Norton Internet Security, Various Trojans and Backdoors [RESOLVED]

Sorry for the delay.

Hey mr__roarke,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your computer problem.

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Thanks for helping.

Here is the RSIT log. Only one came up.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Home Computer at 2008-11-06 18:20:21
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 191 GB (81%) free of 235 GB
Total RAM: 1022 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:41 PM, on 11/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navstub.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Home Computer\Desktop\RSIT.exe
C:\Documents and Settings\Home Computer\Desktop\Home Computer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071207
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] "C:\WINDOWS\KHALMNPR.EXE"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [AllSeeingEye] "C:\Program Files\Fortego Security\All-Seeing Eye\ase.exe" -auto
O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberr...re/AxLoader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 11749 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Home Computer.job
C:\WINDOWS\tasks\wrSpySweeper_L7747FFD549244D3A9E328E76911804ED.job
C:\WINDOWS\tasks\wrSpySweeper_LA6F6A8870C1C4590B515357C40FA7566.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-01-11 96936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [2007-01-11 607888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-09-25 90112]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-16 16132608]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2007-07-16 69632]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"FaxCenterServer"=C:\Program Files\Dell PC Fax\fm3032.exe [2007-06-29 312560]
"dlcqmon.exe"=C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe [2007-06-29 292080]
"MemoryCardManager"=C:\Program Files\Dell Photo AIO Printer 966\memcard.exe [2007-06-29 304368]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-10-09 16384]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-10-12 6272888]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-09 115816]
"osCheck"=C:\Program Files\Norton Internet Security\osCheck.exe [2007-01-13 771704]
"DLCQCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"AllSeeingEye"=C:\Program Files\Fortego Security\All-Seeing Eye\ase.exe -auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-10-09 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [2006-08-17 1116920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-03-26 228088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Home Computer^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
C:\Documents and Settings\Home Computer\Local Settings\Temp\{C9485106-2CD8-445A-9ED7-FBA414231614}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe /remind /language=ENU /PRNM=RollerCoaster Tycoon 3/PRMP=RCT3/SKUN=PCXX/GTYP=STRY []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Photo Loader supervisory.lnk - C:\Program Files\CASIO\Photo Loader\Plauto.exe

C:\Documents and Settings\Home Computer\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NofolderOptions"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\WINDOWS\system32\dlcqcoms.exe"="C:\WINDOWS\system32\dlcqcoms.exe:*:Enabled:Dell Communications System"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bfb1073-a923-11dc-99d7-806d6172696f}]
shell\AutoRun\command - D:\CDSTART.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9188eda1-af65-11dc-99e8-001d097cba8b}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9188eda2-af65-11dc-99e8-001d097cba8b}]
shell\AutoRun\command - F:\AllwaySync'n'Go.exe -autorun


======File associations======

.exe - open - "%1" %*"
.bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1"
.ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1"

======List of files/folders created in the last 1 months======

2008-11-06 18:04:24 ----D---- C:\Program Files\Norton Internet Security
2008-11-06 18:02:58 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-11-06 18:01:35 ----D---- C:\Program Files\Symantec
2008-11-06 18:01:32 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-31 23:15:46 ----D---- C:\rsit
2008-10-31 22:59:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-31 12:05:36 ----D---- C:\WINDOWS\Prefetch
2008-10-31 12:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-31 12:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-31 12:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-31 12:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-31 12:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-31 12:01:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-31 12:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-31 12:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-31 12:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-31 12:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-31 12:00:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-31 11:59:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-31 11:59:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-31 11:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-31 11:59:14 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-31 11:59:00 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-31 11:54:25 ----D---- C:\WINDOWS\system32\scripting
2008-10-31 11:54:23 ----D---- C:\WINDOWS\l2schemas
2008-10-31 11:54:22 ----D---- C:\WINDOWS\system32\en
2008-10-31 11:54:21 ----D---- C:\WINDOWS\system32\bits
2008-10-31 11:49:18 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-31 11:45:27 ----D---- C:\WINDOWS\network diagnostic
2008-10-31 11:39:52 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-31 11:32:03 ----D---- C:\WINDOWS\EHome
2008-10-30 18:22:59 ----D---- C:\WINDOWS\ERDNT
2008-10-30 18:22:21 ----D---- C:\Program Files\ERUNT
2008-10-30 11:37:22 ----D---- C:\WINDOWS\system32\ime
2008-10-23 22:05:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-15 22:31:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-15 22:31:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 22:31:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-15 22:30:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-15 22:30:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-13 20:11:21 ----D---- C:\Program Files\Avira
2008-10-13 20:11:21 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-13 19:28:33 ----D---- C:\Documents and Settings\Home Computer\Application Data\Malwarebytes
2008-10-13 19:28:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-13 19:28:29 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-13 19:27:46 ----D---- C:\Program Files\Common Files\Download Manager
2008-10-13 19:13:57 ----D---- C:\Documents and Settings\Home Computer\Application Data\Help

