k heres the main txt
Deckard's System Scanner v20071014.68
Run by User on 2008-04-08 20:09:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
59: 2008-04-09 01:09:14 UTC - RP160 - Deckard's System Scanner Restore Point
58: 2008-04-08 22:12:57 UTC - RP159 - Removed Ad-Aware 2007
57: 2008-04-08 15:50:37 UTC - RP158 - Restore Operation
56: 2008-04-08 03:30:47 UTC - RP157 - Last known good configuration
55: 2008-04-08 03:30:41 UTC - RP156 - System Checkpoint
-- First Restore Point --
1: 2008-04-08 03:30:19 UTC - RP102 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as User.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:32 PM, on 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\6L8ORM7D\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\User.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896O2 - BHO: (no name) - {01A33D85-4706-452A-B71A-99510ADA8C0C} - C:\WINDOWS\system32\xxyvwXQh.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A32BB6AB-2F4D-4883-B37F-EA00FD78EF3A} - C:\WINDOWS\system32\tuvSjgfg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\DivX\qttask.exe" -atboottime
O4 - HKLM\..\Run: [f42555ab] rundll32.exe "C:\WINDOWS\system32\yfohntfh.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [BySoft StayAlive Pro] C:\Program Files\BySoft StayAlive Pro\StayAlive.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -
http://www.fileplane...C_2.3.6.108.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace....ploader1006.cabO20 - Winlogon Notify: xxyvwXQh - C:\WINDOWS\SYSTEM32\xxyvwXQh.dll
O21 - SSODL: SrvDrv - {cdc1a85c-f8d2-4944-9159-8d2b0f2e5104} - C:\WINDOWS\Resources\SrvDrv.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 7807 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 oreans32 - c:\windows\system32\drivers\oreans32.sys
S3 XDva119 - c:\windows\system32\xdva119.sys (file missing)
S3 XDva121 - c:\windows\system32\xdva121.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S4 OneCareMP (OneCare AntiSpyware and AntiVirus) - "c:\program files\microsoft windows onecare live\antivirus\msmpeng.exe" (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-04-04 19:03:54 554 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - User.job
2008-03-29 15:05:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-03-08 and 2008-04-08 -----------------------------
2008-04-08 19:19:29 0 d-------- C:\Program Files\Trend Micro
2008-04-08 10:35:28 83520 --a------ C:\WINDOWS\system32\yfohntfh.dll
2008-04-08 10:32:22 3648 --a------ C:\WINDOWS\system32\jtlhedfl.dll
2008-04-07 22:30:09 299281 --ahs---- C:\WINDOWS\system32\gfgjSvut.ini2
2008-04-07 22:30:02 267776 --a------ C:\WINDOWS\system32\tuvSjgfg.dll
2008-04-07 22:25:37 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-04-07 22:25:37 4096 --a------ C:\WINDOWS\system32winlogonpc.exe
2008-04-07 22:25:37 4096 --a------ C:\WINDOWS\system32taack.exe
2008-04-07 22:25:37 4096 --a------ C:\WINDOWS\system32taack.dat
2008-04-07 22:25:37 4096 --a------ C:\WINDOWS\system32sncntr.exe
2008-04-07 22:25:37 4096 --a------ C:\WINDOWS\system32mwin32.exe
2008-04-07 22:25:37 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
2008-04-07 22:25:37 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-04-07 22:25:37 4096 --a------ C:\WINDOWS\system32hoproxy.dll
2008-04-07 22:25:37 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-04-07 22:25:37 4096 --a------ C:\WINDOWS\a.bat
2008-04-07 22:25:37 0 d-------- C:\Documents and Settings\User\Desktopvirii
2008-04-07 22:25:36 4096 --a------ C:\WINDOWS\system32ssurf022.dll
2008-04-07 22:25:36 4096 --a------ C:\WINDOWS\system32psoft1.exe
2008-04-07 22:25:36 4096 --a------ C:\WINDOWS\system32psof1.exe
2008-04-07 22:25:36 4096 --a------ C:\WINDOWS\system32ps1.exe
2008-04-07 22:25:36 4096 --a------ C:\WINDOWS\system32msnbho.dll
2008-04-07 22:25:36 4096 --a------ C:\WINDOWS\system32medup020.dll
2008-04-07 22:25:36 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
2008-04-07 22:25:36 4096 --a------ C:\WINDOWS\iTunesMusic.exe
2008-04-07 22:25:35 4096 --a------ C:\WINDOWS\system32temp#01.exe
