Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vundo won't go away, can't delete. Please help.


  • Please log in to reply

#1
MBison

MBison

    Member

  • Member
  • PipPip
  • 27 posts
While visiting what I thought was a clean site (I've been there before) I got bombarded with several Downloader and Adware assaults. Norton claimed it blocked it but it didn't seem to actually. I deleted stuff in my processes and in my startup list and also ran AVG anti-spyware and it found some stuff so I deleted it all. However, I still have stuff and AVG (latest definitions) isn't finding it and getting rid of it. Thankfully I found it.

There are four associated files in my System32 directory:

qomlife.dll
ddccb.dll
lvfijvei.dll
mckoiqfi.dll

All three of these have been added to my Internet Explorer's Browser Help Objects.

I ran "StartupList 2.02" and found them in there:

--------------------

Browser Helper Objects (9):

(no name) = {243B17DE-77C7-46BF-B94B-0B5F309A0E64} = C:\Program Files\Microsoft Money\System\mnyside.dll
(no name) = {37A11A7B-9184-45A0-BB03-3E5B0D51B2DD} = C:\WINDOWS\System32\ddccb.dll
(no name) = {53707962-6F74-2D53-2644-206D7942484F} = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
(no name) = {98663E21-9CCE-4CF6-863C-911A9523A66F} = C:\WINDOWS\System32\qomlife.dll
(no name) = {A95B2816-1D7E-4561-A202-68C0DE02353A} = C:\WINDOWS\System32\lvfijvei.dll
{d117ef9d-84e7-c87a-2b34-010571500c59} = {95c00517-5010-43b2-a78c-7e48d9fe711d} = C:\WINDOWS\System32\mckoiqfi.dll
AcroIEHlprObj Class = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
Google Toolbar Helper = {AA58ED58-01DD-4d91-8333-CF10577473F7} = c:\program files\google\googletoolbar6.dll
Google Toolbar Notifier BHO = {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} = C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

---------------------

I've tried to delete these files but they are being used by a process. I tried loading in safe mode and deleting but that didn't work either.

I searched my registry for these files and qomlife and lvfijvei are in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Winlogon\Notify area. Also I see the Browser Helper Objects in the respective section.

However when I try to delete these entries from my registry, it doesn't work. I exit my registry and they're back once again.

ARGH. I hate this stuff. Can please some kind soul please help me :) I'm posting both my Hijack This log and my StartupList log. But I think I found the problem but I can't figure out how on earth to get rid of them.

Thanks so much in advance

Logfile of HijackThis v1.99.1
Scan saved at 4:39:11 AM, on 2/3/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Doug Radcliffe\Desktop\Hijack This\StartupList.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Doug Radcliffe\Desktop\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluesnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...C_2.3.3.102.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5968C159-7F94-4201-BE42-A88A8F5DF472}: NameServer = 205.152.144.23
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


StartupList report, 2/3/2008, 4:45:22 AM
StartupList version 2.02.0
Started from: C:\Documents and Settings\Doug Radcliffe\Desktop\Hijack This\StartupList.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Logged on as 'Doug Radcliffe' to 'PHOD'
* Using default options (see end of log for possible options)
==================================================

Running processes (35):

[C:\Documents and Settings\Doug Radcliffe\Desktop\Hijack This\StartupList.exe (35)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\System32\asycfilt.dll
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\System32\ctagent.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\mscomctl.ocx
C:\WINDOWS\System32\MSCTF.dll
C:\WINDOWS\System32\msi.dll
C:\WINDOWS\System32\mslbui.dll
C:\WINDOWS\System32\MSVBVM60.DLL
C:\WINDOWS\System32\MSVCP60.dll
C:\WINDOWS\system32\MSVCRT.DLL
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\System32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\Secur32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\System32\SXS.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\System32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\System32\wbem\fastprox.dll
C:\WINDOWS\System32\wbem\wbemcomn.dll
C:\WINDOWS\System32\wbem\wbemdisp.dll
C:\WINDOWS\System32\wbem\wbemprox.dll
C:\WINDOWS\System32\wbem\wbemsvc.dll
C:\WINDOWS\System32\wbem\wmiutils.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

[C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (25)]
C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll
C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.ENU
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\System32\DINPUT8.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\System32\HID.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\MSCTF.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\SETUPAPI.DLL
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\System32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\System32\WINMM.DLL
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

[C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (5)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\MSVCR70.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\system32\RPCRT4.dll

[C:\Program Files\Common Files\Real\Update_OB\realsched.exe (13)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\MSCTF.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\System32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\System32\uxtheme.dll
C:\WINDOWS\system32\WLDAP32.dll

[C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (56)]
C:\PROGRA~1\COMMON~1\SYMANT~1\ccEvtCli.dll
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AV.loc
C:\Program Files\Common Files\Symantec Shared\AntiVirus\avDefMgr.dll
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVExclu.dll
C:\Program Files\Common Files\Symantec Shared\AntiVirus\avModule.dll
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVScan.dll
C:\Program Files\Common Files\Symantec Shared\AppCore\AppMgr32.dll
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSet32.dll
C:\Program Files\Common Files\Symantec Shared\ccL60U.dll
C:\Program Files\Common Files\Symantec Shared\ccProSub.dll
C:\Program Files\Common Files\Symantec Shared\ccScanw.dll
C:\Program Files\Common Files\Symantec Shared\ccSvc.dll
C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
C:\Program Files\Common Files\Symantec Shared\DefUtDCD.dll
C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL
C:\Program Files\Common Files\Symantec Shared\MSL\msl.dll
C:\Program Files\Common Files\Symantec Shared\QBackup.dll
C:\Program Files\Common Files\Symantec Shared\SRTSP\Srtsp32.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\System32\ATL71.DLL
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\System32\Crypt32.dll
C:\WINDOWS\System32\DBGHELP.DLL
C:\WINDOWS\System32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\System32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\System32\msi.dll
C:\WINDOWS\System32\MSVCP71.dll
C:\WINDOWS\System32\MSVCR71.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\mswsock.dll
C:\WINDOWS\System32\netapi32.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\System32\rasadhlp.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\rsaenh.dll
C:\WINDOWS\System32\secur32.dll
C:\WINDOWS\System32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\System32\WinTrust.dll
C:\WINDOWS\System32\ws2_32.dll
C:\WINDOWS\System32\WS2HELP.dll
C:\WINDOWS\System32\WSOCK32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

[C:\Program Files\Common Files\Symantec Shared\ccApp.exe (77)]
C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\ccEvtCli.dll
C:\PROGRA~1\COMMON~1\SYMANT~1\rcEmlPxy.dll
C:\PROGRA~1\NORTON~1\AVPAPP32.DLL
C:\PROGRA~1\NORTON~1\AVPAPP32.loc
C:\PROGRA~1\NORTON~1\DEFALERT.DLL
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVExclu.dll
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVIfc.dll
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVMail.dll
C:\Program Files\Common Files\Symantec Shared\AppCore\AppMgr32.dll
C:\Program Files\Common Files\Symantec Shared\AppCore\AppPlg32.dll
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSet32.dll
C:\Program Files\Common Files\Symantec Shared\ccL60U.dll
C:\Program Files\Common Files\Symantec Shared\ccProSub.dll
C:\Program Files\Common Files\Symantec Shared\ccSet.dll
C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll
C:\Program Files\Common Files\Symantec Shared\ccSvc.dll
C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
C:\Program Files\Common Files\Symantec Shared\CF\PEP2.dll
C:\Program Files\Common Files\Symantec Shared\COH\sesHlp.dll
C:\Program Files\Common Files\Symantec Shared\NPC\DataPvdr.dll
C:\Program Files\Common Files\Symantec Shared\NPC\npcTRAY.dll
C:\Program Files\Common Files\Symantec Shared\NPC\NSCHlpr2.dll
C:\Program Files\Common Files\Symantec Shared\NPC\NSCWSCR2.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\pcStatus.dll
C:\Program Files\Common Files\Symantec Shared\NPC\PEPEvnt.dll
C:\Program Files\Common Files\Symantec Shared\NPC\uiLicPlg.dll
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll
C:\Program Files\Norton AntiVirus\fwAlert.dll
C:\Program Files\Norton AntiVirus\fwAlRes.dll
C:\Program Files\Norton AntiVirus\fwEvent.dll
C:\Program Files\Norton AntiVirus\IMCfg.dll
C:\Program Files\Norton AntiVirus\isDataCl.dll
C:\Program Files\Norton AntiVirus\SetEvtHp.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\System32\ATL71.DLL
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\System32\Crypt32.dll
C:\WINDOWS\System32\ctagent.dll
C:\WINDOWS\System32\DBGHELP.DLL
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\System32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\System32\MSCTF.dll
C:\WINDOWS\System32\msi.dll
C:\WINDOWS\System32\MSVCP71.dll
C:\WINDOWS\System32\MSVCR71.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\MSWSOCK.dll
C:\WINDOWS\System32\NETAPI32.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\Secur32.dll
C:\WINDOWS\System32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\System32\SymNeti.dll
C:\WINDOWS\System32\SymRedir.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\System32\WINSPOOL.DRV
C:\WINDOWS\System32\WINSTA.dll
C:\WINDOWS\System32\WinTrust.dll
C:\WINDOWS\System32\ws2_32.dll
C:\WINDOWS\System32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\System32\WSOCK32.dll
C:\WINDOWS\System32\Wtsapi32.dll
C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\COMCTL32.dll

[C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (94)]
C:\PROGRA~1\COMMON~1\SYMANT~1\CCEVTPLG.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETPLG.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\FIREWALL\FWAGENT.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\NPC\NPCWMIMN.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\OPC\{31011~1\CLTNETCN.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\PIF\{B8E1D~1\PIFENG.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSVC.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\TPROCPLG.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\SRTSP\SRTSP32.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\SUBMIS~1\SUBENG.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\SUBMIS~1\SUBRES.loc
C:\PROGRA~1\NORTON~1\AVPSVC32.DLL
C:\PROGRA~1\NORTON~1\AVPSVC32.loc
C:\PROGRA~1\NORTON~1\ISDATASV.DLL
C:\PROGRA~1\NORTON~1\NAVEVENT.DLL
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVIfc.dll
C:\Program Files\Common Files\Symantec Shared\AppCore\AppMgr32.dll
C:\Program Files\Common Files\Symantec Shared\ccEvtCli.dll
C:\Program Files\Common Files\Symantec Shared\ccL60.dll
C:\Program Files\Common Files\Symantec Shared\ccL60U.dll
C:\Program Files\Common Files\Symantec Shared\ccProSub.dll
C:\Program Files\Common Files\Symantec Shared\ccSet.dll
C:\Program Files\Common Files\Symantec Shared\ccSvc.dll
C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
C:\Program Files\Common Files\Symantec Shared\Firewall\FWHelper.dll
C:\Program Files\Common Files\Symantec Shared\SPBBC\bbRGen.dll
C:\Program Files\Norton AntiVirus\AVSubmit.dll
C:\Program Files\Norton AntiVirus\AVSubmit.loc
C:\Program Files\Norton AntiVirus\fwEvent.dll
C:\Program Files\Norton AntiVirus\fwPlugin.dll
C:\Program Files\Norton AntiVirus\IMCfg.dll
C:\Program Files\Norton AntiVirus\isDataCl.dll
C:\Program Files\Norton AntiVirus\SetEvtHp.dll
C:\WINDOWS\System32\ACTIVEDS.dll
C:\WINDOWS\System32\adsldpc.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\System32\ATL.DLL
C:\WINDOWS\System32\ATL71.DLL
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\System32\Crypt32.dll
C:\WINDOWS\System32\DBGHELP.DLL
C:\WINDOWS\System32\DHCPCSVC.DLL
C:\WINDOWS\System32\DNSAPI.dll
C:\WINDOWS\System32\ESENT.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\System32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\MPRAPI.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\System32\msi.dll
C:\WINDOWS\System32\MSVCP71.dll
C:\WINDOWS\System32\MSVCR71.dll
C:\WINDOWS\system32\MSVCRT.DLL
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\System32\NETAPI32.dll
C:\WINDOWS\System32\netman.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\System32\RASAPI32.DLL
C:\WINDOWS\System32\rasman.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\rsaenh.dll
C:\WINDOWS\System32\rtutils.dll
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\System32\Secur32.dll
C:\WINDOWS\System32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\SYSTEM32\SYMNETI.DLL
C:\WINDOWS\System32\TAPI32.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\System32\wbem\wbemcomn.dll
C:\WINDOWS\System32\wbem\wbemprox.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\System32\WINMM.dll
C:\WINDOWS\System32\WINSTA.dll
C:\WINDOWS\System32\WinTrust.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\System32\WMI.dll
C:\WINDOWS\System32\ws2_32.dll
C:\WINDOWS\System32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\System32\WSOCK32.dll
C:\WINDOWS\System32\WTSAPI32.dll
C:\WINDOWS\System32\WZCSvc.DLL
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

[C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE (15)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\MFC42.DLL
C:\WINDOWS\System32\MSCTF.dll
C:\WINDOWS\system32\MSVCRT.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\System32\uxtheme.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

[C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (35)]
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.crl
C:\Program Files\Creative\Shared Files\CTIniF.dll
C:\Program Files\Creative\Shared Files\CTRender.dll
C:\Program Files\Creative\Shared Files\CtrlSrc.dll
C:\Program Files\Creative\Shared Files\CTTheme.dll
C:\Program Files\Creative\Shared Files\GDICtrl.skc
C:\Program Files\Creative\Shared Files\mxlib.dll
C:\Program Files\Creative\Shared Files\RTXCtrl.skc
C:\WINDOWS\CTDCRES.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\System32\ctagent.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\MFC42.DLL
C:\WINDOWS\System32\midimap.dll
C:\WINDOWS\System32\MSACM32.dll
C:\WINDOWS\System32\msacm32.drv
C:\WINDOWS\System32\MSCTF.dll
C:\WINDOWS\system32\MSVCRT.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\system32\OLE32.DLL
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\System32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\System32\wdmaud.drv
C:\WINDOWS\System32\WINMM.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

[C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (46)]
C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll
C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_en.dll
C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
C:\WINDOWS\System32\ACTIVEDS.dll
C:\WINDOWS\System32\adsldpc.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\System32\ATL.DLL
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\System32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\MPRAPI.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\System32\MSCTF.dll
C:\WINDOWS\System32\msi.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\NETAPI32.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\system32\OLE32.DLL
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\System32\PSAPI.DLL
C:\WINDOWS\System32\RASAPI32.dll
C:\WINDOWS\System32\rasman.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\rtutils.dll
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\System32\Secur32.dll
C:\WINDOWS\System32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\System32\SXS.DLL
C:\WINDOWS\System32\TAPI32.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\System32\WINMM.dll
C:\WINDOWS\System32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\System32\WS2_32.dll
C:\WINDOWS\System32\WS2HELP.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (23)]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\System32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\System32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\System32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\System32\SHFOLDER.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\System32\WINMM.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\System32\WS2_32.dll
C:\WINDOWS\System32\WS2HELP.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

[C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (21)]
C:\Program Files\Intel\NCS\PROSet\8023\ENUPCMRs.dll
C:\Program Files\Intel\NCS\PROSet\8023\PNC802_3.dll
C:\Program Files\Intel\NCS\PROSet\ENUPGUIR.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\MSCTF.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\System32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

[C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe (15)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\system32\OLE32.DLL
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\System32\uxtheme.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

[C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (25)]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\CoreDll.dll
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\FileAssoc.dll
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMC70U.DLL
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMVCP70.dll
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMVCR70.dll
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\ObjectManager.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\MSCTF.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\msxml3.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\System32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

[C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe (17)]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMVCP70.dll
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMVCR70.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\MSCTF.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\System32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll

[C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (34)]
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\CDUDFLIB.dll
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\UDFRWLIB.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\System32\ATL.DLL
C:\WINDOWS\System32\cdral.DLL
C:\WINDOWS\System32\CDRTC.DLL
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\System32\ctagent.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\LINKINFO.dll
C:\WINDOWS\System32\MSCTF.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\NETAPI32.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\System32\ntshrui.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\System32\oledlg.dll
C:\WINDOWS\System32\OLEPRO32.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\System32\SHFOLDER.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\System32\WINSPOOL.DRV
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

[C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (35)]
C:\Program Files\Common Files\Symantec Shared\ccL60U.dll
C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
C:\Program Files\Symantec\LiveUpdate\MSVCP71.dll
C:\Program Files\Symantec\LiveUpdate\MSVCR71.dll
C:\Program Files\Symantec\LiveUpdate\PSLuComServer_3_1.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\System32\Crypt32.dll
C:\WINDOWS\System32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\System32\msi.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\netapi32.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\System32\rasadhlp.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\rsaenh.dll
C:\WINDOWS\System32\secur32.dll
C:\WINDOWS\System32\SETUPAPI.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\userenv.dll
C:\WINDOWS\System32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\System32\WinTrust.dll
C:\WINDOWS\System32\WS2_32.dll
C:\WINDOWS\System32\WS2HELP.dll
C:\WINDOWS\System32\WSOCK32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

[C:\WINDOWS\explorer.exe (88)]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
C:\Program Files\Microsoft Money\System\misstub.dll
C:\Program Files\Microsoft Money\System\mnyside.dll
C:\WINDOWS\System32\ACTIVEDS.dll
C:\WINDOWS\System32\ACTXPRXY.DLL
C:\WINDOWS\System32\adsldpc.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\appHelp.dll
C:\WINDOWS\System32\ATL.DLL
C:\WINDOWS\System32\BatMeter.dll
C:\WINDOWS\System32\browselc.dll
C:\WINDOWS\System32\BROWSEUI.dll
C:\WINDOWS\System32\CFGMGR32.dll
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\system32\credui.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\System32\CSCDLL.dll
C:\WINDOWS\System32\cscui.dll
C:\WINDOWS\System32\ctagent.dll
C:\WINDOWS\System32\davclnt.dll
C:\WINDOWS\System32\ddccb.dll
C:\WINDOWS\System32\drprov.dll
C:\WINDOWS\System32\DUSER.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\System32\IMM32.dll
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\LINKINFO.dll
C:\WINDOWS\system32\lvfijvei.dll
C:\WINDOWS\System32\mckoiqfi.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\System32\MSCTF.dll
C:\WINDOWS\System32\msi.dll
C:\WINDOWS\System32\MSIMG32.dll
C:\WINDOWS\System32\mslbui.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\netapi32.dll
C:\WINDOWS\System32\NETRAP.dll
C:\WINDOWS\system32\NETSHELL.dll
C:\WINDOWS\System32\NETUI0.dll
C:\WINDOWS\System32\NETUI1.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\System32\ntlanman.dll
C:\WINDOWS\System32\NTMARTA.DLL
C:\WINDOWS\System32\ntshrui.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\System32\olepro32.dll
C:\WINDOWS\System32\POWRPROF.dll
C:\WINDOWS\System32\printui.dll
C:\WINDOWS\System32\qomlife.dll
C:\WINDOWS\System32\RASAPI32.dll
C:\WINDOWS\System32\rasman.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\rtutils.dll
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\System32\Secur32.dll
C:\WINDOWS\System32\setupapi.dll
C:\WINDOWS\System32\SHDOCVW.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\System32\SHFOLDER.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\System32\stobject.dll
C:\WINDOWS\System32\SXS.DLL
C:\WINDOWS\System32\TAPI32.dll
C:\WINDOWS\System32\themeui.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\System32\webcheck.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\System32\WINMM.dll
C:\WINDOWS\System32\WINSPOOL.DRV
C:\WINDOWS\System32\WINSTA.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\System32\WS2_32.dll
C:\WINDOWS\System32\WS2HELP.dll
C:\WINDOWS\System32\wsock32.dll
C:\WINDOWS\System32\WTSAPI32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

