hey, i had been using the forum before to fix this computer but due to work and school my thread got closed due to inactivity so i just want to reopen it. my computer freezes consistently on startup and runs slow, etc.

Logfile of HijackThis v1.99.1
Scan saved at 12:02:27 AM, on 7/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - _{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3E1500AC-87A5-416b-A211-82E848649DA9} - (no file)
O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6EA91D73-11AF-4B42-A89F-40CB9DA6CE5c} - (no file)
O2 - BHO: (no name) - {A3AB34B7-51CF-42AF-A19E-D445E5B4D272} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - http://www.mtv.com/overdrive/bin/setup.exe
O20 - Winlogon Notify: ddayw - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: khffeef - C:\WINDOWS\
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: ssqrs - C:\WINDOWS\
O20 - Winlogon Notify: vtuts - C:\WINDOWS\
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

Hello Seth

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Deckard's System Scanner v20070708.52
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 64%
Physical Memory (total/avail): 509.98 MiB / 178.51 MiB
Pagefile Memory (total/avail): 1244.34 MiB / 838.51 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1967.05 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 71.03 GiB total, 1.21 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Anti-Virus - SBC Yahoo! Online Protection v7.0.7.4 (Computer Associates)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Rufus\\rufus.exe"="C:\\Program Files\\Rufus\\rufus.exe:*:Enabled:rufus"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"="C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Seth\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DCDZYB71
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Seth
LOGONSERVER=\\DCDZYB71
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Seth\LOCALS~1\Temp
TMP=C:\DOCUME~1\Seth\LOCALS~1\Temp
USERDOMAIN=DCDZYB71
USERNAME=Seth
USERPROFILE=C:\Documents and Settings\Seth
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Jerry (admin)
Phil (admin)
Janis
Seth (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
--> rundll32 C:\PROGRA~1\NEED2F~1\bar\3.bin\Nd2fnBar.dll,O
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AAA Map'n'Go 2.0 --> C:\WINDOWS\uninst.exe -fC:\AAAMNG2\DeIsL1.isu
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
AlienGUIse Theme Manager --> C:\PROGRA~1\ALIENG~1\thememgr.exe /uninstallwise
America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Connectivity Services --> C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Software Update --> MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
AquaMark3 --> C:\PROGRA~1\AQUAMA~1\UNWISE.EXE C:\PROGRA~1\AQUAMA~1\INSTALL.LOG
AT&T Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
CamelCasino --> C:\Program Files\CamelCasino\uninstall.exe
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Cookbook Wizard For Windows 2.0 --> c:\Program Files\CookbookWizard\UnInstall.exe
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Photo Printer 720 --> C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE -dDell Photo Printer 720
Dell Photo Printer 720 Logger --> C:\Program Files\Dell Photo Printer 720\dlbcunst.exe
Dell Picture Studio v3.0 --> MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EarthLink setup files --> MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
eMusic - 50 Free MP3 offer --> "C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
Get High Speed Internet! --> MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
GTA San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0303B6A-C675-4102-95DA-C013625BFA99}\setup.exe" -l0x9 -removeonly
GTK+ Runtime 2.6.7 rev a (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
Harry's Filters 3 --> C:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\SXUNINST.EXE
HijackThis 1.99.1 --> C:\Program Files\HijackThis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Image Converter Wide 1.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAD86797-EF02-4306-93BC-90D667E6F741}\SETUP.EXE" -l0x9
Intel® 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Photo Album 5 --> MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
LabelWizard 2 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\LabelWizard 2\ST6UNST.LOG"
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
MediaMonkey 2.5 --> "C:\Program Files\MediaMonkey\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Mozilla Firefox (2.0.0.2) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
My Way Search Assistant --> rundll32 C:\PROGRA~1\MyWaySA\SrchAsDe\1.bin\desrcas.dll,O
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Outerinfo --> "C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe"
Pdf995 --> C:\Program Files\TaxCut06\pdf995\setup.exe uninstall
PdfEdit995 --> C:\Program Files\TaxCut06\pdf995\res\utilities\thinsetup.exe - uninstall
Photo Click --> MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PowerStrip 3 (remove only) --> C:\Program Files\PowerStrip\uninstal.exe
QuickBooks Simple Start Special Edition --> msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1
Quicken 2005 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Rufus --> C:\Program Files\Rufus\uninstall.exe
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Select CashBack --> C:\WINDOWS\2hr9blji.exe
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec AntiVirus Client --> MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}
TaxCut Deluxe 2005 --> C:\PROGRA~1\TaxCut05\Program\removetc.exe
TaxCut Premium 2006 --> C:\PROGRA~1\TaxCut06\Program\removetc.exe
Tibia 7.92 --> "C:\Program Files\Tibia\unins000.exe"
TorrentSpy Rufus --> "C:\Program Files\TorrentSpy Rufus\unins000.exe"
Uplink --> C:\WINDOWS\IsUninst.exe -f"c:\documents and settings\seth\desktop\uplink\Uninst.isu"
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Wal-Mart Music Downloads Store --> MsiExec.exe /I{7EE454FB-531E-47F9-BA45-ED65496EEB09}
WinAce Archiver --> C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XP Codec Pack --> C:\Program Files\XP Codec Pack\Uninstall.exe


