That is correct - I deleted the Entry in HiJackThis and then upon reboot its back. Now I am also getting the AntiVirus 2009 and related popups again, and system keeps just bogging down. I had a hard time even getting back to this forum via Internet Explorer- had to retry about a half dozen times.
Here is Main.txt:Deckard's System Scanner v20071014.68
Run by Michael on 2008-08-05 18:18:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
12: 2008-08-06 01:18:39 UTC - RP704 - Deckard's System Scanner Restore Point
11: 2008-08-05 23:57:15 UTC - RP703 - Last known good configuration
10: 2008-08-05 23:56:55 UTC - RP702 - Last known good configuration
9: 2008-08-05 23:56:54 UTC - RP701 - Last known good configuration
8: 2008-08-05 23:56:54 UTC - RP700 - ComboFix created restore point
-- First Restore Point --
1: 2008-08-05 23:56:53 UTC - RP693 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 4.57 GiB (less than 15%) free.-- HijackThis (run as Michael.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:22:00 PM, on 8/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ultravnc\winvnc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\PFU\ScanSnap\PfuSsSct.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Yahoo!\Companion\Installs\cpn1\ytbb.exe
C:\Documents and Settings\mhallerbach.MERIDIANINSURAN\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Michael.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://global.acer.com/O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2FA24518-5FE0-4CF1-8BA1-8EB9BE93AA50} - C:\WINDOWS\system32\nnnoLCtq.dll
O2 - BHO: {13e978b1-c7ba-97ca-db14-c326eb7a9f13} - {31f9a7be-623c-41bd-ac79-ab7c1b879e31} - C:\WINDOWS\system32\ecyiue.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {9D00A6C4-5627-4AAC-9D15-1B066A07E1D8} - C:\WINDOWS\system32\cbXPiFxx.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - (no file)
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PfuSsSct.exe] C:\Program Files\PFU\ScanSnap\PfuSsSct.exe /Station
O4 - HKLM\..\Run: [Pdfquickview] C:\Program Files\PFU\ScanSnap\PDF Thumbnail View\pdfquickview.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\jvypsmin.dll",b
O4 - HKLM\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\vafhsiom.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-21-900646456-2107505695-3789622048-1611\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'mhallerbach')
O4 - HKUS\S-1-5-21-900646456-2107505695-3789622048-1611\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'mhallerbach')
O4 - HKUS\S-1-5-21-900646456-2107505695-3789622048-1611\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'mhallerbach')
O4 - HKUS\S-1-5-21-900646456-2107505695-3789622048-1611\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (User 'mhallerbach')
O4 - S-1-5-21-900646456-2107505695-3789622048-1611 User Startup: Mass Downloader.lnk = C:\Program Files\Mass Downloader\massdown.exe (User 'mhallerbach')
O4 - Global Startup: ScanSnap Manager.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI699F~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://*.travelers.comO15 - Trusted Zone:
http://*.travelerspc.comO15 - Trusted Zone:
http://*.travelers.com (HKLM)
O15 - Trusted Zone:
http://*.travelerspc.com (HKLM)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=58813O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) -
http://www.riffinter...up/RiffLick.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://www.costcopho...stcoActivia.cabO16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) -
http://ipgweb.cce.hp...ads/sysinfo.cabO16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -
http://www.xblock.co...clean_micro.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1138655502171O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1137115233703O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Meridianinsurance.local
O17 - HKLM\Software\..\Telephony: DomainName = Meridianinsurance.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{25C45799-3CE7-4813-8CCC-910FE7CC44D6}: NameServer = 192.168.1.250
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = meridianinsurance.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Meridianinsurance.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = Meridianinsurance.local
O20 - Winlogon Notify: nnnoLCtq - C:\WINDOWS\SYSTEM32\nnnoLCtq.dll