[C:\WINDOWS\regedit.exe (21)]
C:\WINDOWS\System32\ACLUI.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\System32\AUTHZ.dll
C:\WINDOWS\System32\clb.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\System32\ctagent.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\MSCTF.dll
C:\WINDOWS\System32\mslbui.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\System32\ulib.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\System32\uxtheme.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\COMCTL32.dll

[C:\WINDOWS\System32\Ati2evxx.exe (21)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\System32\Ati2edxx.dll
C:\WINDOWS\System32\atipdlxx.dll
C:\WINDOWS\System32\cfgMgr32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\MSVCRT.DLL
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\System32\powrprof.dll
C:\WINDOWS\System32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\Secur32.dll
C:\WINDOWS\System32\SETUPAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\uxtheme.dll
C:\WINDOWS\System32\WINSTA.dll
C:\WINDOWS\System32\wtsapi32.dll

[C:\WINDOWS\system32\Ati2evxx.exe (23)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Ati2edxx.dll
C:\WINDOWS\system32\ati2evxx.dll
C:\WINDOWS\system32\atipdlxx.dll
C:\WINDOWS\system32\cfgMgr32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\MSVCRT.DLL
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\powrprof.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\uxtheme.dll
C:\WINDOWS\system32\winspool.drv
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\wtsapi32.dll

[C:\WINDOWS\System32\ctfmon.exe (15)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\System32\ctagent.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\MSCTF.dll
C:\WINDOWS\System32\MSUTB.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\System32\uxtheme.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

[C:\WINDOWS\System32\CTHELPER.EXE (38)]
C:\WINDOWS\CTDCRES.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.DLL
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\System32\ctagent.dll
C:\WINDOWS\SYSTEM32\CTDC0001.DLL
C:\WINDOWS\SYSTEM32\CTDCIFCE.DLL
C:\WINDOWS\SYSTEM32\CTDPROXY.DLL
C:\WINDOWS\SYSTEM32\ctosuser.dll
C:\WINDOWS\System32\ctspkhlp.dll
C:\WINDOWS\System32\DSOUND.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\KsUser.dll
C:\WINDOWS\System32\MFC42.DLL
C:\WINDOWS\System32\midimap.dll
C:\WINDOWS\System32\MSACM32.dll
C:\WINDOWS\System32\msacm32.drv
C:\WINDOWS\System32\MSCTF.dll
C:\WINDOWS\System32\mslbui.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\System32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\SYSTEM32\PIAPROXY.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\System32\SETUPAPI.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\System32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\System32\wdmaud.drv
C:\WINDOWS\SYSTEM32\WINMM.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

[C:\WINDOWS\System32\CTsvcCDA.exe (6)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\USER32.dll

[C:\WINDOWS\System32\DSentry.exe (13)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\MFC42.DLL
C:\WINDOWS\System32\MSCTF.dll
C:\WINDOWS\system32\MSVCRT.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\System32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\System32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\System32\WINMM.dll

Edited by MBison, 03 February 2008 - 01:23 PM.

  • 0

Advertisements


#2
MBison

MBison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
[C:\WINDOWS\system32\lsass.exe (53)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\System32\ddccb.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\System32\dssenh.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\ipsecsvc.dll
C:\WINDOWS\system32\kerberos.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LSASRV.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msprivs.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\netlogon.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\system32\NTDSAPI.dll
C:\WINDOWS\system32\oakley.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\psbase.dll
C:\WINDOWS\system32\pstorsvc.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\rsaenh.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\SAMSRV.dll
C:\WINDOWS\system32\scecli.dll
C:\WINDOWS\system32\schannel.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\setupapi.dll
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\SHFOLDER.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\w32time.dll
C:\WINDOWS\system32\wdigest.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\WINIPSEC.DLL
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

[C:\WINDOWS\System32\MsPMSPSv.exe (11)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSVCRT.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\System32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\WLDAP32.dll

[C:\WINDOWS\System32\PnkBstrA.exe (21)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\System32\WINTRUST.dll
C:\WINDOWS\System32\WS2_32.dll
C:\WINDOWS\System32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\System32\WSOCK32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

[C:\WINDOWS\system32\services.exe (21)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
C:\WINDOWS\system32\AUTHZ.dll
C:\WINDOWS\system32\eventlog.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NCObjAPI.DLL
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SCESRV.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\umpnpmgr.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\wtsapi32.dll

[C:\WINDOWS\System32\smss.exe (1)]
C:\WINDOWS\System32\ntdll.dll

[C:\WINDOWS\system32\spoolsv.exe (39)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\cnbjmon.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\icmp.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\inetpp.dll
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\localspl.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\mswsock.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\NETRAP.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\pjlmon.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\sfc_os.dll
C:\WINDOWS\system32\SPOOLSS.DLL
C:\WINDOWS\system32\tcpmon.dll
C:\WINDOWS\system32\usbmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\win32spl.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\winspool.drv
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll

[C:\WINDOWS\System32\svchost.exe (138)]
c:\windows\pchealth\helpctr\binaries\pchsvc.dll
C:\WINDOWS\System32\ACTIVEDS.dll
C:\WINDOWS\System32\adsldpc.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\System32\ATL.DLL
c:\windows\system32\audiosrv.dll
c:\windows\system32\AUTHZ.dll
c:\windows\system32\browser.dll
C:\WINDOWS\System32\Cabinet.dll
c:\windows\system32\certcli.dll
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\System32\CLUSAPI.DLL
C:\WINDOWS\system32\colbact.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\system32\comsvcs.dll
C:\WINDOWS\system32\credui.dll
C:\WINDOWS\system32\CRYPT32.dll
c:\windows\system32\cryptsvc.dll
C:\WINDOWS\System32\CRYPTUI.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\ersvc.dll
c:\windows\system32\es.dll
c:\windows\system32\ESENT.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\System32\h323.tsp
C:\WINDOWS\System32\HID.DLL
C:\WINDOWS\System32\hidphone.tsp
C:\WINDOWS\System32\hnetcfg.dll
c:\windows\system32\ICAAPI.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\System32\ipconf.tsp
c:\windows\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\kmddsp.tsp
C:\WINDOWS\System32\MPRAPI.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\System32\msi.dll
C:\WINDOWS\System32\MSIDLE.DLL
C:\WINDOWS\System32\mspatcha.dll
c:\windows\system32\mstlsapi.dll
C:\WINDOWS\system32\msv1_0.dll
c:\windows\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\MTXCLU.DLL
C:\WINDOWS\System32\mtxoci.dll
C:\WINDOWS\System32\NCObjAPI.DLL
C:\WINDOWS\System32\ndptsp.tsp
c:\windows\system32\NETAPI32.dll
c:\windows\system32\netcfgx.dll
c:\windows\system32\netman.dll
C:\WINDOWS\system32\NETSHELL.dll
C:\WINDOWS\System32\ntdll.dll
c:\windows\system32\NTDSAPI.dll
C:\WINDOWS\System32\ntlsapi.dll
C:\WINDOWS\System32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
c:\windows\system32\POWRPROF.dll
c:\windows\system32\PSAPI.DLL
C:\WINDOWS\System32\rasadhlp.dll
C:\WINDOWS\System32\RASAPI32.dll
C:\WINDOWS\System32\raschap.dll
C:\WINDOWS\System32\RASDLG.dll
C:\WINDOWS\System32\rasman.dll
c:\windows\system32\rasmans.dll
C:\WINDOWS\System32\rasppp.dll
C:\WINDOWS\System32\rastapi.dll
C:\WINDOWS\System32\rastls.dll
C:\WINDOWS\System32\REGAPI.dll
C:\WINDOWS\System32\RESUTILS.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\rsaenh.dll
c:\windows\system32\rtutils.dll
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\System32\SCHANNEL.dll
c:\windows\system32\schedsvc.dll
c:\windows\system32\seclogon.dll
c:\windows\system32\Secur32.dll
c:\windows\system32\sens.dll
C:\WINDOWS\System32\SETUPAPI.DLL
C:\WINDOWS\System32\sfc.dll
C:\WINDOWS\System32\sfc_os.dll
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\SHLWAPI.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\srsvc.dll
c:\windows\system32\srvsvc.dll
C:\WINDOWS\System32\SSDPAPI.dll
C:\WINDOWS\System32\SXS.DLL
C:\WINDOWS\System32\TAPI32.dll
c:\windows\system32\tapisrv.dll
c:\windows\system32\termsrv.dll
c:\windows\system32\trkwks.dll
C:\WINDOWS\System32\unimdm.tsp
C:\WINDOWS\System32\uniplat.dll
C:\WINDOWS\System32\upnp.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\System32\VSSAPI.DLL
c:\windows\system32\w32time.dll
C:\WINDOWS\System32\Wbem\esscli.dll
C:\WINDOWS\System32\Wbem\FastProx.dll
C:\WINDOWS\System32\wbem\ncprov.dll
C:\WINDOWS\System32\wbem\repdrvfs.dll
c:\windows\system32\wbem\wbemcomn.dll
C:\WINDOWS\System32\Wbem\wbemcore.dll
C:\WINDOWS\System32\wbem\wbemess.dll
C:\WINDOWS\System32\wbem\wbemsvc.dll
C:\WINDOWS\System32\wbem\wmiprvsd.dll
c:\windows\system32\wbem\wmisvc.dll
C:\WINDOWS\System32\wbem\wmiutils.dll
C:\WINDOWS\System32\WINHTTP.dll
C:\WINDOWS\system32\WININET.dll
c:\windows\system32\WINIPSEC.DLL
C:\WINDOWS\System32\WINMM.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\System32\WinSCard.dll
C:\WINDOWS\System32\winspool.drv
C:\WINDOWS\System32\WINSTA.dll
C:\WINDOWS\System32\WINTRUST.dll
c:\windows\system32\wkssvc.dll
C:\WINDOWS\system32\WLDAP32.dll
c:\windows\system32\WMI.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\WSOCK32.dll
c:\windows\system32\WTSAPI32.dll
C:\WINDOWS\System32\wuaueng.dll
c:\windows\system32\wuauserv.dll
C:\WINDOWS\System32\wups2.dll
c:\windows\system32\wzcsvc.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

[C:\WINDOWS\system32\svchost.exe (25)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\System32\rsaenh.dll
c:\windows\system32\Secur32.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\userenv.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\WLDAP32.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll

[C:\WINDOWS\system32\winlogon.exe (63)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Ati2evxx.dll
C:\WINDOWS\system32\AUTHZ.dll
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\cscdll.dll
C:\WINDOWS\System32\cscui.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\lvfijvei.dll
C:\WINDOWS\System32\midimap.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\System32\MSACM32.dll
C:\WINDOWS\System32\msacm32.drv
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\System32\MSGINA.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NDdeApi.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\System32\NTMARTA.DLL
C:\WINDOWS\System32\ODBC32.dll
C:\WINDOWS\System32\odbcint.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PROFMAP.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\qomlife.dll
C:\WINDOWS\system32\REGAPI.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\rsaenh.dll
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\sfc.dll
C:\WINDOWS\System32\sfc_os.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\System32\SHSVCS.dll
C:\WINDOWS\System32\sxs.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\System32\wdmaud.drv
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\System32\WINMM.dll
C:\WINDOWS\System32\WINSCARD.DLL
C:\WINDOWS\System32\WINSPOOL.DRV
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\System32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WlNotify.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\WTSAPI32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

[C:\WINDOWS\System32\wuauclt.exe (26)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\System32\Cabinet.dll
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\System32\MSCTF.dll
C:\WINDOWS\System32\MSIMG32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\System32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\System32\WINTRUST.dll
C:\WINDOWS\System32\wucltui.dll
C:\WINDOWS\System32\wucltui.dll.mui
C:\WINDOWS\System32\wups2.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\COMCTL32.dll

--------------------

Autostart folders:

[Startup (1)]
DESKTOP.INI

[User Startup (1)]
DESKTOP.INI

[Common Startup (3)]
Adobe Gamma Loader.lnk
DESKTOP.INI
Microsoft Office.lnk

[User Common Startup (3)]
Adobe Gamma Loader.lnk
DESKTOP.INI
Microsoft Office.lnk

--------------------

Task Scheduler jobs (1):

Norton AntiVirus - Run Full System Scan - Doug Radcliffe.job

--------------------

IniMapping values:

System NT shell = Explorer.exe
User screensaver = C:\WINDOWS\System32\LOGON.SCR

--------------------

Autostarting batch files:

[autoexec.nt]
@echo off
lh %SystemRoot%\system32\mscdexnt.exe
lh %SystemRoot%\system32\redir
lh %SystemRoot%\system32\dosx
SET BLASTER=A220 I5 D1 P330 T3

[config.nt]
dos=high, umb
device=%SystemRoot%\system32\himem.sys
files=40

--------------------

On-reboot actions:

[Wininit.ini]
[Rename]
NUL=C:\DOCUME~1\DOUGRA~1\LOCALS~1\Temp\bdl14025.exe

BootExecute = autocheck autochk *

--------------------

Shell commands:

.bat - MS-DOS Batch File - "%1" %*
.cmd - Windows NT Command Script - "%1" %*
.com - MS-DOS Application - "%1" %*
.exe - Application - "%1" %*
.hta - HTML Application - C:\WINDOWS\System32\mshta.exe "%1" %*
.js - JScript Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.jse - JScript Encoded Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.pif - Shortcut to MS-DOS Program - "%1" %*
.scr - Screen Saver - "%1" /S
.txt - Text Document - C:\WINDOWS\system32\NOTEPAD.EXE %1
.vbe - VBScript Encoded Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.vbs - VBScript Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.wsf - Windows Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.wsh - Windows Script Host Settings File - C:\WINDOWS\System32\WScript.exe "%1" %*

--------------------

Services:

[NT Services (44)]
Ati HotKey Poller = C:\WINDOWS\System32\Ati2evxx.exe
ATI Smart = C:\WINDOWS\SYSTEM32\ati2sgag.exe
Automatic LiveUpdate Scheduler = "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
Automatic Updates = C:\WINDOWS\system32\svchost.exe -k netsvcs
AVG Anti-Spyware Guard = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Computer Browser = C:\WINDOWS\System32\svchost.exe -k netsvcs
Creative Service for CDROM Access = C:\WINDOWS\System32\CTsvcCDA.exe
Cryptographic Services = C:\WINDOWS\system32\svchost.exe -k netsvcs
DHCP Client = C:\WINDOWS\System32\svchost.exe -k netsvcs
Distributed Link Tracking Client = C:\WINDOWS\system32\svchost.exe -k netsvcs
DNS Client = C:\WINDOWS\System32\svchost.exe -k NetworkService
Error Reporting Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
Event Log = C:\WINDOWS\system32\services.exe
Help and Support = C:\WINDOWS\System32\svchost.exe -k netsvcs
IPSEC Services = C:\WINDOWS\System32\lsass.exe
LiveUpdate Notice Service = "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
LiveUpdate Notice Service Ex = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Plug and Play = C:\WINDOWS\system32\services.exe
PnkBstrA = C:\WINDOWS\System32\PnkBstrA.exe
Print Spooler = C:\WINDOWS\system32\spoolsv.exe
Protected Storage = C:\WINDOWS\system32\lsass.exe
Remote Procedure Call (RPC) = C:\WINDOWS\system32\svchost -k rpcss
Secondary Logon = C:\WINDOWS\System32\svchost.exe -k netsvcs
Security Accounts Manager = C:\WINDOWS\system32\lsass.exe
Server = C:\WINDOWS\System32\svchost.exe -k netsvcs
Shell Hardware Detection = C:\WINDOWS\System32\svchost.exe -k netsvcs
Symantec AppCore Service = "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"
Symantec Event Manager = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Symantec Lic NetConnect service = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Symantec Settings Manager = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
System Event Notification = C:\WINDOWS\system32\svchost.exe -k netsvcs
System Restore Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
Task Scheduler = C:\WINDOWS\System32\svchost.exe -k netsvcs
TCP/IP NetBIOS Helper = C:\WINDOWS\System32\svchost.exe -k LocalService
Themes = C:\WINDOWS\System32\svchost.exe -k netsvcs
Upload Manager = C:\WINDOWS\System32\svchost.exe -k netsvcs
WebClient = C:\WINDOWS\System32\svchost.exe -k LocalService
Windows Audio = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Management Instrumentation = C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Time = C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows User Mode Driver Framework = C:\WINDOWS\System32\wdfmgr.exe
Wireless Zero Configuration = C:\WINDOWS\System32\svchost.exe -k netsvcs
WMDM PMSP Service = C:\WINDOWS\System32\MsPMSPSv.exe
Workstation = C:\WINDOWS\System32\svchost.exe -k netsvcs

[VxD Services (1)]
JAVASUP = JAVASUP.VXD

[SafeBoot services (Minimal boot)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
AVG Anti-Spyware Driver
dmboot.sys
dmio.sys
dmload.sys
sermouse.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
PCI Configuration
PNP Filter
Primary disk
SCSI Class
System Bus Extender

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
AppMgmt
AVG Anti-Spyware Guard
CryptSvc
dmadmin
dmserver
EventLog
HelpSvc
Netlogon
PlugPlay
RpcSs
SRService
WinMgmt

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}


[SafeBoot services (Minimal boot + network support)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
AVG Anti-Spyware Driver
dmboot.sys
dmio.sys
dmload.sys
rdpcdd.sys
rdpdd.sys
rdpwd.sys
sermouse.sys
tdpipe.sys
tdtcp.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
NDIS
NDIS Wrapper
NetBIOSGroup
NetDDEGroup
Network
NetworkProvider
PCI Configuration
PNP Filter
PNP_TDI
Primary disk
SCSI Class
Streams Drivers
System Bus Extender
TDI

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* Net *
{4D36E972-E325-11CE-BFC1-08002BE10318}

