProxyOverride = sas.r2.attbi.com;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm
IE: Search Image on TinEye - file://c:\users\Bob\Documents\TinEye 1.0\TinEye.js
IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm
Trusted Zone: allmusic.com\www
Trusted Zone: fidelity.com\login
Trusted Zone: fidelity.com\www
Trusted Zone: line6.net
Trusted Zone: myciti.com\*.da-us
Trusted Zone: sjlibrary.org\mill1
Trusted Zone: yifanmall.com\www
TCP: {4AA13313-DAC0-4DFF-93A1-619D06C30BC8} = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\fiil3cyz.default\
FF - prefs.js: browser.startup.homepage - hxxps://oltx.fidelity.com/ftgw/fbc/ofsummary/defaultPage | philsgang.com | http://www.freestockcharts.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\LoginKing.dll
FF - component: c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\fiil3cyz.default\extensions\{2cff8b6a-9a4c-4192-b925-c6ffa19340e4}\components\FFAlert.dll
FF - component: c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\fiil3cyz.default\extensions\[email protected]\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\Bob\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\Bob\AppData\Roaming\Mozilla\plugins\npAbacast.dll
FF - plugin: c:\users\Bob\AppData\Roaming\Mozilla\plugins\NPAbacheck.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-01 14:00
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.032"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ani"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.apd"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.arw"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.bay"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-1047655440-825837936-2561869621-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.bmp"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.bw"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.cr2"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.crw"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.cs1"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.cur"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.dcr"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.dcx"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (S-1-5-21-1047655440-825837936-2561869621-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.dib"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.djv"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.djvu"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.dng"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.emf"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.eps"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.erf"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.fff"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.fpx"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-1047655440-825837936-2561869621-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.gif"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.hdr"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.icl"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.icn"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ico"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.iff"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ilbm"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.int"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.inta"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.iw4"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.j2c"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.j2k"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jfif"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jif"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (S-1-5-21-1047655440-825837936-2561869621-1000)
@Denied: (2) (LocalSystem)
"Progid"="QuickTime.jp2"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpc"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-1047655440-825837936-2561869621-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpe"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-1047655440-825837936-2561869621-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpeg"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-1047655440-825837936-2561869621-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpg"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpk"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpx"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.lbm"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.mef"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.mos"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.mrw"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.orf"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pbm"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pcd"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (S-1-5-21-1047655440-825837936-2561869621-1000)
@Denied: (2) (LocalSystem)
"Progid"="QuickTime.pct"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pcx"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pef"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pgm"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (S-1-5-21-1047655440-825837936-2561869621-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pic"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (S-1-5-21-1047655440-825837936-2561869621-1000)
@Denied: (2) (LocalSystem)
"Progid"="QuickTime.pict"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pix"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-1047655440-825837936-2561869621-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.png"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ppm"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (S-1-5-21-1047655440-825837936-2561869621-1000)
@Denied: (2) (LocalSystem)
"Progid"="QuickTime.psd"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.psp"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pspbrush"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pspimage"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.raf"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ras"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.raw"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (S-1-5-21-1047655440-825837936-2561869621-1000)
@Denied: (2) (LocalSystem)
"Progid"="QuickTime.rgb"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.rgba"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.rle"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.rsb"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (S-1-5-21-1047655440-825837936-2561869621-1000)
@Denied: (2) (LocalSystem)
"Progid"="QuickTime.sgi"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.sr2"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.srf"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (S-1-5-21-1047655440-825837936-2561869621-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.tga"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.thm"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-1047655440-825837936-2561869621-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.tif"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-1047655440-825837936-2561869621-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.tiff"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ttc"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ttf"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v20po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.v20po"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v20pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.v20pp"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v20ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.v20ppf"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.wbm"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.wbmp"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.wmf"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.xbm"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.xif"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.xmp"

[HKEY_USERS\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.xpm"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-01 14:03
ComboFix-quarantined-files.txt 2009-07-01 21:02

Pre-Run: 120,284,372,992 bytes free
Post-Run: 123,935,629,312 bytes free

748 --- E O F --- 2009-06-10 13:14

#15
bob snelgrove

Posted 02 July 2009 - 12:46 AM

Member

Topic Starter
Member
31 posts

Logfile of random's system information tool 1.06 (written by random/random)
Run by Bob at 2009-07-01 23:41:12
Microsoft® Windows Vista™ Ultimate Service Pack 2
System drive C: has 118 GB (25%) free of 477 GB
Total RAM: 3582 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:25, on 7/1/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Roland\VSC32\Vsc32Cnf.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\DeltaIITray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Fraps\fraps.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TechSmith\Jing\Jing.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\FeedReader30\feedreader.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Bob\AppData\Roaming\Login King\autorun.exe
C:\Users\Bob\AppData\Roaming\Login King\loginking\bin\loginking.exe
C:\USERS\BOB\APPDATA\ROAMING\LOGIN KING\LOGINKING\BIN\LKINJ.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Users\Bob\Desktop\RSIT.exe
C:\Program Files\trend micro\Bob.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://slickdeals.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = sas.r2.attbi.com;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Craigslist Toolbar - {2cff8b6a-9a4c-4192-b925-c6ffa19340e4} - C:\Program Files\Craigslist\tbCra1.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.121.97.18 thepiratebay.org
O1 - Hosts: 91.121.97.18 www.thepiratebay.org
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eread7.0\IEeREAD.dll
O2 - BHO: Craigslist Toolbar - {2cff8b6a-9a4c-4192-b925-c6ffa19340e4} - C:\Program Files\Craigslist\tbCra1.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eread7.0\WebHook.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\Windows\system32\SoftAheadCert.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O3 - Toolbar: Craigslist Toolbar - {2cff8b6a-9a4c-4192-b925-c6ffa19340e4} - C:\Program Files\Craigslist\tbCra1.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [vsc32cnf.exe] C:\Program Files\Roland\VSC32\vsc32cnf.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DeltaIITaskbarApp] C:\Windows\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [feedreader.exe] "C:\Program Files\FeedReader30\feedreader.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Login King 2007.lnk = AppData\Roaming\Login King\LoginKing\bin\loginking.exe
O4 - Startup: Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: Search Image on TinEye - file://C:\Users\Bob\Documents\TinEye 1.0\TinEye.js
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.line6.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{4AA13313-DAC0-4DFF-93A1-619D06C30BC8}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98f36efb071e5) (gupdate1c98f36efb071e5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: SAMSUNG WiselinkPro Service (WiselinkPro) - Unknown owner - C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
O23 - Service: TVTonic RSS (WXRSS) - Wavexpress, Inc. - C:\Program Files\Wavexpress\TVTonic\WXRSS.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O24 - Desktop Component 1: +++ WELCOME TO KPOA 93.5 FM! +++ - http://www.kpoa.com/