O20 - Winlogon Notify: rqRLfcdc - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\ultravnc\winvnc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 16722 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080805-111209-220 O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
backup-20080805-114659-430 O2 - BHO: (no name) - {11499053-50F1-41C5-82DB-4D3EB538E05A} - (no file)
backup-20080805-114659-472 O2 - BHO: (no name) - {1F2E7CAF-A6CE-4702-A050-79F83EB13987} - (no file)
backup-20080805-114659-252 O2 - BHO: (no name) - {4EC66E48-B863-4413-BC91-463D9CCA093B} - (no file)
backup-20080805-114659-834 O2 - BHO: (no name) - {4ED216DB-F15A-4F06-819B-3FE343097193} - (no file)
backup-20080805-114659-648 O2 - BHO: (no name) - {51DC7A06-2251-4795-A863-421782966EC9} - (no file)
backup-20080805-114659-471 O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - (no file)
backup-20080805-114659-675 O2 - BHO: (no name) - {E892C08E-411E-4E95-ABAD-35A43B430F00} - (no file)
backup-20080805-173354-267 O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\itajxjjf.dll",b
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 bdpredir - c:\program files\softwin\bitdefender10\bdpredir.sys <Not Verified; Softwin SRL; BitDefender 10>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 3.0.1.901>
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 3.0.1.901>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R2 osaio - c:\windows\system32\drivers\osaio.sys <Not Verified; Windows ® 2000 DDK provider; OSA I/O Port Driver Version 1.0.5>
R2 osanbm - c:\windows\system32\drivers\osanbm.sys <Not Verified; Windows ® 2000 DDK provider; OSA int15 Driver Version 2.0.2>
R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
S2 LMIInfo (LogMeIn Kernel Information Provider) - c:\program files\logmein\x86\rainfo.sys (file missing)
S2 windrvNT - c:\windows\system32\windrvnt.sys (file missing)
S3 AR5211 (D-Link Adapter) - c:\windows\system32\drivers\ar5211.sys <Not Verified; D-Link; D-Link Wireless Network Adapter>
S3 PavSRK.sys - c:\windows\system32\pavsrk.sys (file missing)
S3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\windows\system32\pcandis5.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe <Not Verified; OSA Technologies Inc.; Acer Empowering Manager>
R2 MSSQL$ACT7 - c:\program files\microsoft sql server\mssql$act7\binn\sqlservr.exe -sact7
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
R2 SansaService (Sansa Updater Service) - c:\program files\sandisk\sansa updater\sansasvr.exe
R2 winvnc (VNC Server) - "c:\program files\ultravnc\winvnc.exe" -service <Not Verified; UltraVNC; UltraVNC>
S2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 Pml Driver HPZ12 - c:\windows\system32\hpzipm12.exe (file missing)
S3 QBFCService (Intuit QuickBooks FCS) - "c:\program files\common files\intuit\quickbooks\fcs\intuit.quickbooks.fcs.exe" <Not Verified; Intuit Inc.; QuickBooks 2007>
S3 SQLAgent$ACT7 - c:\program files\microsoft sql server\mssql$act7\binn\sqlagent.exe -i act7
S4 QBCFMonitorService - "c:\program files\common files\intuit\quickbooks\qbcfmonitorservice.exe" <Not Verified; Intuit; QuickBooks for Windows>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: INPROCOMM IPN2220 Wireless LAN Card
Device ID: PCI\VEN_17FE&DEV_2220&SUBSYS_03051468&REV_00\4&5A988DE&0&10F0
Manufacturer: INPROCOMM
Name: INPROCOMM IPN2220 Wireless LAN Card
PNP Device ID: PCI\VEN_17FE&DEV_2220&SUBSYS_03051468&REV_00\4&5A988DE&0&10F0
Service: IPN2220
-- Scheduled Tasks -------------------------------------------------------------
2008-08-05 14:57:12 434 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5CC05D6A-9CAB-4767-A227-BE11D1F8E7A4}.job
2008-08-04 16:00:02 264 --a------ C:\WINDOWS\Tasks\Disk Cleanup.job
2008-08-04 11:00:02 420 --ah----- C:\WINDOWS\Tasks\Athlon Risk Management Corp 1148510098.job
2008-08-01 16:30:02 534 --a------ C:\WINDOWS\Tasks\20060531_171200_Weekly Backup of C&D For MJH -revised.job
2008-08-01 10:23:06 512 --a------ C:\WINDOWS\Tasks\20080612_125900_LocalDandC.job
-- Files created between 2008-07-05 and 2008-08-05 -----------------------------
2008-08-05 17:45:22 83456 --a------ C:\WINDOWS\system32\jvypsmin.dll
2008-08-05 17:45:16 102400 --a------ C:\WINDOWS\system32\nhuiinij.dll
2008-08-05 17:45:16 102400 --a------ C:\WINDOWS\system32\ecyiue.dll
2008-08-05 17:42:15 2048 --a------ C:\WINDOWS\system32\coslwvde.exe
2008-08-05 17:40:16 94208 --a------ C:\WINDOWS\system32\vafhsiom.dll
2008-08-05 16:42:29 0 d-------- C:\Documents and Settings\Michael\Application Data\Yahoo!