* NetClient *
{4D36E973-E325-11CE-BFC1-08002BE10318}

* NetService *
{4D36E974-E325-11CE-BFC1-08002BE10318}

* NetTrans *
{4D36E975-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
AFD
AppMgmt
AVG Anti-Spyware Guard
Browser
CryptSvc
Dhcp
dmadmin
dmserver
DnsCache
EventLog
HelpSvc
LanmanServer
LanmanWorkstation
LmHosts
Messenger
Ndisuio
NetBIOS
NetBT
Netlogon
NetMan
NtLmSsp
PlugPlay
rdsessmgr
RpcSs
SRService
Tcpip
termservice
UploadMgr
WinMgmt
WZCSVC

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}


[SafeBoot: Alternate shell]
cmd.exe (not enabled)

--------------------

Driver filters:

[Class filters]
* Disk drives *
- Upper filters
PartMgr.sys

* DVD/CD-ROM drives *
- Upper filters
pwd_2k.sys
Cdralw2k.sys
GEARAspiWDM.sys

- Lower filters
PxHelp20.sys
MxlW2k.sys
Cdr4_xp.sys

* Infrared devices *
- Upper filters
IRENUM.sys

* Keyboards *
- Upper filters
kbdclass.sys

* Mice and other pointing devices *
- Upper filters
mouclass.sys

* Storage volumes *
- Upper filters
VolSnap.sys



[Device filters]
* CD-ROM Drive *
- Upper filters
redbook.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

- Lower filters
imapi.sys

* Communications Port *
- Upper filters
serenum.sys

* Communications Port *
- Upper filters
serenum.sys

* Direct Parallel *
- Lower filters
PtiLink.sys

* Intel® 82875P Processor to AGP Controller - 2579 *
- Upper filters
AGP440.sys

* Terminal Server Keyboard Driver *
- Upper filters
kbdclass.sys

* Terminal Server Mouse Driver *
- Upper filters
mouclass.sys

* WAN Miniport (IP) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPPOE) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPTP) *
- Lower filters
NdisTapi.sys



--------------------

Print monitors (5):

BJ Language Monitor - cnbjmon.dll
Local Port - localspl.dll
PJL Language Monitor - pjlmon.dll
Standard TCP/IP Port - tcpmon.dll
USB Monitor - usbmon.dll

--------------------

WinLogon autoruns:

UserInit = C:\WINDOWS\system32\userinit.exe,
VmApplet = rundll32 shell32,Control_RunDLL "sysdm.cpl"

[Notify (12)]
AtiExtEvent = Ati2evxx.dll
crypt32chain = crypt32.dll
cryptnet = cryptnet.dll
cscdll = cscdll.dll
lvfijvei = lvfijvei.dll
qomlife = qomlife.dll
ScCertProp = wlnotify.dll
Schedule = wlnotify.dll
sclgntfy = sclgntfy.dll
SensLogn = WlNotify.dll
termsrv = wlnotify.dll
wlballoon = wlnotify.dll

[Group policy extensions (5)]
Microsoft Disk Quota = dskquota.dll
Security = scecli.dll
Internet Explorer Branding = iedkcs32.dll
EFS recovery = scecli.dll
Software Installation = appmgmts.dll

--------------------

Policies:

[This user]
* Alternate policies *
- Software\Microsoft\Windows\CurrentVersion\policies\System (1)
DisableRegistryTools = dword: 0



[All users]
* Primary policies *
- Software\Policies\Microsoft\Messenger\Client (1)
PreventAutoRun = dword: 1

- Software\Policies\Microsoft\Windows\Installer (2)
EnableAdminTSRemote = dword: 1
AllowLockdownMedia = dword: 1

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000} (7)
ClassName = ipsecFilter
description = Matches all ICMP packets between this computer and any other computer.
name = ipsecFilter{72385235-70fa-11d1-864c-14a300000000}
ipsecName = All ICMP Traffic
ipsecID = {72385235-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1031086446

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000} (7)
ClassName = ipsecFilter
description = Matches all IP packets from this computer to any other computer, except broadcast, multicast, Kerberos, RSVP and ISAKMP (IKE).
name = ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}
ipsecName = All IP Traffic
ipsecID = {7238523a-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1031086446

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}
ipsecID = {72385231-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1031086446

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}
ipsecID = {72385234-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1031086446

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}
ipsecID = {72385237-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1031086446

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}
ipsecID = {7238523d-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1031086446

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{11dfac47-27d3-4a36-9ddd-f2fa107c8693} (7)
ClassName = ipsecNegotiationPolicy
name = ipsecNegotiationPolicy{11dfac47-27d3-4a36-9ddd-f2fa107c8693}
ipsecID = {11dfac47-27d3-4a36-9ddd-f2fa107c8693}
ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1031086446

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{29911e57-c362-45eb-b499-63b2319f2e9c} (7)
ClassName = ipsecNegotiationPolicy
name = ipsecNegotiationPolicy{29911e57-c362-45eb-b499-63b2319f2e9c}
ipsecID = {29911e57-c362-45eb-b499-63b2319f2e9c}
ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1031086446

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{6c70debf-dfd5-4d8f-9b1e-4fbe4202d385} (7)
ClassName = ipsecNegotiationPolicy
name = ipsecNegotiationPolicy{6c70debf-dfd5-4d8f-9b1e-4fbe4202d385}
ipsecID = {6c70debf-dfd5-4d8f-9b1e-4fbe4202d385}
ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1031086446

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000} (9)
ClassName = ipsecNegotiationPolicy
description = Accepts unsecured communication, but requests clients to establish trust and security methods. Will communicate insecurely to untrusted clients if they do not respond to request.
name = ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}
ipsecName = Request Security (Optional)
ipsecID = {72385233-70fa-11d1-864c-14a300000000}
ipsecNegotiationPolicyAction = {3f91a81a-7647-11d1-864d-d46a00000000}
ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1031086446

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000} (9)
ClassName = ipsecNegotiationPolicy
description = Permit unsecured IP packets to pass through.
name = ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}
ipsecName = Permit
ipsecID = {7238523b-70fa-11d1-864c-14a300000000}
ipsecNegotiationPolicyAction = {8a171dd2-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1031086446

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000} (9)
ClassName = ipsecNegotiationPolicy
description = Accepts unsecured communication, but always requires clients to establish trust and security methods. Will NOT communicate with untrusted clients.
name = ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}
ipsecName = Require Security
ipsecID = {7238523f-70fa-11d1-864c-14a300000000}
ipsecNegotiationPolicyAction = {3f91a81a-7647-11d1-864d-d46a00000000}
ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 1031086446

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{19063139-c32a-422d-b8e8-c09da3c1e483} (8)
ClassName = ipsecNFA
name = ipsecNFA{19063139-c32a-422d-b8e8-c09da3c1e483}
ipsecName = Require Security
description = Accepts unsecured communication, but always requires clients to establish trust and security methods. Will NOT communicate with untrusted clients.
ipsecID = {19063139-c32a-422d-b8e8-c09da3c1e483}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1031086446

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{53633ec0-5258-44e9-87d6-c03e73624b22} (8)
ClassName = ipsecNFA
name = ipsecNFA{53633ec0-5258-44e9-87d6-c03e73624b22}
ipsecName = Permit unsecure ICMP packets to pass through.
description = Permit unsecure ICMP packets to pass through.
ipsecID = {53633ec0-5258-44e9-87d6-c03e73624b22}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1031086446

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{6d7fb14a-969c-48e7-b62c-4608988d71ee} (8)
ClassName = ipsecNFA
name = ipsecNFA{6d7fb14a-969c-48e7-b62c-4608988d71ee}
ipsecName = Request Security (Optional) Rule
description = For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request.
ipsecID = {6d7fb14a-969c-48e7-b62c-4608988d71ee}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1031086446

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{b6084394-15e0-4693-a2eb-eb4ab2aa969f} (6)
ClassName = ipsecNFA
name = ipsecNFA{b6084394-15e0-4693-a2eb-eb4ab2aa969f}
ipsecID = {b6084394-15e0-4693-a2eb-eb4ab2aa969f}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{11dfac47-27d3-4a36-9ddd-f2fa107c8693}
whenChanged = dword: 1031086446

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{d05bf3b3-6019-4931-82d7-99a0cdc62cb4} (6)
ClassName = ipsecNFA
name = ipsecNFA{d05bf3b3-6019-4931-82d7-99a0cdc62cb4}
ipsecID = {d05bf3b3-6019-4931-82d7-99a0cdc62cb4}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{6c70debf-dfd5-4d8f-9b1e-4fbe4202d385}
whenChanged = dword: 1031086446

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{d9b103a6-aac9-4f47-a798-3e2dec0cd6d3} (8)
ClassName = ipsecNFA
name = ipsecNFA{d9b103a6-aac9-4f47-a798-3e2dec0cd6d3}
ipsecName = Permit unsecure ICMP packets to pass through.
description = Permit unsecure ICMP packets to pass through.
ipsecID = {d9b103a6-aac9-4f47-a798-3e2dec0cd6d3}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1031086446

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{e561b969-abac-4cc4-957f-a038d0ead805} (6)
ClassName = ipsecNFA
name = ipsecNFA{e561b969-abac-4cc4-957f-a038d0ead805}
ipsecID = {e561b969-abac-4cc4-957f-a038d0ead805}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{29911e57-c362-45eb-b499-63b2319f2e9c}
whenChanged = dword: 1031086446

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385230-70fa-11d1-864c-14a300000000} (8)
ClassName = ipsecPolicy
description = For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request.
name = ipsecPolicy{72385230-70fa-11d1-864c-14a300000000}
ipsecName = Server (Request Security)
ipsecID = {72385230-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1031086446

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000} (8)
ClassName = ipsecPolicy
description = Communicate normally (unsecured). Use the default response rule to negotiate with servers that request security. Only the requested protocol and port traffic with that server is secured.
name = ipsecPolicy{72385236-70fa-11d1-864c-14a300000000}
ipsecName = Client (Respond Only)
ipsecID = {72385236-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1031086446

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000} (8)
ClassName = ipsecPolicy
description = For all IP traffic, always require security using Kerberos trust. Do NOT allow unsecured communication with untrusted clients.
name = ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000}
ipsecName = Secure Server (Require Security)
ipsecID = {7238523c-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}
whenChanged = dword: 1031086446

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers (4)
TransparentEnabled = dword: 1
DefaultLevel = dword: 262144
AuthenticodeEnabled = dword: 0
PolicyScope = dword: 0

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33} (2)
Description =
SaferFlags = dword: 0

* Alternate policies *
- Software\Microsoft\Windows\CurrentVersion\policies\NonEnum (3)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = dword: 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = dword: 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = dword: 32

- Software\Microsoft\Windows\CurrentVersion\policies\system (5)
dontdisplaylastusername = dword: 0
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = dword: 1
undockwithoutlogon = dword: 1



--------------------

Browser Helper Objects (9):

(no name) = {243B17DE-77C7-46BF-B94B-0B5F309A0E64} = C:\Program Files\Microsoft Money\System\mnyside.dll
(no name) = {37A11A7B-9184-45A0-BB03-3E5B0D51B2DD} = C:\WINDOWS\System32\ddccb.dll
(no name) = {53707962-6F74-2D53-2644-206D7942484F} = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
(no name) = {98663E21-9CCE-4CF6-863C-911A9523A66F} = C:\WINDOWS\System32\qomlife.dll
(no name) = {A95B2816-1D7E-4561-A202-68C0DE02353A} = C:\WINDOWS\System32\lvfijvei.dll
{d117ef9d-84e7-c87a-2b34-010571500c59} = {95c00517-5010-43b2-a78c-7e48d9fe711d} = C:\WINDOWS\System32\mckoiqfi.dll
AcroIEHlprObj Class = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
Google Toolbar Helper = {AA58ED58-01DD-4d91-8333-CF10577473F7} = c:\program files\google\googletoolbar6.dll
Google Toolbar Notifier BHO = {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} = C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

--------------------

ActiveX objects (13):

BASEIE40_W2K - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe
BRANDING.CAB - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
DOTNETFRAMEWORKS - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install
IE4Shell_NT - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
IEACCESS - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE
MailNews - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
Messenger - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser
Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
NetMeeting - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
OEACCESS - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
Theme Component - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
WAB - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
WMPACCESS - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

--------------------

Internet Explorer toolbars:

[This user]
* ShellBrowser (5) *
(no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
(no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
&Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
&Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
&Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll

* WebBrowser (3) *
&Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
&Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll
&Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll


--------------------

Internet Explorer buttons/tools (4):

Sun Java Console - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
MoneySide - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - C:\Program Files\Microsoft Money\System\mnyside.dll
Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

--------------------

Internet Explorer Bands (9):

Search Band - {30D02401-6A81-11d0-8274-00C04FD5AE38} - C:\WINDOWS\System32\browseui.dll
Media Band - {32683183-48a0-441b-a342-7c2a440a9478} - C:\WINDOWS\System32\browseui.dll
&Tip of the Day - {4D5C8C25-D075-11d0-B416-00C04FB90376} - C:\WINDOWS\System32\shdocvw.dll
&Discuss - {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} - shdocvw.dll
File Search Explorer Band - {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - C:\WINDOWS\system32\SHELL32.dll
MoneySide - {D6A116E7-5906-42E4-87F6-E7E15936415E} - C:\Program Files\Microsoft Money\System\mnyside.dll
Favorites Band - {EFA24E61-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\System32\shdocvw.dll
History Band - {EFA24E62-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\System32\shdocvw.dll
Explorer Band - {EFA24E64-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\System32\shdocvw.dll

--------------------

Downloaded Program Files (14):

DirectAnimation Java Classes - DirectAnimation Java Classes - (no file) - file://C:\WINDOWS\Java\classes\dajava.cab
Microsoft XML Parser for Java - Microsoft XML Parser for Java - (no file) - file://C:\WINDOWS\Java\classes\xmldso.cab
(no name) - {00000075-9980-0010-8000-00AA00389B71} - (no file) - http://codecs.micros...i386/voxacm.CAB
(no name) - {00000162-9980-0010-8000-00AA00389B71} - (no file) - http://codecs.micros...386/wma9dmo.cab
(no name) - {33564D57-9980-0010-8000-00AA00389B71} - (no file) - http://codecs.micros...386/wmv9dmo.cab
FilePlanet Download Control Class - {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - C:\Program Files\IGN\Download Manager\FPDC.dll - http://www.fileplane...C_2.3.3.102.cab
(no name) - {41F17733-B041-4099-A042-B518BB6A408C} - (no file) - http://a1540.g.akama...meInstaller.exe
Symantec Download Manager - {6A344D34-5231-452A-8A57-D064AC9B7862} - C:\Program Files\Symantec Technical Support\controls\symdlmgr.dll - https://webdl.symant...ex/symdlmgr.cab
Java Runtime Environment 1.5.0 - {8AD9C840-044E-11D1-B3E9-00805F499D93} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll - http://java.sun.com/...indows-i586.cab
ActiveScan Installer Class - {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - C:\WINDOWS\Downloaded Program Files\asinst.dll - http://acs.pandasoft...free/asinst.cab
a-squared Scanner - {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - C:\WINDOWS\DOWNLO~1\asquared.ocx - http://ax.emsisoft.com/asquared.cab
Java Runtime Environment 1.5.0 - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll - http://java.sun.com/...indows-i586.cab
Shockwave Flash Object - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx - http://download.macr...ash/swflash.cab
Virtools WebPlayer Class - {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - C:\Program Files\Virtools\3D Life Player\WebPlayer.ocx - http://a532.g.akamai...l/installer.exe

--------------------

URL search hooks:

[This user (1)]
Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll

--------------------

Explorer clones:

C:\WINDOWS\explorer.exe

--------------------

Image File Execution Options (1):

Your Image File Name Here without a path = ntsd -d

--------------------

ContextMenuHandlers:

[* (11)]
7-Zip = {23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zipn.dll
AVG Anti-Spyware = {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
CuteFTP = {8f7261d0-d2b9-11d2-9909-00605205b24c} = C:\PROGRA~1\GlobalSCAPE\CuteFTP\CuteShell.dll
Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll
Open With = {09799AFB-AD67-11d1-ABCD-00C04FC30936} = C:\WINDOWS\system32\SHELL32.dll
Open With EncryptionMenu = {A470F8CF-A1E8-4f65-8335-227475AA5C46} = C:\WINDOWS\system32\SHELL32.dll
Start Menu Pin = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = C:\WINDOWS\system32\SHELL32.dll
StuffIt Context Menu = {2E336DC0-54F8-11D1-ABD5-447270537467} = C:\Program Files\Aladdin Systems\StuffIt Standard\StuffItMenu.dll
Symantec.Norton.Antivirus.IEContextMenu = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\PROGRA~1\NORTON~1\NavShExt.dll
TrojanHunter = {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll
WS_FTP = {797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\WS_FTP Pro\wsftpsi.dll

[Drive (10)]
Adaptec DirectCD Shell Extension = {5E44E225-A408-11CF-B581-008029601108} = C:\PROGRA~1\Roxio\EASYCD~1\DirectCD\Shellex.dll
AlcoholShellEx = {32020A01-506E-484D-A2A8-BE3CF17601C3} = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
AVG Anti-Spyware = {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
CuteFTP = {8f7261d0-d2b9-11d2-9909-00605205b24c} = C:\PROGRA~1\GlobalSCAPE\CuteFTP\CuteShell.dll
Disk Copy Extension = {59099400-57FF-11CE-BD94-0020AF85B590} = diskcopy.dll
Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll
Portable Media Devices Menu = {cc86590a-b60a-48e6-996b-41d25ed39a1e} = C:\WINDOWS\System32\Audiodev.dll
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
ShellFolder for CD Burning = {fbeb8a05-beee-4442-804e-409d6c4515e9} = C:\WINDOWS\system32\SHELL32.dll
Symantec.Norton.Antivirus.IEContextMenu = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\PROGRA~1\NORTON~1\NavShExt.dll

[Folder (6)]
7-Zip = {23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zipn.dll
StuffIt Context Menu = {2E336DC0-54F8-11D1-ABD5-447270537467} = C:\Program Files\Aladdin Systems\StuffIt Standard\StuffItMenu.dll
Symantec.Norton.Antivirus.IEContextMenu = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\PROGRA~1\NORTON~1\NavShExt.dll
TrojanHunter = {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll
UnlockerShellExtension = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll
WS_FTP = {797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\WS_FTP Pro\wsftpsi.dll

[CompressedFolder (1)]
Compressed (zipped) Folder Context Menu = {b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af} = C:\WINDOWS\System32\zipfldr.dll

[Directory (7)]
7-Zip = {23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zipn.dll
AVG Anti-Spyware = {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
CuteFTP = {8f7261d0-d2b9-11d2-9909-00605205b24c} = C:\PROGRA~1\GlobalSCAPE\CuteFTP\CuteShell.dll
EncryptionMenu = {A470F8CF-A1E8-4f65-8335-227475AA5C46} = C:\WINDOWS\system32\SHELL32.dll
Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
TrojanHunter = {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll

[Directory\Background (2)]
ACE = {5E2121EE-0300-11D4-8D3B-444553540000} = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
New = {D969A300-E7FF-11d0-A93B-00A0C90F2719} = C:\WINDOWS\system32\SHELL32.dll

[file (1)]
Symantec.Norton.Antivirus.IEContextMenu = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\PROGRA~1\NORTON~1\NavShExt.dll

[ChannelShortcut (1)]
Channel Menu Handler Object = {f3da0dc0-9cc8-11d0-a599-00c04fd64437} = C:\WINDOWS\System32\cdfview.dll

[InternetShortcut (1)]
Internet Shortcut = {FBF23B40-E3F0-101B-8488-00AA003E56F8} = shdocvw.dll

[AllFileSystemObjects (2)]
Send To = {7BA4C740-9E81-11CF-99D3-00AA004AE837} = C:\WINDOWS\system32\SHELL32.dll
UnlockerShellExtension = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll

--------------------

Edited by MBison, 03 February 2008 - 03:49 AM.