--
End of file - 11420 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1047655440-825837936-2561869621-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1047655440-825837936-2561869621-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{AB01CD49-63E2-4B8F-9933-1A51F6A39BA0}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll [2009-04-17 68936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24F06550-65E3-4D1C-8CFE-839C296B5530}]
AddTask Class - C:\Program Files\eread7.0\IEeREAD.dll [2007-06-28 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2cff8b6a-9a4c-4192-b925-c6ffa19340e4}]
Craigslist Toolbar - C:\Program Files\Craigslist\tbCra1.dll [2009-03-19 1883672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-04-24 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A19C29D-ED45-4483-8999-9F939C8161F2}]
AddTask Class - C:\Program Files\eread7.0\WebHook.dll [2008-03-10 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2}]
SACert Class - C:\Windows\system32\SoftAheadCert.dll [2009-06-19 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-23 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-23 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll [2009-06-09 2097152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}]
C:\Program Files\PicLensIE\cooliris.dll [2008-11-21 3725272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2cff8b6a-9a4c-4192-b925-c6ffa19340e4} - Craigslist Toolbar - C:\Program Files\Craigslist\tbCra1.dll [2009-03-19 1883672]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll [2009-04-17 211272]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"vsc32cnf.exe"=C:\Program Files\Roland\VSC32\vsc32cnf.exe [2000-02-07 36864]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-16 13535776]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-10 1948440]
"DeltaIITaskbarApp"=C:\Windows\system32\DeltaIITray.exe [2008-03-03 236040]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1233920]
"Fraps"=C:\FRAPS\FRAPS.EXE [2006-06-18 2834432]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-02-01 21898024]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"Jing"=C:\Program Files\TechSmith\Jing\Jing.exe [2009-05-26 2893064]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-18 39408]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]
"feedreader.exe"=C:\Program Files\FeedReader30\feedreader.exe [2009-03-29 2058240]
"Google Update"=C:\Users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-07 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AbacastDistributedOnDemand:11]
C:\Users\Bob\AppData\Local\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe -r:11 -x:1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeltaIITaskbarApp]
C:\Windows\system32\DeltaIITray.exe [2008-03-03 236040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\feedreader.exe]
C:\Program Files\FeedReader30\feedreader.exe [2009-03-29 2058240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-07 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 1406024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
C:\Windows\System32\DeltaIITray.exe [2008-03-03 236040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\Windows\system32\NvCpl.dll [2008-05-16 13535776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe clear []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2008-05-16 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2008-05-16 526880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-06 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PxDotNetLoader]
C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe [2009-01-13 42336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2007-07-05 4669440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
C:\Users\Bob\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [2009-05-18 79872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2008-06-20 1271032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-18 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-04-24 251240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vscvol.exe]
C:\Program Files\Roland\VSC32\vscvol.exe [2000-02-09 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yapta Tracker]
C:\Program Files\Yapta\YaptaClient.exe /onstartup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
C:\PROGRA~1\Audible\Bin\AUDIBL~1.EXE [2008-12-09 1783128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]
C:\PROGRA~1\INFINI~1\eyeQ\ARLaunch.exe [2002-02-14 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor.lnk]
C:\PROGRA~1\PHILIP~1\Monitor.exe [2007-10-16 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TVTonic Control Panel.lnk]
C:\PROGRA~1\WAVEXP~1\TVTonic\TVTONI~1.EXE [2008-08-02 775168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Bob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2008-07-28 575488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Bob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2008-10-25 98696]