======List of files/folders modified in the last 1 months======

2008-11-06 18:20:23 ----D---- C:\WINDOWS\Temp
2008-11-06 18:14:06 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-06 18:13:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-06 18:13:24 ----D---- C:\Program Files\Dl_cats
2008-11-06 18:12:39 ----D---- C:\WINDOWS
2008-11-06 18:10:04 ----SHD---- C:\WINDOWS\Installer
2008-11-06 18:10:04 ----SHD---- C:\Config.Msi
2008-11-06 18:08:30 ----D---- C:\WINDOWS\system32\drivers
2008-11-06 18:07:06 ----RD---- C:\Program Files
2008-11-06 18:03:44 ----D---- C:\Program Files\Common Files
2008-11-06 18:03:39 ----D---- C:\WINDOWS\system32
2008-11-06 18:00:19 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-06 17:58:55 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2008-11-06 17:58:49 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2008-11-06 17:58:17 ----D---- C:\MDT
2008-11-06 06:29:28 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-05 21:37:44 ----D---- C:\Program Files\Mozilla Firefox
2008-11-02 12:55:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-01 16:33:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-01 16:04:30 ----HD---- C:\WINDOWS\inf
2008-10-31 22:59:10 ----SHD---- C:\WINDOWS\system32\dllcache
2008-10-31 22:48:02 ----SD---- C:\WINDOWS\Tasks
2008-10-31 22:35:54 ----SHD---- C:\System Volume Information
2008-10-31 22:35:54 ----D---- C:\WINDOWS\system32\Restore
2008-10-31 17:28:34 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-31 12:08:06 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-31 12:06:46 ----A---- C:\WINDOWS\setuplog.txt
2008-10-31 12:04:55 ----D---- C:\WINDOWS\system32\Setup
2008-10-31 12:04:55 ----D---- C:\WINDOWS\AppPatch
2008-10-31 12:04:54 ----D---- C:\WINDOWS\system32\wbem
2008-10-31 12:04:53 ----RSD---- C:\WINDOWS\Fonts
2008-10-31 12:03:28 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-31 12:02:57 ----A---- C:\WINDOWS\imsins.BAK
2008-10-31 11:59:16 ----D---- C:\Program Files\Messenger
2008-10-31 11:58:39 ----D---- C:\WINDOWS\security
2008-10-31 11:55:17 ----D---- C:\WINDOWS\WinSxS
2008-10-31 11:54:56 ----D---- C:\WINDOWS\ime
2008-10-31 11:54:55 ----D---- C:\WINDOWS\Help
2008-10-31 11:54:27 ----D---- C:\WINDOWS\system32\usmt
2008-10-31 11:54:27 ----D---- C:\WINDOWS\system32\en-US
2008-10-31 11:54:21 ----D---- C:\WINDOWS\PeerNet
2008-10-31 11:54:20 ----D---- C:\Program Files\Movie Maker
2008-10-31 11:49:08 ----D---- C:\WINDOWS\system32\npp
2008-10-31 11:49:04 ----D---- C:\WINDOWS\msagent
2008-10-31 11:49:01 ----D---- C:\WINDOWS\srchasst
2008-10-31 11:49:00 ----D---- C:\Program Files\NetMeeting
2008-10-31 11:48:56 ----D---- C:\WINDOWS\system32\Com
2008-10-31 11:48:52 ----D---- C:\Program Files\Windows Media Player
2008-10-31 11:48:50 ----D---- C:\Program Files\Windows NT
2008-10-31 11:48:50 ----D---- C:\Program Files\Outlook Express
2008-10-31 11:48:44 ----D---- C:\Program Files\Common Files\System
2008-10-31 11:48:23 ----D---- C:\WINDOWS\system32\oobe
2008-10-31 11:48:19 ----D---- C:\WINDOWS\system
2008-10-31 11:43:34 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-30 22:00:04 ----D---- C:\Documents and Settings\Home Computer\Application Data\Webroot
2008-10-30 11:38:37 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
2008-10-30 11:15:51 ----D---- C:\Documents and Settings\All Users\Application Data\Dell
2008-10-30 11:01:19 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2008-10-28 12:42:57 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-15 22:31:19 ----D---- C:\Program Files\Internet Explorer
2008-10-15 22:31:09 ----D---- C:\WINDOWS\ie7updates
2008-10-15 08:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-13 20:24:54 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-13 20:23:15 ----D---- C:\Program Files\Any Video Converter
2008-10-13 20:23:14 ----D---- C:\Documents and Settings\Home Computer\Application Data\Any Video Converter
2008-10-12 12:18:00 ----A---- C:\WINDOWS\WRSetup.dll
2008-10-07 11:19:42 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-08-11 12920]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2006-08-11 28184]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-01-11 25400]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-01-09 191544]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-08-18 35096]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-08-18 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-08-18 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-08-18 104472]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-08-18 26008]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-08-18 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-08-18 97848]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-08-18 94648]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-08-11 51768]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-10-07 2455040]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-07-19 254872]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-16 4403712]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070110.052\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070110.052\NAVEX15.SYS []
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-01-11 247608]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-11-07 22272]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-01-11 276792]
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-01-09 12984]
S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-01-09 145976]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-01-09 40120]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20070108.003\SymIDSCo.sys []
S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-01-09 35256]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-01-09 27576]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-10-07 483328]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-01-05 554616]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 dlcq_device;dlcq_device; C:\WINDOWS\system32\dlcqcoms.exe [2006-12-12 537480]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2007-01-04 47712]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2008-10-02 3667304]
R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe [2008-10-12 1066360]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
R3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-01-05 2918008]
R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-11-06 1174664]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-14 32768]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-01-12 49248]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ISPwdSvc;Symantec IS Password Validation; C:\Program Files\Norton Internet Security\isPwdSvc.exe [2007-01-13 80504]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-03-25 88824]
S3 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-03-25 359160]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-03-26 1010424]
S3 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-03-26 166648]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-03-26 310008]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