  • 0

#3
MBison

MBison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
--------------------

ColumnHandlers (4):

(no name) - {0D2E74C4-3C34-11d2-A27E-00C04FC30871} - C:\WINDOWS\system32\SHELL32.dll
(no name) - {24F14F01-7B1C-11d1-838f-0000F80461CF} - C:\WINDOWS\system32\SHELL32.dll
(no name) - {24F14F02-7B1C-11d1-838f-0000F80461CF} - C:\WINDOWS\system32\SHELL32.dll
(no name) - {66742402-F9B9-11D1-A202-0000F81FEDEE} - C:\WINDOWS\system32\SHELL32.dll

--------------------

ShellExecuteHooks (4):

AVG Anti-Spyware 7.5 = {3F9D0C61-737D-44D1-BD80-91AF857061CC} = C:\WINDOWS\System32\yayxwvt.dll
AVG Anti-Spyware 7.5 = {57B86673-276A-48B2-BAE7-C6DBB3020EB8} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
AVG Anti-Spyware 7.5 = {98663E21-9CCE-4CF6-863C-911A9523A66F} = C:\WINDOWS\System32\qomlife.dll
URL Exec Hook = {AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll

--------------------

Approved Shell Extensions:

[All users (184)]
%DESC_PublishDropTarget% - {60fd46de-f830-4894-a628-6fa81bc0190d} - C:\WINDOWS\System32\photowiz.dll
&Address - {01E04581-4EEE-11d0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
.CAB file viewer - {0CD7A5C0-9F37-11CE-AE65-08002B2E1262} - cabview.dll
Accessible - {7e653215-fa25-46bd-a339-34a2790f3cb7} - C:\WINDOWS\System32\browseui.dll
ActiveX Cache Folder - {88C6C381-2E85-11D0-94DE-444553540000} - C:\WINDOWS\System32\occache.dll
Adaptec DirectCD Shell Extension - {5E44E225-A408-11CF-B581-008029601108} - C:\PROGRA~1\Roxio\EASYCD~1\DirectCD\Shellex.dll
Address Bar Parser - {E0E11A09-5CB8-4B6C-8332-E00720A168F2} - C:\WINDOWS\System32\browseui.dll
Address EditBox - {A08C11D2-A228-11d0-825B-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
Administrative Tools - {D20EA4E1-3957-11d2-A40B-0C5020524153} - C:\WINDOWS\system32\shdocvw.dll
AlcoholShellEx - {32020A01-506E-484D-A2A8-BE3CF17601C3} - C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
Audio Media Properties Handler - {875CB1A1-0F29-45de-A1AE-CFB4950D0B78} - C:\WINDOWS\System32\shmedia.dll
Augmented Shell Folder - {91EA3F8B-C99B-11d0-9815-00C04FD91972} - C:\WINDOWS\System32\browseui.dll
Augmented Shell Folder 2 - {6413BA2C-B461-11d1-A18A-080036B11A03} - C:\WINDOWS\System32\browseui.dll
Auto Update Property Sheet Extension - {5F327514-6C5E-4d60-8F16-D07FA08A78ED} - C:\WINDOWS\System32\wuaucpl.cpl
Avi Properties Handler - {87D62D94-71B3-4b9a-9489-5FE6850DC73E} - C:\WINDOWS\System32\shmedia.dll
BandProxy - {F61FFEC1-754F-11d0-80CA-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
Briefcase - {85BBD920-42A0-1069-A2E4-08002B30309D} - syncui.dll
Catalyst Context Menu extension - {5E2121EE-0300-11D4-8D3B-444553540000} - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
CDF Extension Copy Hook - {67EA19A0-CCEF-11d0-8024-00C04FD75D13} - C:\WINDOWS\System32\shdocvw.dll
Channel File - {f39a0dc0-9cc8-11d0-a599-00c04fd64433} - C:\WINDOWS\System32\cdfview.dll
Channel Handler Object - {f3ba0dc0-9cc8-11d0-a599-00c04fd64435} - C:\WINDOWS\System32\cdfview.dll
Channel Menu - {f3da0dc0-9cc8-11d0-a599-00c04fd64437} - C:\WINDOWS\System32\cdfview.dll
Channel Properties - {f3ea0dc0-9cc8-11d0-a599-00c04fd64438} - C:\WINDOWS\System32\cdfview.dll
Channel Shortcut - {f3aa0dc0-9cc8-11d0-a599-00c04fd64434} - C:\WINDOWS\System32\cdfview.dll
Code Download Agent - {7D559C10-9FE9-11d0-93F7-00AA0059CE02} - C:\WINDOWS\System32\webcheck.dll
Compatibility Page - {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} - SlayerXP.dll
Compressed (zipped) Folder - {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} - C:\WINDOWS\System32\zipfldr.dll
Compressed (zipped) Folder Right Drag Handler - {BD472F60-27FA-11cf-B8B4-444553540000} - C:\WINDOWS\System32\zipfldr.dll
Compressed (zipped) Folder SendTo Target - {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} - C:\WINDOWS\System32\zipfldr.dll
ConnectionAgent - {E6CC6978-6B6E-11D0-BECA-00C04FD940BE} - C:\WINDOWS\System32\webcheck.dll
Crypto PKO Extension - {7444C717-39BF-11D1-8CD9-00C04FC29D45} - C:\WINDOWS\system32\cryptext.dll
Crypto Sign Extension - {7444C719-39BF-11D1-8CD9-00C04FC29D45} - C:\WINDOWS\system32\cryptext.dll
Custom MRU AutoCompleted List - {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} - C:\WINDOWS\System32\browseui.dll
CuteFTP Shell Extension - {8f7261d0-d2b9-11d2-9909-00605205b24c} - C:\PROGRA~1\GlobalSCAPE\CuteFTP\CuteShell.dll
Darwin App Publisher - {CFCCC7A0-A282-11D1-9082-006008059382} - C:\WINDOWS\System32\appwiz.cpl
dBpowerAMP Music Converter - {2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} - C:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll
dBpowerAMP Music Converter 1 - {FED7043D-346A-414D-ACD7-550D052499A7} - C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll
DfsShell - {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} - C:\WINDOWS\System32\dfsshlex.dll
Directory Context Menu Verbs - {62AE1F9A-126A-11D0-A14B-0800361B1103} - C:\WINDOWS\System32\dsuiext.dll
Directory Object Find - {163FDC20-2ABC-11d0-88F0-00A024AB2DBB} - C:\WINDOWS\System32\dsquery.dll
Directory Property UI - {0D45D530-764B-11d0-A1CA-00AA00C16E65} - C:\WINDOWS\System32\dsuiext.dll
Directory Query UI - {8A23E65E-31C2-11d0-891C-00A024AB2DBB} - C:\WINDOWS\System32\dsquery.dll
Directory Start/Search Find - {F020E586-5264-11d1-A532-0000F8757D7E} - C:\WINDOWS\System32\dsquery.dll
Disk Copy Extension - {59099400-57FF-11CE-BD94-0020AF85B590} - diskcopy.dll
Disk Quota UI - {7988B573-EC89-11cf-9C00-00AA00A14F56} - dskquoui.dll
Display Adapter CPL Extension - {42071712-76d4-11d1-8b24-00a0c9068ff3} - deskadp.dll
Display Monitor CPL Extension - {42071713-76d4-11d1-8b24-00a0c9068ff3} - deskmon.dll
Display Panning CPL Extension - {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll
Display TroubleShoot CPL Extension - {f92e8c40-3d33-11d2-b1aa-080036a75b03} - deskperf.dll
Download Status - {22BF0C20-6DA7-11D0-B373-00A0C9034938} - C:\WINDOWS\System32\browseui.dll
DS Security Page - {4E40F770-369C-11d0-8922-00A024AB2DBB} - dssec.dll
E-mail - {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Encryption Context Menu - {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} -
Explorer Band - {EFA24E64-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\System32\shdocvw.dll
Favorites Band - {EFA24E61-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\System32\shdocvw.dll
Fonts - {BD84B380-8CA2-1069-AB1D-08000948F534} - fontext.dll
Fonts - {D20EA4E1-3957-11d2-A40B-0C5020524152} - C:\WINDOWS\system32\shdocvw.dll
For &People... - {32714800-2E5F-11d0-8B85-00AA0044F941} - C:\Program Files\Outlook Express\wabfind.dll
FTP Folders Webview - {63da6ec0-2e98-11cf-8d82-444553540000} - C:\WINDOWS\System32\msieftp.dll
Fusion Cache - {1D2680C9-0E2A-469d-B787-065558BC7D43} - C:\WINDOWS\system32\mscoree.dll
GDI+ file thumbnail extractor - {3F30C968-480A-4C6C-862D-EFC0897BB84B} - C:\WINDOWS\System32\shimgvw.dll
Get a Passport Wizard - {58f1f272-9240-4f51-b6d4-fd63d1618591} - C:\WINDOWS\System32\netplwiz.dll
Global Folder Settings - {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} - C:\WINDOWS\System32\browseui.dll
Help and Support - {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Help and Support - {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
History - {FF393560-C2A7-11CF-BFF4-444553540000} - C:\WINDOWS\System32\shdocvw.dll
HTML Thumbnail Extractor - {EAB841A0-9550-11cf-8C16-00805F1408F3} - C:\WINDOWS\System32\shimgvw.dll
HyperTerminal Icon Ext - {88895560-9AA2-1069-930E-00AA0030EBC8} - C:\WINDOWS\System32\hticons.dll
ICC Profile - {DBCE2480-C732-101B-BE72-BA78E9AD5B27} - C:\WINDOWS\system32\icmui.dll
ICM Monitor Management - {5DB2625A-54DF-11D0-B6C4-0800091AA605} - C:\WINDOWS\System32\icmui.dll
ICM Printer Management - {675F097E-4C4D-11D0-B6C1-0800091AA605} - C:\WINDOWS\system32\icmui.dll
ICM Scanner Management - {176d6597-26d3-11d1-b350-080036a75b03} - icmui.dll
IE4 Suite Splash Screen - {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\shdocvw.dll
In-pane search - {169A0691-8DF9-11d1-A1C4-00C04FD75D13} - C:\WINDOWS\System32\browseui.dll
Installed Apps Enumerator - {0B124F8F-91F0-11D1-B8B5-006008059382} - C:\WINDOWS\System32\appwiz.cpl
Internet - {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Internet Name Space - {871C5380-42A0-1069-A2EA-08002B30309D} - C:\WINDOWS\System32\shdocvw.dll
InternetShortcut - {FBF23B40-E3F0-101B-8488-00AA003E56F8} - shdocvw.dll
ISFBand OC - {131A6951-7F78-11D0-A979-00C04FD705A2} - C:\WINDOWS\System32\shdocvw.dll
iTunes - {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - C:\Program Files\iTunes\iTunesMiniPlayer.dll
Media Band - {32683183-48a0-441b-a342-7c2a440a9478} - C:\WINDOWS\System32\browseui.dll
Microsoft Agent Character Property Sheet Handler - {143A62C8-C33B-11D1-84FE-00C04FA34A14} - C:\WINDOWS\msagent\agentpsh.dll
Microsoft AutoComplete - {00BB2763-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\System32\browseui.dll
Microsoft Browser Architecture - {A5E46E3A-8849-11D1-9D8C-00C04FC99D61} - C:\WINDOWS\System32\shdocvw.dll
Microsoft BrowserBand - {7BA4C742-9E81-11CF-99D3-00AA004AE837} - C:\WINDOWS\System32\browseui.dll
Microsoft Data Link - {2206CDB2-19C1-11D1-89E0-00C04FD7A829} - C:\Program Files\Common Files\System\Ole DB\oledb32.dll
Microsoft DocProp Inplace Calendar Control - {6A205B57-2567-4A2C-B881-F787FAB579A3} - C:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Inplace Droplist Combo Control - {0EEA25CC-4362-4A12-850B-86EE61B0D3EB} - C:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Inplace Edit Box Control - {A9CF0EAE-901A-4739-A481-E35B73E47F6D} - C:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Inplace ML Edit Box Control - {8EE97210-FD1F-4B19-91DA-67914005F020} - C:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Inplace Time Control - {28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} - C:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Shell Ext - {883373C3-BF89-11D1-BE35-080036B11A03} - C:\WINDOWS\System32\docprop2.dll
Microsoft History AutoComplete List - {00BB2764-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\System32\browseui.dll
Microsoft Internet Toolbar - {5E6AB780-7743-11CF-A12B-00AA004AE837} - C:\WINDOWS\System32\browseui.dll
Microsoft Multiple AutoComplete List Container - {00BB2765-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\System32\browseui.dll
Microsoft Office HTML Icon Handler - {42042206-2D85-11D3-8CFF-005004838597} - C:\Program Files\Microsoft Office\Office10\msohev.dll
Microsoft Outlook Custom Icon Handler - {0006F045-0000-0000-C000-000000000046} - C:\PROGRA~1\MICROS~4\Office\OLKFSTUB.DLL
Microsoft Shell Folder AutoComplete List - {03C036F1-A186-11D0-824A-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
Microsoft Url History Service - {3C374A40-BAE4-11CF-BF7D-00AA006946EE} - C:\WINDOWS\System32\shdocvw.dll
Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll
Midi Properties Handler - {A6FD9E45-6E44-43f9-8644-08598F5A74D9} - C:\WINDOWS\System32\shmedia.dll
MMC Icon Handler - {7A80E4A8-8005-11D2-BCF8-00C04F72C717} - C:\WINDOWS\System32\mmcshext.dll
MRU AutoComplete List - {6756A641-DE71-11d0-831B-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
Multimedia File Property Sheet - {00022613-0000-0000-C000-000000000046} - mmsys.cpl
MyDocs Copy Hook - {ECF03A33-103D-11d2-854D-006008059367} - C:\WINDOWS\System32\mydocs.dll
MyDocs Drop Target - {ECF03A32-103D-11d2-854D-006008059367} - C:\WINDOWS\System32\mydocs.dll
MyDocs Properties - {4a7ded0a-ad25-11d0-98a8-0800361b1103} - C:\WINDOWS\System32\mydocs.dll
Network Connections - {7007ACC7-3202-11D1-AAD2-00805FC1270E} - C:\WINDOWS\system32\NETSHELL.dll
Network Connections - {992CFFA0-F557-101A-88EC-00DD010CCC48} - C:\WINDOWS\system32\NETSHELL.dll
NTFS Security Page - {1F2E5C40-9550-11CE-99D2-00AA006E086C} - rshx32.dll
Offline Files Folder - {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} - C:\WINDOWS\System32\cscui.dll
Offline Files Folder Options - {10CFC467-4392-11d2-8DB4-00C04FA31A66} - C:\WINDOWS\System32\cscui.dll
Offline Files Menu - {750fdf0e-2a26-11d1-a3ea-080036587f03} - C:\WINDOWS\System32\cscui.dll
OLE Docfile Property Page - {3EA48300-8CF6-101B-84FB-666CCB9BCD32} - docprop.dll
PlusPack CPL Extension - {41E300E0-78B6-11ce-849B-444553540000} - C:\WINDOWS\System32\themeui.dll
Portable Media Devices - {640167b4-59b0-47a6-b335-a6b3c0695aea} - C:\WINDOWS\System32\Audiodev.dll
Portable Media Devices Menu - {cc86590a-b60a-48e6-996b-41d25ed39a1e} - C:\WINDOWS\System32\Audiodev.dll
PostAgent - {D8BD2030-6FC9-11D0-864F-00AA006809D9} - C:\WINDOWS\System32\webcheck.dll
Print Ordering via the Web - {add36aa8-751a-4579-a266-d66f5202ccbb} - C:\WINDOWS\System32\netplwiz.dll
Printers Security Page - {F37C5810-4D3F-11d0-B4BF-00AA00BBB723} - rshx32.dll
Registry Tree Options Utility - {AF4F6510-F982-11d0-8595-00AA004CD6D8} - C:\WINDOWS\System32\browseui.dll
Remote Sessions CPL Extension - {F0152790-D56E-4445-850E-4F3117DB740C} - C:\WINDOWS\System32\remotepg.dll
Run... - {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Scanners & Cameras - {3F953603-1008-4f6e-A73A-04AAC7A992F1} - wiashext.dll
Scanners & Cameras - {83bbcbf3-b28a-4919-a5aa-73027445d672} - wiashext.dll
Scanners & Cameras - {905667aa-acd6-11d2-8080-00805f6596d2} - wiashext.dll
Scanners & Cameras - {E211B736-43FD-11D1-9EFB-0000F8757FCD} - wiashext.dll
Scanners & Cameras - {FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} - wiashext.dll
Scheduled Tasks - {D6277990-4C6A-11CF-8D87-00AA0060F5BF} - C:\WINDOWS\System32\mstask.dll
Search - {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Search Assistant OC - {9461b922-3c5a-11d2-bf8b-00c04fb93661} - C:\WINDOWS\System32\shdocvw.dll
Search Band - {30D02401-6A81-11d0-8274-00C04FD5AE38} - C:\WINDOWS\System32\browseui.dll
Sendmail service - {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} - C:\WINDOWS\System32\sendmail.dll
Sendmail service - {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} - C:\WINDOWS\System32\sendmail.dll
Shell Application Manager - {352EC2B7-8B9A-11D1-B8AE-006008059382} - C:\WINDOWS\System32\appwiz.cpl
Shell Automation Inproc Service - {0A89A860-D7B1-11CE-8350-444553540000} - C:\WINDOWS\System32\shdocvw.dll
Shell Band Site Menu - {ECD4FC4E-521C-11D0-B792-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
Shell DeskBar - {ECD4FC4C-521C-11D0-B792-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
Shell DeskBarApp - {3CCF8A41-5C85-11d0-9796-00AA00B90ADF} - C:\WINDOWS\System32\browseui.dll
Shell DocObject Viewer - {E7E4BC40-E76A-11CE-A9BB-00AA004AE837} - C:\WINDOWS\System32\shdocvw.dll
Shell extensions for file compression - {764BF0E1-F219-11ce-972D-00AA00A14F56} -
Shell extensions for Microsoft Windows Network objects - {59be4990-f85c-11ce-aff7-00aa003ca9f6} - ntlanui2.dll
Shell Extensions for RealOne Player - {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - C:\Program Files\Real\RealOne Player\rpshellext.dll
Shell extensions for sharing - {40dd6e20-7c17-11ce-a804-00aa003ca9f6} - ntshrui.dll
Shell extensions for sharing - {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} - ntshrui.dll
Shell extensions for Windows Script Host - {60254CA5-953B-11CF-8C96-00AA00B8708C} - C:\WINDOWS\System32\wshext.dll
Shell Image Data Factory - {66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} - C:\WINDOWS\System32\shimgvw.dll
Shell Image Property Handler - {eb9b1153-3b57-4e68-959a-a3266bc3d7fe} - C:\WINDOWS\System32\shimgvw.dll
Shell Image Verbs - {e84fda7c-1d6a-45f6-b725-cb260c236066} - C:\WINDOWS\System32\shimgvw.dll
Shell properties for a DS object - {9E51E0D0-6E0F-11d2-9601-00C04FA31A86} - C:\WINDOWS\System32\dsquery.dll
Shell Publishing Wizard Object - {6b33163c-76a5-4b6c-bf21-45de9cd503a1} - C:\WINDOWS\System32\netplwiz.dll
Shell Rebar BandSite - {ECD4FC4D-521C-11D0-B792-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
Shell Scrap DataHandler - {56117100-C0CD-101B-81E2-00AA004AE837} - shscrap.dll
Subscription Folder - {F5175861-2688-11d0-9C5E-00AA00A45957} - C:\WINDOWS\System32\webcheck.dll
Subscription Mgr - {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} - C:\WINDOWS\System32\webcheck.dll
Summary Info Thumbnail handler (DOCFILES) - {9DBD2C50-62AD-11d0-B806-00C04FD706EC} - C:\WINDOWS\System32\shimgvw.dll
Taskbar and Start Menu - {0DF44EAA-FF21-4412-828E-260A8728E7F1} -
Tasks Folder Icon Handler - {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} - C:\WINDOWS\System32\mstask.dll
Tasks Folder Shell Extension - {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} - C:\WINDOWS\System32\mstask.dll
Temporary Internet Files - {7BD29E00-76C1-11CF-9DD0-00A0C9034933} - C:\WINDOWS\System32\shdocvw.dll
Temporary Internet Files - {7BD29E01-76C1-11CF-9DD0-00A0C9034933} - C:\WINDOWS\System32\shdocvw.dll
The Internet - {3DC7A020-0ACD-11CF-A9BB-00AA004AE837} - C:\WINDOWS\System32\shdocvw.dll
Track Popup Bar - {acf35015-526e-4230-9596-becbe19f0ac9} - C:\WINDOWS\System32\browseui.dll
TrayAgent - {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} - C:\WINDOWS\System32\webcheck.dll
TridentImageExtractor - {7376D660-C583-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\browseui.dll
Trojan Remover Shell Extension - {52B87208-9CCF-42C9-B88E-069281105805} -
TrojanHunter Menu Shell Extension - {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} - C:\PROGRA~1\TROJAN~1.6\contmenu.dll
UnlockerShellExtension - {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} - C:\Program Files\Unlocker\UnlockerCOM.dll
User Accounts - {7A9D77BD-5403-11d2-8785-2E0420524153} -
User Assist - {DD313E04-FEFF-11d1-8ECD-0000F87A470C} - C:\WINDOWS\System32\browseui.dll
Video Media Properties Handler - {40C3D757-D6E4-4b49-BB41-0E5BBEA28817} - C:\WINDOWS\System32\shmedia.dll
Video Thumbnail Extractor - {c5a40261-cd64-4ccf-84cb-c394da41d590} - C:\WINDOWS\System32\shmedia.dll
Wav Properties Handler - {E4B29F9D-D390-480b-92FD-7DDB47101D71} - C:\WINDOWS\System32\shmedia.dll
Web Folders - {BDEADF00-C265-11D0-BCED-00A0C90AB50F} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
Web Printer Shell Extension - {77597368-7b15-11d0-a0c2-080036af3f03} - printui.dll
Web Publishing Wizard - {CC6EEFFB-43F6-46c5-9619-51D571967F7D} - C:\WINDOWS\System32\netplwiz.dll
Web Search - {07798131-AF23-11d1-9111-00A0C98BA67D} - C:\WINDOWS\System32\browseui.dll
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll
WebCheck SyncMgr Handler - {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} - C:\WINDOWS\System32\webcheck.dll
WebCheckChannelAgent - {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} - C:\WINDOWS\System32\webcheck.dll
WebCheckWebCrawler - {08165EA0-E946-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll
Windows Media Player Add to Playlist Context Menu Handler - {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} - C:\WINDOWS\System32\wmpshell.dll
Windows Media Player Burn Audio CD Context Menu Handler - {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} - C:\WINDOWS\System32\wmpshell.dll
Windows Media Player Play as Playlist Context Menu Handler - {8DD448E6-C188-4aed-AF92-44956194EB1F} - C:\WINDOWS\System32\wmpshell.dll