C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Login King 2007.lnk - C:\Users\Bob\AppData\Roaming\Login King\LoginKing\bin\loginking.exe
Microsoft Office Outlook.lnk - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-12-02 233888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-07-01 23:41:12 ----D---- C:\rsit
2009-07-01 23:41:12 ----D---- C:\Program Files\trend micro
2009-07-01 14:03:27 ----SHD---- C:\$RECYCLE.BIN
2009-07-01 14:03:26 ----A---- C:\ComboFix.txt
2009-07-01 13:35:52 ----A---- C:\Windows\zip.exe
2009-07-01 13:35:52 ----A---- C:\Windows\SWXCACLS.exe
2009-07-01 13:35:52 ----A---- C:\Windows\SWSC.exe
2009-07-01 13:35:52 ----A---- C:\Windows\SWREG.exe
2009-07-01 13:35:52 ----A---- C:\Windows\sed.exe
2009-07-01 13:35:52 ----A---- C:\Windows\PEV.exe
2009-07-01 13:35:52 ----A---- C:\Windows\NIRCMD.exe
2009-07-01 13:35:52 ----A---- C:\Windows\grep.exe
2009-07-01 13:35:50 ----SD---- C:\Combo-Fix
2009-07-01 13:32:05 ----D---- C:\Qoobox
2009-06-28 19:11:45 ----A---- C:\Windows\system32\tmp.txt
2009-06-28 19:11:43 ----A---- C:\rapport.txt
2009-06-27 13:59:13 ----SHD---- C:\RECYCLER
2009-06-26 19:27:56 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-06-26 19:27:40 ----D---- C:\Users\Bob\AppData\Roaming\SUPERAntiSpyware.com
2009-06-26 19:27:40 ----D---- C:\Program Files\SUPERAntiSpyware
2009-06-25 22:13:31 ----D---- C:\Program Files\FeedReader30
2009-06-24 17:12:17 ----D---- C:\Users\Bob\AppData\Roaming\Malwarebytes
2009-06-24 17:12:12 ----D---- C:\ProgramData\Malwarebytes
2009-06-24 17:12:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-24 17:10:06 ----D---- C:\Windows\ERDNT
2009-06-24 17:09:12 ----D---- C:\Program Files\ERUNT
2009-06-22 17:54:02 ----D---- C:\Program Files\SlySoft
2009-06-21 07:32:35 ----A---- C:\Windows\system32\javaws.exe
2009-06-21 07:32:35 ----A---- C:\Windows\system32\javaw.exe
2009-06-21 07:32:35 ----A---- C:\Windows\system32\java.exe
2009-06-20 06:50:34 ----A---- C:\Windows\Dext2001.ini
2009-06-20 06:50:26 ----D---- C:\Program Files\Philips Webcam
2009-06-19 17:36:20 ----A---- C:\Windows\system32\SoftAheadCert.dll
2009-06-19 17:35:07 ----D---- C:\Program Files\AV WebCam Morpher GOLD
2009-06-19 16:08:17 ----D---- C:\AV_LOGS
2009-06-19 16:06:12 ----D---- C:\Program Files\AV WebCam Morpher
2009-06-19 16:04:51 ----A---- C:\Windows\VDVD.INI
2009-06-19 16:04:51 ----A---- C:\Windows\Cover.INI
2009-06-19 16:04:51 ----A---- C:\Windows\avvcnvrt.INI
2009-06-19 16:04:50 ----A---- C:\Windows\VMorpher.INI
2009-06-19 15:58:57 ----A---- C:\Windows\AVFTP.INI
2009-06-19 15:54:28 ----D---- C:\Program Files\AV Video Morpher
2009-06-19 15:44:45 ----A---- C:\Windows\system32\video-morpher.exe
2009-06-19 15:00:48 ----D---- C:\ProgramData\WebcamMax
2009-06-19 15:00:39 ----D---- C:\Users\Bob\AppData\Roaming\Webcammax
2009-06-19 14:57:48 ----D---- C:\Program Files\WebcamMax
2009-06-19 09:12:51 ----D---- C:\Users\Bob\AppData\Roaming\Creative
2009-06-19 09:11:35 ----D---- C:\Program Files\Common Files\Reallusion
2009-06-19 09:09:46 ----D---- C:\Program Files\Creative Live! Cam
2009-06-19 09:09:05 ----D---- C:\Program Files\Dell
2009-06-19 09:08:56 ----D---- C:\Program Files\Creative
2009-06-10 06:05:01 ----A---- C:\Windows\system32\localspl.dll
2009-06-10 06:03:59 ----A---- C:\Windows\system32\rpcrt4.dll
2009-06-10 06:03:29 ----A---- C:\Windows\system32\mshtml.dll
2009-06-10 06:03:27 ----A---- C:\Windows\system32\urlmon.dll
2009-06-10 06:03:26 ----A---- C:\Windows\system32\wininet.dll
2009-06-10 06:03:25 ----A---- C:\Windows\system32\ieencode.dll
2009-06-09 09:02:50 ----D---- C:\Windows\userstartmenu
2009-06-09 09:02:50 ----D---- C:\Windows\userdesktop
2009-06-09 09:02:50 ----D---- C:\Windows\desktop
2009-06-09 09:02:50 ----D---- C:\Windows\commondesktop
2009-06-09 09:02:49 ----D---- C:\Program Files\IQcobra