2008-04-07 22:25:35 4096 --a------ C:\WINDOWS\system32ssvchost.exe
2008-04-07 22:25:35 0 d-------- C:\WINDOWS\system32smp
2008-04-07 22:25:35 4096 --a------ C:\WINDOWS\system32netode.exe
2008-04-07 22:25:35 4096 --a------ C:\WINDOWS\system32mtr2.exe
2008-04-07 22:25:35 4096 --a------ C:\WINDOWS\system32msgp.exe
2008-04-07 22:25:35 4096 --a------ C:\WINDOWS\system32medup012.dll
2008-04-07 22:25:35 4096 --a------ C:\WINDOWS\system32h@tkeysh@@k.dll
2008-04-07 22:25:35 4096 --a------ C:\WINDOWS\system32dpcproxy.exe
2008-04-07 22:25:34 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-04-07 22:25:34 4096 --a------ C:\WINDOWS\system32regm64.dll
2008-04-07 22:25:34 4096 --a------ C:\WINDOWS\system32regc64.dll
2008-04-07 22:25:34 4096 --a------ C:\WINDOWS\system32msvchost.exe
2008-04-07 22:25:33 4096 --a------ C:\WINDOWS\system32thun32.dll
2008-04-07 22:25:33 4096 --a------ C:\WINDOWS\system32thun.dll
2008-04-07 22:25:33 4096 --a------ C:\WINDOWS\system32Rundl1.exe
2008-04-07 22:25:33 4096 --a------ C:\WINDOWS\system32newsd32.exe
2008-04-07 22:25:33 4096 --a------ C:\WINDOWS\system32emesx.dll
2008-04-07 22:25:33 4096 --a------ C:\WINDOWS\system32akttzn.exe
2008-04-07 22:25:33 4096 --a------ C:\Documents and Settings\User\DesktopFWebdEditor.exe
2008-04-07 22:25:33 4096 --a------ C:\Documents and Settings\User\Desktopfwebd.exe
2008-04-07 22:25:33 4096 --a------ C:\Documents and Settings\User\Desktopfilemanagerclient.exe
2008-04-07 22:25:32 4096 --a------ C:\WINDOWS\winsystem.exe
2008-04-07 22:25:32 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE
2008-04-07 22:25:32 4096 --a------ C:\WINDOWS\system32winsystem.exe
2008-04-07 22:25:32 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-04-07 22:25:32 4096 --a------ C:\WINDOWS\system32vbsys2.dll
2008-04-07 22:25:32 4096 --a------ C:\WINDOWS\system32sysreq.exe
2008-04-07 22:25:32 4096 --a------ C:\WINDOWS\system32mssecu.exe
2008-04-07 22:25:32 4096 --a------ C:\WINDOWS\system32bdn.com
2008-04-07 22:25:32 4096 --a------ C:\WINDOWS\system32awtoolb.dll
2008-04-07 22:25:32 4096 --a------ C:\WINDOWS\system32anticipator.dll
2008-04-07 22:25:32 4096 --a------ C:\WINDOWS\mssecu.exe
2008-04-07 22:25:32 0 d-------- C:\WINDOWS\mslagent
2008-04-07 22:25:32 4096 --a------ C:\WINDOWS\bdn.com
2008-04-07 22:25:29 217088 --a------ C:\WINDOWS\mgsvflkw.dll
2008-04-07 22:25:28 0 --a------ C:\WINDOWS\vnbptxlf.dll
2008-04-07 22:25:28 270336 --a------ C:\WINDOWS\temlxopqrxg.dll
2008-04-07 22:25:28 172032 --a------ C:\WINDOWS\qdnkewfa.dll
2008-04-07 22:25:09 0 d-------- C:\Documents and Settings\All Users\Application Data\nwdynsxy
2008-04-07 22:24:58 36352 --a------ C:\WINDOWS\system32\xxyvwXQh.dll
2008-04-05 13:56:49 0 d-------- C:\WINDOWS\.jagex_cache_32
2008-04-05 13:56:49 0 d-------- C:\.jagex_cache_32
2008-03-29 12:47:35 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-03-29 12:47:34 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-03-22 00:30:39 0 d-------- C:\Documents and Settings\User\Application Data\AdobeUM
2008-03-21 17:52:25 0 d-------- C:\Program Files\Cabal
2008-03-16 13:24:36 0 d-------- C:\Program Files\Guild Wars
2008-03-15 10:33:30 0 d-------- C:\Documents and Settings\User\Application Data\Help
-- Find3M Report ---------------------------------------------------------------
2008-04-07 21:48:03 0 d-------- C:\Documents and Settings\User\Application Data\LimeWire
2008-04-03 16:29:23 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-27 17:01:14 0 d-------- C:\Program Files\DAoC Portal
2008-03-20 23:12:05 0 --a------ C:\Documents and Settings\User\Application Data\AVSDVDPlayer.m3u
2008-03-19 16:25:57 0 d-------- C:\Program Files\Java
2008-03-04 17:55:22 0 d-------- C:\Documents and Settings\User\Application Data\DAoC Portal
2008-03-04 12:27:47 0 d-------- C:\Program Files\Warcraft III
2008-03-01 23:06:21 0 d-------- C:\Program Files\DivX
2008-03-01 16:10:01 0 d-------- C:\Program Files\Bethesda Softworks
2008-03-01 16:09:01 0 d-------- C:\Program Files\Morrowind
2008-02-29 22:46:12 0 d-------- C:\Program Files\LimeWire
2008-02-25 00:37:17 0 d-------- C:\Documents and Settings\User\Application Data\Adobe