[This user (1)]
Web Folders - {BDEADF00-C265-11d0-BCED-00A0C90AB50F} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

--------------------

Registry 'Run' keys:

[User Run]
ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
Steam =
swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[System Run]
AdaptecDirectCD = "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
AsioReg = REGSVR32.EXE /S CTASIO.DLL
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
CTDVDDet = C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
CTHelper = CTHELPER.EXE
CTSysVol = C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
DVDSentry = C:\WINDOWS\System32\DSentry.exe
Microsoft Works Update Detection = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
mmtask = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
MMTray = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
MSConfig = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
osCheck = "C:\Program Files\Norton AntiVirus\osCheck.exe"
PRONoMgr.exe = C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
StartCCC = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
Symantec PIF AlertEng = "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
THGuard = "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
UpdReg = C:\WINDOWS\UpdReg.EXE

--------------------

Protocols:

[Pluggable MIME filters (8)]
application/octet-stream = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = C:\WINDOWS\System32\mscoree.dll
application/x-complus = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = C:\WINDOWS\System32\mscoree.dll
application/x-msdownload = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = C:\WINDOWS\System32\mscoree.dll
Class Install Handler = {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} = C:\WINDOWS\System32\urlmon.dll
deflate = {8f6b0360-b80d-11d0-a9b3-006097942311} = C:\WINDOWS\System32\urlmon.dll
gzip = {8f6b0360-b80d-11d0-a9b3-006097942311} = C:\WINDOWS\System32\urlmon.dll
lzdhtml = {8f6b0360-b80d-11d0-a9b3-006097942311} = C:\WINDOWS\System32\urlmon.dll
text/webviewhtml = {733AC4CB-F1A4-11d0-B951-00A0C90312E1} = C:\WINDOWS\system32\SHELL32.dll

[Protocol handlers (23)]
about = {3050F406-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\System32\mshtml.dll
cdl = {3dd53d40-7b8b-11D0-b013-00aa0059ce02} = C:\WINDOWS\System32\urlmon.dll
cdo = {CD00020A-8B95-11D1-82DB-00C04FB1625D} = C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd = {12D51199-0DB5-46FE-A120-47A3D7D937CC} = C:\WINDOWS\System32\msvidctl.dll
file = {79eac9e7-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\System32\urlmon.dll
ftp = {79eac9e3-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\System32\urlmon.dll
gopher = {79eac9e4-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\System32\urlmon.dll
http = {79eac9e2-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\System32\urlmon.dll
https = {79eac9e5-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\System32\urlmon.dll
its = {9D148291-B9C8-11D0-A4CC-0000F80149F6} = C:\WINDOWS\System32\itss.dll
javascript = {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\System32\mshtml.dll
local = {79eac9e7-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\System32\urlmon.dll
mailto = {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\System32\mshtml.dll
mhtml = {05300401-BCBC-11d0-85E3-00C04FD85AB4} = C:\WINDOWS\System32\inetcomm.dll
mk = {79eac9e6-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\System32\urlmon.dll
ms-its = {9D148291-B9C8-11D0-A4CC-0000F80149F6} = C:\WINDOWS\System32\itss.dll
ms-itss = {0A9007C0-4076-11D3-8789-0000F8105754} = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
res = {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\System32\mshtml.dll
sysimage = {76E67A63-06E9-11D2-A840-006008059382} = C:\WINDOWS\System32\mshtml.dll
tv = {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} = C:\WINDOWS\System32\msvidctl.dll
vbscript = {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\System32\mshtml.dll
vnd.ms.radio = {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} = C:\WINDOWS\System32\msdxm.ocx
wia = {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} = C:\WINDOWS\System32\wiascr.dll

--------------------

WOW compatibility:

cmdline = C:\WINDOWS\system32\ntvdm.exe
wowcmdline = C:\WINDOWS\system32\ntvdm.exe -a C:\WINDOWS\system32\krnl386

[KnownDlls (16-bit) (40)]
avicap.dll
avifile.dll
comm.drv
commdlg.dll
compobj.dll
ctl3dv2.dll
ddeml.dll
keyboard.drv
lanman.drv
mapi.dll
mciavi.drv
mciseq.drv
mciwave.drv
mmsystem.dll
mouse.drv
msacm.dll
msvideo.dll
netapi.dll
ole2.dll
ole2disp.dll
ole2nls.dll
olecli.dll
olesvr.dll
pmspl.dll
progman.exe
rasapi16.dll
shell.dll
sound.drv
storage.dll
system.drv
timer.drv
toolhelp.dll
typelib.dll
vga.drv
wfwnet.drv
win87em.dll
winoldap.mod
winsock.dll
winspool.exe
wowdeb.exe

[KnownDlls (32-bit) (20)]
advapi32.dll
comdlg32.dll
gdi32.dll
imagehlp.dll
kernel32.dll
lz32.dll
ole32.dll
oleaut32.dll
olecli32.dll
olecnv32.dll
olesvr32.dll
olethk32.dll
rpcrt4.dll
shell32.dll
url.dll
urlmon.dll
user32.dll
version.dll
wininet.dll
wldap32.dll

--------------------

ShellServiceObjectDelayLoad:

[All users (4)]
CDBurn = {fbeb8a05-beee-4442-804e-409d6c4515e9} = C:\WINDOWS\system32\SHELL32.dll
PostBootReminder = {7849596a-48ea-486e-8937-a2a3009f31a9} = C:\WINDOWS\system32\SHELL32.dll
SysTray = {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\System32\webcheck.dll

--------------------

SharedTaskScheduler (2):

Browseui preloader = {438755C2-A8BA-11D1-B96B-00A0C90312E1} = C:\WINDOWS\System32\browseui.dll
Component Categories cache daemon = {8C7461EF-2B13-11d2-BE35-3078302C2030} = C:\WINDOWS\System32\browseui.dll

--------------------

Winsock LSP:

[Protocols (18)]
MSAFD Tcpip [TCP/IP] - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD Tcpip [UDP/IP] - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
RSVP UDP Service Provider - {9D60A9E0-337A-11D0-BD88-0000C082E69A} - C:\WINDOWS\system32\rsvpsp.dll
RSVP TCP Service Provider - {9D60A9E0-337A-11D0-BD88-0000C082E69A} - C:\WINDOWS\system32\rsvpsp.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D8FD4264-F0CC-43EE-86F2-F9E2A7DCFC47}] SEQPACKET 6 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D8FD4264-F0CC-43EE-86F2-F9E2A7DCFC47}] DATAGRAM 6 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{52689E74-15A6-4DD0-A158-77464C215EDC}] SEQPACKET 1 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{52689E74-15A6-4DD0-A158-77464C215EDC}] DATAGRAM 1 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{6B3F6CBB-0727-4B68-BE91-A40552D24CC0}] SEQPACKET 0 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{6B3F6CBB-0727-4B68-BE91-A40552D24CC0}] DATAGRAM 0 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}] SEQPACKET 2 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}] DATAGRAM 2 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5EC0A67-7EEA-48D6-BF30-90F5C13ABCA3}] SEQPACKET 3 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5EC0A67-7EEA-48D6-BF30-90F5C13ABCA3}] DATAGRAM 3 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{FD1D092D-CB83-4A83-A3D2-6CD2BDA2527B}] SEQPACKET 4 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{FD1D092D-CB83-4A83-A3D2-6CD2BDA2527B}] DATAGRAM 4 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5968C159-7F94-4201-BE42-A88A8F5DF472}] SEQPACKET 5 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5968C159-7F94-4201-BE42-A88A8F5DF472}] DATAGRAM 5 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll

[Namespace Providers (3)]
Tcpip - {22059D40-7E9E-11CF-AE5A-00AA00A7112B} - C:\WINDOWS\System32\mswsock.dll
NTDS - {3B2637EE-E580-11CF-A555-00C04FD8D4AC} - C:\WINDOWS\System32\winrnr.dll
Network Location Awareness (NLA) Namespace - {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83} - C:\WINDOWS\System32\mswsock.dll

--------------------

3rd-Party autostarts:

[mIRC]
* mirc.ini *
Remote: remote.ini
Remote: remote.ini
- Aliases: aliases.ini (13)
[aliases]
n0=/op /mode # +ooo $$1 $2 $3
n1=/dop /mode # -ooo $$1 $2 $3
n2=/j /join #$$1 $2-
n3=/p /part #
n4=/n /names #$$1
n5=/w /whois $$1
n6=/k /kick # $$1 $2-
n7=/q /query $$1
n8=/send /dcc send $1 $2
n9=/chat /dcc chat $1
n10=/ping /ctcp $$1 ping
n11=/s /server $$1-



--------------------

Hijack points:

[Reset web settings URLs]
SearchAssistant =
CustomizeSearch =
START_PAGE_URL =
SEARCH_PAGE_URL =
MS_START_PAGE_URL =

[Internet Explorer URLs]
* This user *
- Internet Explorer\Main (5)
Default_Page_Url = http://www.dellnet.com
Local Page = C:\WINDOWS\System32\blank.htm
Search Bar = http://www.google.com/ie
Search Page = http://www.google.com
Start Page = http://www.bluesnews.com/

- Internet Explorer\Search (1)
SearchAssistant = http://www.google.com/ie

- Internet Explorer\SearchURL (1)
(Default) = http://www.google.com/search?q=%s

- Internet Explorer\Desktop\General (2)
BackupWallpaper = %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Wallpaper = %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

* All users *
- Internet Explorer\Main (7)
CustomizeSearch = http://www.microsoft...amp;ar=iesearch
Default_Page_Url = http://www.dellnet.com
Default_Search_Url = http://www.google.com/ie
Local Page = %SystemRoot%\system32\blank.htm
Search Page = http://www.microsoft...amp;ar=iesearch
SearchAssistant = http://www.microsoft...amp;ar=iesearch
Start Page = http://www.msn.com/

- Internet Explorer\Search (3)
CustomizeSearch = http://ie.search.msn...st/srchcust.htm
Default_Search_Url = http://www.google.com/ie
SearchAssistant = http://www.google.com/ie

- Internet Explorer\AboutURLs (6)
blank = res://mshtml.dll/blank.htm
DesktopItemNavigationFailure = res://shdoclc.dll/navcancl.htm
NavigationCanceled = res://shdoclc.dll/navcancl.htm
NavigationFailure = res://shdoclc.dll/navcancl.htm
OfflineInformation = res://shdoclc.dll/offcancl.htm
PostNotCached = res://mshtml.dll/repost.htm



[Default URL prefixes]
default = http://
ftp = ftp://
gopher = gopher://
home = http://
mosaic = http://
www = http://

[Hosts file location]
DatabasePath = C:\WINDOWS\System32\drivers\etc\hosts

--------------------

Protection & disabled items:

[Hosts file (1)]
* 127.0.0.1 *
localhost


[ActiveX killbits (7)]
&Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
ActiveXPlugin Object - {06DD38D3-D187-11CF-A80D-00C04FD74AD8} - C:\WINDOWS\System32\plugin.ocx
CEnroll Class - {43F8F289-7A20-11D0-8F06-00C04FC295E1} - C:\WINDOWS\system32\xenroll.dll
HHCtrl Object - {ADB880A6-D8FF-11CF-9377-00AA003B7A11} - C:\WINDOWS\System32\hhctrl.ocx
LM Runtime Control - {183C259A-0480-11d1-87EA-00C04FC29D46} - C:\WINDOWS\System32\lmrt.dll
Microsoft Rich Textbox Control 6.0 (SP4) - {3B7C8860-D78F-101B-B9B5-04021C009402} - C:\WINDOWS\System32\richtx32.ocx
RegWizCtrl - {50E5E3D1-C07E-11D0-B9FD-00A0249F6B00} - C:\WINDOWS\System32\regwizc.dll

[Zones]
* This user *
- Restricted sites (1)
70.87.13.75



[MSConfig XP (29)]
70b120b9 = rundll32.exe "C:\WINDOWS\System32\qcdlpeel.dll",b
Aida = C:\Documents and Settings\Doug Radcliffe\Application Data\eetu.exe
ap9h4qmo = C:\WINDOWS\System32\ap9h4qmo.exe
BDAZEK = C:\WINDOWS\System32\BDAZEK.exe
BullsEye Network = C:\Program Files\BullsEye Network\bin\bargains.exe
ControlPanel = C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile
ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
Desktop Search = C:\WINDOWS\isrvs\desktop.exe
Dot1XCfg = C:\Program Files\Dot1XCfg\Dot1XCfg.exe
dx4.exe = C:\documents and settings\doug radcliffe\local settings\temp\dx4.exe
igndlm.exe = C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
InfoData = rundll32.exe "C:\WINDOWS\System32\gbnviebc.dll",realset
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
kdx = C:\WINDOWS\kdx\KHost.exe
Media Access = C:\Program Files\Media Access\MediaAccK.exe
Microsoft Update = Microsoft.exe
mswspl = C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Regscan = C:\WINDOWS\System32\regscan.exe
RunDLL = rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
runner1 = C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
saap = c:\windows\saap.exe
Security iGuard = C:\Program Files\Security iGuard\Security iGuard.exe
SurfSideKick 2 = C:\Program Files\SurfSideKick 2\Ssk.exe
TBPS = C:\PROGRA~1\Toolbar\TBPS.exe
Tcvhk = C:\WINDOWS\System32\??erinit.exe
tilglej = C:\WINDOWS\tilglej.exe
ViewMgr = C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
WinTools = C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
xlktrjjk = c:\windows\system32\xlktrjjk.exe

