Here is the main.txt
Thanks for your help!
Wei
Deckard's System Scanner v20071014.68
Run by WHuang2 on 2008-01-27 08:57:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
52: 2008-01-27 16:57:16 UTC - RP247 - Deckard's System Scanner Restore Point
51: 2008-01-27 04:55:03 UTC - RP246 - Configured SlingPlayer Mobile
50: 2008-01-27 04:49:02 UTC - RP245 - Removed Yahoo Messenger 7.0
49: 2008-01-27 04:25:27 UTC - RP244 - Installed SUPERAntiSpyware Free Edition
48: 2008-01-27 04:00:48 UTC - RP243 - Jan 26 2008
-- First Restore Point --
1: 2007-11-29 10:11:41 UTC - RP196 - Removed Logitech Internet Handset
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as WHuang2.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:17 AM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDCLient\tmcsvc.exe
C:\Program Files\iPass\iPassConnect\iPCAgent.exe
C:\PROGRA~1\LANDesk\LDCLient\issuser.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\1E\SMSWakeup40\minislv.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\Prot_srv.exe
C:\WINDOWS\system32\pstartSr.exe
C:\WINDOWS\rcmdsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\LANDesk\LDCLient\softmon.exe
C:\PROGRA~1\LANDesk\LDCLient\rcgui.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\help\F3C74E3FA248.EXE
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
C:\Program Files\Courion Corporation\Identity Management Suite DIRECT!\direct.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Iconix\OEAddOn\OEdmn_3.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe
C:\WINDOWS\V0250Mon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Logitech\Logitech Internet Handset\LOGI_HDS.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\help\F3C74E3FA248.EXE
C:\Documents and Settings\whuang2\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\WHuang2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ebss.internal...MT/internal.phpR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://us.rd.yahoo.c...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.c...//www.yahoo.comO2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files\Iconix\IEAddOn\IconixBHO_27.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: PrivBar - {300BC64A-BF32-4cc8-8917-91148CEFE700} - C:\WINDOWS\system32\PrivBar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
O4 - HKLM\..\Run: [DIRECT!] C:\Program Files\Courion Corporation\Identity Management Suite DIRECT!\direct.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IconixOEAddOn] "C:\Program Files\Iconix\OEAddOn\OEdmn_3.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IntelAPMClient] "C:\Program Files\LANDesk\LDCLient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [H/PC Connection Agent] C:\PROGRA~1\MI3AA1~1\wcescomm.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [amva] C:\WINDOWS\system32\amvo.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [H/PC Connection Agent] C:\PROGRA~1\MI3AA1~1\wcescomm.exe (User 'Default user')
O4 - Startup: Logitech Internet Handset.lnk = C:\Program Files\Logitech\Logitech Internet Handset\LOGI_HDS.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_27.dll
O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_27.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_27.dll
O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_27.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=58813O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {18BC0811-C645-4903-8DFF-264129A28321} (KACommControlFTC.StudentControl) -
http://knowlagentpro...mControlFTC.CABO16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) -
http://crystal.inter...tivexviewer.cabO16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) -
http://h20270.www2.h...ctDetection.cabO16 - DPF: {6EBA4C9C-4EEA-402A-B4A2-F247B7B9738F} (RxMVP Control) -
http://web-color.nat...ocx/RxMPOMR.cabO16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) -
http://web1.shutterf...ds/Uploader.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {9CDD57AC-CA86-464C-B920-3228A388CC78} (NaverFileControl Control) -