2008-02-23 15:26:35 76457 --a------ C:\WINDOWS\War3Unin.dat
2008-02-20 21:05:44 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-02-20 21:04:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-02-20 21:04:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-02-20 21:04:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-02-20 21:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 21:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 21:04:04 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 21:03:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-11 12:12:47 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-02-11 12:12:47 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-02-08 00:26:09 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-06 00:56:04 20163 --a------ C:\WINDOWS\W2BNEUnin.dat
2008-02-04 17:29:38 2829 --a------ C:\WINDOWS\W2BNEUnin.pif
2008-02-04 17:29:38 98304 --a------ C:\WINDOWS\W2BNEUnin.exe <Not Verified; Blizzard Entertainment; Warcraft II Battle.net Edition Uninstaller>
2008-02-02 12:24:02 35190 --a------ C:\WINDOWS\scunin.dat
2008-02-02 12:24:01 967 --a------ C:\WINDOWS\ScUnin.pif
2008-02-02 12:24:01 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-01-08 18:35:54 1100 --a------ C:\WINDOWS\checkip.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01A33D85-4706-452A-B71A-99510ADA8C0C}]
04/07/2008 10:24 PM 36352 --a------ C:\WINDOWS\system32\xxyvwXQh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A32BB6AB-2F4D-4883-B37F-EA00FD78EF3A}]
04/07/2008 10:30 PM 267776 --a------ C:\WINDOWS\system32\tuvSjgfg.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 02:42 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [11/07/2005 05:20 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [01/14/2007 02:11 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [01/08/2007 10:26 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [01/08/2007 10:17 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 08:51 PM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 01:35 PM]
"QuickTime Task"="C:\Program Files\DivX\qttask.exe" [02/01/2008 12:13 AM]
"f42555ab"="C:\WINDOWS\system32\yfohntfh.dll" [04/08/2008 10:35 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 07:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09/25/2007 08:10 PM]
"@"="" []
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" []
"BySoft StayAlive Pro"="C:\Program Files\BySoft StayAlive Pro\StayAlive.exe" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{01A33D85-4706-452A-B71A-99510ADA8C0C}"= C:\WINDOWS\system32\xxyvwXQh.dll [04/07/2008 10:24 PM 36352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SrvDrv"= {cdc1a85c-f8d2-4944-9159-8d2b0f2e5104} - C:\WINDOWS\Resources\SrvDrv.dll [04/07/2008 10:25 PM 13866]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyvwXQh]
xxyvwXQh.dll 04/07/2008 10:24 PM 36352 C:\WINDOWS\system32\xxyvwXQh.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\tuvSjgfg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI]
"C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OneCareMP"=2 (0x2)
"msfwsvc"=2 (0x2)
then heres the extra txt
FW: Norton AntiVirus v2007 (Symantec Corporation)
AV: Norton AntiVirus v2007 (Symantec Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\User\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=USER-2E8D5F0114
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\User
LOGONSERVER=\\USER-2E8D5F0114
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\DivX\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\User\LOCALS~1\Temp
TMP=C:\DOCUME~1\User\LOCALS~1\Temp
USERDOMAIN=USER-2E8D5F0114
USERNAME=User
USERPROFILE=C:\Documents and Settings\User
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
User
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVS DVD Player version 2.3 --> "C:\Program Files\AVSMedia\DVDPlayer\unins000.exe"
CABAL Online --> "C:\Program Files\Cabal\unins000.exe"
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Crash Analysis Tool --> MsiExec.exe /X{D5F881C2-B134-474E-AA60-B25DD218AE0D}