======List of files/folders modified in the last 1 months======

2009-07-01 23:41:24 ----D---- C:\Windows\Prefetch
2009-07-01 23:41:16 ----D---- C:\Windows\Temp
2009-07-01 23:41:12 ----RD---- C:\Program Files
2009-07-01 23:32:29 ----D---- C:\Users\Bob\AppData\Roaming\Skype
2009-07-01 22:05:13 ----D---- C:\Windows\pss
2009-07-01 16:09:23 ----D---- C:\Users\Bob\AppData\Roaming\skypePM
2009-07-01 14:03:33 ----D---- C:\Windows\system32\en-US
2009-07-01 14:03:33 ----D---- C:\Windows\System32
2009-07-01 14:00:30 ----AD---- C:\Windows
2009-07-01 14:00:30 ----A---- C:\Windows\system.ini
2009-07-01 13:59:20 ----SD---- C:\Windows\Downloaded Program Files
2009-07-01 13:54:58 ----D---- C:\Windows\system32\drivers
2009-07-01 13:54:58 ----D---- C:\Windows\AppPatch
2009-07-01 13:54:58 ----D---- C:\Program Files\Common Files
2009-07-01 13:36:10 ----SHD---- C:\System Volume Information
2009-07-01 08:49:18 ----A---- C:\Windows\ntbtlog.txt
2009-07-01 07:50:06 ----D---- C:\Windows\Tasks
2009-07-01 07:50:06 ----D---- C:\Windows\system32\Tasks
2009-06-30 09:29:53 ----HD---- C:\$AVG8.VAULT$
2009-06-29 18:12:49 ----D---- C:\Windows\system32\catroot2
2009-06-29 08:11:43 ----D---- C:\Windows\inf
2009-06-29 08:11:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-06-29 05:47:22 ----SHD---- C:\Windows\Installer
2009-06-28 07:44:42 ----D---- C:\Program Files\Mozilla Firefox
2009-06-27 06:04:50 ----D---- C:\Users\Bob\AppData\Roaming\Feedreader
2009-06-27 05:25:59 ----D---- C:\Windows\Minidump
2009-06-26 19:27:56 ----HD---- C:\ProgramData
2009-06-26 19:27:08 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-06-26 19:22:29 ----D---- C:\Program Files\Google
2009-06-25 14:59:20 ----D---- C:\ProgramData\DVD Shrink
2009-06-24 13:38:42 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-06-24 13:00:05 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-06-24 12:50:55 ----D---- C:\Program Files\Common Files\Adobe
2009-06-24 12:50:50 ----D---- C:\ProgramData\Adobe
2009-06-24 05:30:46 ----D---- C:\ProgramData\avg8
2009-06-23 17:22:38 ----D---- C:\Users\Bob\AppData\Roaming\uTorrent
2009-06-21 08:32:50 ----D---- C:\Users\Bob\AppData\Roaming\Move Networks
2009-06-21 07:36:36 ----D---- C:\Program Files\Java
2009-06-20 06:50:32 ----D---- C:\Windows\system32\catroot
2009-06-20 06:50:28 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-20 06:50:27 ----D---- C:\Windows\twain_32
2009-06-15 07:48:56 ----D---- C:\ProgramData\X10 Settings
2009-06-10 14:52:11 ----D---- C:\Windows\Microsoft.NET
2009-06-10 14:52:07 ----RSD---- C:\Windows\assembly
2009-06-10 08:43:09 ----D---- C:\Windows\ehome
2009-06-10 06:14:10 ----D---- C:\Windows\winsxs
2009-06-10 06:13:17 ----D---- C:\ProgramData\Microsoft Help
2009-06-08 06:43:35 ----SD---- C:\Users\Bob\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 ATITool;ATITool Overclocking Utility; C:\Windows\system32\DRIVERS\ATITool.sys [2007-08-08 28968]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2009-04-24 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-06-10 327688]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-06-16 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-04-24 108552]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-04-10 351744]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 hmonitor;hmonitor; \??\C:\Windows\system32\drivers\hmonitor.sys [2007-06-21 7188]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-06-23 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-06-23 72944]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2007-08-06 33052]
R2 CAMTHWDM;WebcamMax, WDM Video Capture; C:\Windows\system32\DRIVERS\CAMTHWDM.sys [2008-03-11 941784]
R2 dvdmmg;dvdmmg; \??\C:\Windows\system32\drivers\dvdmmg.sys [2007-09-06 5504]
R2 RVIEG01;VSC Engine; \??\C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys [2001-04-13 187992]
R2 WebCamHelper;WebCamHelper; \??\C:\PROGRA~1\AVWEBC~2\WebCamHelper.sys [2006-03-02 2688]
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2008-12-01 103360]
R3 DELTAII;Service for M-Audio Delta Driver (WDM); C:\Windows\system32\DRIVERS\deltaII.sys [2008-03-03 302728]
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-18 131584]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-18 16384]
R3 ElbyDelay;ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [2007-02-15 11984]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-18 1841312]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-16 7465312]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-08-06 124928]
R3 vsc32;Virtual Sound Canvas 3.2; C:\Windows\system32\DRIVERS\vsc.sys [2001-04-16 951284]
S2 AVWEBCAM;AV WebCam, WDM Video Capture; C:\Windows\system32\DRIVERS\avwebcam.sys [2008-01-11 13696]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-29 3154944]
S3 Ca2001v;CA2001 WebCam Driver; C:\Windows\System32\Drivers\Ca2001v.sys []
S3 CA561;EZCam III; C:\Windows\System32\Drivers\SPCA561.SYS [2002-10-01 119798]
S3 camvid20;Philips ToUcam Camera; Video; C:\Windows\system32\DRIVERS\camdrv21.sys [2004-05-19 253909]
S3 catchme;catchme; \??\C:\Users\Bob\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2009-04-07 16608]
S3 grmnusb;grmnusb; C:\Windows\system32\drivers\grmnusb.sys [2007-03-08 8320]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-06-17 38160]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-01-08 47360]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2008-12-04 30088]
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.06\RivaTuner32.sys [2007-10-30 9088]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-06-23 7408]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 sscdserd;SAMSUNG Mobile Modem Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\sscdserd.sys [2007-07-03 86824]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-18 134016]
S3 WpdUsb;WpdUsb; C:\Windows\System32\Drivers\wpdusb.sys [2008-01-18 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 XUIF;X10 USB Wireless Transceiver; C:\Windows\System32\Drivers\x10ufx2.sys [2008-10-28 27160]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-03-19 607576]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-06-16 906520]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-04-24 298776]
R2 avgfws8;AVG8 Firewall; C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2009-06-10 1368952]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-16 118784]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-01-17 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2008-01-17 103736]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-04-24 92008]
R2 WXRSS;TVTonic RSS; C:\Program Files\Wavexpress\TVTonic\WXRSS.exe [2008-08-02 142336]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
S2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-09-29 610304]
S2 gupdate1c98f36efb071e5;Google Update Service (gupdate1c98f36efb071e5); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-14 133104]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-18 523776]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-04-13 655624]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-23 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-08-23 87288]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-04-10 918528]
S3 WiselinkPro;SAMSUNG WiselinkPro Service; C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2008-11-04 4415488]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-07-01 23:41:27