2008-08-05 16:38:09 876007 --ahs---- C:\WINDOWS\system32\xxFiPXbc.ini2
2008-08-05 16:19:10 0 d-------- C:\Documents and Settings\Michael\Application Data\Malwarebytes
2008-08-05 16:00:08 0 d--hs---- C:\FOUND.002
2008-08-05 15:46:47 282624 -----n--- C:\WINDOWS\system32\cbXPiFxx.dll
2008-08-05 15:41:42 32256 -----n--- C:\WINDOWS\system32\nnnoLCtq.dll
2008-08-01 16:46:31 68096 --a------ C:\WINDOWS\zip.exe
2008-08-01 16:46:31 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-01 16:46:31 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-01 16:46:31 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-01 16:46:31 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-01 16:46:31 98816 --a------ C:\WINDOWS\sed.exe
2008-08-01 16:46:31 80412 --a------ C:\WINDOWS\grep.exe
2008-08-01 16:46:31 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-01 16:41:42 0 d--hs---- C:\FOUND.001
2008-08-01 15:14:09 0 d-------- C:\Program Files\Lavasoft
2008-08-01 15:14:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-01 15:12:57 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-01 14:44:05 0 d-------- C:\VundoFix Backups
2008-08-01 13:54:16 0 d-------- C:\Program Files\Enigma Software Group
2008-08-01 13:44:48 129920 --a------ C:\WINDOWS\system32\imfmvhjl.dll
2008-08-01 13:44:48 129920 --a------ C:\WINDOWS\system32\gbnvlf.dll
2008-08-01 10:29:22 0 d--hs---- C:\FOUND.000
2008-07-31 18:49:44 0 d-------- C:\Documents and Settings\mhallerbach.MERIDIANINSURAN\Application Data\Malwarebytes
2008-07-31 18:49:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-31 18:49:28 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-31 18:39:37 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-07-31 18:38:30 0 d-------- C:\Program Files\Common Files\iS3
2008-07-31 18:38:28 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-07-31 18:29:14 0 d-------- C:\Program Files\Trend Micro
2008-07-31 11:54:05 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-31 11:45:01 0 d-------- C:\Documents and Settings\Michael\Application Data\Bitdefender
2008-07-31 09:50:37 4096 --a------ C:\Documents and Settings\All Users\Application Data\ScheduledItems
2008-07-31 09:45:45 0 d-------- C:\Documents and Settings\mhallerbach.MERIDIANINSURAN\Application Data\IsolatedStorage
2008-07-31 09:41:50 0 d-------- C:\WINDOWS\system32\Backup
2008-07-31 09:41:27 0 d-------- C:\WINDOWS\SQLHotfix
2008-07-31 09:39:38 0 d-------- C:\Documents and Settings\mhallerbach.MERIDIANINSURAN\Application Data\ACT
2008-07-31 09:34:13 0 d-------- C:\Program Files\Microsoft SQL Server
2008-07-31 09:33:56 0 d-------- C:\Documents and Settings\All Users\Application Data\ACT
2008-07-31 09:33:44 0 d-------- C:\Program Files\ACT
2008-07-11 16:55:55 0 d-------- C:\Program Files\Fake Voice
2008-07-10 16:22:58 0 d-------- C:\Program Files\Guitar Pro 5
-- Find3M Report ---------------------------------------------------------------
2008-08-05 17:50:48 1660 --a------ C:\WINDOWS\bthservsdp.dat
2008-08-04 09:55:34 114 --a------ C:\sccfg.sys
2008-07-30 10:24:58 25 --a------ C:\WINDOWS\(
2008-07-29 09:44:44 25 --a------ C:\WINDOWS\Ó
2008-06-25 11:49:16 0 d-------- C:\Program Files\Common Files\Firstlogic
2008-06-25 11:49:10 0 d-------- C:\Program Files\Common Files\Business Objects
2008-06-19 13:10:54 0 d-------- C:\Program Files\DNA
2008-06-19 13:10:54 0 d-------- C:\Program Files\BitTorrent
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2FA24518-5FE0-4CF1-8BA1-8EB9BE93AA50}]
08/05/2008 03:41 PM 32256 --------- C:\WINDOWS\system32\nnnoLCtq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31f9a7be-623c-41bd-ac79-ab7c1b879e31}]
08/05/2008 05:45 PM 102400 --a------ C:\WINDOWS\system32\ecyiue.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D00A6C4-5627-4AAC-9D15-1B066A07E1D8}]