-- End of Deckard's System Scanner: finished at 2007-07-11 at 02:32:06 ---------

Deckard's System Scanner v20070708.52
Run by Seth on 2007-07-11 at 02:28:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
15: 2007-07-11 07:28:56 UTC - RP710 - Deckard's System Scanner Restore Point
14: 2007-07-10 17:52:04 UTC - RP709 - System Checkpoint
13: 2007-07-09 17:51:36 UTC - RP708 - System Checkpoint
12: 2007-07-08 17:16:09 UTC - RP707 - System Checkpoint
11: 2007-07-07 17:03:00 UTC - RP706 - System Checkpoint


-- First Restore Point --
1: 2007-06-24 19:19:05 UTC - RP696 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Seth.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:30:29 AM, on 7/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Seth\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Seth.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - _{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3E1500AC-87A5-416b-A211-82E848649DA9} - (no file)
O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6EA91D73-11AF-4B42-A89F-40CB9DA6CE5c} - (no file)
O2 - BHO: (no name) - {A3AB34B7-51CF-42AF-A19E-D445E5B4D272} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - http://www.mtv.com/overdrive/bin/setup.exe
O20 - Winlogon Notify: ddayw - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: khffeef - C:\WINDOWS\
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: ssqrs - C:\WINDOWS\
O20 - Winlogon Notify: vtuts - C:\WINDOWS\
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE


-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20070531-081344-225 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
backup-20070531-081344-267 O2 - BHO: ofb1 - {3E1500AC-87A5-416b-A211-82E848649DA9} - C:\PROGRA~1\Ofb11\Ofb11.dll (file missing)
backup-20070531-081344-384 O2 - BHO: (no name) - {A24B57F8-505D-4fc5-9960-740E304D1ABA} - C:\WINDOWS\system32\tmp177.tmp.dll
backup-20070531-081344-442 O2 - BHO: (no name) - {6EA91D73-11AF-4B42-A89F-40CB9DA6CE5c} - C:\WINDOWS\system32\wehfcuou.dll (file missing)
backup-20070531-081345-342 O4 - HKLM\..\Run: [{F0-00-06-6A-ZN}] c:\windows\system32\njdsregm.exe CHD003
backup-20070531-081345-420 O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm565YYUS
backup-20070531-081345-488 O2 - BHO: 0 - {A3AB34B7-51CF-42AF-A19E-D445E5B4D272} - C:\Program Files\Common Files\tefat.dll (file missing)
backup-20070531-081345-605 O4 - HKLM\..\Run: [{ZN}] C:\Documents and Settings\Seth\Desktop\TISKY002.exe CHD003
backup-20070531-081345-661 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
backup-20070531-081345-747 O2 - BHO: (no name) - {e50260fa-abdc-4300-b0a7-10998073e4bc} - C:\WINDOWS\system32\IOLapi.dll
backup-20070531-081345-850 O4 - HKLM\..\Run: [Spyware remover] C:\WINDOWS\Remove_spyware.exe
backup-20070531-081345-865 O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
backup-20070531-081345-879 O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\dnsersnd.dll (file missing)
backup-20070531-081346-586 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
backup-20070531-081347-336 O20 - Winlogon Notify: ddayw - C:\WINDOWS\system32\ddayw.dll (file missing)
backup-20070531-081347-896 O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
backup-20070531-081348-788 O20 - Winlogon Notify: IOLapi - C:\WINDOWS\SYSTEM32\IOLapi.dll
backup-20070531-081348-985 O20 - Winlogon Notify: khffeef - khffeef.dll (file missing)
backup-20070531-081349-521 O20 - Winlogon Notify: ssqrs - C:\WINDOWS\system32\ssqrs.dll (file missing)
backup-20070531-081349-983 O20 - Winlogon Notify: vtuts - C:\WINDOWS\system32\vtuts.dll (file missing)
backup-20070531-081350-631 O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)
backup-20070531-172305-349 O2 - BHO: (no name) - {e50260fa-abdc-4300-b0a7-10998073e4bc} - C:\WINDOWS\system32\IOLapi.dll (file missing)
backup-20070531-172305-391 O20 - Winlogon Notify: IOLapi - IOLapi.dll (file missing)

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 PStrip - c:\windows\system32\drivers\pstrip.sys <Not Verified; EnTech Taiwan; PowerStrip>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 VETFDDNT (VET Floppy Boot Sector Monitor) - c:\windows\system32\drivers\vetfddnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VET-FILT (VET File System Filter) - c:\windows\system32\drivers\vet-filt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VETMONNT (VET File Monitor) - c:\windows\system32\drivers\vetmonnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VET-REC (VET File System Recognizer) - c:\windows\system32\drivers\vet-rec.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Scheduled Tasks -------------------------------------------------------------