======Uninstall list======

@BIOS Ver.2.03-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}\Setup.exe" -l0x9 -removeonly
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}
4Front OSS/3D Plugin R7.3 30-Day Trial-->"C:\Program Files\4front-oss3d-7\unins000.exe"
Abacast Distributed On-Demand-->C:\Users\Bob\AppData\Local\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe -u -r:11
ACDSee Pro 2-->MsiExec.exe /I{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}
Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
ActiveHome Pro-->C:\Windows\UNWISE.EXE C:\PROGRA~1\ACTIVE~1\Install.log
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe CS4 American English Speech Analysis Models-->MsiExec.exe /I{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe Encore CS4-->MsiExec.exe /I{5EAD5443-7194-46CC-A055-428E6ABB1BAF}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Media Encoder CS4 Additional Exporter-->MsiExec.exe /I{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}
Adobe Media Encoder CS4 Dolby-->MsiExec.exe /I{EE353798-E875-42E0-B58D-7E6696182EA8}
Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe OnLocation CS4-->MsiExec.exe /I{7406DF60-016D-476B-A2C7-55D997592047}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Premiere Pro CS4 Functional Content-->MsiExec.exe /I{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}
Adobe Premiere Pro CS4-->C:\Program Files\Common Files\Adobe\Installers\26b63376f4efc354dae41af6b5e3343\Setup.exe --uninstall=1
Adobe Premiere Pro CS4-->MsiExec.exe /I{D499F8DE-3F31-4900-9157-61061613704B}
Adobe Premiere Pro CS4-->MsiExec.exe /I{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Setup-->MsiExec.exe /I{566BB41D-F006-4956-A5D3-94D8DFFA7F51}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
AIMP2-->C:\Program Files\AIMP2\Uninstall.exe
Amazon MP3 Downloader 1.0.3-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
AmpliTube2-->C:\Program Files\InstallShield Installation Information\{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Aphro-V1 DX Plug-in-->C:\Windows\IsUninst.exe -f"c:\program files\cakewalk\vstplugins\Uninst.isu"
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASCOM Platform 4.1-->C:\PROGRA~1\COMMON~1\ASCOM\TELESC~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\ASCOM\TELESC~1\INSTALL.LOG
ATITool Overclocking Utility-->"C:\Program Files\ATITool\Uninstall.exe"
Audible Download Manager-->C:\Program Files\Audible\Bin\AudibleDM_iTunesSetup[1].exe /Uninstall
Auto Account Creator-->MsiExec.exe /I{E2048ED6-FF84-4132-A038-4E6DA45BA92C}
AV Video Morpher-->C:\Program Files\AV Video Morpher\uninstall.exe
AV WebCam Morpher 2.0-->C:\PROGRA~1\AVWEBC~1\UNWISE.EXE C:\PROGRA~1\AVWEBC~1\INSTALL.LOG
AV WebCam Morpher GOLD 1.0-->C:\PROGRA~1\AVWEBC~2\UNWISE.EXE C:\PROGRA~1\AVWEBC~2\INSTALL.LOG
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
AVS Disc Creator version 2.1-->"C:\Program Files\AVSMedia\DiscCreator\unins000.exe"
AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManger\unins000.exe"
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS Video Tools 5.1-->"C:\Program Files\AVSMedia\VideoTools\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Band-in-a-Box 2008.5 Build 259 Update-->"c:\bb\uninstall\unins012.exe"
Band-in-a-Box Pro v8.0-->C:\Windows\UNWISE.EXE C:\audio\BAND-I~1\INSTALL.LOG
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CalMAN v3 Home Theater Calibration Software -->MsiExec.exe /I{24DCC96F-29F4-4303-A4D8-83215974CC75}
CamStudio-->C:\Program Files\CamStudio\uninstall.exe
Capture NX 2-->C:\Program Files\Nikon\Capture NX 2\uninstall.exe
Capture NX-->C:\Program Files\Nikon\Capture NX\uninstall.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Celemony Melodyne Plugin VST RTAS v1.0-->"C:\Program Files\Celemony\Melodyne plugin\Uninstall\unins000.exe"
ClearView-->MsiExec.exe /I{4E1048FF-0746-4ECD-9482-C30660334F91}
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
CobraIQ version 7.0-->"C:\Program Files\IQcobra\unins000.exe"
Cooliris for Internet Explorer-->MsiExec.exe /I{B46BC183-3713-3814-9067-D1C6BC952F7B}
CraigsAgent 1.0-->MsiExec.exe /I{76F78B54-9BC9-4E3A-A091-2FCF255F0517}
Craigslist Toolbar-->C:\PROGRA~1\CRAIGS~2\UNWISE.EXE C:\PROGRA~1\CRAIGS~2\INSTALL.LOG
CraigsPalFree version 3.08-->"C:\Program Files\CraigsPalFree\unins000.exe"
Dell Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
Dell Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
Delta-->C:\Program Files\InstallShield Installation Information\{A4810699-E859-43A6-8F40-1743873E72AB}\setup.exe -runfromtemp -l0x0009 -removeonly
DFX for Windows Media Player-->C:\Program Files\DFX\uninstall_WMP.exe
Dimension Pro-->"C:\Program Files\Cakewalk\Dimension Pro\unins000.exe"
Driver Sweeper 1.0-->"C:\Program Files\Driver Sweeper\unins000.exe"
Duplicate Finder-->"C:\Program Files\Duplicate Finder\unins000.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.6.0-->"C:\Program Files\DVDFab 5\unins000.exe"
DVDPean Pro 5.5.2-->"C:\Program Files\DVDPean Pro 5.5.2\unins000.exe"