This is the info.txt file from the 1st when I ran this the first time.

info.txt logfile of random's system information tool 1.04 2008-11-01 00:16:02

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Any Password 1.44-->"C:\Program Files\Any Password\unins000.exe"
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Catalyst Control Center-->MsiExec.exe /I{87841AF8-C785-42FF-A76E-CC0F0C2816CC}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BlackBerry Desktop Software 4.2.2-->MsiExec.exe /I{75D6745B-2239-4182-A31F-F95CEBB35099}
BlackBerry Desktop Software 4.2.2-->MsiExec.exe /i{75D6745B-2239-4182-A31F-F95CEBB35099}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dell DataSafe Online-->MsiExec.exe /I{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell PC Fax-->C:\Program Files\Dell PC Fax\Install\x86\Uninst.exe /R:faxunst
Dell Photo AIO Printer 966-->C:\Program Files\Dell Photo AIO Printer 966\Install\x86\Uninst.exe
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
EssentialPIM-->C:\Program Files\EssentialPIM\uninstall.exe
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Documents and Settings\Home Computer\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HySS2006-->C:\WINDOWS\uninst.exe -f"C:\Program Files\HySS2006\DeIsL1.isu" -c"C:\Program Files\HySS2006\_ISREG32.DLL"
Intel® PRO Network Connections Drivers-->Prounstl.exe
Internet Service Offers Launcher-->MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{91120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Modem Diagnostic Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Norton AntiVirus-->MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component-->MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component-->MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center-->MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Photo Loader 3.0E-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70B45586-B51E-4947-A258-A895596C5CED}\Setup.exe" -uninst
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall
Print to Fax-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.exe" -l0x9 ControlPanel
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RollerCoaster Tycoon 3 Platinum-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\SETUP.EXE" -l0x9 -removeonly
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Media Manager-->MsiExec.exe /X{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}
Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782}
Spy Sweeper-->"C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Symantec Technical Support Web Controls-->MsiExec.exe /X{9743AF47-B746-4324-B4C4-512E67D04370}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957258)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {E070CDA4-A8DD-47FA-89A0-F5DA5D5DDFF9}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: Webroot Spy Sweeper (disabled) (outdated)
AV: Norton Internet Security
AV: Avira AntiVir PersonalEdition
FW: Norton Internet Security

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Please excuse my grammar and spelling. I'm rather tired and harried at the moment.

Please excuse my grammar and spelling. I'm rather tired and harried at the moment.

No Problem


I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Since you have Norton Internet Security, I would suggest you keep it, unless it is outdated. If you are keeping Norton, then please uninstall Avira AntiVir.




Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):


J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 3
Java™ 6 Update 5


Please note any other programs that you don't recognize in that list in your next response.


Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :processes
  explorer.exe
  
  :reg
  
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bfb1073-a923-11dc-99d7-806d6172696f}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9188eda1-af65-11dc-99e8-001d097cba8b}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9188eda2-af65-11dc-99e8-001d097cba8b}]
  
  :commands
  [purity]
  [emptytemp]
  [start explorer]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


After that, Reboot, and post a new HRSIT log here in a reply along with the OTMoveIt3 Log.

Ok,

I uninstalled Avira. I downloaded OTMOveit3. I went into Safe Mode and tried to remove the Java updates that were present. When I tried to get rid of them it told me that the Windows Installer something-or-another was unavailable and that the cause of the problem was that either the installer was corrupted or that I was in safe mode. Then it advised me to contact someone for help.

Ok, I was in safe mode, so "check". And now I'm contacting the professional. I'm loathe to try and do it out of Safe Mode as I'm sure it will try and do something or another (you wouldn't have recommended safe mode in the first place had it been a good thing to do).

So, now what?

-Nick

Go ahead and follow the OTMoveIt3 steps, then in Normal Mode,

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Hey,

Ok, I ran HiJackThis and removed the file that you specified. I then ran OTMoveIt and it found many file to be removed. It could not remove them and had to be run at startup. After that, I ran JavaRa and removed all of the previous updates and then installed JRE 6 build 10. Finally, I ran RSIT. The logs are attached below.