http://file.naver.co...n/NaverFile.cabO16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://crucial.com/c.../cpcScanner.cabO16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) -
https://cid-f545c6e1....RichUpload.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gsm1900.org
O17 - HKLM\Software\..\Telephony: DomainName = gsm1900.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gsm1900.org
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\tmcsvc.exe
O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDCLient\issuser.exe
O23 - Service: minislv - 1E Ltd - C:\Program Files\1E\SMSWakeup40\minislv.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Pointsec - Unknown owner - C:\WINDOWS\system32\Prot_srv.exe
O23 - Service: Pointsec Service Start (Pointsec_start) - Unknown owner - C:\WINDOWS\system32\pstartSr.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\softmon.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: xCmd Service (xCmdSvc) - Unknown owner - C:\WINDOWS\system32\xCmdSvc.exe
--
End of file - 15068 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 prot_2k - c:\windows\system32\drivers\prot_2k.sys <Not Verified; Pointsec Mobile Technologies AB; Pointsec>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 StarPortLite (StarPort Storage Controller (Lite)) - c:\windows\system32\drivers\starportlite.sys <Not Verified; Rocket Division Software; StarPort Storage Controller>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.6.0.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.6.0.0>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 btwmodem (Bluetooth Modem) - c:\windows\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.3400>
R3 HBtnKey - c:\windows\system32\drivers\cpqbttn.sys <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 eabfiltr - c:\windows\system32\drivers\eabfiltr.sys <Not Verified; Hewlett-Packard Development Company, L.P.; HPQuick Launch Buttons>
S3 eabusb - c:\windows\system32\drivers\eabusb.sys <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CBA8 (LANDesk® Management Agent) - "c:\program files\landesk\shared files\residentagent.exe" <Not Verified; LANDesk Software, Ltd.; LANDesk® Management Agent>
R2 Intel Local Scheduler Service - "c:\program files\landesk\ldclient\localsch.exe" <Not Verified; LANDesk Software, Ltd.; LANDesk Software>
R2 Intel PDS - c:\windows\system32\cba\pds.exe <Not Verified; LANDesk Software Ltd.; Intel Common Base Agent>
R2 Intel Targeted Multicast (LANDesk Targeted Multicast) - c:\program files\landesk\ldclient\tmcsvc.exe <Not Verified; LANDesk Software, Ltd.; LANDesk Software>
R2 iPCAgent - c:\program files\ipass\ipassconnect\ipcagent.exe <Not Verified; iPass, Inc.; iPCAgent Module>
R2 ISSUSER (LANDesk Remote Control Service) - c:\progra~1\landesk\ldclient\issuser.exe /service <Not Verified; LANDesk Software, Ltd.; LANDesk Software>
R2 minislv - "c:\program files\1e\smswakeup40\minislv.exe" <Not Verified; 1E Ltd; 1E Ltd minislv>
R2 Pointsec - c:\windows\system32\prot_srv.exe
R2 Pointsec_start (Pointsec Service Start) - c:\windows\system32\pstartsr.exe
R2 RCMDSVC (Remote Command Server) - c:\windows\rcmdsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 Softmon (LANDesk® Software Monitoring Service) - "c:\program files\landesk\ldclient\softmon.exe" <Not Verified; LANDesk Software, Ltd.; LANDesk Software>
R2 UTSCSI (CLCV0) - c:\windows\system32\utscsi.exe <Not Verified; ; UTSCSI Application>
R2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSO Service>
S3 iPassConnectEngine - c:\program files\ipass\ipassconnect\ipassconnectengine.exe <Not Verified; iPass; iPassConnectEngine Module>
S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)
S3 xCmdSvc (xCmd Service) - c:\windows\system32\xcmdsvc.exe
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
-- Files created between 2007-12-27 and 2008-01-27 -----------------------------
2008-01-27 07:48:37 54784 -----n--- C:\WINDOWS\system32\amvo0.dll