DAoC Portal --> C:\Program Files\DAoC Portal\uninstall-dp.exe
DAoC Portal --> MsiExec.exe /I{D611CBD6-B6D6-404D-82AE-EC12041389D6}
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EAX Unified (SHELL) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative Labs\EAX Unified (SHELL)\Uninst.isu"
Fable - The Lost Chapters --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
ffdshow [rev 1723] [2007-12-24] --> "C:\Program Files\Veoh Networks\Veoh\ffdshow\unins000.exe"
FINAL FANTASY VIII --> C:\WINDOWS\IsUninst.exe -f"c:\program files\final fantasy viii\Uninst.isu"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Guild Wars --> "C:\Program Files\Guild Wars\Gw.exe" -uninstall
Hero Editor V0.90 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Hero Editor\ST6UNST.LOG"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® PRO Network Connections Drivers --> Prounstl.exe
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
MatrixWorld 3D Screensaver (remove only) --> "C:\Program Files\Screensavers.com\MatrixWorld 3D Screensaver\Uninstall.exe"
Microsoft Age of Empires --> C:\Program Files\Microsoft Games\Age of Empires\Uninstal.exe /uninstall
Microsoft Age of Empires Expansion --> "C:\Program Files\Microsoft Games\Age of Empires\UNINSTX.EXE" /runtemp
Microsoft Age of Empires II --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Live OneCare Resources v1.6.2111.32 --> MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus --> MsiExec.exe /I{5F9E8613-C1A5-4995-8E8B-3F178F439B6C}
Microsoft Windows OneCare Live v1.6.2111.32 Idcrl Install --> MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
Morrowind --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\MWUninstall\Setup.exe" -l0x9
Mozilla Firefox (2.0.0.2) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_2_0_29\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Pirates of the Caribbean - At Worlds End --> C:\Program Files\InstallShield Installation Information\{01CBFCE7-95AD-40F3-BC63-C46EFB2FC9C4}\setup.exe -runfromtemp -l0x0009 Pirates of the Caribbean - At Worlds End -removeonly
PowerDVD --> "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x000409 /z-uninstall
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Screensavers Installer Version 3 --> "C:\Program Files\Screensavers.com\SSSUninst.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
TES Construction Set --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409
Warcraft II BNE --> C:\WINDOWS\W2BNEUnin.exe C:\WINDOWS\W2BNEUnin.dat
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
-- Application Event Log -------------------------------------------------------
Event Record #/Type9840 / Warning
Event Submitted/Written: 04/08/2008 07:59:17 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type9810 / Warning
Event Submitted/Written: 04/08/2008 05:13:59 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type9786 / Warning
Event Submitted/Written: 04/08/2008 04:35:42 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type9781 / Error
Event Submitted/Written: 04/08/2008 04:21:11 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16608, faulting module user32.dll, version 5.1.2600.3099, fault address 0x00019a3e.
Processing media-specific event for [iexplore.exe!ws!]
Event Record #/Type9764 / Warning
Event Submitted/Written: 04/08/2008 11:42:48 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type23844 / Error
Event Submitted/Written: 04/08/2008 08:00:05 PM / 04/08/2008 08:00:24 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type
Event Record #/Type23822 / Error
Event Submitted/Written: 04/08/2008 06:53:51 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Event Record #/Type23821 / Warning
Event Submitted/Written: 04/08/2008 06:27:18 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type23813 / Warning
Event Submitted/Written: 04/08/2008 06:06:21 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type23777 / Error
Event Submitted/Written: 04/08/2008 05:14:48 PM / 04/08/2008 05:15:09 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type