[Stopped/disabled NT Services]
* Stopped (49) *
Alerter = C:\WINDOWS\System32\svchost.exe -k LocalService
Application Layer Gateway Service = C:\WINDOWS\System32\alg.exe
ASP.NET State Service = C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
Background Intelligent Transfer Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
ClipBook = C:\WINDOWS\system32\clipsrv.exe
COM+ Event System = C:\WINDOWS\System32\svchost.exe -k netsvcs
COM+ System Application = C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Distributed Transaction Coordinator = C:\WINDOWS\System32\msdtc.exe
Fast User Switching Compatibility = C:\WINDOWS\System32\svchost.exe -k netsvcs
Google Updater Service = "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
IMAPI CD-Burning COM Service = C:\WINDOWS\System32\imapi.exe
Indexing Service = C:\WINDOWS\system32\cisvc.exe
InstallDriver Table Manager = "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
Intel NCS NetService = C:\Program Files\Intel\NCS\Sync\NetSvc.exe
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS) = C:\WINDOWS\System32\svchost.exe -k netsvcs
iPodService = C:\Program Files\iPod\bin\iPodService.exe
LiveUpdate = "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
Logical Disk Manager = C:\WINDOWS\System32\svchost.exe -k netsvcs
Logical Disk Manager Administrative Service = C:\WINDOWS\System32\dmadmin.exe /com
Messenger = C:\WINDOWS\System32\svchost.exe -k netsvcs
MS Software Shadow Copy Provider = C:\WINDOWS\System32\dllhost.exe /Processid:{F79A1568-D6C5-4C69-A086-936CF52DBBE3}
Net Logon = C:\WINDOWS\System32\lsass.exe
NetMeeting Remote Desktop Sharing = C:\WINDOWS\System32\mnmsrvc.exe
Network Connections = C:\WINDOWS\System32\svchost.exe -k netsvcs
Network DDE = C:\WINDOWS\system32\netdde.exe
Network DDE DSDM = C:\WINDOWS\system32\netdde.exe
Network Location Awareness (NLA) = C:\WINDOWS\System32\svchost.exe -k netsvcs
NT LM Security Support Provider = C:\WINDOWS\System32\lsass.exe
Performance Logs and Alerts = C:\WINDOWS\system32\smlogsvc.exe
Portable Media Serial Number Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
QoS RSVP = C:\WINDOWS\System32\rsvp.exe
Remote Access Auto Connection Manager = C:\WINDOWS\System32\svchost.exe -k netsvcs
Remote Access Connection Manager = C:\WINDOWS\System32\svchost.exe -k netsvcs
Remote Desktop Help Session Manager = C:\WINDOWS\system32\sessmgr.exe
Remote Procedure Call (RPC) Locator = C:\WINDOWS\System32\locator.exe
Removable Storage = C:\WINDOWS\system32\svchost.exe -k netsvcs
Smart Card = C:\WINDOWS\System32\SCardSvr.exe
Smart Card Helper = C:\WINDOWS\System32\SCardSvr.exe
SSDP Discovery Service = C:\WINDOWS\System32\svchost.exe -k LocalService
Symantec Core LC = "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
Symantec IS Password Validation = "C:\Program Files\Norton AntiVirus\isPwdSvc.exe"
Telephony = C:\WINDOWS\System32\svchost.exe -k netsvcs
Terminal Services = C:\WINDOWS\System32\svchost.exe -k netsvcs
Uninterruptible Power Supply = C:\WINDOWS\System32\ups.exe
Universal Plug and Play Device Host = C:\WINDOWS\System32\svchost.exe -k LocalService
Volume Shadow Copy = C:\WINDOWS\System32\vssvc.exe
Windows Image Acquisition (WIA) = C:\WINDOWS\System32\svchost.exe -k imgsvc
Windows Installer = C:\WINDOWS\System32\msiexec.exe /V
WMI Performance Adapter = C:\WINDOWS\System32\wbem\wmiapsrv.exe

* Stopped & disabled (3) *
Application Management = C:\WINDOWS\system32\svchost.exe -k netsvcs
Human Interface Device Access = C:\WINDOWS\System32\svchost.exe -k netsvcs
Routing and Remote Access = C:\WINDOWS\System32\svchost.exe -k netsvcs


[Windows XP Security]
* System Restore *
- All users
DisableSR = dword: 0
CreateFirstRunRp = dword: 1
DSMin = dword: 200
DSMax = dword: 400
RPSessionInterval = dword: 0
RPGlobalInterval = dword: 86400
RPLifeInterval = dword: 7776000
CompressionBurst = dword: 60
TimerInterval = dword: 120
DiskPercent = dword: 12
ThawInterval = dword: 900
RestoreDiskSpaceError = dword: 0
RestoreStatus = dword: 0
RestoreSafeModeStatus = dword: 0



==================================================
= Other users on this computer: Default user =
==================================================
--------------------

Autostart folders:

[User Startup]
DESKTOP.INI

--------------------

IniMapping values:

User screensaver = logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (2) *
NoDriveTypeAutoRun = dword: 145
CDRAutoRun = dword: 0


--------------------

Hijack points:

[Internet Explorer URLs]
* Internet Explorer\Main (5) *
Default_Page_Url = http://www.dellnet.com
First Home Page = http://www.dellnet.com
Search Bar = http://www.microsoft...amp;ar=iesearch
Search Page = http://www.microsoft...amp;ar=iesearch
Start Page = http://www.dellnet.com



==================================================
= Other users on this computer: LOCAL SERVICE =
==================================================
--------------------

Autostart folders:

[User Startup]
DESKTOP.INI

--------------------

IniMapping values:

User screensaver = C:\WINDOWS\System32\logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) *
NoDriveTypeAutoRun = dword: 145


--------------------

Hijack points:

[Internet Explorer URLs]
* Internet Explorer\Main (2) *
Search Bar = http://www.microsoft...amp;ar=iesearch
Search Page = http://www.microsoft...amp;ar=iesearch



==================================================
= Other users on this computer: NETWORK SERVICE =
==================================================
--------------------

Autostart folders:

[User Startup]
DESKTOP.INI

--------------------

IniMapping values:

User screensaver = C:\WINDOWS\System32\logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) *
NoDriveTypeAutoRun = dword: 145


--------------------

Hijack points:

[Internet Explorer URLs]
* Internet Explorer\Main (2) *
Search Bar = http://www.microsoft...amp;ar=iesearch
Search Page = http://www.microsoft...amp;ar=iesearch



==================================================
= Other users on this computer: SYSTEM =
==================================================
--------------------

Autostart folders:

[User Startup]
DESKTOP.INI

--------------------

IniMapping values:

User screensaver = logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (2) *
NoDriveTypeAutoRun = dword: 145
CDRAutoRun = dword: 0


--------------------

Hijack points:

[Internet Explorer URLs]
* Internet Explorer\Main (5) *
Default_Page_Url = http://www.dellnet.com
First Home Page = http://www.dellnet.com
Search Bar = http://www.microsoft...amp;ar=iesearch
Search Page = http://www.microsoft...amp;ar=iesearch
Start Page = http://www.dellnet.com



==================================================
= Other hardware configurations: Last known good =
==================================================
--------------------

On-reboot actions:

BootExecute = autocheck autochk *

--------------------

Services:

[NT Services (44)]
Ati HotKey Poller = C:\WINDOWS\System32\Ati2evxx.exe
ATI Smart = C:\WINDOWS\SYSTEM32\ati2sgag.exe
Automatic LiveUpdate Scheduler = "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
Automatic Updates = C:\WINDOWS\system32\svchost.exe -k netsvcs
AVG Anti-Spyware Guard = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Computer Browser = C:\WINDOWS\System32\svchost.exe -k netsvcs
Creative Service for CDROM Access = C:\WINDOWS\System32\CTsvcCDA.exe
Cryptographic Services = C:\WINDOWS\system32\svchost.exe -k netsvcs
DHCP Client = C:\WINDOWS\System32\svchost.exe -k netsvcs
Distributed Link Tracking Client = C:\WINDOWS\system32\svchost.exe -k netsvcs
DNS Client = C:\WINDOWS\System32\svchost.exe -k NetworkService
Error Reporting Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
Event Log = C:\WINDOWS\system32\services.exe
Help and Support = C:\WINDOWS\System32\svchost.exe -k netsvcs
IPSEC Services = C:\WINDOWS\System32\lsass.exe
LiveUpdate Notice Service = "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
LiveUpdate Notice Service Ex = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Plug and Play = C:\WINDOWS\system32\services.exe
PnkBstrA = C:\WINDOWS\System32\PnkBstrA.exe
Print Spooler = C:\WINDOWS\system32\spoolsv.exe
Protected Storage = C:\WINDOWS\system32\lsass.exe
Remote Procedure Call (RPC) = C:\WINDOWS\system32\svchost -k rpcss
Secondary Logon = C:\WINDOWS\System32\svchost.exe -k netsvcs
Security Accounts Manager = C:\WINDOWS\system32\lsass.exe
Server = C:\WINDOWS\System32\svchost.exe -k netsvcs
Shell Hardware Detection = C:\WINDOWS\System32\svchost.exe -k netsvcs
Symantec AppCore Service = "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"
Symantec Event Manager = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Symantec Lic NetConnect service = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Symantec Settings Manager = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
System Event Notification = C:\WINDOWS\system32\svchost.exe -k netsvcs
System Restore Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
Task Scheduler = C:\WINDOWS\System32\svchost.exe -k netsvcs
TCP/IP NetBIOS Helper = C:\WINDOWS\System32\svchost.exe -k LocalService
Themes = C:\WINDOWS\System32\svchost.exe -k netsvcs
Upload Manager = C:\WINDOWS\System32\svchost.exe -k netsvcs
WebClient = C:\WINDOWS\System32\svchost.exe -k LocalService
Windows Audio = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Management Instrumentation = C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Time = C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows User Mode Driver Framework = C:\WINDOWS\System32\wdfmgr.exe
Wireless Zero Configuration = C:\WINDOWS\System32\svchost.exe -k netsvcs
WMDM PMSP Service = C:\WINDOWS\System32\MsPMSPSv.exe
Workstation = C:\WINDOWS\System32\svchost.exe -k netsvcs

[VxD Services (1)]
JAVASUP = JAVASUP.VXD

[SafeBoot services (Minimal boot)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
AVG Anti-Spyware Driver
dmboot.sys
dmio.sys
dmload.sys
sermouse.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
PCI Configuration
PNP Filter
Primary disk
SCSI Class
System Bus Extender

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
AppMgmt
AVG Anti-Spyware Guard
CryptSvc
dmadmin
dmserver
EventLog
HelpSvc
Netlogon
PlugPlay
RpcSs
SRService
WinMgmt

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}


[SafeBoot services (Minimal boot + network support)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
AVG Anti-Spyware Driver
dmboot.sys
dmio.sys
dmload.sys
rdpcdd.sys
rdpdd.sys
rdpwd.sys
sermouse.sys
tdpipe.sys
tdtcp.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
NDIS
NDIS Wrapper
NetBIOSGroup
NetDDEGroup
Network
NetworkProvider
PCI Configuration
PNP Filter
PNP_TDI
Primary disk
SCSI Class
Streams Drivers
System Bus Extender
TDI

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* Net *
{4D36E972-E325-11CE-BFC1-08002BE10318}

* NetClient *
{4D36E973-E325-11CE-BFC1-08002BE10318}

* NetService *
{4D36E974-E325-11CE-BFC1-08002BE10318}

* NetTrans *
{4D36E975-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
AFD
AppMgmt
AVG Anti-Spyware Guard
Browser
CryptSvc
Dhcp
dmadmin
dmserver
DnsCache
EventLog
HelpSvc
LanmanServer
LanmanWorkstation
LmHosts
Messenger
Ndisuio
NetBIOS
NetBT
Netlogon
NetMan
NtLmSsp
PlugPlay
rdsessmgr
RpcSs
SRService
Tcpip
termservice
UploadMgr
WinMgmt
WZCSVC

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}


[SafeBoot: Alternate shell]
cmd.exe (not enabled)

--------------------

Driver filters:

[Class filters]
* Infrared devices *
- Upper filters
IRENUM.sys

* Storage volumes *
- Upper filters
VolSnap.sys



[Device filters]
* CD-ROM Drive *
- Upper filters
redbook.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

- Lower filters
imapi.sys

* Communications Port *
- Upper filters
serenum.sys

* Communications Port *
- Upper filters
serenum.sys

* Direct Parallel *
- Lower filters
PtiLink.sys

* Intel® 82875P Processor to AGP Controller - 2579 *
- Upper filters
AGP440.sys

* Terminal Server Keyboard Driver *
- Upper filters
kbdclass.sys

* Terminal Server Mouse Driver *
- Upper filters
mouclass.sys

* WAN Miniport (IP) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPPOE) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPTP) *
- Lower filters
NdisTapi.sys



--------------------

Print monitors (5):

BJ Language Monitor - cnbjmon.dll
Local Port - localspl.dll
PJL Language Monitor - pjlmon.dll
Standard TCP/IP Port - tcpmon.dll
USB Monitor - usbmon.dll

--------------------

WOW compatibility:

cmdline = C:\WINDOWS\system32\ntvdm.exe
wowcmdline = C:\WINDOWS\system32\ntvdm.exe -a C:\WINDOWS\system32\krnl386

[KnownDlls (16-bit) (40)]
avicap.dll
avifile.dll
comm.drv
commdlg.dll
compobj.dll
ctl3dv2.dll
ddeml.dll
keyboard.drv
lanman.drv
mapi.dll
mciavi.drv
mciseq.drv
mciwave.drv
mmsystem.dll
mouse.drv
msacm.dll
msvideo.dll
netapi.dll
ole2.dll
ole2disp.dll
ole2nls.dll
olecli.dll
olesvr.dll
pmspl.dll
progman.exe
rasapi16.dll
shell.dll
sound.drv
storage.dll
system.drv
timer.drv
toolhelp.dll
typelib.dll
vga.drv
wfwnet.drv
win87em.dll
winoldap.mod
winsock.dll
winspool.exe
wowdeb.exe

[KnownDlls (32-bit) (20)]
advapi32.dll
comdlg32.dll
gdi32.dll
imagehlp.dll
kernel32.dll
lz32.dll
ole32.dll
oleaut32.dll
olecli32.dll
olecnv32.dll
olesvr32.dll
olethk32.dll
rpcrt4.dll
shell32.dll
url.dll
urlmon.dll
user32.dll
version.dll
wininet.dll
wldap32.dll


--------------------------------------------------
End of report, 135,157 bytes

Commandline options:
/showempty - Show empty sections
/showcmts - Show comments in .bat files
/noshowclsids - Hide class IDs
/noshowprivate - Hide usernames and computer name
/noshowusers - Hide entries from other users
/noshowhardware - Hide entries from other hardware configurations
/showlargehosts - Show hosts file even when more than 1000 lines are in it
/showlargezones - Show Zones even when more than 1000 domains are in them
/autosave - Run hidden, automatically save a report and quit
/autosavepath: - Specify where to save log, when using /autosave.
Use surrounding quotes for paths with spaces.
  • 0

#4
MBison

MBison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Please help me someone !
  • 0

#5
MBison

MBison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
UPDATE:

Okay, I downloaded the latest version of Vundofix (I had already run an older version which didn't find anything) and it found all of those files (and more ugh). It was able to delete all of the files EXCEPT qomlife.dll. I allowed it to reboot twice but it still couldn't delete it.

Any help finishing this off would be very helpful, thanks!
  • 0

#6
MBison

MBison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
UPDATE 2:

Okay, I was able to use the registry editor to repair the Browser Helper Objects. Also the files are no longer in the Winlogon/Notify area.

I think I'm mostly okay but I'm still not sure if I can delete qomlife.dll. Any remaining suggestions to get rid of that file I would greatly appreciate it.
  • 0

#7
MBison

MBison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Update 3:

Looks like it comes back if you don't get rid of it all. Now I have a set of new files doing the same thing.
  • 0

#8
MBison

MBison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Update: No matter what I do, it keeps coming back. I do Vundofix and it cleans what it can but then it comes back

It keeps making my browser go to the site 89.188.16.* from which it downloads the garbage again.

I tried putting that site into my Restricted Sites but it still allows IE to go there.

Please help!!!
  • 0

#9
MBison

MBison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I got Vundo or something and it won't go away. Vundofix finds it, and deletes what it can (it can't delete all of it, despite reboots) and then it just comes back a little bit later.

Please tell me what to do next. I'll do whatever is necessary to get rid of this.

Here's my Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:40:35 PM, on 2/3/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Doug Radcliffe\Desktop\Hotline\Hotline Client 1.8.5.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluesnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...C_2.3.3.102.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5968C159-7F94-4201-BE42-A88A8F5DF472}: NameServer = 205.152.144.23
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8985 bytes
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello M Bison
The more you reply to your own topic the less help you will get.
We look for topics with no replies.
Plus do not start more than one topic.
I have merged your topics into one.

Now down to buisness.
===========================
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

Advertisements


#11
MBison

MBison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hey kahdah, I apologize. I panicked cause I realized that I had to make multiple replies to the original post to fit in the STartup List log and knew that would make me overlooked. I'm sorry again, and I really appreciate your help. Especially on a weekend. Thanks so much! I will be forever in your debt.

Here are the contents of main.txt and extra.txt

Deckard's System Scanner v20071014.68
Run by Doug Radcliffe on 2008-02-03 14:54:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
90: 2008-02-03 19:54:18 UTC - RP1274 - Deckard's System Scanner Restore Point
89: 2008-02-02 20:52:44 UTC - RP1273 - Last known good configuration
88: 2008-02-02 19:04:22 UTC - RP1272 - System Checkpoint
87: 2008-02-01 17:58:43 UTC - RP1271 - System Checkpoint
86: 2008-01-31 17:51:35 UTC - RP1270 - System Checkpoint


-- First Restore Point --
1: 2007-11-06 12:49:23 UTC - RP1185 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 7.85 GiB (less than 15%) free.