2008-01-26 23:54:33 8576 --a------ C:\WINDOWS\system32\drivers\qdolnodhpbrp.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-26 23:32:44 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-26 20:25:50 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-26 20:25:29 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-26 20:25:29 0 d-------- C:\Documents and Settings\whuang2\Application Data\SUPERAntiSpyware.com
2008-01-26 20:24:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-26 20:13:28 0 d-------- C:\Documents and Settings\whuang2\Application Data\Grisoft
2008-01-26 20:07:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-26 19:15:24 54784 -r-hs---- C:\WINDOWS\system32\amvo1.dll
2008-01-25 05:54:48 105293 -r-hs---- C:\xo8wr9.exe
2008-01-24 04:41:38 54784 -r-hs---- C:\WINDOWS\system32\amvo2.dll
2008-01-22 22:16:13 105293 -r-hs---- C:\WINDOWS\system32\amvo.exe
2008-01-21 00:56:54 16384 --a------ C:\WINDOWS\system32\xCmdSvc.exe
2008-01-20 16:59:13 0 d-------- C:\Documents and Settings\whuang2\Application Data\WinRAR
2008-01-20 06:27:52 0 d-------- C:\EMT website
2008-01-16 00:58:48 4326 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2008-01-13 21:50:01 0 d-------- C:\Documents and Settings\whuang2\Application Data\SkypeCap
2008-01-13 21:49:07 0 d-------- C:\Program Files\Common Files\GeoVid
2008-01-13 21:49:06 1712128 --a------ C:\WINDOWS\system32\gdiplus.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-13 21:49:05 60416 --a------ C:\WINDOWS\system32\dsetup.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2008-01-13 21:49:04 0 d-------- C:\Program Files\SkypeCap
2008-01-11 05:06:48 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-01-06 00:09:10 85760 --a------ C:\WINDOWS\system32\drivers\StarPortLite.sys <Not Verified; Rocket Division Software; StarPort Storage Controller>
2008-01-06 00:09:06 0 d-------- C:\Program Files\Give Away Of The Day
2008-01-05 01:33:21 0 d-------- C:\Program Files\Pocket Informant
2008-01-02 05:45:25 0 d-------- C:\Program Files\Creative
2008-01-02 05:42:12 0 d-------- C:\Live! Cam
-- Find3M Report ---------------------------------------------------------------
2008-01-27 08:54:25 0 d-------- C:\Documents and Settings\whuang2\Application Data\Skype
2008-01-27 04:08:39 0 d-------- C:\Program Files\Trend Micro
2008-01-27 02:59:59 0 d-------- C:\Program Files\QuickTime
2008-01-27 02:57:20 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-27 02:49:39 0 d-------- C:\Program Files\Common Files\Iconix
2008-01-26 21:40:12 0 d-------- C:\Documents and Settings\whuang2\Application Data\Adobe
2008-01-26 21:38:41 0 d-------- C:\Program Files\Yahoo!
2008-01-26 21:04:03 0 d-------- C:\Program Files\Sling Media
2008-01-26 21:04:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-26 20:24:54 0 d-------- C:\Program Files\Common Files
2008-01-22 22:58:24 0 d-------- C:\Documents and Settings\whuang2\Application Data\Vso
2008-01-22 22:58:24 33 --a------ C:\Documents and Settings\whuang2\Application Data\pcouffin.log
2008-01-22 22:58:23 47360 --a------ C:\Documents and Settings\whuang2\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-01-22 22:58:23 1144 --a------ C:\Documents and Settings\whuang2\Application Data\pcouffin.inf
2008-01-22 22:58:23 7176 --a------ C:\Documents and Settings\whuang2\Application Data\pcouffin.cat
2008-01-22 22:58:23 81920 --a------ C:\Documents and Settings\whuang2\Application Data\ezpinst.exe
2008-01-17 14:22:07 0 d-------- C:\Program Files\Google
2008-01-17 10:21:46 0 d-------- C:\Program Files\Sonic
2008-01-17 10:19:11 0 d-------- C:\Program Files\Ashampoo
2008-01-17 08:25:37 0 d-------- C:\Program Files\Iconix
2008-01-17 03:07:21 0 d-------- C:\Program Files\Java
2008-01-13 21:53:27 0 d-------- C:\Program Files\Skype Recorder
2008-01-11 05:06:48 0 d-------- C:\Program Files\Common Files\Scanner
2008-01-04 04:03:22 0 d-------- C:\Documents and Settings\whuang2\Application Data\Apple Computer
2007-12-24 22:12:53 0 d-------- C:\Documents and Settings\whuang2\Application Data\Ashampoo
2007-12-24 01:49:39 13047 --a------ C:\Documents and Settings\whuang2\Application Data\Comma Separated Values (Windows).CAL
2007-12-08 21:11:08 0 d-------- C:\Documents and Settings\whuang2\Application Data\Macromedia
2007-12-01 23:27:22 0 d-------- C:\Program Files\VideoLAN