Thanks,

-Nick

OTMoveIt-
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bfb1073-a923-11dc-99d7-806d6172696f}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9188eda1-af65-11dc-99e8-001d097cba8b}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9188eda2-af65-11dc-99e8-001d097cba8b}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\HOMECO~1\LOCALS~1\Temp\Perflib_Perfdata_430.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HOMECO~1\LOCALS~1\Temp\Perflib_Perfdata_b4.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HOMECO~1\LOCALS~1\Temp\~DF9B0F.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HOMECO~1\LOCALS~1\Temp\~DF9B67.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS028FC485-D61E-44A9-A340-5F9AD1F752E5.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS02FCF12E-7C76-4246-848A-3BCB0A7FA648.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS03DE9D15-5A0F-4505-8850-A5838DB8E7D0.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS0BEF1822-2FC5-4500-9080-C6AB913C914A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS0CC4C113-7CFD-44F1-81CD-5740BE5A4593.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS0DC170D1-BF84-4D5F-BC48-D2765AD5B757.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS0FA27A59-7967-47C7-B9DF-A58020D05B10.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS11CF7BD1-B47D-4F7B-9080-0AA1BCDF77ED.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS13681308-6078-4129-8468-825721712AA0.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS14154BFE-1202-49C8-9439-7E57AFAD4AA5.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS1797AF52-058A-48D2-AFD2-1BC1CC62EF6E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS1921598F-4DA0-4743-A95F-9CC1D6AFF874.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS1A48BEA4-A5B9-48A1-9457-5EF4535B1B34.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS1AA4202A-0BC7-4BB4-A60A-1A275BF5E7F6.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS21A6874A-558A-4F3F-B87D-7708437F23E7.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS232C1E80-C7C4-4AD7-8269-54D866F07E64.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS23560119-7CB7-47A0-A446-5F2667A9DB0C.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS23AF3CEF-F727-43EA-86CE-0C498BA1265E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS27FCE5AC-6497-4F0F-B827-4DBC7E652B33.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS29AD6221-82D2-4931-91FA-76C7954C53C6.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS29F45CAA-DDCE-475A-9E9D-9550E79443F7.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS2AE641A1-EB93-4369-81B9-D27F8E7A73B1.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS2B2872D2-6293-45A4-9286-5C9DFCAD0ED5.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS2C48534F-CA4F-4192-BC6D-F27EB7FC3064.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS2F675561-B7AE-4AB2-9478-43E12F93B1A1.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS337F8A85-A9DE-44D3-ADD0-0D102E52C697.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS353E3172-F6A0-4C04-B336-B4DD1F52132E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS35D62FC9-C88A-40A4-8A8B-867F988DE7AF.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS38741CAA-8298-4478-9B2C-A76B05AE7B17.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS390D27DA-F03B-4B7E-A2AF-98C93C6C5CF6.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS3A18EE4F-98B0-40B5-B25E-325FFC26730A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS3D5FF8C8-3947-4C85-8676-C6384ABAC693.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS3F2D72FD-2A10-403D-9DB3-448AA8811BCA.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS44528331-A862-458C-82D8-4525A1187802.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS455BF752-32AF-41D5-94F4-49087E09A7CE.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS484FA549-863F-41BF-A520-A62C85845A33.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS48D84420-55F7-469F-BE89-57412416568F.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS4AD1D91D-5DEF-4292-A7E8-3DCD9950361E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS4FFBC434-94A4-485A-88F9-D99EDE451589.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS54AA927B-8460-4E84-888B-DC38E5D958DC.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS57434C2C-37D8-426A-9859-401B547A6774.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS5A01D6F2-407A-4934-9225-E80458E786FF.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS5A9B8CC4-73F3-4C3C-A4D2-DA79BB413325.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS5AA49785-57C1-4403-8B7B-688DA1B07DBD.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS5F8FF64E-1E3A-47B1-A54C-AA4252C20814.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS630556E4-03CA-4A07-ABCA-06DF3424E481.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS655D7DDD-651E-4C96-9A64-8CC800D397D2.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS67176596-50EC-45F1-8CD9-4A45BD50F530.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS692CB3BA-9EE3-4F54-BF7E-04B8ABE797EB.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS69F26B13-18E7-41CD-9F6E-DEF4E49E6DCC.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS6C25069E-1DD3-4AEA-A417-452B138D762F.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS6C7A83E7-30F0-4A05-8AF7-8B00930A2F3E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS6D549239-1418-4C01-859A-25B26B0D7286.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS7744E06B-D3F7-4233-90E1-C3A1291EB4E3.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS7B522403-09AA-48B8-9980-CEF593655CBF.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS7DAD949C-ECAB-495F-91A0-5891DE158077.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS7F0F6DD4-D506-486D-837D-550504255EAA.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS8067AEDF-4C84-41A9-9971-7F459CDA114F.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS80FBF9A5-196B-4617-B7A2-3F68281DC20F.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS8419D231-0BA9-469C-81BA-633BB559E57F.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS8469FB1D-1530-417A-9E88-7906CF792F46.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS85B606D0-7B2B-47BB-8F50-9CC8965EA9D3.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS8922F7F0-690C-45EC-8953-2AAFD02C593B.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS8A2931EA-1028-4EAB-985D-C66749CB6CE1.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS8C7F8705-00FE-4398-8A5F-C3E6F114081C.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS8FF1EC85-4E23-404D-9F18-3EC207979E2D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS936095A0-9E3F-4C49-B84A-706BC2D3B1CB.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS9AABF238-00D0-48CE-AB76-71366D5D47EF.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS9B1D070A-20A6-4B41-A94B-00109C325182.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS9E157ED3-13A9-43F0-8344-487DB71ACA03.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSA0773B58-560C-4590-94F2-95338E9CB7B7.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSA0ADA013-11B1-424A-A9D8-78293BCD09D3.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSA2E847D2-29C9-477F-B38F-5C336C3B9E08.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSA6EFB9BB-DA3B-4D77-B0FC-36458FA34872.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSAF9B21AF-08BB-4DAB-AA93-3630A8262057.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSB57975D3-474F-4CA8-9FDE-8E9A84157A0D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSB5B90266-F004-4103-8424-19D8978958BF.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSBC5B7F30-E6E4-4903-805E-B1236D2CD245.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSBCC00841-60EC-49D2-830F-71173B9F8CE6.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSBE7EC0B8-F268-4A39-9794-D10C33E15EF9.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSBF212037-FD76-4475-B6B9-C059268E38B5.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSC9635931-DD59-4B77-85D8-559AE4F45BC5.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSCCD62B5B-B29B-4EF8-9475-DE0AD79D5220.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSCD8C9624-E50E-46E2-8F43-CD6008D07EE0.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSCE84C86E-5E6F-40DD-983C-94A98B529E5E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSD13298E2-A1EB-4C13-84A8-80767EB7A226.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSD2EA4BC2-A81B-493B-8327-FB2011B555CE.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSD64CBF00-78D4-4A24-B057-19D8F13B3BA9.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSDB364A2B-961B-4057-8217-56826FB8C597.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSDB73E2EA-53C2-4982-96AB-B0403B9880FD.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSE1CD5EB2-F543-425A-8FEE-488D2A0B74B7.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSE7974130-F785-4988-AD59-ADB2DD3517D4.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSEA624B41-2EB5-491B-B9E5-145ED55406AD.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSEE4C1F69-F535-476A-8907-C33F67F9AF9A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSEE815BA0-8130-4BBD-8E5C-D2CEB5BFFFEC.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSEEF7CD0E-39DA-4D55-811C-D04004752461.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSF257A235-C879-49C2-8F82-D37835DDA34B.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSF2AD2579-0E81-41BD-9FBB-59875574994E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSF91797B7-8315-42EF-92A7-E37D89F580D1.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSFC1E10BA-5BAF-41ED-8AC9-EB96FDE7FCCE.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSFE44D43B-B6F2-4DC1-AB70-7343A202B792.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSFF2AC87F-799C-47F3-980E-33AF73CE4BD2.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSFF87540A-F556-4719-B6D3-43A9263CA0E7.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSFF953C67-73C8-4719-8605-F446FFFD3BB2.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11082008_184402