Enemy Territory - QUAKE Wars™ 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{BCA71D05-6BC9-4735-BA3F-7218EBE6A023}\setup.exe -runfromtemp -l0x0409
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
eyeQ-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B33CD700-6738-11D4-87FE-0080C6F974A2}\setup.exe" -l0x9 -uninst
FeedReader-->"C:\Program Files\FeedReader30\unins000.exe"
Fidelity Active Trader Pro®-->MsiExec.exe /X{8C7D438A-D625-471F-A083-699845163E38}
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Freez FLV to AVI/MPEG/WMV Converter-->"C:\Program Files\Smallvideosoft\Freez FLV to AVI MPEG WMV Converter\unins000.exe"
Freez Screen Video Capture v1.2-->"C:\Program Files\Smallvideosoft\Freez Screen Video Capture\unins000.exe"
Garmin City Navigator North America 2008-->MsiExec.exe /X{AA1542E6-D54D-4AB3-97E1-28DB4CEB4B90}
Garmin City Navigator North America v8-->MsiExec.exe /X{A75949C3-DC28-42CA-9C56-24C002B93D89}
Garmin TOPO U.S. 2008-->MsiExec.exe /X{47BA74C5-1890-4ED2-954A-AD11186D8E26}
Garmin WebUpdater-->MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Google Earth Plugin-->MsiExec.exe /I{B535B621-5559-11DE-A7A1-005056806466}
Google Gears-->MsiExec.exe /I{F9FBBFFE-5CFD-3271-B127-C2326D796F94}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hardware sensors monitor 4.3-->"C:\Program Files\Hmonitor\unins000.exe"
HCFR Colorimeter Version 2.0.1-->"C:\Program Files\ColorHCFR\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
IncredibleCharts Pro-->"C:\Program Files\IncredibleCharts\unins000.exe"
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Jing-->MsiExec.exe /I{26471DA3-CCAD-40C4-8B30-64A91A6F7A73}
K-Lite Codec Pack 4.5.9 (Full) BETA-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kurlewin Demo-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Kurlewin\ST6UNST.LOG"
Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0-->C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Magic ISO Maker v5.4 (build 0251)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.6.93-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
MagicDisc 2.7.105-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapSource - North American City Navigator v5-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3E23984C-4848-4C46-9075-B01BAC73B9CA}
MapSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}\Setup.exe" -l0x9 AddRemove
Master Flatpick Guitar Volume 1-->"c:\Program Files\flatpick_guitar_solos\unins000.exe"
Master Jazz Guitar Solos SuperPAK-->"C:\Program Files\Jazz_Guitar_Solos_Vol_1-4\unins000.exe"
Melodyne 3.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}\setup.exe" -l0x9 -removeonly
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Flight Simulator 2004 A Century of Flight-->"C:\Program Files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove
Microsoft Flight Simulator X-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
Mozilla Firefox (2.0.0.6)-->F:\PortableFirefox\App\firefox\uninstall\helper.exe
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.18)-->E:\PortableThunderbird\App\thunderbird\uninstall\helper.exe
MSN Money Investment Toolbox-->"C:\Program Files\MSN Money Investment Toolbox\MNYCoreFiles\Setup\uninst.exe" /s:5
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MusicLab RealGuitar 2.0-->"C:\Program Files\MusicLab\RealGuitar2\Uninstall.exe" "C:\Program Files\MusicLab\RealGuitar2\install.log"
MX-700 Editor-->MsiExec.exe /I{1DCE6389-E294-11D5-80D0-00104BF87660}
MX-850 Editor-->MsiExec.exe /I{8C9DCE36-A270-4740-8084-A27B48C2F83E}
MX-950 Editor-->MsiExec.exe /X{B762B2A5-883B-454B-A586-1DF6C4528262}
Native Instruments - Rig Kontrol 3 Driver-->C:\Program Files\Native Instruments\Rig Kontrol 3 Driver\uninst.exe Software\Native Instruments\Rig Kontrol 3 Driver\Setup
Native Instruments Guitar Rig 2-->C:\PROGRA~1\NATIVE~1\GUITAR~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\GUITAR~1\INSTALL.LOG
Native Instruments Guitar Rig 3-->C:\PROGRA~1\NATIVE~1\GUITAR~2\UNWISE.EXE C:\PROGRA~1\NATIVE~1\GUITAR~2\INSTALL.LOG
Native Instruments Service Center-->C:\PROGRA~1\NATIVE~1\SERVIC~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\SERVIC~1\INSTALL.LOG
Nero 7 Ultra Edition-->MsiExec.exe /X{847CAE64-4CD2-4B2D-AF00-978FF5431033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NexTrend Analysis-->MsiExec.exe /X{EE38FE26-5C30-44E0-B25E-62CB521A9015}
Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
Noiseware Professional Edition-->MsiExec.exe /I{554EB98C-D995-471F-8874-D2BA7BF5EB3E}
NomadFactory Blue Tubes Analog TrackBox VST RTAS v1.1-->"C:\Program Files\Nomad Factory\Uninstall\unins000.exe"
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
NX-RM820 Editor-->MsiExec.exe /I{44E314FB-6B9B-47A6-9AA5-AEB33DA5CBB0}
Onix R-DES 1.2-->C:\Program Files\Onix\R-DES\uninst.exe
Opanda IExif 2.3-->"C:\Program Files\Opanda\IExif 2.3\unins000.exe"
Opanda PowerExif 1.2 Professional Trial-->"C:\Program Files\Opanda\PowerExif 1.2\unins000.exe"
OverDrive Media Console-->MsiExec.exe /I{59FD743D-A699-449E-8197-BD2899DAD69A}
PG Music DirectX Plugins 1.3.4.1-->"C:\Program Files\PowerTracks DirectX Plugins\unins000.exe"