2007-12-01 02:15:50 0 d-------- C:\Documents and Settings\whuang2\Application Data\DemoCreator
2007-11-29 02:27:16 0 d-------- C:\Program Files\Logitech
2007-11-28 05:03:21 0 d-------- C:\Program Files\Wondershare
2007-11-16 02:45:06 4096 --a------ C:\WINDOWS\system32\crash
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/20/2005 08:11 AM]
"AGRSMMSG"="AGRSMMSG.exe" [01/30/2006 12:00 AM C:\WINDOWS\AGRSMMSG.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/31/2006 03:01 PM]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [06/07/2007 02:12 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [11/08/2006 09:28 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [11/08/2006 09:22 AM]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [02/14/2006 09:49 AM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 04:41 PM]
"Pointsec Tray"="C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe" [12/04/2006 04:49 PM]
"DIRECT!"="C:\Program Files\Courion Corporation\Identity Management Suite DIRECT!\direct.exe" [09/02/2004 02:52 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"IconixOEAddOn"="C:\Program Files\Iconix\OEAddOn\OEdmn_3.exe" [01/17/2008 08:24 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 05:24 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"IntelAPMClient"="C:\Program Files\LANDesk\LDCLient\amclient.exe" [06/12/2007 02:03 PM]
"SDClientMonitor"="C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe" [11/01/2006 08:06 AM]
"V0250Mon.exe"="C:\WINDOWS\V0250Mon.exe" [06/08/2006 01:00 AM]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [06/09/2006 01:11 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 01:25 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 12:39 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 09:56 PM]
"amva"="C:\WINDOWS\system32\amvo.exe" [01/27/2008 06:57 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"H/PC Connection Agent"=C:\PROGRA~1\MI3AA1~1\wcescomm.exe
"amva"=C:\WINDOWS\system32\amvo.exe
C:\Documents and Settings\whuang2\Start Menu\Programs\Startup\
Logitech Internet Handset.lnk - C:\Program Files\Logitech\Logitech Internet Handset\LOGI_HDS.exe [10/6/2006 3:37:48 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2/27/2006 4:02:06 PM]
VPN Client.lnk - C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [4/20/2007 7:41:53 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun]
"1"=abc-win32-v3.1.exe
"2"=aresregular208_installer.exe
"3"=azureus.exe
"4"=Azureus_2.5.0.0_BitTyrant_Win32.setup.exe
"5"=azureus_2.5.0.0_win32.exe
"6"=bitcomet_setup.exe
"7"=BitLord_1.01.exe
"8"=cdplusplus-0.689.exe
"9"=kazaa.exe
"10"=kazaa_setup.exe
"11"=kazaa300_en.exe
"12"=kazaa325_en.exe
"13"=kazaa326_en.exe
"14"=kazaa327_en.exe
"15"=limewire.exe
"16"=limewirewin.exe
"17"=limewirewin.exe
"18"=limewirewin4.12.4.exe
"19"=limewirewin4.12.6.exe
"20"=limewirewin-full.exe
"21"=morpheus.exe
"22"=morpheustoolbar.exe
"23"=mygoldkazaa.exe
"24"=mymorpheustoolbar.exe
"25"=Shareaza_2.2.5.0.exe
"26"=tbtsetup51.exe
"27"=utorrent.exe
"28"=utorrent.exe
"29"=utorrent-1.6.1-beta-install.exe
"30"=utorrent-1.7-beta-1355.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1DBD6574-D6D0-4782-94C3-69619E719765}"= C:\WINDOWS\HELP\F3C74E3FA248.dll [01/22/2008 09:55 PM 143872]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=AddAdmin.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]
"Script"=CWStartup.bat
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
backup=C:\WINDOWS\pss\DVD Check.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype Recorder]
C:\Program Files\Skype Recorder\Skype Recorder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a
-- End of Deckard's System Scanner: finished at 2008-01-27 09:04:17 ------------
Extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Core2 CPU T7200 @ 2.00GHz
CPU 1: Intel® Core2 CPU T7200 @ 2.00GHz
Percentage of Memory in Use: 72%
Physical Memory (total/avail): 1023.08 MiB / 283.12 MiB
Pagefile Memory (total/avail): 2457.04 MiB / 1771.95 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.55 MiB
C: is Fixed (NTFS) - 74.53 GiB total, 23.86 GiB free.