Files moved on Reboot...
File C:\DOCUME~1\HOMECO~1\LOCALS~1\Temp\Perflib_Perfdata_430.dat not found!
File C:\DOCUME~1\HOMECO~1\LOCALS~1\Temp\Perflib_Perfdata_b4.dat not found!
File C:\DOCUME~1\HOMECO~1\LOCALS~1\Temp\~DF9B0F.tmp not found!
File C:\DOCUME~1\HOMECO~1\LOCALS~1\Temp\~DF9B67.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\wrstemp\SSMS028FC485-D61E-44A9-A340-5F9AD1F752E5.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS02FCF12E-7C76-4246-848A-3BCB0A7FA648.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS03DE9D15-5A0F-4505-8850-A5838DB8E7D0.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS0BEF1822-2FC5-4500-9080-C6AB913C914A.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS0CC4C113-7CFD-44F1-81CD-5740BE5A4593.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS0DC170D1-BF84-4D5F-BC48-D2765AD5B757.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS0FA27A59-7967-47C7-B9DF-A58020D05B10.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS11CF7BD1-B47D-4F7B-9080-0AA1BCDF77ED.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS13681308-6078-4129-8468-825721712AA0.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS14154BFE-1202-49C8-9439-7E57AFAD4AA5.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS1797AF52-058A-48D2-AFD2-1BC1CC62EF6E.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS1921598F-4DA0-4743-A95F-9CC1D6AFF874.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS1A48BEA4-A5B9-48A1-9457-5EF4535B1B34.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS1AA4202A-0BC7-4BB4-A60A-1A275BF5E7F6.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS21A6874A-558A-4F3F-B87D-7708437F23E7.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS232C1E80-C7C4-4AD7-8269-54D866F07E64.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS23560119-7CB7-47A0-A446-5F2667A9DB0C.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS23AF3CEF-F727-43EA-86CE-0C498BA1265E.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS27FCE5AC-6497-4F0F-B827-4DBC7E652B33.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS29AD6221-82D2-4931-91FA-76C7954C53C6.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS29F45CAA-DDCE-475A-9E9D-9550E79443F7.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS2AE641A1-EB93-4369-81B9-D27F8E7A73B1.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS2B2872D2-6293-45A4-9286-5C9DFCAD0ED5.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS2C48534F-CA4F-4192-BC6D-F27EB7FC3064.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS2F675561-B7AE-4AB2-9478-43E12F93B1A1.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS337F8A85-A9DE-44D3-ADD0-0D102E52C697.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS353E3172-F6A0-4C04-B336-B4DD1F52132E.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS35D62FC9-C88A-40A4-8A8B-867F988DE7AF.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS38741CAA-8298-4478-9B2C-A76B05AE7B17.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS390D27DA-F03B-4B7E-A2AF-98C93C6C5CF6.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS3A18EE4F-98B0-40B5-B25E-325FFC26730A.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS3D5FF8C8-3947-4C85-8676-C6384ABAC693.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS3F2D72FD-2A10-403D-9DB3-448AA8811BCA.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS44528331-A862-458C-82D8-4525A1187802.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS455BF752-32AF-41D5-94F4-49087E09A7CE.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS484FA549-863F-41BF-A520-A62C85845A33.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS48D84420-55F7-469F-BE89-57412416568F.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS4AD1D91D-5DEF-4292-A7E8-3DCD9950361E.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS4FFBC434-94A4-485A-88F9-D99EDE451589.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS54AA927B-8460-4E84-888B-DC38E5D958DC.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS57434C2C-37D8-426A-9859-401B547A6774.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS5A01D6F2-407A-4934-9225-E80458E786FF.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS5A9B8CC4-73F3-4C3C-A4D2-DA79BB413325.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS5AA49785-57C1-4403-8B7B-688DA1B07DBD.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS5F8FF64E-1E3A-47B1-A54C-AA4252C20814.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS630556E4-03CA-4A07-ABCA-06DF3424E481.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS655D7DDD-651E-4C96-9A64-8CC800D397D2.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS67176596-50EC-45F1-8CD9-4A45BD50F530.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS692CB3BA-9EE3-4F54-BF7E-04B8ABE797EB.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS69F26B13-18E7-41CD-9F6E-DEF4E49E6DCC.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS6C25069E-1DD3-4AEA-A417-452B138D762F.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS6C7A83E7-30F0-4A05-8AF7-8B00930A2F3E.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS6D549239-1418-4C01-859A-25B26B0D7286.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS7744E06B-D3F7-4233-90E1-C3A1291EB4E3.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS7B522403-09AA-48B8-9980-CEF593655CBF.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS7DAD949C-ECAB-495F-91A0-5891DE158077.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS7F0F6DD4-D506-486D-837D-550504255EAA.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS8067AEDF-4C84-41A9-9971-7F459CDA114F.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS80FBF9A5-196B-4617-B7A2-3F68281DC20F.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS8419D231-0BA9-469C-81BA-633BB559E57F.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS8469FB1D-1530-417A-9E88-7906CF792F46.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS85B606D0-7B2B-47BB-8F50-9CC8965EA9D3.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS8922F7F0-690C-45EC-8953-2AAFD02C593B.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS8A2931EA-1028-4EAB-985D-C66749CB6CE1.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS8C7F8705-00FE-4398-8A5F-C3E6F114081C.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS8FF1EC85-4E23-404D-9F18-3EC207979E2D.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS936095A0-9E3F-4C49-B84A-706BC2D3B1CB.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS9AABF238-00D0-48CE-AB76-71366D5D47EF.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS9B1D070A-20A6-4B41-A94B-00109C325182.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS9E157ED3-13A9-43F0-8344-487DB71ACA03.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSA0773B58-560C-4590-94F2-95338E9CB7B7.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSA0ADA013-11B1-424A-A9D8-78293BCD09D3.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSA2E847D2-29C9-477F-B38F-5C336C3B9E08.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSA6EFB9BB-DA3B-4D77-B0FC-36458FA34872.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSAF9B21AF-08BB-4DAB-AA93-3630A8262057.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSB57975D3-474F-4CA8-9FDE-8E9A84157A0D.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSB5B90266-F004-4103-8424-19D8978958BF.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSBC5B7F30-E6E4-4903-805E-B1236D2CD245.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSBCC00841-60EC-49D2-830F-71173B9F8CE6.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSBE7EC0B8-F268-4A39-9794-D10C33E15EF9.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSBF212037-FD76-4475-B6B9-C059268E38B5.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSC9635931-DD59-4B77-85D8-559AE4F45BC5.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSCCD62B5B-B29B-4EF8-9475-DE0AD79D5220.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSCD8C9624-E50E-46E2-8F43-CD6008D07EE0.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSCE84C86E-5E6F-40DD-983C-94A98B529E5E.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSD13298E2-A1EB-4C13-84A8-80767EB7A226.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSD2EA4BC2-A81B-493B-8327-FB2011B555CE.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSD64CBF00-78D4-4A24-B057-19D8F13B3BA9.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSDB364A2B-961B-4057-8217-56826FB8C597.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSDB73E2EA-53C2-4982-96AB-B0403B9880FD.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSE1CD5EB2-F543-425A-8FEE-488D2A0B74B7.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSE7974130-F785-4988-AD59-ADB2DD3517D4.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSEA624B41-2EB5-491B-B9E5-145ED55406AD.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSEE4C1F69-F535-476A-8907-C33F67F9AF9A.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSEE815BA0-8130-4BBD-8E5C-D2CEB5BFFFEC.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSEEF7CD0E-39DA-4D55-811C-D04004752461.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSF257A235-C879-49C2-8F82-D37835DDA34B.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSF2AD2579-0E81-41BD-9FBB-59875574994E.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSF91797B7-8315-42EF-92A7-E37D89F580D1.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSFC1E10BA-5BAF-41ED-8AC9-EB96FDE7FCCE.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSFE44D43B-B6F2-4DC1-AB70-7343A202B792.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSFF2AC87F-799C-47F3-980E-33AF73CE4BD2.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSFF87540A-F556-4719-B6D3-43A9263CA0E7.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSFF953C67-73C8-4719-8605-F446FFFD3BB2.tmp not found!