08/05/2008 03:46 PM 282624 --------- C:\WINDOWS\system32\cbXPiFxx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [05/07/2004 10:49 AM]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [08/10/2004 03:29 PM]
"PCMService"="C:\Program Files\Aspire Arcade\PCMService.exe" [09/04/2004 05:38 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:00 PM C:\WINDOWS\system32\bthprops.cpl]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [10/19/2004 09:10 PM]
"PfuSsSct.exe"="C:\Program Files\PFU\ScanSnap\PfuSsSct.exe" [12/22/2003 10:06 AM]
"Pdfquickview"="C:\Program Files\PFU\ScanSnap\PDF Thumbnail View\pdfquickview.exe" [12/22/2003 05:14 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 10:22 AM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [02/07/2006 04:34 AM]
"SoundMan"="SOUNDMAN.EXE" [06/18/2004 04:31 PM C:\WINDOWS\SOUNDMAN.EXE]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [08/04/2004 12:00 PM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [03/28/2006 05:38 PM C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 06:58 PM]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [04/17/2007 10:24 AM]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [04/10/2007 09:57 AM]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [03/10/2004 04:26 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [05/28/2008 08:27 AM]
"AGRSMMSG"="AGRSMMSG.exe" [04/13/2004 12:49 PM C:\WINDOWS\AGRSMMSG.exe]
"320d18a1"="C:\WINDOWS\system32\jvypsmin.dll" [08/05/2008 05:45 PM]
"BM313e2b3d"="C:\WINDOWS\system32\vafhsiom.dll" [08/05/2008 05:40 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 01:39 PM]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [02/29/2008 09:42 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [01/22/2008 11:13 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ScanSnap Manager.lnk - C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe [12/7/2005 9:17:28 AM]
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe [10/19/2007 10:14:46 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2FA24518-5FE0-4CF1-8BA1-8EB9BE93AA50}"= C:\WINDOWS\system32\nnnoLCtq.dll [08/05/2008 03:41 PM 32256]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 05/25/2007 03:22 PM 63040 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnoLCtq]
nnnoLCtq.dll 08/05/2008 03:41 PM 32256 C:\WINDOWS\system32\nnnoLCtq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRLfcdc]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\cbXPiFxx
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\320d18a1]
rundll32.exe "C:\WINDOWS\system32\itajxjjf.dll",b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend"=2 (0x2)
"SPTISRV"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
8940 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-08-05 18:23:19 ------------
Here is Extra.txt:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 3.20GHz
CPU 1: Intel® Pentium® 4 CPU 3.20GHz
Percentage of Memory in Use: 30%
Physical Memory (total/avail): 2046.42 MiB / 1418.08 MiB
Pagefile Memory (total/avail): 6938.6 MiB / 6362.63 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.46 MiB
C: is Fixed (FAT32) - 47.43 GiB total, 4.57 GiB free.
D: is Fixed (FAT32) - 45.48 GiB total, 26.11 GiB free.
S: is CDROM (No Media)
T: is Removable (No Media)
Z: is Fixed (NTFS) - 298.09 GiB total, 25.83 GiB free.
\\.\PHYSICALDRIVE0 - ST9100823A - 93.16 GiB - 3 partitions
\PARTITION0 (bootable) - Unknown - 47.44 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 45.49 GiB - D:
\PARTITION2 - Unknown - 94.13 MiB
\\.\PHYSICALDRIVE2 - acer USB20 HS-5IN1 USB Device
\\.\PHYSICALDRIVE1 - WDC WD32 00AAJS-00RYA0 USB Device - 298.09 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 298.09 GiB - Z:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
UpdatesDisableNotify is set.