D: is CDROM (No Media)
Y: is Network (Unformatted)
\\.\PHYSICALDRIVE0 - HTS721080G9SA00 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AV: Trend Micro OfficeScan Antivirus v8.0 (TrendAntiVirus)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\LANDesk\\LDCLient\\AdvanceAgent.exe"="C:\\Program Files\\LANDesk\\LDCLient\\AdvanceAgent.exe:*:Enabled:LANDesk Advance Agent"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\cba\\pds.exe"="C:\\WINDOWS\\system32\\cba\\pds.exe:*:Enabled:LANDesk Ping Discovery Service"
"C:\\WINDOWS\\system32\\msgsys.exe"="C:\\WINDOWS\\system32\\msgsys.exe:*:Enabled:LANDesk Message Service"
"C:\\Program Files\\LANDesk\\LDClient\\issuser.exe"="C:\\Program Files\\LANDesk\\LDClient\\issuser.exe:*:Enabled:LANDesk Remote Control Agent"
"C:\\Program Files\\LANDesk\\LDClient\\tmcsvc.exe"="C:\\Program Files\\LANDesk\\LDClient\\tmcsvc.exe:*:Enabled:LANDesk Targeted Multicast"
"C:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"="C:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe:*:Enabled:LANDesk® Management Agent"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\msgsys.exe"="C:\\WINDOWS\\system32\\msgsys.exe:*:Disabled:CBA -- Message System"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\KT\\ConnectionManager\\ConnectionManager.exe"="C:\\Program Files\\KT\\ConnectionManager\\ConnectionManager.exe:*:Enabled:KT NESPOT CM"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\hp_clj2600n_Full_Solution\\SETUP.EXE"="C:\\hp_clj2600n_Full_Solution\\SETUP.EXE:*:Enabled:Setup"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="C:\\Program Files\\QuickTime\\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"="C:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe:*:Enabled:LANDesk® Management Agent"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\whuang2\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=WABOTHLP0293169
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\whuang2
HOMESHARE=\\WANEWPORFS02\WHuang2
HOSTNAME=WABOTHLP0293169
LDMS_LOCAL_DIR=C:\Program Files\LANDesk\LDClient\Data
LOCALFS=TMobile-West
LOGONSERVER=\\WAPRDDCGSM01
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\whuang2\LOCALS~1\Temp
TMP=C:\DOCUME~1\whuang2\LOCALS~1\Temp
USERDNSDOMAIN=GSM1900.ORG
USERDOMAIN=GSM1900
USERNAME=WHuang2
USERPROFILE=C:\Documents and Settings\whuang2
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
ckastel
Officescan
(new local, admin)glopez7
(new local, net ready)ahernan52
(admin)whuang2
(admin)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 --> MsiExec.exe /X{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Reader Korean Fonts --> MsiExec.exe /I{AC76BA86-7AD7-5676-5A64-7E8A45000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.03 --> MsiExec.exe /I{C427D012-CFE1-47B8-97A5-E8BD2E8DFD8F}
Advanced Video FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
Agere Systems HDA Modem --> agrsmdel
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AR System User 6.00.01.1373 --> MsiExec.exe /X{C39F243A-8D14-499A-A8F5-16019C1F71F7}
ATI Catalyst Control Center --> MsiExec.exe /I{19E08ED2-9936-4740-BAA7-366AB306D3E8}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
CA Yahoo! Anti-Spy (remove only) --> "C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
Chinese Simplified Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-2447-0000-800000000003}