RSIT -
Logfile of random's system information tool 1.04 (written by random/random)
Run by Home Computer at 2008-11-08 19:14:38
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 191 GB (81%) free of 235 GB
Total RAM: 1022 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:50 PM, on 11/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navstub.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\notepad.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Home Computer\Desktop\G2G\RSIT.exe
C:\Documents and Settings\Home Computer\Desktop\G2G\Home Computer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071207
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] "C:\WINDOWS\KHALMNPR.EXE"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [DLCQCATS] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [AllSeeingEye] "C:\Program Files\Fortego Security\All-Seeing Eye\ase.exe" -auto
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberr...re/AxLoader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 11645 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Home Computer.job
C:\WINDOWS\tasks\wrSpySweeper_L7747FFD549244D3A9E328E76911804ED.job
C:\WINDOWS\tasks\wrSpySweeper_LA6F6A8870C1C4590B515357C40FA7566.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-01-11 96936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-08 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-08 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [2007-01-11 607888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-09-25 90112]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-16 16132608]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"FaxCenterServer"=C:\Program Files\Dell PC Fax\fm3032.exe [2007-06-29 312560]
"dlcqmon.exe"=C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe [2007-06-29 292080]
"MemoryCardManager"=C:\Program Files\Dell Photo AIO Printer 966\memcard.exe [2007-06-29 304368]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-10-09 16384]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-09 115816]
"osCheck"=C:\Program Files\Norton Internet Security\osCheck.exe [2007-01-13 771704]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"DLCQCATS"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll [2006-10-15 106496]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-08 136600]
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-10-12 6272888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-11 218032]
"AllSeeingEye"=C:\Program Files\Fortego Security\All-Seeing Eye\ase.exe -auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-10-09 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [2006-08-17 1116920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-03-26 228088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Home Computer^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
C:\Documents and Settings\Home Computer\Local Settings\Temp\{C9485106-2CD8-445A-9ED7-FBA414231614}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe /remind /language=ENU /PRNM=RollerCoaster Tycoon 3/PRMP=RCT3/SKUN=PCXX/GTYP=STRY []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Photo Loader supervisory.lnk - C:\Program Files\CASIO\Photo Loader\Plauto.exe