-- HijackThis (run as Doug Radcliffe.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:14:27 PM, on 2/3/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Doug Radcliffe\Desktop\Hijack This\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Doug Radcliffe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluesnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {d66bef17-deed-bfdb-9ed4-1bdfa289e7c0} - {0c7e982a-fdb1-4de9-bdfb-deed71feb66d} - C:\WINDOWS\System32\arutyyvx.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A3D56949-044F-4B5C-A08A-33F50B1D3180} - C:\WINDOWS\System32\pmnnl.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\System32\wequtwch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...C_2.3.3.102.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5968C159-7F94-4201-BE42-A88A8F5DF472}: NameServer = 205.152.144.23
O20 - Winlogon Notify: wequtwch - C:\WINDOWS\SYSTEM32\wequtwch.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 9974 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 agp440 (Intel AGP Bus Filter) - c:\windows\\systemroot\system32\drivers\agp440.sys (file missing)
R0 giveio - c:\windows\system32\giveio.sys
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 enodpl - c:\windows\system32\drivers\enodpl.sys
R2 PStrip - c:\windows\system32\drivers\pstrip.sys <Not Verified; EnTech Taiwan; PowerStrip>
R2 tandpl - c:\windows\system32\drivers\tandpl.sys

S3 gkmixern - c:\docume~1\dougra~1\locals~1\temp\gkmixern.sys (file missing)
S3 sks - c:\docume~1\dougra~1\locals~1\temp\sks.sys (file missing)
S3 Smport - c:\documents and settings\doug radcliffe\desktop\newsbin\download\roms\intellivision\intellivision emu\smport.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-01 23:24:14 548 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Doug Radcliffe.job


-- Files created between 2008-01-03 and 2008-02-03 -----------------------------

2008-02-03 14:40:20 0 d-------- C:\Program Files\Trend Micro
2008-02-03 12:42:40 88640 --a------ C:\WINDOWS\System32\xwqwkyju.dll
2008-02-03 12:39:41 163904 --a------ C:\WINDOWS\System32\wequtwch.dll
2008-02-03 12:39:40 163904 --a------ C:\WINDOWS\System32\qjlkddwd.dll
2008-02-03 12:37:22 92736 --a------ C:\WINDOWS\System32\arutyyvx.dll
2008-02-03 12:36:39 374498 --ahs---- C:\WINDOWS\System32\lnnmp.ini2
2008-02-03 12:36:35 343040 --a------ C:\WINDOWS\System32\pmnnl.dll
2008-02-03 11:49:31 88640 --a------ C:\WINDOWS\System32\yyivctxq.dll
2008-02-03 03:51:00 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-02-03 03:51:00 53248 --a------ C:\WINDOWS\System32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-02-03 03:51:00 51200 --a------ C:\WINDOWS\System32\dumphive.exe
2008-02-02 15:50:52 36864 --a------ C:\WINDOWS\mrofinu572.exe
2008-02-02 15:47:57 38400 --a------ C:\WINDOWS\System32\tuvvuvt.dll
2008-02-02 15:46:58 38400 -----n--- C:\WINDOWS\System32\qomlife.dll
2008-02-02 15:46:57 0 d-------- C:\WINDOWS\System32\nGpxx01
2008-02-02 15:46:56 0 d-------- C:\Temp


-- Find3M Report ---------------------------------------------------------------

2008-02-03 12:24:29 288 --a------ C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-10031102}.dat
2008-02-03 12:24:29 288 --a------ C:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000004-10031102}.dat
2008-02-03 11:06:33 10022 --ahs---- C:\WINDOWS\System32\KGyGaAvL.sys
2008-02-02 23:41:26 0 d-a------ C:\Program Files\Common Files
2008-02-02 03:10:08 0 d-------- C:\Program Files\Full Tilt Poker
2008-02-02 01:42:50 0 d-------- C:\Program Files\Soulseek
2008-01-26 23:57:15 0 d-------- C:\Program Files\Winamp
2008-01-23 12:09:33 0 d-------- C:\Documents and Settings\Doug Radcliffe\Application Data\uTorrent
2008-01-20 00:20:57 0 d-------- C:\Program Files\Norton AntiVirus
2007-12-07 18:38:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-06 20:13:13 0 d-------- C:\Program Files\Strategy First
2007-12-06 19:27:32 0 d-------- C:\Program Files\Activision


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0c7e982a-fdb1-4de9-bdfb-deed71feb66d}]
02/03/2008 12:37 PM 92736 --a------ C:\WINDOWS\System32\arutyyvx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3D56949-044F-4B5C-A08A-33F50B1D3180}]
02/03/2008 12:36 PM 343040 --a------ C:\WINDOWS\System32\pmnnl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
02/03/2008 12:39 PM 163904 --a------ C:\WINDOWS\System32\wequtwch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [03/11/2003 04:24 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [06/10/2004 08:10 PM]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [08/14/2002 06:22 PM]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [10/29/2002 09:18 AM]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [09/30/2002 01:00 AM]
"CTHelper"="CTHELPER.EXE" [02/20/2003 04:45 PM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [08/29/2002 05:00 AM C:\WINDOWS\SYSTEM32\REGSVR32.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [03/28/2003 04:20 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/28/2003 09:35 PM]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [12/17/2002 12:28 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [07/16/2002 07:21 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [06/03/2005 02:52 AM]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [07/30/2003 12:02 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/01/2005 11:38 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 09:59 PM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [09/05/2006 08:22 PM]
"THGuard"="C:\Program Files\TrojanHunter 4.6\THGuard.exe" [01/31/2007 01:59 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 05:30 PM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 11:35 AM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/29/2002 05:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/25/2007 09:02 PM]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [08/29/2002 05:00 AM]

C:\Documents and Settings\Doug Radcliffe\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 9:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [5/31/2003 2:49:02 AM]
DESKTOP.INI [9/3/2002 9:00:00 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 8:05:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{98663E21-9CCE-4CF6-863C-911A9523A66F}"= C:\WINDOWS\System32\qomlife.dll [02/02/2008 03:46 PM 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wequtwch]
wequtwch.dll 02/03/2008 12:39 PM 163904 C:\WINDOWS\SYSTEM32\wequtwch.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\pmnnl

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\70b120b9]
rundll32.exe "C:\WINDOWS\System32\xwqwkyju.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
C:\Documents and Settings\Doug Radcliffe\Application Data\eetu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ap9h4qmo]
C:\WINDOWS\System32\ap9h4qmo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAZEK]
C:\WINDOWS\System32\BDAZEK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
C:\Program Files\BullsEye Network\bin\bargains.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlPanel]
C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Search]
C:\WINDOWS\isrvs\desktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg]
C:\Program Files\Dot1XCfg\Dot1XCfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dx4.exe]
C:\documents and settings\doug radcliffe\local settings\temp\dx4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InfoData]
rundll32.exe "C:\WINDOWS\System32\gbnviebc.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
C:\WINDOWS\kdx\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Access]
C:\Program Files\Media Access\MediaAccK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Update]
Microsoft.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mswspl]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regscan]
C:\WINDOWS\System32\regscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL]
rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\saap]
c:\windows\saap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Security iGuard]
C:\Program Files\Security iGuard\Security iGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 2]
C:\Program Files\SurfSideKick 2\Ssk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
C:\PROGRA~1\Toolbar\TBPS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tcvhk]
C:\WINDOWS\System32\??erinit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tilglej]
C:\WINDOWS\tilglej.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xlktrjjk]
c:\windows\system32\xlktrjjk.exe




-- End of Deckard's System Scanner: finished at 2008-02-03 15:15:12 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 1023 MiB / 383.05 MiB
Pagefile Memory (total/avail): 2461.85 MiB / 2060.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.98 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.72 GiB total, 7.85 GiB free.
D: is CDROM (Unformatted)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1200JB-75CRA0 - 111.76 GiB - 2 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 111.72 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Doug Radcliffe\Application Data
CLASSPATH=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PHOD
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Doug Radcliffe
LOGONSERVER=\\PHOD
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DOUGRA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\DOUGRA~1\LOCALS~1\Temp
USERDOMAIN=PHOD
USERNAME=Doug Radcliffe
USERPROFILE=C:\Documents and Settings\Doug Radcliffe
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Doug Radcliffe (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBAudigy2\Program\Ctzapxx.EXE" /U /S
--> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WS_FTP Pro\uninst.isu"
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
3ivx D4 4.5.1 (remove only) --> "C:\Program Files\3ivx\3ivx D4 4.5.1\uninstall.exe"
7-Zip 2.30 Beta 32 --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\7-zip.inf,SevenZip.Uninstall
a-squared Anti-Malware 2.1 --> "C:\Program Files\a-squared Anti-Malware\unins000.exe"
AcroChallenge 2.85 --> MsiExec.exe /X{FA3D29BC-9440-4CB4-993D-189543036C1E}
Ad-aware 6 Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Download Manager 1.2 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop 7.0.1 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
afly's dts/ac3 decodec --> "C:\WINDOWS\System32\undts.exe"
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x4f4d
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Aura Fate of the Ages --> MsiExec.exe /I{992D7983-AD02-480D-AC10-C9D0691F11FD}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Azureus --> C:\Program Files\Azureus\Uninstall.exe
BitTorrent 3.4.1 --> "C:\Program Files\BitTorrent\uninstall.exe"
BSPlayer --> "C:\Program Files\Webteh\BSplayer\uninstall.exe"
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Combined Community Codec Pack 2006-01-18 (Remove Only) --> C:\Program Files\Combined Community Codec Pack\Uninstall.exe
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\setup.exe" -l0x9 /remove
Culpa Innata --> "C:\Program Files\Strategy First\Culpa Innata\unins000.exe"
CuteFTP --> C:\PROGRA~1\GlobalSCAPE\CuteFTP\UNWISE32.EXE C:\PROGRA~1\GlobalSCAPE\CuteFTP\INSTALL.LOG
DAO --> MsiExec.exe /I{64116298-93C5-401D-B06C-39D8E3338508}
dBpowerAMP FLAC Codec --> "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP FLAC Codec.dat
dBpowerAMP Music Converter --> "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
DefilerPak 1.19 (Remove Only) --> "C:\Program Files\DefilerPak\UnDefile.exe"
Dell Picture Studio - Dell Image Expert --> MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
DIRECTV GameTracker --> "C:\Program Files\DIRECTV GameTracker\uninstall.exe"
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Dominions 3 (remove only) --> "C:\Program Files\dominions3\uninstall.exe"
Dot1XCfg --> "C:\Program Files\Dot1XCfg\Dot1XCfg.exe" -uninstall
DVDSentry --> MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
eMule --> "C:\Program Files\eMule\Uninstall.exe"
Enemy Territory - QUAKE Wars™ 1.1 Patch --> C:\Program Files\InstallShield Installation Information\{0C5D0DC4-F5D3-46F9-AE2E-E45C99B4A6B6}\setup.exe -runfromtemp -l0x0409
ESPN Java Check --> C:\WINDOWS\System32\javaws.exe -uninstall "http://espn.go.com/l.../jws-check.jar"
ExtractNow --> "C:\Program Files\ExtractNow\unins000.exe"
FEAR SP Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{520B1077-6B1F-4B9B-B7BC-8CD2F04982C3}\setup.exe" -l0x9 -removeonly
Free Games Offer, Desktop Shortcut --> MsiExec.exe /X{31DABA20-10A1-4746-9D9F-57955B8DFF66}
Full Tilt Poker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -l0x9 -removeonly
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar6.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotline Client 1.8.5 --> C:\WINDOWS\uninst.exe -f"c:\documents and settings\doug radcliffe\desktop\hotline\DeIsL1.isu" -c"c:\documents and settings\doug radcliffe\desktop\hotline\_ISREG32.DLL"
Hotline Connect Client 1.9.1.0 --> C:\PROGRA~1\HOTLIN~1\HOTLIN~1\Setup.exe /remove
HyperSnap-DX 4 --> C:\PROGRA~1\HYPERS~1\UNWISE.EXE C:\PROGRA~1\HYPERS~1\INSTALL.LOG
IGN Download Manager 2.1.2 --> C:\Program Files\IGN\Download Manager\uninst.exe
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
Internet Explorer Q831167 --> C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q831167.inf
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
Ipswitch WS_FTP Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" -l0x9
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{872653C6-5DDC-488B-B7C2-CF9E4D9335E5} /l1033
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Java 2 Runtime Environment, SE v1.4.2_04 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
Kazaa Lite K++ v2.4.1 --> "C:\Program Files\Kazaa Lite K++\unins000.exe"
Kazaa Lite Resurrection 0.0.7.6 F --> "C:\Program Files\Kazaa Lite Resurrection\unins000.exe"
LEGO Star Wars Demo Disc --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{F7D1D93A-B17A-41F8-9070-0B2A544C6165} /l1033
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
MAME32k (remove only) --> "C:\Program Files\MAME32k\uninst.exe"
Matroska Pack - Lazy Man's MKV 0.9.9 --> "C:\Program Files\LD-Anime\unins000.exe"
Media Library Management Wizard --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplibwiz.inf,DefaultUninstall
Microsoft Encarta Encyclopedia Standard 2003 --> MsiExec.exe /I{03410014-3975-4267-9F39-1DC4745090B7}
Microsoft Excel Viewer 97 --> C:\Program Files\XLView\setup\setup.exe
Microsoft Money 2003 --> MsiExec.exe /I{01F9D88C-3C86-4E82-840A-101A3221F67A}
Microsoft Money 2003 System Pack --> MsiExec.exe /I{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Picture It! Photo 7.0 --> MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}
Microsoft Streets and Trips 2002 --> MsiExec.exe /I{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2003 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe D:\
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Doug Radcliffe\Application Data\Move Networks\ie_bin\Uninst.exe
Movie Maker Background Music Files --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmmusic.inf,DefaultUninstall
Movie Maker Sound Effects --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmsounds.inf,DefaultUninstall
Movie Maker Title Images --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmtitle.inf,DefaultUninstall
MSN Gaming Zone --> C:\PROGRA~1\MSNGAM~1\zsetup.exe /Uninstall
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
Myst IV - Revelation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96F702F3-7CA4-41B5-A70A-4F348DF99A9A}\setup.exe" -l0x9
Myth II --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Myth II\Uninst.isu"
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nic's XviD Decoder --> "C:\WINDOWS\System32\UninstXviDDec.exe"
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Nostalgia, an Intellivision Emulator --> "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-Nostalgia, an Intellivision Emulator.dat
Outcast --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Infogrames\Outcast\Uninst.isu" -c"C:\Program Files\Infogrames\Outcast\Uninst.dll"
Outcast Patch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{523113E0-ABFD-11D3-BE74-0000E20392C2}\setup.exe"
Outlook Express Q837009 --> C:\WINDOWS\oeuninst.exe C:\WINDOWS\INF\Q837009.inf
Paint Shop Pro 7 --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Panda ActiveScan --> C:\WINDOWS\System32\ASUninst.exe Panda ActiveScan
PartyPoker --> "c:\program files\PartyGaming\PartyPoker\Uninstall.exe" "c:\program files\PartyGaming\PartyPoker\install.log"
Plus! MP3 Audio Converter LE --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\audcle.inf,DefaultUninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerStrip 3 (remove only) --> C:\Program Files\PowerStrip\uninstal.exe
QuickPar 0.9 --> C:\Program Files\QuickPar\uninst.exe
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
RealOne Player --> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
Sam and Max - Season One 1.0 --> C:\Program Files\The Adventure Company\Sam and Max - Season One\Uninstall Sam and Max - Season One.exe
Shockwave --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Sid Meier's Pirates! --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
SmartPar --> C:\WINDOWS\System32\GKSUI18.EXE C:\Program Files\smr-usenet\smartpar\UNINSTAL.DAT
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
Sound Blaster Audigy 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E82BF103-904F-49C0-B77F-6EC110B71E87}\setup.exe" -l0x9
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpeechRedist --> MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam™ --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
StuffIt Standard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1F21580-77B0-48CD-A96B-EDF7201A46AC}\Setup.exe" -l0x9
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Symantec Technical Support Web Controls --> MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TContext --> "C:\Program Files\Internet Optimizer\optimize.exe" /u 8
Texas Calculatem 4 with "AutoRead" --> "C:\Program Files\TexasCalculatem\unins000.exe"
The Last Express --> C:\WINDOWS\uninst.exe -f"C:\Program Files\The Last Express\DeIsL1.isu"
The Longest Journey --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0280F0D8-1542-4DAA-913C-8529E2A3835D}\Setup.exe"
The Ur-Quan Masters (remove only) --> "C:\Program Files\The Ur-Quan Masters\uninstall.exe"
TrojanHunter 4.6 --> "C:\Program Files\TrojanHunter 4.6\unins000.exe"
Tweak UI --> "C:\WINDOWS\System32\mshta.exe" "res://C:\WINDOWS\System32\TweakUI.exe/uninstall.hta"
Unlocker 1.8.5 --> C:\Program Files\Unlocker\uninst.exe
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
Visual Pinball --> MsiExec.exe /I{B36C4994-A563-4339-8754-CCCE51314A4C}
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Bonus Pack for Windows XP --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
x26 v1.1.12 --> "C:\Documents and Settings\Doug Radcliffe\Desktop\Newsbin\DOWNLOAD\ROMS\2600\x26\unins000.exe"
XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type33040 / Error
Event Submitted/Written: 02/03/2008 02:51:18 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type33037 / Error
Event Submitted/Written: 02/03/2008 02:46:36 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE,
  • 0