FW: Bitdefender Firewall v8.0 (Softwin)
AV: Bitdefender Antivirus v8.0 (Softwin)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\System32\\fxsclnt.exe"="C:\\WINDOWS\\System32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupXu.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupXu.exe:*:Enabled:MSI starter"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:MSI starter"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Download Express\\dep.exe"="C:\\Program Files\\Download Express\\dep.exe:*:Enabled:Browser download plugin"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\\Program Files\\Intuit\\QuickBooks 2005\\QBDBMgrN.exe"="C:\\Program Files\\Intuit\\QuickBooks 2005\\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager"
"C:\\WINDOWS\\System32\\dpvsetup.exe"="C:\\WINDOWS\\System32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\System32\\rundll32.exe"="C:\\WINDOWS\\System32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Documents and Settings\\mhallerbach.MERIDIANINSURAN\\Local Settings\\Temp\\Nero Web\\SetupXu.exe"="C:\\Documents and Settings\\mhallerbach.MERIDIANINSURAN\\Local Settings\\Temp\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Documents and Settings\\mhallerbach.MERIDIANINSURAN\\Local Settings\\Temp\\Nero Web\\SetupX.exe"="C:\\Documents and Settings\\mhallerbach.MERIDIANINSURAN\\Local Settings\\Temp\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\Program Files\\ACT\\ACT for Windows\\Act8.exe"="C:\\Program Files\\ACT\\ACT for Windows\\Act8.exe:*:Enabled:ACT! 8.x/2006"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\dna\\btdna.exe"="C:\\Program Files\\dna\\btdna.exe:*:Enabled:DNA"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Michael\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MJH
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Michael
LOGONSERVER=\\MJH
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Firstlogic;C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL;C:\PROGRAM FILES\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\Program Files\QuickTime\QTSystem;C:\Postalsoft\system;C:\Program Files\Common Files\Business Objects\License Manager;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
PW_PATH=;C:\Postalsoft\system;C:\Program Files\Common Files\Business Objects\License Manager
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Michael\LOCALS~1\Temp
TMP=C:\DOCUME~1\Michael\LOCALS~1\Temp
USERDOMAIN=MJH
USERNAME=Michael
USERPROFILE=C:\Documents and Settings\Michael
windir=C:\WINDOWS
__COMPAT_LAYER=DisableNXShowUI
-- User Profiles ---------------------------------------------------------------
Mhallerbach
(admin)Administrator
(new local, admin)Michael
(admin)Administrator.MJH
(admin)mhallerbach.MERIDIANINSURAN
(admin)Administrator.MERIDIANINSURAN
(new local, admin)-- Add/Remove Programs ---------------------------------------------------------
--> "C:\Program Files\Creative Installation Information\CD_RIPPER_UNICODE_2\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /l0x0009
--> C:\PROGRA~1\Yahoo!\Common\unyt.exe
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{59973D03-28D0-43C7-A9C1-189093EBEDD4}
--> MsiExec.exe /I{71EEA108-09C9-4D81-8FA2-D48C70681242}
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> MsiExec.exe /X{1AFDB2AB-DF91-47B8-8A9C-A6E4BBAD562B}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
A-PDF Restrictions Remover 1.2 --> "C:\Program Files\A-PDF Restrictions Remover\unins000.exe"
Acala DVD Ripper Professional 5.6.1 --> "C:\Program Files\Acala DVD Ripper Professional\unins000.exe"
Acer eManager --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6DD28220-44BE-4882-B9C3-73B6F876046E}
Acer GridVista --> MsiExec.exe /I{18FF8DB9-922C-41C9-AA29-6DA648D6B071}
ACT! 2006 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{341E9A67-9E45-4CAE-9AAC-49AD3EBACA41}
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 7.1.0 Standard - English, Français, Deutsch --> msiexec /I {AC76BA86-1033-F400-BA7E-100000000002}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe Reader Chinese Traditional Fonts --> MsiExec.exe /I{AC76BA86-7AD7-2448-0000-705000000001}
Agere Systems AC'97 Modem --> agrsmdel
AI RoboForm --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
Aspire Arcade 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Aspire Series --> C:\WINDOWS\uninstall.exe
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
BitDefender Antivirus Plus v10 --> MsiExec.exe /I{CA0B79A3-9E0B-4641-8120-A5A2379EEE02}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
ClickFax --> MsiExec.exe /I{5949A9CD-1200-4243-A8BA-6388A74B7089}
ClickFax Update --> MsiExec.exe /I{1AA1024F-9545-4543-A26F-FE5CFA1E7BF9}
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B2DBF55-05D4-4072-87D8-689141E262BD}\SETUP.EXE" -l0x9 /remove
D-Link AirPlus G Wireless Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AFF5BD64-6AD5-435F-8171-1DCE8B1D23CF}\setup.exe" -l0x9
dBpowerAMP AAC to Mp4 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP AAC to Mp4 Codec.dat
dBpoweramp FLAC Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
dBpowerAMP Mp4 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32