Philips Webcam-->"C:\Program Files\InstallShield Installation Information\{4FCCB6D1-F4A7-4086-B3E3-130EE5A37333}\setup.exe" -runfromtemp -l0x0409 -removeonly
Philips Webcam-->MsiExec.exe /X{4FCCB6D1-F4A7-4086-B3E3-130EE5A37333}
PhilsX-->C:\PhilsX System\setup.exe -uninstall
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
PicLens for Internet Explorer-->MsiExec.exe /X{F0577781-C58C-426F-8FFC-2D5C7F41F08D}
Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}
Pioneer Advanced MCACC-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC26614A-6C0F-4071-86A7-E635ECD0224A}\Setup.exe" UNINSTALL
Portrait Professional 8.1 Trial-->"C:\Program Files\Portrait Professional 8 Trial\unins000.exe"
Power Screen Capture 7.0.1.3-->"C:\Program Files\Power Screen Capture\unins000.exe"
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
PrimoPDF-->"C:\Windows\PrimoPDF4\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstallPrimoPDF4.xml"
PSP 84 v1.0-->C:\PROGRA~1\PSP84~1\UNWISE.EXE C:\PROGRA~1\PSP84~1\INSTALL.LOG
QT Lite 2.7.0-->"C:\Program Files\QT Lite\unins000.exe"
Radioshack USB-to-Serial Cable Driver Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9ED71778-0E56-4760-9FC6-2C29D75100C5}\Setup.exe" -l0x9 Installed
RealGuitar 2.1 Demo-->"C:\Program Files\MusicLab\RealGuitarDemo\Uninstall.exe" "C:\Program Files\MusicLab\RealGuitarDemo\install.log" -u
RealStrat 1.0-->"C:\Program Files\MusicLab\RealStrat\Uninstall.exe" "C:\Program Files\MusicLab\RealStrat\install.log" -u
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Registry Mechanic 7.0-->"C:\Program Files\Registry Mechanic\unins000.exe"
RivaTuner v2.06-->"C:\Program Files\RivaTuner v2.06\uninstall.exe"
RoomEQWizard-->"C:\Program Files\RoomEQWizard\Uninstall.exe" "C:\Program Files\RoomEQWizard"
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{E9ED0801-253D-4FE9-AB20-F63DEFE72547}
SAMSUNG PC Share Manager-->"C:\Program Files\InstallShield Installation Information\{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}\setup.exe" -runfromtemp -l0x0409 -removeonly
SAMSUNG PC Share Manager-->MsiExec.exe /I{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Shipping Assistant 3.5-->MsiExec.exe /X{15C77FC3-8137-4A5E-8F81-F559045DD6B0}
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Snagit 9.1.2-->MsiExec.exe /I{B440D659-FECA-4BDD-A12B-5C9F05790FF3}
SOL Trader Demo 3.3-->"C:\Program Files\SOL\Trader Demo\unins000.exe"
SONAR 6.2 Producer Edition-->"C:\Program Files\Cakewalk\SONAR 6 Producer Edition\unins000.exe"
SONAR 7 Producer Edition-->"C:\Program Files\Cakewalk\SONAR 7 Producer Edition\unins000.exe"
SONAR 8.0 Producer Edition-->"C:\Program Files\Cakewalk\SONAR 8 Producer Edition\unins000.exe"
Sonic Foundry XFX vol2 v1.0b-->C:\audio\XFX2\UNWISE.EXE C:\audio\XFX2\INSTALL.LOG
Sonic Foundry XFX vol3 v1.0b-->C:\audio\XFX3\UNWISE.EXE C:\audio\XFX3\INSTALL.LOG
Sonic Foundry XFX1 v1.0b-->C:\audio\XFX1\UNWISE.EXE C:\audio\XFX1\INSTALL.LOG
Sony Noise Reduction Plug-In 2.0e-->MsiExec.exe /X{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}
Sony Sound Forge 9.0-->MsiExec.exe /X{6842DCCB-2840-4E46-8AF3-BEA9CFF3455B}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SSChart-->MsiExec.exe /X{56F1869E-0ED0-4E83-8B8C-9B0D45FC7248}
Starry Night Pro Plus 6-->"C:\Program Files\Starry Night Pro Plus 6\Uninstall Starry Night Pro Plus 6\Uninstall Starry Night Pro Plus 6.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SWF Opener-->"C:\Program Files\UnH Solutions\SWF Opener\uninstall.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TerraExplorer-->C:\Program Files\Skyline\TerraExplorer\Setup.exe [OP]/U
thinkorswim-->C:\Program Files\thinkorswim\uninstall.exe
TinEye Internet Explorer plugin 1.0-->MsiExec.exe /I{9B8ACEA2-BA21-4A91-A950-144FED3ED133}
TomTom HOME 2.6.3.1609-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
Tradient Pro 6.8-->"C:\Program Files\Tradient Pro\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe
ViewSonic Monitor Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48963B63-7A10-49D6-8B08-61E6132453D0}\Setup.exe" -l0x9
ViewSonic Windows Vista Signed Files-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}\Setup.exe" -l0x9
Virtual Earth 3D (Beta)-->MsiExec.exe /I{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}
Virtual Sound Canvas 3.2-->C:\Windows\IsUninst.exe -f"C:\Program Files\Roland\VSC32\DeIsL2.isu" -c"C:\Program Files\Roland\VSC32\uninst.dll"
Virtual Sound Canvas DXi-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{745877DC-8FFE-4E4C-ABBC-589B887A47D1}\setup.exe" UNINSTALL_XXX
Vista Codec Package-->MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
Voxengo Warmifier VST 1.5-->"C:\Program Files\Cakewalk\Vstplugins\Voxengo Warmifier VST\uninstall.exe"
WebcamMax-->"C:\Program Files\WebcamMax\uninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Sound Schemes-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
X-Plane 8.0-->C:\Windows\iun6002.exe "C:\Program Files\X-Plane\irunin.ini"
xTrend-->MsiExec.exe /I{3C80D7A8-2223-4866-913B-C126E60F4E3E}