C:\Documents and Settings\Home Computer\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NofolderOptions"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\WINDOWS\system32\dlcqcoms.exe"="C:\WINDOWS\system32\dlcqcoms.exe:*:Enabled:Dell Communications System"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bfb1073-a923-11dc-99d7-806d6172696f}]
shell\AutoRun\command - D:\CDSTART.EXE


======File associations======

.exe - open - "%1" %*"
.bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1"
.ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1"

======List of files/folders created in the last 1 months======

2008-11-08 19:10:43 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-08 19:10:43 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-08 19:10:43 ----A---- C:\WINDOWS\system32\java.exe
2008-11-08 19:10:43 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-08 18:44:02 ----D---- C:\_OTMoveIt
2008-11-07 21:43:26 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-06 18:04:24 ----D---- C:\Program Files\Norton Internet Security
2008-11-06 18:02:58 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-11-06 18:01:35 ----D---- C:\Program Files\Symantec
2008-11-06 18:01:32 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-31 23:15:46 ----D---- C:\rsit
2008-10-31 22:59:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-31 12:05:36 ----D---- C:\WINDOWS\Prefetch
2008-10-31 12:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-31 12:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-31 12:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-31 12:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-31 12:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-31 12:01:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-31 12:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-31 12:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-31 12:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-31 12:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-31 12:00:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-31 11:59:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-31 11:59:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-31 11:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-31 11:59:14 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-31 11:59:00 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-31 11:54:25 ----D---- C:\WINDOWS\system32\scripting
2008-10-31 11:54:23 ----D---- C:\WINDOWS\l2schemas
2008-10-31 11:54:22 ----D---- C:\WINDOWS\system32\en
2008-10-31 11:54:21 ----D---- C:\WINDOWS\system32\bits
2008-10-31 11:49:18 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-31 11:45:27 ----D---- C:\WINDOWS\network diagnostic
2008-10-31 11:39:52 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-31 11:32:03 ----D---- C:\WINDOWS\EHome
2008-10-30 18:22:59 ----D---- C:\WINDOWS\ERDNT
2008-10-30 18:22:21 ----D---- C:\Program Files\ERUNT
2008-10-30 11:37:22 ----D---- C:\WINDOWS\system32\ime
2008-10-23 22:05:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-15 22:31:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-15 22:31:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 22:31:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-15 22:30:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-15 22:30:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-13 19:28:33 ----D---- C:\Documents and Settings\Home Computer\Application Data\Malwarebytes
2008-10-13 19:28:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-13 19:28:29 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-13 19:27:46 ----D---- C:\Program Files\Common Files\Download Manager
2008-10-13 19:13:57 ----D---- C:\Documents and Settings\Home Computer\Application Data\Help