2007-07-09 13:06:08 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-07-06 20:00:00 412 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DCDZYB71-Seth).job
2007-07-06 18:30:00 350 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DCDZYB71-Jerry).job
2007-05-21 21:04:46 240 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job


-- Files created between 2007-06-11 and 2007-07-11 -----------------------------

2007-07-11 02:08:45 0 d-------- C:\WINDOWS\LastGood
2007-07-05 18:55:24 0 d-------- C:\Documents and Settings\Seth\Application Data\Printer Info Cache
2007-07-05 18:35:07 0 d-------- C:\Documents and Settings\Seth\Application Data\Snapfish
2007-06-29 17:33:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-06-27 12:53:41 0 d-------- C:\Program Files\FLVPlayer
2007-06-25 03:21:59 0 d-------- C:\Documents and Settings\Seth\Application Data\BonkEnc
2007-06-25 03:21:24 0 d-------- C:\Program Files\BonkEnc
2007-06-23 02:42:08 0 d-------- C:\Documents and Settings\Seth\Application Data\Wal-Mart Digital Photo Viewer
2007-06-21 08:28:51 0 d-------- C:\TEMP
2007-06-12 08:59:06 0 d-------- C:\Documents and Settings\Seth\Application Data\Media Player Classic
2007-06-12 08:57:34 0 d-------- C:\Program Files\XP Codec Pack


-- Find3M Report ---------------------------------------------------------------

2007-07-09 03:41:37 0 d-------- C:\Program Files\Winamp
2007-07-05 18:35:05 1780 --a------ C:\WINDOWS\mozver.dat
2007-06-02 18:09:56 0 d-------- C:\Documents and Settings\Seth\Application Data\Intuit
2007-05-30 20:32:08 0 d-------- C:\Program Files\Ofb11
2007-05-30 20:32:07 0 d-------- C:\Program Files\Common Files\fuuu
2007-05-25 19:04:36 279 --a------ C:\Program Files\Common Files\tefat
2007-05-24 13:20:04 0 d-------- C:\Program Files\Symantec
2007-05-24 13:19:53 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-05-24 13:18:57 0 d-------- C:\Program Files\Symantec_Client_Security
2007-05-24 13:07:57 930 --a------ C:\WINDOWS\system32\winpfz32.sys
2007-05-24 01:47:02 8464 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2007-05-22 02:56:52 0 d-------- C:\Program Files\Diablo II
2007-05-21 03:10:13 0 d-------- C:\Program Files\MyWay
2007-05-19 00:19:52 0 d-------- C:\Documents and Settings\Seth\Application Data\Real
2007-05-14 19:15:42 35206 --a------ C:\WINDOWS\DIIUnin.dat
2007-05-14 19:04:58 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2007-05-14 19:04:58 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2007-05-14 19:04:58 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2007-05-14 18:09:17 2829 --a------ C:\WINDOWS\DIIUnin.pif
2007-05-14 18:09:17 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2007-05-14 17:35:16 0 d-------- C:\Program Files\CamelCasino
2007-04-19 05:48:11 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{4D25F921-B9FE-4682-BF72-8AB8210D6D75} C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\system32\dla\tfswshx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"IntelMeM"="C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
"YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mimboot.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayw
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khffeef
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrs
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuts
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wbsys.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Seth^Start Menu^Programs^Startup^Alienware Dock.lnk]
"path"="C:\\Documents and Settings\\Seth\\Start Menu\\Programs\\Startup\\Alienware Dock.lnk"
"backup"="C:\\WINDOWS\\pss\\Alienware Dock.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\ALIENG~1\\ALIENW~1\\OBJECT~1.EXE "
"item"="Alienware Dock"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-07-11 at 02:32:06 ---------

Please remove any version you currently have of Vundofix and download it again please

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• When VundoFix re-opens, click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will shutdown your computer, click OK.
• Turn your computer back on.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log.

vundo not detected

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - _{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {3E1500AC-87A5-416b-A211-82E848649DA9} - (no file)
O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {6EA91D73-11AF-4B42-A89F-40CB9DA6CE5c} - (no file)
O2 - BHO: (no name) - {A3AB34B7-51CF-42AF-A19E-D445E5B4D272} - (no file)
O20 - Winlogon Notify: ddayw - C:\WINDOWS\
O20 - Winlogon Notify: khffeef - C:\WINDOWS\
O20 - Winlogon Notify: ssqrs - C:\WINDOWS\
O20 - Winlogon Notify: vtuts - C:\WINDOWS\






Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

MyWebsearch



Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\MyWaySA



After that, Reboot Post back a fresh HJT log please.

Logfile of HijackThis v1.99.1
Scan saved at 10:53:24 PM, on 7/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Winamp\winamp.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Globa