Citrix Presentation Server Client --> MsiExec.exe /I{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Creative Live! Cam Notebook Pro Driver (1.02.06.0627) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0250.uns -unsext NT -plugin V0250Pin.dll -pluginres CtCamPin.crl
Crystal ActiveX 9.2.2.716 --> MsiExec.exe /I{4D8F443D-03D6-4F3F-B1B9-D5B2793383AE}
CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
DemoCreator --> "C:\Program Files\Wondershare\DemoCreator\unins000.exe"
DropMyRights --> MsiExec.exe /X{98C12C67-D0C2-4ED4-88BD-1F6F5152980B}
DVD Decrypter (Remove Only) --> "C:\Documents and Settings\whuang2\Desktop\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EC Software TNT Screen Capture 2.1 --> "C:\Program Files\TNT Screen Capture\unins000.exe"
Flash Player 9.0.16 --> MsiExec.exe /X{32A3C2BF-F2F2-470F-B091-4A62E2162B16}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Integrated Module with Bluetooth wireless technology --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Product Detection --> MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP VantagePoint for UNIX Java Console --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\HP VP Java Console\Uninst.isu"
HP Wireless Assistant 2.00 E1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\Setup.exe" -l0x9 hpquninst
Iconix™ eMail ID --> "C:\Program Files\Iconix\Iconix_Uninstaller.exe"
Identity Management Suite DIRECT! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{332C4D4B-E595-405D-9C32-26AC38464BC3}\setup.exe"
IEPrivBar --> MsiExec.exe /X{E0863FF1-05EF-4EE8-B924-9A9272945F34}
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterVideo DVD Check --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Introscope Workstation 7.1.P4 --> "C:\Introscope7.1.P4\UninstallerData\ws\Uninstall Introscope Workstation.exe"
iPassConnect --> MsiExec.exe /X{7E85840D-3E9C-456F-896A-417982F344D7}
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Codec Pack 3.01 Full --> "C:\Program Files\K-Lite\unins000.exe"
Korean Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5670-0000-800000000003}
LANDesk Advance Agent --> MsiExec.exe /I{37A55539-D5A9-498F-B50F-9D5F03F8A286}
LANDesk Advance Agent --> MsiExec.exe /I{7E8833A1-AF24-4CAE-82DF-CFE14C14B94D}
LANDesk Advance Agent --> MsiExec.exe /I{B360F766-73DA-4474-AE50-D5EBD227C72A}
Logitech Internet Handset --> MsiExec.exe /X{B6383181-6F47-4BA4-8B34-52E5FA122FC3}
Magic Button --> C:\Program Files\Microsoft ActiveSync\Magic Button\Uninstall.exe Magic Button
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{90CC4231-94AC-45CD-991A-0253BFAC0650}
mGina --> MsiExec.exe /I{DF6B8EA9-32CF-4937-BADF-6CF43313C9FC}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Viewer 2003 (English) --> MsiExec.exe /I{90520409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\whuang2\Application Data\Move Networks\ie_bin\Uninst.exe
Moyea DVD Ripper version 1.1.2.14 --> "C:\Program Files\Moyea\DVD Ripper\unins000.exe"
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
MyWorkLife Icon 4.4.0 --> MsiExec.exe /I{9865D4E5-11AB-400A-9A31-666B3A2BD500}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero 7 --> MsiExec.exe /X{26D3E377-1DCA-4043-9410-B4A9BACF1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Performance Management Icon 2.0 --> MsiExec.exe /X{04A127DF-05F0-46FC-AF64-79A998AABD7F}
Pocket Informant Pro 2007 --> C:\Program Files\Pocket Informant\uninst.exe
Pointsec for PC --> MsiExec.exe /X{31B33270-24D7-4307-84F2-A3288636B83A}
QuickTime -->