======List of files/folders modified in the last 1 months======

2008-11-08 19:14:40 ----D---- C:\WINDOWS\Temp
2008-11-08 19:11:01 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-08 19:10:57 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-08 19:10:55 ----SHD---- C:\WINDOWS\Installer
2008-11-08 19:10:54 ----SHD---- C:\Config.Msi
2008-11-08 19:10:43 ----D---- C:\WINDOWS\system32
2008-11-08 19:07:23 ----D---- C:\Program Files\Java
2008-11-08 19:00:15 ----D---- C:\WINDOWS
2008-11-08 18:52:41 ----D---- C:\MDT
2008-11-08 18:47:02 ----A---- C:\WINDOWS\ModemLog_Standar

• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
  
  
  • C:\WINDOWS\system32\deploytk.dll
• Click on the Upload button
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

Also, how is your computer running?

Hey,

Ok, I tried to run the online scanner in IE - would not run at all. Stalled out on step 2. Opened the page in Firefox; had to navigate to the file manually - wouldn't let me copy/paste in the box. Report below.

-Nick


VirSCAN.org Scanned Report :
Scanned time : 2008/11/09 23:40:32 (PST)
Scanner results: All Scanners reported not find malware!
File Name : deploytk.dll
File Size : 410976 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 9d819b4ca8ed1010c5fa248bc1a75b9a
SHA1 : 2d77ff8ac23d32cbaa5581c1aafe8e432104ce34
Online report : http://virscan.org/r...680d95914a.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.23 2008.11.03 2008-11-03 1.43 -
AhnLab V3 2008.11.10.01 2008.11.10 2008-11-10 0.96 -
AntiVir 7.9.0.29 7.1.0.59 2008-11-10 1.49 -
Antiy 2.0.18 20081108.1564159 2008-11-08 0.12 -
Arcavir 1.0.5 200811061144 2008-11-06 1.23 -
Authentium 5.1.1 200811091755 2008-11-09 1.06 -
AVAST! 3.0.1 081109-0 2008-11-09 0.02 -
AVG 7.5.52.442 270.9.0/1778 2008-11-09 1.73 -
BitDefender 7.60825.2091213 7.21784 2008-11-10 3.38 -
CA (VET) 9.0.0.143 31.6.6200 2008-11-08 3.77 -
ClamAV 0.94 8596 2008-11-10 0.14 -
Comodo 2.11 2.0.0.702 2008-11-09 0.54 -
CP Secure 1.1.0.715 2008.11.10 2008-11-10 6.58 -
Dr.Web 4.44.0.9170 2008.11.10 2008-11-10 3.52 -
ewido 4.0.0.2 2008.11.09 2008-11-09 2.99 -
F-Prot 4.4.4.56 20081109 2008-11-09 1.07 -
F-Secure 5.51.6100 2008.11.10.03 2008-11-10 0.07 -
Fortinet 2.81-3.117 9.699 2008-11-08 0.23 -
GData 19.1456/19.97 20081110 2008-11-10 2.83 -
ViRobot 20081107 2008.11.07 2008-11-07 0.40 -
Ikarus T3.1.01.45 2008.11.10.71826 2008-11-10 3.35 -
JiangMin 11.0.706 2008.11.10 2008-11-10 1.31 -
Kaspersky 5.5.10 2008.11.10 2008-11-10 0.05 -
KingSoft 2008.9.8.18 2008.11.10.14 2008-11-10 0.80 -
McAfee 5.3.00 5428 2008-11-08 2.46 -
Microsoft 1.4104 2008.11.10 2008-11-10 4.13 -
mks_vir 2.01 2008.11.10 2008-11-10 2.74 -
Norman 5.93.01 5.93.00 2008-11-07 5.41 -
Panda 9.05.01 2008.11.09 2008-11-09 2.33 -
Trend Micro 8.700-1004 5.645.00 2008-11-09 0.03 -
Quick Heal 9.50 2008.11.10 2008-11-10 2.24 -
Rising 20.0 21.03.01.00 2008-11-10 1.02 -
Sophos 2.80.0 4.35 2008-11-10 1.89 -
Sunbelt 3.1.1785.2 4374 2008-11-04 0.51 -
Symantec 1.3.0.24 20081109.003 2008-11-09 0.07 -
nProtect 2008-11-10.00 2384701 2008-11-10 4.40 -
The Hacker 6.3.1.1 v00147 2008-11-10 0.46 -
VBA32 3.12.8.9 20081109.2030 2008-11-09 1.52 -
VirusBuster 4.5.11.10 10.92.2/671352 2008-11-09 1.16 -

Launch Malwarebytes' Anti-Malware

• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Hey,

It didn't find anything.

-Nick

Malwarebytes' Anti-Malware 1.30
Database version: 1349
Windows 5.1.2600 Service Pack 3

11/10/2008 5:46:56 PM
mbam-log-2008-11-10 (17-46-56).txt

Scan type: Quick Scan
Objects scanned: 55617
Time elapsed: 10 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thats good news. Lets try one more:


Go to Kaspersky website and perform an online antivirus scan.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Kaspersky didn't find anything. The log file was empty. As a side note, I had to run the scan in Firefox - installation with IE failed.

-Nick