======Hosts File======

91.121.97.18 thepiratebay.org
91.121.97.18 www.thepiratebay.org

======Security center information======

AV: AVG Internet Security 3-pack
FW: AVG Firewall (disabled)
AS: AVG Internet Security 3-pack (disabled)
AS: Spybot - Search and Destroy
AS: AVG Anti-Spyware (outdated)
AS: Windows Defender
AS: SUPERAntiSpyware (disabled)

======System event log======

Computer Name: Bob-PC
Event Code: 7001
Message: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.
Record Number: 183788
Source Name: Service Control Manager
Time Written: 20090204230402.000000-000
Event Type: Error
User:

Computer Name: Bob-PC
Event Code: 7001
Message: The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error:
A device attached to the system is not functioning.
Record Number: 183787
Source Name: Service Control Manager
Time Written: 20090204230402.000000-000
Event Type: Error
User:

Computer Name: Bob-PC
Event Code: 7001
Message: The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error:
A device attached to the system is not functioning.
Record Number: 183784
Source Name: Service Control Manager
Time Written: 20090204230402.000000-000
Event Type: Error
User:

Computer Name: Bob-PC
Event Code: 7001
Message: The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:
A device attached to the system is not functioning.
Record Number: 183783
Source Name: Service Control Manager
Time Written: 20090204230402.000000-000
Event Type: Error
User:

Computer Name: Bob-PC
Event Code: 7001
Message: The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error:
A device attached to the system is not functioning.
Record Number: 183782
Source Name: Service Control Manager
Time Written: 20090204230402.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Bob-PC
Event Code: 35
Message: Failed to determine if the store is in the crawl scope (error=0x8001010d).
Record Number: 15385
Source Name: Outlook
Time Written: 20080330040418.000000-000
Event Type: Error
User:

Computer Name: Bob-PC
Event Code: 35
Message: Failed to determine if the store is in the crawl scope (error=0x8001010d).
Record Number: 15384
Source Name: Outlook
Time Written: 20080330040417.000000-000
Event Type: Error
User:

Computer Name: Bob-PC
Event Code: 34
Message: Failed to get the Crawl Scope Manager with error=0x8001010d.
Record Number: 15383
Source Name: Outlook
Time Written: 20080330040417.000000-000
Event Type: Error
User:

Computer Name: Bob-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-1047655440-825837936-2561869621-1000_Classes:
Process 1048 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1047655440-825837936-2561869621-1000_CLASSES
Process 1816 (\Device\HarddiskVolume1\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-1047655440-825837936-2561869621-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache

Record Number: 15365
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080329205215.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Bob-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
3 user registry handles leaked from \Registry\User\S-1-5-21-1047655440-825837936-2561869621-1000:
Process 1048 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1047655440-825837936-2561869621-1000
Process 1320 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1047655440-825837936-2561869621-1000\Software\Policies
Process 1320 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1047655440-825837936-2561869621-1000\Software

Record Number: 15364
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080329205214.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: Bob-PC
Event Code: 5024
Message: The Windows Firewall Service has started successfully.
Record Number: 77418
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081212143952.190767-000
Event Type: Audit Success
User:

Computer Name: Bob-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x34e9a
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 77417
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081212143952.167767-000
Event Type: Audit Success
User:

Computer Name: Bob-PC
Event Code: 5033
Message: The Windows Firewall Driver has started successfully.
Record Number: 77416
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081212143951.704767-000
Event Type: Audit Success
User:

Computer Name: Bob-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 77415
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081212143951.053767-000
Event Type: Audit Success
User:

Computer Name: Bob-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: BOB-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x30c
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 77414
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081212143951.053767-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"NewEnvironmentVariable1"=C:\Program Files\Universal Remote Control, Inc\MX-700 Editor\

-----------------EOF-----------------