#12
MBison

MBison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hey it looks like extra.txt got cut off so here's the whole thing again:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 1023 MiB / 383.05 MiB
Pagefile Memory (total/avail): 2461.85 MiB / 2060.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.98 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.72 GiB total, 7.85 GiB free.
D: is CDROM (Unformatted)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1200JB-75CRA0 - 111.76 GiB - 2 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 111.72 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Doug Radcliffe\Application Data
CLASSPATH=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PHOD
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Doug Radcliffe
LOGONSERVER=\\PHOD
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DOUGRA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\DOUGRA~1\LOCALS~1\Temp
USERDOMAIN=PHOD
USERNAME=Doug Radcliffe
USERPROFILE=C:\Documents and Settings\Doug Radcliffe
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Doug Radcliffe (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBAudigy2\Program\Ctzapxx.EXE" /U /S
--> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WS_FTP Pro\uninst.isu"
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
3ivx D4 4.5.1 (remove only) --> "C:\Program Files\3ivx\3ivx D4 4.5.1\uninstall.exe"
7-Zip 2.30 Beta 32 --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\7-zip.inf,SevenZip.Uninstall
a-squared Anti-Malware 2.1 --> "C:\Program Files\a-squared Anti-Malware\unins000.exe"
AcroChallenge 2.85 --> MsiExec.exe /X{FA3D29BC-9440-4CB4-993D-189543036C1E}
Ad-aware 6 Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Download Manager 1.2 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop 7.0.1 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
afly's dts/ac3 decodec --> "C:\WINDOWS\System32\undts.exe"
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x4f4d
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Aura Fate of the Ages --> MsiExec.exe /I{992D7983-AD02-480D-AC10-C9D0691F11FD}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Azureus --> C:\Program Files\Azureus\Uninstall.exe
BitTorrent 3.4.1 --> "C:\Program Files\BitTorrent\uninstall.exe"
BSPlayer --> "C:\Program Files\Webteh\BSplayer\uninstall.exe"
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Combined Community Codec Pack 2006-01-18 (Remove Only) --> C:\Program Files\Combined Community Codec Pack\Uninstall.exe
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\setup.exe" -l0x9 /remove
Culpa Innata --> "C:\Program Files\Strategy First\Culpa Innata\unins000.exe"
CuteFTP --> C:\PROGRA~1\GlobalSCAPE\CuteFTP\UNWISE32.EXE C:\PROGRA~1\GlobalSCAPE\CuteFTP\INSTALL.LOG
DAO --> MsiExec.exe /I{64116298-93C5-401D-B06C-39D8E3338508}
dBpowerAMP FLAC Codec --> "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP FLAC Codec.dat
dBpowerAMP Music Converter --> "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
DefilerPak 1.19 (Remove Only) --> "C:\Program Files\DefilerPak\UnDefile.exe"
Dell Picture Studio - Dell Image Expert --> MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
DIRECTV GameTracker --> "C:\Program Files\DIRECTV GameTracker\uninstall.exe"
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Dominions 3 (remove only) --> "C:\Program Files\dominions3\uninstall.exe"
Dot1XCfg --> "C:\Program Files\Dot1XCfg\Dot1XCfg.exe" -uninstall
DVDSentry --> MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
eMule --> "C:\Program Files\eMule\Uninstall.exe"
Enemy Territory - QUAKE Wars™ 1.1 Patch --> C:\Program Files\InstallShield Installation Information\{0C5D0DC4-F5D3-46F9-AE2E-E45C99B4A6B6}\setup.exe -runfromtemp -l0x0409
ESPN Java Check --> C:\WINDOWS\System32\javaws.exe -uninstall "http://espn.go.com/l.../jws-check.jar"
ExtractNow --> "C:\Program Files\ExtractNow\unins000.exe"
FEAR SP Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{520B1077-6B1F-4B9B-B7BC-8CD2F04982C3}\setup.exe" -l0x9 -removeonly
Free Games Offer, Desktop Shortcut --> MsiExec.exe /X{31DABA20-10A1-4746-9D9F-57955B8DFF66}
Full Tilt Poker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -l0x9 -removeonly
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar6.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotline Client 1.8.5 --> C:\WINDOWS\uninst.exe -f"c:\documents and settings\doug radcliffe\desktop\hotline\DeIsL1.isu" -c"c:\documents and settings\doug radcliffe\desktop\hotline\_ISREG32.DLL"
Hotline Connect Client 1.9.1.0 --> C:\PROGRA~1\HOTLIN~1\HOTLIN~1\Setup.exe /remove
HyperSnap-DX 4 --> C:\PROGRA~1\HYPERS~1\UNWISE.EXE C:\PROGRA~1\HYPERS~1\INSTALL.LOG
IGN Download Manager 2.1.2 --> C:\Program Files\IGN\Download Manager\uninst.exe
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
Internet Explorer Q831167 --> C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q831167.inf
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
Ipswitch WS_FTP Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" -l0x9
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{872653C6-5DDC-488B-B7C2-CF9E4D9335E5} /l1033
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Java 2 Runtime Environment, SE v1.4.2_04 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
Kazaa Lite K++ v2.4.1 --> "C:\Program Files\Kazaa Lite K++\unins000.exe"
Kazaa Lite Resurrection 0.0.7.6 F --> "C:\Program Files\Kazaa Lite Resurrection\unins000.exe"
LEGO Star Wars Demo Disc --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{F7D1D93A-B17A-41F8-9070-0B2A544C6165} /l1033
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
MAME32k (remove only) --> "C:\Program Files\MAME32k\uninst.exe"
Matroska Pack - Lazy Man's MKV 0.9.9 --> "C:\Program Files\LD-Anime\unins000.exe"
Media Library Management Wizard --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplibwiz.inf,DefaultUninstall
Microsoft Encarta Encyclopedia Standard 2003 --> MsiExec.exe /I{03410014-3975-4267-9F39-1DC4745090B7}
Microsoft Excel Viewer 97 --> C:\Program Files\XLView\setup\setup.exe
Microsoft Money 2003 --> MsiExec.exe /I{01F9D88C-3C86-4E82-840A-101A3221F67A}
Microsoft Money 2003 System Pack --> MsiExec.exe /I{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Picture It! Photo 7.0 --> MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}
Microsoft Streets and Trips 2002 --> MsiExec.exe /I{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2003 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe D:\
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Doug Radcliffe\Application Data\Move Networks\ie_bin\Uninst.exe
Movie Maker Background Music Files --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmmusic.inf,DefaultUninstall
Movie Maker Sound Effects --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmsounds.inf,DefaultUninstall
Movie Maker Title Images --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmtitle.inf,DefaultUninstall
MSN Gaming Zone --> C:\PROGRA~1\MSNGAM~1\zsetup.exe /Uninstall
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
Myst IV - Revelation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96F702F3-7CA4-41B5-A70A-4F348DF99A9A}\setup.exe" -l0x9
Myth II --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Myth II\Uninst.isu"
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nic's XviD Decoder --> "C:\WINDOWS\System32\UninstXviDDec.exe"
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Nostalgia, an Intellivision Emulator --> "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-Nostalgia, an Intellivision Emulator.dat
Outcast --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Infogrames\Outcast\Uninst.isu" -c"C:\Program Files\Infogrames\Outcast\Uninst.dll"
Outcast Patch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{523113E0-ABFD-11D3-BE74-0000E20392C2}\setup.exe"
Outlook Express Q837009 --> C:\WINDOWS\oeuninst.exe C:\WINDOWS\INF\Q837009.inf
Paint Shop Pro 7 --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Panda ActiveScan --> C:\WINDOWS\System32\ASUninst.exe Panda ActiveScan
PartyPoker --> "c:\program files\PartyGaming\PartyPoker\Uninstall.exe" "c:\program files\PartyGaming\PartyPoker\install.log"
Plus! MP3 Audio Converter LE --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\audcle.inf,DefaultUninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerStrip 3 (remove only) --> C:\Program Files\PowerStrip\uninstal.exe
QuickPar 0.9 --> C:\Program Files\QuickPar\uninst.exe
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
RealOne Player --> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
Sam and Max - Season One 1.0 --> C:\Program Files\The Adventure Company\Sam and Max - Season One\Uninstall Sam and Max - Season One.exe
Shockwave --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Sid Meier's Pirates! --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
SmartPar --> C:\WINDOWS\System32\GKSUI18.EXE C:\Program Files\smr-usenet\smartpar\UNINSTAL.DAT
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
Sound Blaster Audigy 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E82BF103-904F-49C0-B77F-6EC110B71E87}\setup.exe" -l0x9
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpeechRedist --> MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam™ --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
StuffIt Standard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1F21580-77B0-48CD-A96B-EDF7201A46AC}\Setup.exe" -l0x9
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Symantec Technical Support Web Controls --> MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TContext --> "C:\Program Files\Internet Optimizer\optimize.exe" /u 8
Texas Calculatem 4 with "AutoRead" --> "C:\Program Files\TexasCalculatem\unins000.exe"
The Last Express --> C:\WINDOWS\uninst.exe -f"C:\Program Files\The Last Express\DeIsL1.isu"
The Longest Journey --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0280F0D8-1542-4DAA-913C-8529E2A3835D}\Setup.exe"
The Ur-Quan Masters (remove only) --> "C:\Program Files\The Ur-Quan Masters\uninstall.exe"
TrojanHunter 4.6 --> "C:\Program Files\TrojanHunter 4.6\unins000.exe"
Tweak UI --> "C:\WINDOWS\System32\mshta.exe" "res://C:\WINDOWS\System32\TweakUI.exe/uninstall.hta"
Unlocker 1.8.5 --> C:\Program Files\Unlocker\uninst.exe
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
Visual Pinball --> MsiExec.exe /I{B36C4994-A563-4339-8754-CCCE51314A4C}
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Bonus Pack for Windows XP --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
x26 v1.1.12 --> "C:\Documents and Settings\Doug Radcliffe\Desktop\Newsbin\DOWNLOAD\ROMS\2600\x26\unins000.exe"
XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type33040 / Error
Event Submitted/Written: 02/03/2008 02:51:18 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type33037 / Error
Event Submitted/Written: 02/03/2008 02:46:36 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type33035 / Error
Event Submitted/Written: 02/03/2008 02:37:32 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 21955421.

Event Record #/Type33034 / Error
Event Submitted/Written: 02/03/2008 02:37:30 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type33033 / Error
Event Submitted/Written: 02/03/2008 02:35:55 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type13097 / Error
Event Submitted/Written: 02/03/2008 03:14:59 PM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type13096 / Error
Event Submitted/Written: 02/03/2008 03:14:59 PM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type13095 / Error
Event Submitted/Written: 02/03/2008 03:14:59 PM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type13094 / Error
Event Submitted/Written: 02/03/2008 03:14:59 PM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type13093 / Error
Event Submitted/Written: 02/03/2008 03:14:59 PM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.



-- End of Deckard's System Scanner: finished at 2008-02-03 15:15:12 ------------
  • 0

#13
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok no problem. :)

Please download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#14
MBison

MBison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here's the Combofix log

ComboFix 08-02.03.1 - Doug Radcliffe 2008-02-03 15:43:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.449 [GMT -5:00]
Running from: C:\Documents and Settings\Doug Radcliffe\Desktop\Hijack This\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\wequtwch.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Doug Radcliffe\Application Data\macromedia\Flash Player\#SharedObjects\5TMZJYP6\www.broadcaster.com
C:\Documents and Settings\Doug Radcliffe\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Doug Radcliffe\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\arutyyvx.dll
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\SYSTEM32\leepldcq.ini
C:\WINDOWS\SYSTEM32\lnnmp.ini
C:\WINDOWS\SYSTEM32\lnnmp.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\qjlkddwd.dll
C:\WINDOWS\system32\qomlife.dll
C:\WINDOWS\SYSTEM32\qxtcviyy.ini
C:\WINDOWS\system32\tuvvuvt.dll
C:\WINDOWS\system32\ucfytaam.dllbox
C:\WINDOWS\SYSTEM32\ujykwqwx.ini
C:\WINDOWS\system32\wequtwch.dll
C:\WINDOWS\system32\wequtwch.dllbox
C:\WINDOWS\system32\xwqwkyju.dll
C:\WINDOWS\system32\yyivctxq.dll

----- BITS: Possible infected sites -----

hxxp://
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.

2008-02-03 14:53 . 2008-02-03 14:53 <DIR> d-------- C:\Deckard
2008-02-03 14:40 . 2008-02-03 14:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-03 04:15 . 2008-02-03 04:16 <DIR> d-------- C:\Program Files\Unlocker
2008-02-03 03:51 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2008-02-03 03:51 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2008-02-03 03:51 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2008-02-02 15:46 . 2008-02-02 15:57 <DIR> d-------- C:\WINDOWS\SYSTEM32\nGpxx01
2008-02-02 15:46 . 2008-02-02 15:46 <DIR> d-------- C:\Temp\cXzz9
2008-02-02 15:46 . 2008-02-02 15:46 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-02 08:10 --------- d-----w C:\Program Files\Full Tilt Poker
2008-02-02 06:42 --------- d-----w C:\Program Files\Soulseek
2008-01-27 04:57 --------- d-----w C:\Program Files\Winamp
2008-01-23 17:09 --------- d-----w C:\Documents and Settings\Doug Radcliffe\Application Data\uTorrent
2008-01-20 05:20 --------- d-----w C:\Program Files\Norton AntiVirus
2007-12-07 23:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-07 01:13 --------- d-----w C:\Program Files\Strategy First
2007-12-07 00:27 --------- d-----w C:\Program Files\Activision
2007-10-02 20:22 22,328 ----a-w C:\Documents and Settings\Doug Radcliffe\Application Data\PnkBstrK.sys
2006-01-17 20:21 58,936 ----a-w C:\Documents and Settings\Doug Radcliffe\Application Data\GDIPFONTCACHEV1.DAT
2005-04-09 23:03 0 ----a-w C:\Documents and Settings\Doug Radcliffe\7.dat
2005-04-09 23:03 0 ----a-w C:\Documents and Settings\Doug Radcliffe\6.dat
2005-04-09 23:03 0 ----a-w C:\Documents and Settings\Doug Radcliffe\4.dat
2005-04-09 23:03 0 ----a-w C:\Documents and Settings\Doug Radcliffe\3.dat
2005-04-09 23:03 0 ----a-w C:\Documents and Settings\Doug Radcliffe\1.dat
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 339,968 2004-06-11 01:10:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
----a-w 339,968 2004-06-11 01:10:00 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

----a-w 45,056 2005-08-12 18:43:58 C:\Program Files\ATI Technologies\ATI.ACE\bak\cli.exe

----a-w 28,672 2002-07-16 12:21:48 C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe
----a-w 28,672 2002-07-16 12:21:48 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

----a-w 151,597 2003-06-29 02:35:18 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
----a-w 151,597 2003-06-29 02:35:18 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

----a-w 45,056 2002-09-30 06:00:00 C:\Program Files\Creative\SBAudigy2\DVDAudio\bak\CTDVDDet.EXE
----a-w 45,056 2002-09-30 06:00:00 C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

----a-w 49,152 2002-10-29 14:18:24 C:\Program Files\Creative\SBAudigy2\Surround Mixer\bak\CTSysVol.exe
----a-w 49,152 2002-10-29 14:18:24 C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

----a-w 972,432 2006-11-07 22:22:24 C:\Program Files\IGN\Download Manager\bak\DLM.exe
----a-w 972,432 2006-11-07 22:22:24 C:\Program Files\IGN\Download Manager\DLM.exe

----a-w 86,016 2003-03-11 21:24:40 C:\Program Files\Intel\NCS\PROSet\bak\PRONoMgr.exe
----a-w 86,016 2003-03-11 21:24:40 C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

----a-w 278,528 2005-10-18 16:58:54 C:\Program Files\iTunes\bak\iTunesHelper.exe

----a-w 36,975 2005-06-03 07:52:54 C:\Program Files\Java\jre1.5.0_04\bin\bak\jusched.exe
----a-w 36,975 2005-06-03 07:52:54 C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

----a-w 53,248 2003-07-30 05:02:16 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mmtask.exe
----a-w 53,248 2003-07-30 05:02:16 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

----a-w 143,360 2003-03-28 21:20:38 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe
----a-w 143,360 2003-03-28 21:20:38 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

----a-w 155,648 2005-11-02 04:38:39 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 155,648 2005-11-02 04:38:39 C:\Program Files\QuickTime\qttask.exe

----a-w 684,032 2002-12-17 17:28:00 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe
----a-w 684,032 2002-12-17 17:28:00 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

----a-w 13,312 2002-08-29 10:00:00 C:\WINDOWS\SYSTEM32\bak\ctfmon.exe
----a-w 13,312 2002-08-29 10:00:00 C:\WINDOWS\SYSTEM32\ctfmon.exe

----a-r 28,672 2002-08-14 23:22:52 C:\WINDOWS\SYSTEM32\bak\DSentry.exe
----a-r 28,672 2002-08-14 23:22:52 C:\WINDOWS\SYSTEM32\DSentry.exe

----a-w 63,696 2005-09-28 20:35:48 C:\WINDOWS\SYSTEM32\bak\dxdllreg.exe
----a-w 63,696 2005-09-28 20:35:48 C:\WINDOWS\SYSTEM32\dxdllreg.exe

----a-w 155,648 2001-07-09 15:50:42 C:\WINDOWS\SYSTEM32\bak\NeroCheck.exe
----a-w 155,648 2001-07-09 15:50:42 C:\WINDOWS\SYSTEM32\NeroCheck.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 21:02 68856]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 05:00 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24 86016]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 20:10 339968]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-08-14 18:22 28672]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 09:18 49152]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 01:00 45056]
"CTHelper"="CTHELPER.EXE" [2003-02-20 16:45 28672 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [2002-08-29 05:00 9728 C:\WINDOWS\SYSTEM32\REGSVR32.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-03-28 16:20 143360]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-06-28 21:35 151597]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 12:28 684032]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 07:21 28672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 02:52 36975]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-30 00:02 53248]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-01 23:38 155648]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 20:22 26248]
"THGuard"="C:\Program Files\TrojanHunter 4.6\THGuard.exe" [2007-01-31 13:59 1102848]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2002-08-29 05:00 145408]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-05-31 02:49:02 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\70b120b9]
C:\WINDOWS\System32\xwqwkyju.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
C:\Documents and Settings\Doug Radcliffe\Application Data\eetu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ap9h4qmo]
C:\WINDOWS\System32\ap9h4qmo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAZEK]
C:\WINDOWS\System32\BDAZEK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
C:\Program Files\BullsEye Network\bin\bargains.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlPanel]
C:\WINDOWS\System32\cmd32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2002-08-29 05:00 13312 C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Search]
C:\WINDOWS\isrvs\desktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg]
C:\Program Files\Dot1XCfg\Dot1XCfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dx4.exe]
C:\documents and settings\doug radcliffe\local settings\temp\dx4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2006-11-07 17:22 972432 C:\Program Files\IGN\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InfoData]
C:\WINDOWS\System32\gbnviebc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
C:\WINDOWS\kdx\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Access]
C:\Program Files\Media Access\MediaAccK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Update]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mswspl]
--a------ 2004-04-19 11:06 102400 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regscan]
C:\WINDOWS\System32\regscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL]
C:\WINDOWS\System32\bridge.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu572.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\saap]
c:\windows\saap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Security iGuard]
C:\Program Files\Security iGuard\Security iGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 2]
C:\Program Files\SurfSideKick 2\Ssk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
C:\PROGRA~1\Toolbar\TBPS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tcvhk]
--a------ 2002-08-29 05:00 22016 C:\WINDOWS\System32\??erinit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tilglej]
C:\WINDOWS\tilglej.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
--a------ 2004-04-19 11:06 102400 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xlktrjjk]
c:\windows\system32\xlktrjjk.exe

R2 PStrip;PSTRIP;C:\WINDOWS\System32\DRIVERS\PSTRIP.SYS [2004-11-09 16:32]
S3 gkmixern;gkmixern;C:\DOCUME~1\DOUGRA~1\LOCALS~1\Temp\gkmixern.sys []
S3 sks;sks;C:\DOCUME~1\DOUGRA~1\LOCALS~1\Temp\sks.sys []
S3 Smport;Smport;C:\Documents and Settings\Doug Radcliffe\Desktop\Newsbin\DOWNLOAD\ROMS\Intellivision\Intellivision Emu\Smport.sys []

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
*Newly Created Service* - SHAREDACCESS
.
Contents of the 'Scheduled Tasks' folder
"2008-02-02 04:24:14 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Doug Radcliffe.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 15:56:07
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
.
**************************************************************************
.
Completion time: 2008-02-03 16:13:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-03 21:13:00
  • 0

#15
MBison

MBison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
And here's the Hijack This log.

Thanks so much again, you guys really are a credit to generosity and kindness helping out us goofballs :)

Looking forward to your reply:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:06:19 PM, on 2/3/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluesnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...C_2.3.3.102.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5968C159-7F94-4201-BE42-A88A8F5DF472}: NameServer = 205.152.144.23
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 9515 bytes
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP