Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infostealer.Gamepass [RESOLVED]

Started by mdsteam , Aug 17 2008 03:21 PM

  • This topic is locked This topic is locked

#1
mdsteam
Posted 17 August 2008 - 03:21 PM

mdsteam

    Member

  • Member
  • PipPip
  • 10 posts
I have been using the malware software and seem to be removing viruses buth they keep coming back. This infostealer.gamepass virus has not been removed yet.

I have followed all the steps to post a hijack this log.

Thanks in advance,
George.

Here is my hijack this file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:00:02 PM, on 8/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1145120080159
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.game...inematycoon.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DA35FAA-BF24-4E08-B780-8D123FEF5316}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D85A5784-61A4-4512-B4A4-83F69FC3DDDD}: NameServer = 206.13.29.12,206.13.30.12
O18 - Protocol: bw+0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: iexplore - \\T0c.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 23907 bytes

Here is my uninstall list

Ad-Aware SE Personal
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
Arthur's Kindergarten
AT&T Self Support Tool
AT&T Yahoo! Applications
AT&T Yahoo! Music Jukebox
Audacity 1.2.6
Bejeweled 2 Deluxe 1.0
BugsysClub Software
Buzz Lightyear Astro Blasters
Caillou's Alphabet
Caillou's Counting
Caillou's Thinking Skills
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon S530D
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
CDK Players
Civilization III
Command & Conquer Tiberian Sun
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
DAO 3.5
DD Tournament Poker 1.1
DeductionPro 2003
Disney Pixar 1st Grade
Disney Pixar 1st Grade Print
Disney Reading Quest With Aladdin
Disney's Ready to Read with Pooh
Dragon Tales
Easy CD & DVD Creator 6
EclipseCrossword
ESPNMotion
Full Tilt Poker
Google Desktop
Google Updater
GradeQuick Web Plugin
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB910998)
Hotfix for Windows XP (KB952287)
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_05
JumpStart Advanced Kindergarten
JumpStart World Presents Pet Playground
Just Grandma and Me
LiveUpdate 1.80 (Symantec Corporation)
Logitech Desktop Messenger
Logitech SetPoint
Malwarebytes' Anti-Malware
Memory Card Utility
MetaFrame Presentation Server Client
Mickey Mouse Kindergarten
Mickey Mouse Preschool
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MSN Music Assistant
Musicmatch® Jukebox
NVIDIA Display Driver
Phonics Quest
PokerPages Software
Quicken 2002 Basic
QuickTime
Railroad Tycoon II - Platinum
Reader Rabbit Learn To Read With Phonics
Reader Rabbit's Preschool
Reader Rabbit's Toddler
RealPlayer
Rhapsody Player Engine
Risk
Risk II
SBC Yahoo! DSL Activation
Scholastic's I SPY Junior
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
SpongeBob SquarePants Typing
Spybot - Search & Destroy
SpywareBlaster 4.1
Stanley Wild for Sharks
StarFlyers Alien Space Chase
Super Solvers Spellbound
Symantec AntiVirus Client
UltimateBet
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Viewpoint Manager (Remove Only)
Westwood Shared Internet Components
Windows Genuine Advantage v1.3.0254.0
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows XP Service Pack 3
Winnie the Pooh Kindergarten Deluxe
Winnie the Pooh Preschool
Yahoo! Photos Easy Upload Tool 1v6
Yahoo! Search Protection
  • 0

Advertisements

#2
emeraldnzl
Posted 23 August 2008 - 01:27 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello mdsteam,

Apologies for the delay. I am having a look at you log and will get back to you in a bit.

regards
emeraldnzl
  • 0

#3
emeraldnzl
Posted 23 August 2008 - 01:36 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello mdsteam,

Please go to Start > Control Panel and uninstall Viewpoint.

Now

Your Adobe Acrobat Reader is out of date. Older versions are vunerable to attack.

Please go to the link below to update.

http://www.adobe.com.../readstep2.html

After that, please download JavaRa and unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

Next, open JavaRa.exe again, and select Search For Updates.

Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version.

Next

Download OTViewIt to your desktop.
  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need more than one post to get it all on the forum; that's fine.

  • 0

#4
mdsteam
Posted 23 August 2008 - 04:45 PM

mdsteam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi. Thanks for your help.

I was not able to find the second vile from the OTViewIt. I checked both on the regular desktop and through mycomputer. I sorted by date and found the java stuff that was downloaded but not the Extras file.

I have attached the JavaRa file and the OTViewIt.txt file.

Here is the first file

JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Aug 23 14:45:10 2008

Found and removed: C:\Program Files\Java\j2re1.4.2_05

Found and removed: C:\Program Files\Java\jre1.5.0_02

Found and removed: C:\Program Files\Java\jre1.5.0_04

Found and removed: C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28

Found and removed: C:\Windows\System32\jpicpl32.cpl

Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142050}

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4

Found and removed: Software\JavaSoft\Java2D\1.5.0_02

Found and removed: Software\JavaSoft\Java2D\1.5.0_04

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510004

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510004

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510004

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\JavaPlugin.150_02

Found and removed: SOFTWARE\Classes\JavaPlugin.150_04

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_04

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_04

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150020}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150040}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142050}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410205

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410205

Found and removed: SOFTWARE\Classes\JavaPlugin.142_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_05

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_05

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_02\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_04\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.



Next file
OTViewIt logfile created on: 8/23/2008 3:34:26 PM - Run 1
OTViewIt by OldTimer - Version 1.0.0.8 Folder = C:\Documents and Settings\George\Local Settings\Temporary Internet Files\Content.IE5\02VJYZP6
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.01 Mb Total Physical Memory | 52.08 Mb Available Physical Memory | 20.42% Memory free
616.21 Mb Paging File | 228.02 Mb Available in Paging File | 37.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.33 Gb Total Space | 44.34 Gb Free Space | 58.09% Space Free | Partition Type: NTFS
Drive D: | 249.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEORGE-I9EFJQO4
Current User Name: George
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[05/21/2003 01:21 AM | 00,090,112 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
[08/18/2004 04:13 PM | 00,868,352 | ---- | M] (Roxio) - C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
[08/18/2004 04:13 PM | 00,319,488 | ---- | M] (Roxio, Inc.) - C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
[05/18/2005 02:49 PM | 00,282,624 | ---- | M] (Walt Disney Internet Group) - C:\Program Files\DIGStream\digstream.exe
[03/14/2002 09:41 AM | 00,630,784 | ---- | M] (CANON INC.) - C:\Program Files\Canon\BJCard\BJLaunch.exe
[11/19/2006 11:41 PM | 00,380,928 | ---- | M] (Motive, Inc.) - C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
[07/19/2005 11:05 AM | 00,135,168 | ---- | M] (Musicmatch, Inc.) - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
[07/19/2005 11:05 AM | 00,053,248 | ---- | M] (Musicmatch Inc.) - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
[04/22/2005 08:49 PM | 00,397,312 | ---- | M] (Yahoo! Inc.) - C:\Program Files\Yahoo!\YOP\yop.exe
[07/21/2006 05:19 PM | 00,129,536 | ---- | M] (Yahoo! Inc.) - C:\Program Files\Yahoo!\browser\ybrwicon.exe
[02/04/2008 03:18 PM | 00,267,048 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[01/10/2008 09:41 AM | 00,223,984 | ---- | M] (Yahoo! Inc.) - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
[08/17/2001 03:36 PM | 00,024,064 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\devldr32.exe
[03/03/2006 03:18 PM | 00,200,704 | ---- | M] (Yahoo!, Inc.) - C:\Program Files\Yahoo!\browser\ycommon.exe
[02/21/2006 11:10 PM | 00,036,864 | ---- | M] (Logitech) - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[07/07/2008 09:42 AM | 02,156,368 | RHS- | M] (Safer Networking Limited) - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[08/18/2004 04:13 PM | 00,118,784 | ---- | M] (Roxio, Inc.) - C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
[07/12/2008 09:16 PM | 00,125,624 | ---- | M] (Google) - C:\Program Files\Google\Google Updater\GoogleUpdater.exe
[08/04/2005 03:42 AM | 00,528,384 | ---- | M] (Logitech Inc.) - C:\Program Files\Logitech\SetPoint\SetPoint.exe
[07/31/2001 10:53 PM | 00,036,864 | ---- | M] (Intuit) - C:\QUICKENW\QWDLLS.EXE
[10/03/2007 02:56 PM | 00,054,512 | ---- | M] (Yahoo! Inc.) - C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
[08/21/2008 10:22 PM | 00,053,248 | ---- | M] () - C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
[10/10/2003 09:06 AM | 00,192,512 | ---- | M] () - C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
[08/04/2005 03:42 AM | 00,028,160 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
[08/30/2007 06:43 PM | 00,103,664 | ---- | M] (Yahoo! Inc.) - C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
[10/31/2007 03:09 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[03/14/2002 09:41 AM | 00,049,152 | ---- | M] (CANON INC.) - C:\Program Files\Canon\BJCard\Bjmcmng.exe
[05/21/2003 01:22 AM | 00,032,768 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
[06/02/2007 08:43 PM | 00,138,680 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[05/21/2003 01:27 AM | 00,610,304 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
[10/06/2003 02:16 PM | 00,081,920 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe
[02/04/2008 03:18 PM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[08/23/2008 03:33 PM | 01,274,880 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\George\Local Settings\Temporary Internet Files\Content.IE5\02VJYZP6\OTViewIt[1].exe

===== Win32 Services - Non-Microsoft Only =====

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[10/31/2007 03:09 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Bjmcmng) Canon BJ Memory Card Manager [Auto | Running]
[03/14/2002 09:41 AM | 00,049,152 | ---- | M] (CANON INC.) - C:\Program Files\Canon\BJCard\Bjmcmng.exe

(DefWatch) DefWatch [Auto | Running]
[05/21/2003 01:22 AM | 00,032,768 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[04/13/2008 05:12 PM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(getPlus® Helper) getPlus® Helper [On_Demand | Stopped]
[06/26/2008 10:24 AM | 00,031,592 | ---- | M] (NOS Microsystems Ltd.) - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

(gusvc) Google Updater Service [Auto | Running]
[06/02/2007 08:43 PM | 00,138,680 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

(IDriverT) InstallDriver Table Manager [On_Demand | Stopped]
[04/04/2005 12:41 AM | 00,069,632 | ---- | M] (Macrovision Corporation) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

(iPod Service) iPod Service [On_Demand | Running]
[02/04/2008 03:18 PM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(Norton AntiVirus Server) Symantec AntiVirus Client [Auto | Running]
[05/21/2003 01:27 AM | 00,610,304 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

(NVSvc) NVIDIA Display Driver Service [Auto | Running]
[10/06/2003 02:16 PM | 00,081,920 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe

(vsmon) TrueVector Internet Monitor [Auto | Stopped]
File not found - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

(YPCService) YPCService [On_Demand | Stopped]
[05/19/2003 05:07 PM | 00,086,016 | ---- | M] (Yahoo! Inc.) - C:\WINDOWS\system32\YPcservice.exe

===== Driver Services - Non-Microsoft Only =====

(basic2) basic2 [On_Demand | Running]
[07/18/2001 07:01 PM | 00,077,426 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\basic2.sys

(Cdr4_xp) Cdr4_xp [System | Running]
[10/18/2006 04:00 AM | 00,002,432 | ---- | M] (Sonic Solutions) - C:\WINDOWS\System32\drivers\cdr4_xp.sys

(Cdralw2k) Cdralw2k [System | Running]
[10/18/2006 04:00 AM | 00,002,560 | ---- | M] (Sonic Solutions) - C:\WINDOWS\System32\drivers\cdralw2k.sys

(cdudf_xp) cdudf_xp [System | Running]
[08/18/2004 04:13 PM | 00,260,224 | ---- | M] (Roxio) - C:\WINDOWS\System32\drivers\Cdudf_xp.sys

(ctljystk) Creative SBLive! Gameport [On_Demand | Running]
[08/17/2001 05:19 AM | 00,003,712 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\ctljystk.sys

(dmboot) dmboot [Disabled | Stopped]
[04/13/2008 11:44 AM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[04/13/2008 11:44 AM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Boot | Running]
[07/16/2003 09:21 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(dvd_2K) dvd_2K [On_Demand | Stopped]
[08/18/2004 04:13 PM | 00,021,993 | ---- | M] (Roxio) - C:\WINDOWS\System32\drivers\Dvd_2k.sys

(emu10k) Creative SB Live! (WDM) [On_Demand | Running]
[08/17/2001 05:19 AM | 00,283,904 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\emu10k1m.sys

(emu10k1) Creative Interface Manager Driver (WDM) [On_Demand | Running]
[08/17/2001 05:19 AM | 00,006,912 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\ctlfacem.sys

(Fallback) Fallback [Auto | Running]
[07/18/2001 07:04 PM | 00,310,899 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\fallback.sys

(Fsks) Fsks [Auto | Running]
[07/18/2001 07:06 PM | 00,127,405 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\fsksnt.sys

(GEARAspiWDM) GEAR CDRom Filter [On_Demand | Running]
[09/19/2006 04:44 PM | 00,015,664 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(hsf_msft) hsf_msft [On_Demand | Stopped]
[08/17/2001 06:28 AM | 00,542,879 | ---- | M] (Conexant) - C:\WINDOWS\system32\drivers\HSF_MSFT.sys

(K56) K56 [Auto | Running]
[07/18/2001 07:06 PM | 00,426,783 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\k56nt.sys

(L8042mou) Logitech SetPoint PS/2 Mouse Filter Driver [On_Demand | Running]
[07/23/2005 12:41 AM | 00,055,040 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\L8042mou.Sys

(LMouKE) Logitech SetPoint Mouse Filter Driver [On_Demand | Running]
[07/23/2005 12:41 AM | 00,068,864 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\LMouKE.Sys

(MCSTRM) MCSTRM [Auto | Running]
[11/25/2007 04:07 PM | 00,008,413 | ---- | M] (RealNetworks, Inc.) - C:\WINDOWS\System32\drivers\mcstrm.sys

(mmc_2K) mmc_2K [On_Demand | Running]
[08/18/2004 04:13 PM | 00,022,777 | ---- | M] (Roxio) - C:\WINDOWS\System32\drivers\Mmc_2k.sys

(NAVAP) NAVAP [On_Demand | Running]
[05/02/2003 09:08 PM | 00,224,256 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys

(NAVAPEL) NAVAPEL [Auto | Running]
[05/02/2003 09:08 PM | 00,030,208 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys

(NAVENG) NAVENG [On_Demand | Running]
[08/22/2008 01:00 AM | 00,089,104 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080822.003\NAVENG.SYS

(NAVEX15) NAVEX15 [On_Demand | Running]
[08/22/2008 01:00 AM | 00,873,552 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080822.003\NAVEX15.SYS

(nv) nv [On_Demand | Running]
[10/06/2003 02:16 PM | 01,550,043 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys

(PCAMPR5) PCAMPR5 NDIS Protocol Driver [On_Demand | Stopped]
File not found - C:\WINDOWS\system32\PCAMPR5.SYS

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[07/16/2003 09:36 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(pwd_2k) pwd_2k [System | Running]
[08/18/2004 04:13 PM | 00,118,409 | ---- | M] (Roxio) - C:\WINDOWS\System32\drivers\pwd_2K.sys

(PxHelp20) PxHelp20 [Boot | Running]
[10/18/2006 04:00 AM | 00,036,624 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\pxhelp20.sys

(Rksample) Rksample [On_Demand | Running]
[07/18/2001 07:01 PM | 00,067,654 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\rksample.sys

(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [On_Demand | Running]
[08/03/2004 11:31 PM | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) - C:\WINDOWS\system32\drivers\rtl8139.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[11/13/2007 03:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(sfman) Creative SoundFont Manager Driver (WDM) [On_Demand | Running]
[08/17/2001 05:19 AM | 00,036,480 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\sfmanm.sys

(SoftFax) SoftFax [Auto | Running]
[07/18/2001 07:05 PM | 00,217,019 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\faxnt.sys

(SpeakerPhone) SpeakerPhone [Auto | Running]
[07/18/2001 07:07 PM | 00,080,449 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\spkpnt.sys

(SymEvent) SymEvent [On_Demand | Running]
[08/18/2004 08:25 AM | 00,073,496 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\SYMEVENT.SYS

(Tones) Tones [Auto | Running]
[07/18/2001 07:04 PM | 00,056,607 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\tonesnt.sys

(UdfReadr_xp) UdfReadr_xp [System | Running]
[08/18/2004 04:13 PM | 00,213,120 | ---- | M] (Roxio) - C:\WINDOWS\System32\drivers\UdfReadr_xp.sys

(V124) V124 [Auto | Running]
[07/18/2001 07:01 PM | 00,534,125 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\v124nt.sys

(vsdatant) vsdatant [System | Stopped]
File not found - C:\WINDOWS\System32\vsdatant.sys

(winachsf) winachsf [On_Demand | Running]
[07/25/2001 05:58 PM | 00,584,336 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\hsf_cnxt.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM | 00,034,672 | ---- | M] (Adobe Systems Incorporated)
"BJLaunchEXE" = C:\Program Files\Canon\BJCard\BJLaunch.exe [03/14/2002 09:41 AM | 00,630,784 | ---- | M] (CANON INC.)
"DIGStream" = C:\Program Files\DIGStream\digstream.exe [05/18/2005 02:49 PM | 00,282,624 | ---- | M] (Walt Disney Internet Group)
"Google Desktop Search" = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [08/03/2007 11:07 AM | 01,836,544 | ---- | M] (Google)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [02/04/2008 03:18 PM | 00,267,048 | ---- | M] (Apple Inc.)
"mmtask" = "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [07/19/2005 11:05 AM | 00,053,248 | ---- | M] (Musicmatch Inc.)
"MMTray" = "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [07/19/2005 11:05 AM | 00,135,168 | ---- | M] (Musicmatch, Inc.)
"Motive SmartBridge" = C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe [11/19/2006 11:41 PM | 00,380,928 | ---- | M] (Motive, Inc.)
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [10/06/2003 02:16 PM | 05,058,560 | ---- | M] (NVIDIA Corporation)
"nwiz" = nwiz.exe /install [10/06/2003 02:16 PM | 00,741,376 | ---- | M] (NVIDIA Corporation)
"QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [02/01/2008 12:13 AM | 00,385,024 | ---- | M] (Apple Inc.)
"RoxioAudioCentral" = "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [08/18/2004 04:13 PM | 00,319,488 | ---- | M] (Roxio, Inc.)
"RoxioDragToDisc" = "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [08/18/2004 04:13 PM | 00,868,352 | ---- | M] (Roxio)
"RoxioEngineUtility" = "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [08/18/2004 04:11 PM | 00,065,536 | ---- | M] (Roxio)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"vptray" = C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe [05/21/2003 01:21 AM | 00,090,112 | ---- | M] (Symantec Corporation)
"YBrowser" = C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [07/21/2006 05:19 PM | 00,129,536 | ---- | M] (Yahoo! Inc.)
"YOP" = C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart [04/22/2005 08:49 PM | 00,397,312 | ---- | M] (Yahoo! Inc.)
"YSearchProtection" = "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [01/10/2008 09:41 AM | 00,223,984 | ---- | M] (Yahoo! Inc.)
"Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"getPlusUninstall" = "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1 [06/26/2008 10:24 AM | 00,031,592 | ---- | M] (NOS Microsystems Ltd.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"" =
"Installed" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"" =
"Installed" = 1
"NoChange" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"" =
"Installed" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [02/21/2006 11:10 PM | 00,036,864 | ---- | M] (Logitech)
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [07/07/2008 09:42 AM | 02,156,368 | RHS- | M] (Safer Networking Limited)
"Yahoo! Pager" = "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet [08/30/2007 06:43 PM | 04,670,704 | ---- | M] (Yahoo! Inc.)
"YSearchProtection" = C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [01/10/2008 09:41 AM | 00,223,984 | ---- | M] (Yahoo! Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper" = "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020 [08/21/2008 10:22 PM | 00,053,248 | ---- | M] ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[10/10/2003 09:06 AM | 00,217,088 | ---- | M] (Motive Communications, Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
[07/31/2001 10:52 PM | 00,036,864 | ---- | M] (Intuit) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
[07/12/2008 09:16 PM | 00,125,624 | ---- | M] (Google) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
[02/21/2006 11:09 PM | 00,196,608 | ---- | M] (Logitech) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
[08/04/2005 03:42 AM | 00,528,384 | ---- | M] (Logitech Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
[07/31/2001 10:53 PM | 00,036,864 | ---- | M] (Intuit) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
[10/03/2007 02:56 PM | 00,054,512 | ---- | M] (Yahoo! Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe

[George Startup Folder - C:\Documents and Settings\George\Start Menu\Programs\Startup]

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
HKLM CLSID: (&Yahoo! Toolbar Helper) - [03/10/2008 05:58 AM | 00,879,856 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
HKLM CLSID: (Adobe PDF Link Helper) - [06/11/2008 10:33 PM | 00,075,128 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
HKLM CLSID: (RealPlayer Download and Record Plugin for Internet Explorer) - [11/25/2007 03:51 PM | 00,370,296 | ---- | M] (RealPlayer) C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
HKLM CLSID: (Spybot-S&D IE Protection) - [07/07/2008 09:41 AM | 01,562,448 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
HKLM CLSID: (Yahoo! IE Services Button) - [10/31/2006 05:33 PM | 00,198,136 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
HKLM CLSID: (Google Toolbar Notifier BHO) - [07/12/2008 09:16 PM | 00,654,320 | ---- | M] (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}]
HKLM CLSID: (SidebarAutoLaunch Class) - [02/03/2005 06:07 PM | 00,124,032 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [03/10/2008 05:58 AM | 00,879,856 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [03/10/2008 05:58 AM | 00,879,856 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID]
"{17492023-C23A-453E-A040-C7C580BBF700}" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" = 1
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}" = 1073741857
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}" = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls]
"C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL" - [07/27/2007 10:22 PM | 00,145,408 | ---- | M] (Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 05:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [02/21/2006 11:10 PM | 00,036,864 | ---- | M] (Logitech)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 11:53 AM | 00,558,080 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 05:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe [06/23/2008 02:20 AM | 00,625,664 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo! Games\Boggle Supreme\BoggleSupreme.exe" = C:\Program Files\Yahoo! Games\Boggle Supreme\BoggleSupreme.exe File not found
"C:\Program Files\Marble Blast Gold\MarbleBlast.exe" = C:\Program Files\Marble Blast Gold\MarbleBlast.exe File not found
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe [02/01/2008 12:13 AM | 07,525,680 | ---- | M] (Apple Inc.)
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe [09/22/2004 06:46 PM | 00,073,728 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe [11/25/2007 03:50 PM | 00,214,560 | ---- | M] (RealNetworks, Inc.)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe File not found
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe [10/03/2007 02:56 PM | 06,190,320 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [02/21/2006 11:10 PM | 00,036,864 | ---- | M] (Logitech)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 11:53 AM | 00,558,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\GameHouse\Jigsaw\Jigsaw.exe" = C:\Program Files\GameHouse\Jigsaw\Jigsaw.exe [09/03/2003 01:05 PM | 01,231,361 | ---- | M] (GameHouse)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [02/04/2008 03:18 PM | 19,926,824 | ---- | M] (Apple Inc.)
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 05:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [04/13/2008 05:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04/13/2008 05:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [04/13/2008 05:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/13/2008 05:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04/13/2008 05:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplore]
"DllName" = File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
"DllName" = C:\WINDOWS\system32\NavLogon.dll [05/21/2003 01:19 AM | 00,045,056 | ---- | M] ()

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 0
"startup" = 0

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{D85A5784-61A4-4512-B4A4-83F69FC3DDDD}]
Servers: 206.13.29.12,206.13.30.12 | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"DependOnGroup" = SCSI miniport;
"ErrorControl" = 1
"Group" = SCSI CDROM Class
"Start" = 1
"Tag" = 2
"Type" = 1
"DisplayName" = CD-ROM Driver
"ImagePath" = C:\WINDOWS\system32\drivers\cdrom.sys [04/13/2008 11:40 AM | 00,062,976 | ---- | M] (Microsoft Corporation)
"AutoRun" = 1
"AutoRunAlwaysDisable" = NEC MBR-7 ;NEC MBR-7.4 ;PIONEER CHANGR DRM-1804X;PIONEER CD-ROM DRM-6324X;PIONEER CD-ROM DRM-624X ;TORiSAN CD-ROM CDR_C36;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum]
"0" = IDE\CdRomHL-DT-ST_CD-RW_GCE-8160B________________2.11____\5&7208d00&0&0.0.0
"Count" = 1
"NextInstance" = 1
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] - [08/17/2004 04:26 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]
AUTORUN.EXE [MZ | ] - [05/29/2001 05:55 AM | 00,086,016 | R--- | M] (Knowledge Adventure) D:\AUTORUN.EXE [ CDFS ]
AUTORUN.INF [[autorun] | open=autorun.exe | icon=JSWorld\JSWDemoCDIcon.ico | shell\Setup\command=install.exe | shell\Setup=&Setup | shell\readme\command=notepad readme.txt | shell\readme=&Readme | | [Environment] | AppName=JumpStart World Demo | Picture=Support\setup\setup.bmp | TimeOut=0 | ExitDelay=0 | DefaultPath=Support\Setup | DefaultCommand=setup.exe | | [Product] | ShortTit=JumpStart World Demo | Title=JumpStart World Demo | Publisher=Knowledge Adventure | Ver=1.0d | | [Tasks] | t1=JumpStart World Demo | c1= | t2=JJumpStart World Demo | c2=[window class] | t3=CD Missing | c3= | | | | | [ARunAp] | dibBgnd=%ApRoot%\\SUPPORT\\AutoRun\\background.bmp | sndStartup=%ApRoot%\\SUPPORT\\AutoRun\\startup.wav | | ; It assumes you want it to loop | ;sndIdle=%CDRoot%\\SUPPORT\\AUTORUN\\idle.wav | | ; Whether it's installed | NoInstall=0 | IniFile=%WinDir%\\KA.INI | ;IniFile=%WinDir%\\KA.INI | IniGrp=%ShortTit% | IniPathKey=ProductHDRoot | ChkFile=JSWorldDemo.exe | IniVerKey=GoldVer | | | | [ButtonExit] | text=Exit | tabOrder=5 | location=0,413 | gfxEnabled=%ApRoot%\\SUPPORT\\AUTORUN\\ExitBtnUp.bmp | gfxActive=%ApRoot%\\SUPPORT\\AUTORUN\\ExitBtnHighlight.bmp | gfxPushed=%ApRoot%\\SUPPORT\\AUTORUN\\ExitBtnDown.bmp | ;sndActiveLoop=1 | SndActive=%ApRoot%\\SUPPORT\\AUTORUN\\rollover.wav | ;SndPushedLoop=1 | SndPushed=%ApRoot%\\SUPPORT\\AUTORUN\\exit.wav | | ; Specify what buttons you want on screen | ; Installed = 2 | ; Not Installed = 1 | ; Always = 0 | [ARunBtns] | b1n=1 | b1i=2 | b2=0 | b3=0 | b4=0 | | [b1i] | text=Play | tabOrder=1 | location=514,21 | gfxEnabled=%ApRoot%\\SUPPORT\\AUTORUN\\PlayBtnUp.bmp | gfxActive=%ApRoot%\\SUPPORT\\AUTORUN\\PlayBtnHighlight.bmp | gfxPushed=%ApRoot%\\SUPPORT\\AUTORUN\\PlayBtnDown.bmp | sndActiveLoop=1 | SndActive=%ApRoot%\\SUPPORT\\AUTORUN\\rollover.wav | SndPushedLoop=1 | SndPushed=%ApRoot%\\SUPPORT\\AUTORUN\\click.wav | ExitAfterAction=1 | Action=%HDRoot%\\JSWorldDemo.exe | Args= | | [b1n] | text=Install | tabOrder=1 | location=515,23 | gfxEnabled=%ApRoot%\\SUPPORT\\AUTORUN\\InstallBtnUp.bmp | gfxActive=%ApRoot%\\SUPPORT\\AUTORUN\\InstallBtnHighlight.bmp | gfxPushed=%ApRoot%\\SUPPORT\\AUTORUN\\InstallBtnDown.bmp | sndActiveLoop=1 | SndActive=%ApRoot%\\SUPPORT\\AUTORUN\\rollover.wav | SndPushedLoop=1 | SndPushed=%ApRoot%\\SUPPORT\\AUTORUN\\click.wav | ExitAfterAction=1 | Action=%ApRoot%\\support\\setup\\Setup.exe | Args= | | [b2] | text=Help | tabOrder=2 | location=515,203 | gfxEnabled=%ApRoot%\\SUPPORT\\AUTORUN\\HelpBtnUp.bmp | gfxActive=%ApRoot%\\SUPPORT\\AUTORUN\\HelpBtnHighlight.bmp | gfxPushed=%ApRoot%\\SUPPORT\\AUTORUN\\HelpBtnDown.bmp | sndActiveLoop=1 | SndActive=%ApRoot%\\SUPPORT\\AUTORUN\\rollover.wav | SndPushedLoop=1 | SndPushed=%ApRoot%\\SUPPORT\\AUTORUN\\click.wav | ExitAfterAction=0 | Action=%ApRoot%\\Manual\\Help.htm | ;Action=%ApRoot%\\support\\help\\help.htm | Args= | | | [b3] | text=Preview | tabOrder=3 | location=515,114 | gfxEnabled=%ApRoot%\\SUPPORT\\AUTORUN\\PreviewBtnUp.bmp | gfxActive=%ApRoot%\\SUPPORT\\AUTORUN\\PreviewBtnHighlight.bmp | gfxPushed=%ApRoot%\\SUPPORT\\AUTORUN\\PreviewBtnDown.bmp | sndActiveLoop=1 | SndActive=%ApRoot%\\SUPPORT\\AUTORUN\\rollover.wav | SndPushedLoop=1 | SndPushed=%ApRoot%\\SUPPORT\\AUTORUN\\click.wav | ExitAfterAction=0 | Action=%ApRoot%\\SUPPORT\\Trailer\\JSWorldTrailer.wmv | Args= | | [b4] | text=Website | tabOrder=4 | location=515,294 | gfxEnabled=%ApRoot%\\SUPPORT\\AUTORUN\\WebBtnUp.bmp | gfxActive=%ApRoot%\\SUPPORT\\AUTORUN\\WebBtnHighlight.bmp | gfxPushed=%ApRoot%\\SUPPORT\\AUTORUN\\WebBtnDown.bmp | sndActiveLoop=1 | SndActive=%ApRoot%\\SUPPORT\\AUTORUN\\rollover.wav | SndPushedLoop=1 | SndPushed=%ApRoot%\\SUPPORT\\AUTORUN\\click.wav | ExitAfterAction=0 | Action=%ApRoot%\\SUPPORT\\Web\\website.exe | Args= | | | | | [Strings] | FileNotFound=The file was not found. | FileNotFoundTit=Error Executing Request | PathNotFound=The path to the file was not found. | PathNotFoundTit=Error Executing Request | AccessDenied=You do not have privileges to execute this command. | AccessDeniedTit=Error Executing Request | OutOfMem=Your machine doesn't have enough memory to run this application now. | OutOfMemTit=Error Executing Request | DllNotFound=A required DLL was not found on your system. | DllNotFoundTit=Error Executing Request | ShareViolation=There has been a sharing violation, please restart your machine. | ShareViolationTit=Error Executing Request | AssocIncomplete=Your machine is incorrectly configured to launch this document. | AssocIncompleteTit=Error Executing Request | DdeTimeout=Your machine is in an unstable state. Try restarting. | DdeTimeoutTit=Error Executing Request | DdeFail=Your machine is in an unstable state. Try restarting. | DdeFailTit=Error Executing Request | DdeBusy=Your machine is not capable of completing this request at this time. | DdeBusyTit=Error Executing Request | NoAssoc=Your machine is not capable of displaying this type of document. | NoAssocTit=Error Executing Request | ] - [03/15/2006 03:34 PM | 00,004,810 | R--- | M] () D:\AUTORUN.INF [ CDFS ]

===== CDRom AutoRun Settings =====

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = Drive

===== Hosts File =====

HOSTS File = (258498 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.139mm.com



[Files/Folders - Created Within 30 days]
[08/23/2008 02:28 PM | 26,746,8800 | -HS- | M] () - C:\hiberfil.sys
[08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[06/10/2008 01:21 AM | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[06/10/2008 02:32 AM | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javacpl.cpl
[06/10/2008 01:21 AM | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[06/10/2008 02:32 AM | 00,139,264 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[08/08/2008 09:00 PM | 29,576,9337 | ---- | M] () - C:\WINDOWS\System32\syspilog.pil
[08/09/2008 11:33 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/23/2008 02:36 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\NOS
[08/13/2008 08:00 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/16/2008 06:42 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
[08/09/2008 11:33 AM | ---D | C] - C:\Documents and Settings\George\Application Data\Malwarebytes
[08/12/2008 03:07 PM | 00,026,112 | ---- | M] () - C:\Documents and Settings\All Users\Documents\A
  • 0

#5
emeraldnzl
Posted 23 August 2008 - 06:12 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello mdsteam,

Your OTViewIt log got cut off. We need to see it all.

Please post. Doesn't matter if it requires more than one post to get it here.
  • 0

#6
mdsteam
Posted 23 August 2008 - 06:37 PM

mdsteam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi. I have both files now.

Thanks Again! :)

OTViewIt logfile created on: 8/23/2008 5:34:41 PM - Run 3
OTViewIt by OldTimer - Version 1.0.0.8 Folder = C:\Documents and Settings\George\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.01 Mb Total Physical Memory | 74.20 Mb Available Physical Memory | 29.10% Memory free
616.21 Mb Paging File | 238.39 Mb Available in Paging File | 38.69% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.33 Gb Total Space | 44.38 Gb Free Space | 58.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEORGE-I9EFJQO4
Current User Name: George
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[10/31/2007 03:09 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[03/14/2002 09:41 AM | 00,049,152 | ---- | M] (CANON INC.) - C:\Program Files\Canon\BJCard\Bjmcmng.exe
[05/21/2003 01:22 AM | 00,032,768 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
[06/02/2007 08:43 PM | 00,138,680 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[05/21/2003 01:27 AM | 00,610,304 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
[10/06/2003 02:16 PM | 00,081,920 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe
[08/17/2001 03:36 PM | 00,024,064 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\devldr32.exe
[05/21/2003 01:21 AM | 00,090,112 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
[06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[08/18/2004 04:13 PM | 00,868,352 | ---- | M] (Roxio) - C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
[08/18/2004 04:13 PM | 00,319,488 | ---- | M] (Roxio, Inc.) - C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
[05/18/2005 02:49 PM | 00,282,624 | ---- | M] (Walt Disney Internet Group) - C:\Program Files\DIGStream\digstream.exe
[03/14/2002 09:41 AM | 00,630,784 | ---- | M] (CANON INC.) - C:\Program Files\Canon\BJCard\BJLaunch.exe
[11/19/2006 11:41 PM | 00,380,928 | ---- | M] (Motive, Inc.) - C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
[07/19/2005 11:05 AM | 00,135,168 | ---- | M] (Musicmatch, Inc.) - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
[07/19/2005 11:05 AM | 00,053,248 | ---- | M] (Musicmatch Inc.) - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
[04/22/2005 08:49 PM | 00,397,312 | ---- | M] (Yahoo! Inc.) - C:\Program Files\Yahoo!\YOP\yop.exe
[07/21/2006 05:19 PM | 00,129,536 | ---- | M] (Yahoo! Inc.) - C:\Program Files\Yahoo!\browser\ybrwicon.exe
[02/04/2008 03:18 PM | 00,267,048 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[01/10/2008 09:41 AM | 00,223,984 | ---- | M] (Yahoo! Inc.) - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
[03/03/2006 03:18 PM | 00,200,704 | ---- | M] (Yahoo!, Inc.) - C:\Program Files\Yahoo!\browser\ycommon.exe
[02/21/2006 11:10 PM | 00,036,864 | ---- | M] (Logitech) - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[07/07/2008 09:42 AM | 02,156,368 | RHS- | M] (Safer Networking Limited) - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[08/18/2004 04:13 PM | 00,118,784 | ---- | M] (Roxio, Inc.) - C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
[02/04/2008 03:18 PM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[07/12/2008 09:16 PM | 00,125,624 | ---- | M] (Google) - C:\Program Files\Google\Google Updater\GoogleUpdater.exe
[08/04/2005 03:42 AM | 00,528,384 | ---- | M] (Logitech Inc.) - C:\Program Files\Logitech\SetPoint\SetPoint.exe
[10/10/2003 09:06 AM | 00,192,512 | ---- | M] () - C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
[07/31/2001 10:53 PM | 00,036,864 | ---- | M] (Intuit) - C:\QUICKENW\QWDLLS.EXE
[10/03/2007 02:56 PM | 00,054,512 | ---- | M] (Yahoo! Inc.) - C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
[08/30/2007 06:43 PM | 00,103,664 | ---- | M] (Yahoo! Inc.) - C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
[08/21/2008 10:22 PM | 00,053,248 | ---- | M] () - C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
[08/04/2005 03:42 AM | 00,028,160 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
[08/23/2008 05:34 PM | 01,274,880 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\George\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[10/31/2007 03:09 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Bjmcmng) Canon BJ Memory Card Manager [Auto | Running]
[03/14/2002 09:41 AM | 00,049,152 | ---- | M] (CANON INC.) - C:\Program Files\Canon\BJCard\Bjmcmng.exe

(DefWatch) DefWatch [Auto | Running]
[05/21/2003 01:22 AM | 00,032,768 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[04/13/2008 05:12 PM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(gusvc) Google Updater Service [Auto | Running]
[06/02/2007 08:43 PM | 00,138,680 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

(IDriverT) InstallDriver Table Manager [On_Demand | Stopped]
[04/04/2005 12:41 AM | 00,069,632 | ---- | M] (Macrovision Corporation) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

(iPod Service) iPod Service [On_Demand | Running]
[02/04/2008 03:18 PM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(Norton AntiVirus Server) Symantec AntiVirus Client [Auto | Running]
[05/21/2003 01:27 AM | 00,610,304 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

(NVSvc) NVIDIA Display Driver Service [Auto | Running]
[10/06/2003 02:16 PM | 00,081,920 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe

(vsmon) TrueVector Internet Monitor [Auto | Stopped]
File not found - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

(YPCService) YPCService [On_Demand | Stopped]
[05/19/2003 05:07 PM | 00,086,016 | ---- | M] (Yahoo! Inc.) - C:\WINDOWS\system32\YPcservice.exe

===== Driver Services - Non-Microsoft Only =====

(basic2) basic2 [On_Demand | Running]
[07/18/2001 07:01 PM | 00,077,426 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\basic2.sys

(Cdr4_xp) Cdr4_xp [System | Running]
[10/18/2006 04:00 AM | 00,002,432 | ---- | M] (Sonic Solutions) - C:\WINDOWS\System32\drivers\cdr4_xp.sys

(Cdralw2k) Cdralw2k [System | Running]
[10/18/2006 04:00 AM | 00,002,560 | ---- | M] (Sonic Solutions) - C:\WINDOWS\System32\drivers\cdralw2k.sys

(cdudf_xp) cdudf_xp [System | Running]
[08/18/2004 04:13 PM | 00,260,224 | ---- | M] (Roxio) - C:\WINDOWS\System32\drivers\Cdudf_xp.sys

(ctljystk) Creative SBLive! Gameport [On_Demand | Running]
[08/17/2001 05:19 AM | 00,003,712 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\ctljystk.sys

(dmboot) dmboot [Disabled | Stopped]
[04/13/2008 11:44 AM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[04/13/2008 11:44 AM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Boot | Running]
[07/16/2003 09:21 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(dvd_2K) dvd_2K [On_Demand | Stopped]
[08/18/2004 04:13 PM | 00,021,993 | ---- | M] (Roxio) - C:\WINDOWS\System32\drivers\Dvd_2k.sys

(emu10k) Creative SB Live! (WDM) [On_Demand | Running]
[08/17/2001 05:19 AM | 00,283,904 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\emu10k1m.sys

(emu10k1) Creative Interface Manager Driver (WDM) [On_Demand | Running]
[08/17/2001 05:19 AM | 00,006,912 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\ctlfacem.sys

(Fallback) Fallback [Auto | Running]
[07/18/2001 07:04 PM | 00,310,899 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\fallback.sys

(Fsks) Fsks [Auto | Running]
[07/18/2001 07:06 PM | 00,127,405 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\fsksnt.sys

(GEARAspiWDM) GEAR CDRom Filter [On_Demand | Running]
[09/19/2006 04:44 PM | 00,015,664 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(hsf_msft) hsf_msft [On_Demand | Stopped]
[08/17/2001 06:28 AM | 00,542,879 | ---- | M] (Conexant) - C:\WINDOWS\system32\drivers\HSF_MSFT.sys

(K56) K56 [Auto | Running]
[07/18/2001 07:06 PM | 00,426,783 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\k56nt.sys

(L8042mou) Logitech SetPoint PS/2 Mouse Filter Driver [On_Demand | Running]
[07/23/2005 12:41 AM | 00,055,040 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\L8042mou.Sys

(LMouKE) Logitech SetPoint Mouse Filter Driver [On_Demand | Running]
[07/23/2005 12:41 AM | 00,068,864 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\LMouKE.Sys

(MCSTRM) MCSTRM [Auto | Running]
[11/25/2007 04:07 PM | 00,008,413 | ---- | M] (RealNetworks, Inc.) - C:\WINDOWS\System32\drivers\mcstrm.sys

(mmc_2K) mmc_2K [On_Demand | Running]
[08/18/2004 04:13 PM | 00,022,777 | ---- | M] (Roxio) - C:\WINDOWS\System32\drivers\Mmc_2k.sys

(NAVAP) NAVAP [On_Demand | Running]
[05/02/2003 09:08 PM | 00,224,256 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys

(NAVAPEL) NAVAPEL [Auto | Running]
[05/02/2003 09:08 PM | 00,030,208 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys

(NAVENG) NAVENG [On_Demand | Running]
[08/22/2008 01:00 AM | 00,089,104 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080822.003\NAVENG.SYS

(NAVEX15) NAVEX15 [On_Demand | Running]
[08/22/2008 01:00 AM | 00,873,552 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080822.003\NAVEX15.SYS

(nv) nv [On_Demand | Running]
[10/06/2003 02:16 PM | 01,550,043 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys

(PCAMPR5) PCAMPR5 NDIS Protocol Driver [On_Demand | Stopped]
File not found - C:\WINDOWS\system32\PCAMPR5.SYS

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[07/16/2003 09:36 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(pwd_2k) pwd_2k [System | Running]
[08/18/2004 04:13 PM | 00,118,409 | ---- | M] (Roxio) - C:\WINDOWS\System32\drivers\pwd_2K.sys

(PxHelp20) PxHelp20 [Boot | Running]
[10/18/2006 04:00 AM | 00,036,624 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\pxhelp20.sys

(Rksample) Rksample [On_Demand | Running]
[07/18/2001 07:01 PM | 00,067,654 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\rksample.sys

(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [On_Demand | Running]
[08/03/2004 11:31 PM | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) - C:\WINDOWS\system32\drivers\rtl8139.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[11/13/2007 03:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(sfman) Creative SoundFont Manager Driver (WDM) [On_Demand | Running]
[08/17/2001 05:19 AM | 00,036,480 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\sfmanm.sys

(SoftFax) SoftFax [Auto | Running]
[07/18/2001 07:05 PM | 00,217,019 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\faxnt.sys

(SpeakerPhone) SpeakerPhone [Auto | Running]
[07/18/2001 07:07 PM | 00,080,449 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\spkpnt.sys

(SymEvent) SymEvent [On_Demand | Running]
[08/18/2004 08:25 AM | 00,073,496 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\SYMEVENT.SYS

(Tones) Tones [Auto | Running]
[07/18/2001 07:04 PM | 00,056,607 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\tonesnt.sys

(UdfReadr_xp) UdfReadr_xp [System | Running]
[08/18/2004 04:13 PM | 00,213,120 | ---- | M] (Roxio) - C:\WINDOWS\System32\drivers\UdfReadr_xp.sys

(V124) V124 [Auto | Running]
[07/18/2001 07:01 PM | 00,534,125 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\v124nt.sys

(vsdatant) vsdatant [System | Stopped]
File not found - C:\WINDOWS\System32\vsdatant.sys

(winachsf) winachsf [On_Demand | Running]
[07/25/2001 05:58 PM | 00,584,336 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\hsf_cnxt.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM | 00,034,672 | ---- | M] (Adobe Systems Incorporated)
"BJLaunchEXE" = C:\Program Files\Canon\BJCard\BJLaunch.exe [03/14/2002 09:41 AM | 00,630,784 | ---- | M] (CANON INC.)
"DIGStream" = C:\Program Files\DIGStream\digstream.exe [05/18/2005 02:49 PM | 00,282,624 | ---- | M] (Walt Disney Internet Group)
"Google Desktop Search" = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [08/03/2007 11:07 AM | 01,836,544 | ---- | M] (Google)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [02/04/2008 03:18 PM | 00,267,048 | ---- | M] (Apple Inc.)
"mmtask" = "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [07/19/2005 11:05 AM | 00,053,248 | ---- | M] (Musicmatch Inc.)
"MMTray" = "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [07/19/2005 11:05 AM | 00,135,168 | ---- | M] (Musicmatch, Inc.)
"Motive SmartBridge" = C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe [11/19/2006 11:41 PM | 00,380,928 | ---- | M] (Motive, Inc.)
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [10/06/2003 02:16 PM | 05,058,560 | ---- | M] (NVIDIA Corporation)
"nwiz" = nwiz.exe /install [10/06/2003 02:16 PM | 00,741,376 | ---- | M] (NVIDIA Corporation)
"QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [02/01/2008 12:13 AM | 00,385,024 | ---- | M] (Apple Inc.)
"RoxioAudioCentral" = "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [08/18/2004 04:13 PM | 00,319,488 | ---- | M] (Roxio, Inc.)
"RoxioDragToDisc" = "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [08/18/2004 04:13 PM | 00,868,352 | ---- | M] (Roxio)
"RoxioEngineUtility" = "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [08/18/2004 04:11 PM | 00,065,536 | ---- | M] (Roxio)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"vptray" = C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe [05/21/2003 01:21 AM | 00,090,112 | ---- | M] (Symantec Corporation)
"YBrowser" = C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [07/21/2006 05:19 PM | 00,129,536 | ---- | M] (Yahoo! Inc.)
"YOP" = C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart [04/22/2005 08:49 PM | 00,397,312 | ---- | M] (Yahoo! Inc.)
"YSearchProtection" = "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [01/10/2008 09:41 AM | 00,223,984 | ---- | M] (Yahoo! Inc.)
"Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"" =
"Installed" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"" =
"Installed" = 1
"NoChange" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"" =
"Installed" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [02/21/2006 11:10 PM | 00,036,864 | ---- | M] (Logitech)
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [07/07/2008 09:42 AM | 02,156,368 | RHS- | M] (Safer Networking Limited)
"Yahoo! Pager" = "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet [08/30/2007 06:43 PM | 04,670,704 | ---- | M] (Yahoo! Inc.)
"YSearchProtection" = C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [01/10/2008 09:41 AM | 00,223,984 | ---- | M] (Yahoo! Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper" = "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020 [08/21/2008 10:22 PM | 00,053,248 | ---- | M] ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[10/10/2003 09:06 AM | 00,217,088 | ---- | M] (Motive Communications, Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
[07/31/2001 10:52 PM | 00,036,864 | ---- | M] (Intuit) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
[07/12/2008 09:16 PM | 00,125,624 | ---- | M] (Google) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
[02/21/2006 11:09 PM | 00,196,608 | ---- | M] (Logitech) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
[08/04/2005 03:42 AM | 00,528,384 | ---- | M] (Logitech Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
[07/31/2001 10:53 PM | 00,036,864 | ---- | M] (Intuit) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
[10/03/2007 02:56 PM | 00,054,512 | ---- | M] (Yahoo! Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe

[George Startup Folder - C:\Documents and Settings\George\Start Menu\Programs\Startup]

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
HKLM CLSID: (&Yahoo! Toolbar Helper) - [03/10/2008 05:58 AM | 00,879,856 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
HKLM CLSID: (Adobe PDF Link Helper) - [06/11/2008 10:33 PM | 00,075,128 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
HKLM CLSID: (RealPlayer Download and Record Plugin for Internet Explorer) - [11/25/2007 03:51 PM | 00,370,296 | ---- | M] (RealPlayer) C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
HKLM CLSID: (Spybot-S&D IE Protection) - [07/07/2008 09:41 AM | 01,562,448 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
HKLM CLSID: (Yahoo! IE Services Button) - [10/31/2006 05:33 PM | 00,198,136 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
HKLM CLSID: (Google Toolbar Notifier BHO) - [07/12/2008 09:16 PM | 00,654,320 | ---- | M] (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}]
HKLM CLSID: (SidebarAutoLaunch Class) - [02/03/2005 06:07 PM | 00,124,032 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [03/10/2008 05:58 AM | 00,879,856 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [03/10/2008 05:58 AM | 00,879,856 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID]
"{17492023-C23A-453E-A040-C7C580BBF700}" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" = 1
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}" = 1073741857
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}" = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls]
"C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL" - [07/27/2007 10:22 PM | 00,145,408 | ---- | M] (Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 05:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [02/21/2006 11:10 PM | 00,036,864 | ---- | M] (Logitech)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 11:53 AM | 00,558,080 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 05:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe [06/23/2008 02:20 AM | 00,625,664 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo! Games\Boggle Supreme\BoggleSupreme.exe" = C:\Program Files\Yahoo! Games\Boggle Supreme\BoggleSupreme.exe File not found
"C:\Program Files\Marble Blast Gold\MarbleBlast.exe" = C:\Program Files\Marble Blast Gold\MarbleBlast.exe File not found
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe [02/01/2008 12:13 AM | 07,525,680 | ---- | M] (Apple Inc.)
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe [09/22/2004 06:46 PM | 00,073,728 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe [11/25/2007 03:50 PM | 00,214,560 | ---- | M] (RealNetworks, Inc.)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe File not found
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe [10/03/2007 02:56 PM | 06,190,320 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [02/21/2006 11:10 PM | 00,036,864 | ---- | M] (Logitech)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 11:53 AM | 00,558,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\GameHouse\Jigsaw\Jigsaw.exe" = C:\Program Files\GameHouse\Jigsaw\Jigsaw.exe [09/03/2003 01:05 PM | 01,231,361 | ---- | M] (GameHouse)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [02/04/2008 03:18 PM | 19,926,824 | ---- | M] (Apple Inc.)
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 05:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [04/13/2008 05:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04/13/2008 05:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [04/13/2008 05:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/13/2008 05:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04/13/2008 05:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplore]
"DllName" = File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
"DllName" = C:\WINDOWS\system32\NavLogon.dll [05/21/2003 01:19 AM | 00,045,056 | ---- | M] ()

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 0
"startup" = 0

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{D85A5784-61A4-4512-B4A4-83F69FC3DDDD}]
Servers: 206.13.29.12,206.13.30.12 | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"DependOnGroup" = SCSI miniport;
"ErrorControl" = 1
"Group" = SCSI CDROM Class
"Start" = 1
"Tag" = 2
"Type" = 1
"DisplayName" = CD-ROM Driver
"ImagePath" = C:\WINDOWS\system32\drivers\cdrom.sys [04/13/2008 11:40 AM | 00,062,976 | ---- | M] (Microsoft Corporation)
"AutoRun" = 1
"AutoRunAlwaysDisable" = NEC MBR-7 ;NEC MBR-7.4 ;PIONEER CHANGR DRM-1804X;PIONEER CD-ROM DRM-6324X;PIONEER CD-ROM DRM-624X ;TORiSAN CD-ROM CDR_C36;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum]
"0" = IDE\CdRomHL-DT-ST_CD-RW_GCE-8160B________________2.11____\5&7208d00&0&0.0.0
"Count" = 1
"NextInstance" = 1
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] - [08/17/2004 04:26 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

===== CDRom AutoRun Settings =====

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = Drive

===== Hosts File =====

HOSTS File = (258498 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.139mm.com



[Files/Folders - Created Within 30 days]
[08/23/2008 05:17 PM | 26,746,8800 | -HS- | M] () - C:\hiberfil.sys
[08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[06/10/2008 01:21 AM | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[06/10/2008 02:32 AM | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javacpl.cpl
[06/10/2008 01:21 AM | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[06/10/2008 02:32 AM | 00,139,264 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[08/08/2008 09:00 PM | 29,576,9337 | ---- | M] () - C:\WINDOWS\System32\syspilog.pil
[08/09/2008 11:33 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/23/2008 05:19 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\NOS
[08/13/2008 08:00 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/16/2008 06:42 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
[08/09/2008 11:33 AM | ---D | C] - C:\Documents and Settings\George\Application Data\Malwarebytes
[08/12/2008 03:07 PM | 00,026,112 | ---- | M] () - C:\Documents and Settings\All Users\Documents\Aunt Val.doc
[08/13/2008 10:51 AM | 00,030,720 | ---- | M] () - C:\Documents and Settings\All Users\Documents\Josh at Reischl Physical Therapy.doc
[08/12/2008 03:41 PM | 00,025,088 | ---- | M] () - C:\Documents and Settings\George\My Documents\Dr Jerry Express Scripts request.doc
[08/12/2008 02:06 PM | 00,015,872 | ---- | M] () - C:\Documents and Settings\George\My Documents\State Farm Receipts from 2007 Fire.xls
[08/23/2008 02:25 PM | 00,000,734 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[08/23/2008 02:21 PM | 00,001,729 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[08/09/2008 11:33 AM | 00,000,696 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/17/2008 01:58 PM | 00,001,734 | ---- | M] () - C:\Documents and Settings\George\Desktop\HijackThis.lnk
[08/23/2008 02:44 PM | 00,208,384 | ---- | M] (Paul McLain and Fred de Vries) - C:\Documents and Settings\George\Desktop\JavaRa.exe
[08/23/2008 03:11 PM | 00,382,352 | ---- | M] (Sun Microsystems, Inc.) - C:\Documents and Settings\George\Desktop\jdk-6u7-windows-i586-p-iftw.exe
[08/23/2008 03:03 PM | 00,382,352 | ---- | M] (Sun Microsystems, Inc.) - C:\Documents and Settings\George\Desktop\jdk-6u7-windows-i586-p-iftw.exe.bak
[08/23/2008 03:11 PM | 81,208,728 | ---- | M] () - C:\Documents and Settings\George\Desktop\jdk-6u7-windows-i586-p.exe
[08/23/2008 05:34 PM | 01,274,880 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\George\Desktop\OTViewIt.exe
[08/13/2008 06:56 PM | 00,000,933 | ---- | M] () - C:\Documents and Settings\George\Desktop\Spybot - Search & Destroy.lnk
[08/13/2008 09:59 PM | 00,000,690 | ---- | M] () - C:\Documents and Settings\George\Desktop\SpywareBlaster.lnk
[08/23/2008 02:24 PM | ---D | C] - C:\Program Files\Common Files\Adobe AIR
[08/09/2008 11:32 AM | ---D | C] - C:\Program Files\Common Files\Download Manager
[08/18/2008 09:45 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08/23/2008 02:12 PM | ---D | C] - C:\Program Files\NOS
[08/13/2008 06:56 PM | ---D | C] - C:\Program Files\Spybot - Search & Destroy
[08/16/2008 06:42 PM | ---D | C] - C:\Program Files\SpywareBlaster
[08/23/2008 03:30 PM | ---D | C] - C:\Program Files\Sun
[08/17/2008 01:58 PM | ---D | C] - C:\Program Files\Trend Micro

[Files/Folders - Modified Within 30 days]
[08/23/2008 05:17 PM | 26,746,8800 | -HS- | M] () - C:\hiberfil.sys
[08/23/2008 03:30 PM | R--D | M] - C:\Program Files
[08/23/2008 02:31 PM | ---D | M] - C:\WINDOWS
[08/16/2008 12:00 AM | ---D | M] - C:\WINDOWS\System32\drivers\etc
[08/16/2008 12:00 AM | 00,258,498 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts
[08/13/2008 07:02 PM | 00,258,498 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080816-000021.backup
[08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/23/2008 02:31 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[2 C:\WINDOWS\System32\*.tmp files]
[08/23/2008 02:31 PM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/18/2008 09:45 PM | ---D | M] - C:\WINDOWS\System32\drivers
[08/08/2008 09:00 PM | 29,576,9337 | ---- | M] () - C:\WINDOWS\System32\syspilog.pil
[08/23/2008 05:20 PM | 00,002,206 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/14/2008 03:16 AM | -H-D | M] - C:\WINDOWS\$hf_mig$
[6 C:\WINDOWS\*.tmp files]
[08/23/2008 05:17 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/23/2008 02:12 PM | --SD | M] - C:\WINDOWS\Downloaded Program Files
[08/22/2008 06:04 AM | ---D | M] - C:\WINDOWS\Help
[08/14/2008 03:12 AM | ---D | M] - C:\WINDOWS\ie7updates
[08/14/2008 03:16 AM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/23/2008 01:20 AM | -H-D | M] - C:\WINDOWS\inf
[08/23/2008 03:31 PM | -HSD | M] - C:\WINDOWS\Installer
[08/09/2008 11:03 AM | ---D | M] - C:\WINDOWS\network diagnostic
[08/23/2008 05:21 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/23/2008 05:20 PM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[08/23/2008 03:30 PM | ---D | M] - C:\WINDOWS\system32
[08/23/2008 05:21 PM | ---D | M] - C:\WINDOWS\Temp
[08/14/2008 03:05 AM | 00,000,766 | ---- | M] () - C:\WINDOWS\win.ini
[08/23/2008 02:19 PM | ---D | M] - C:\WINDOWS\WinSxS
[08/11/2008 12:48 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/23/2008 05:17 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/23/2008 02:22 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Adobe
[08/23/2008 05:34 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\DIGStream
[08/23/2008 11:49 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Google Updater
[08/09/2008 11:33 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/23/2008 05:19 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\NOS
[08/13/2008 08:00 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/16/2008 06:42 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
[08/09/2008 11:33 AM | ---D | M] - C:\Documents and Settings\George\Application Data\Malwarebytes
[08/23/2008 02:37 PM | ---D | M] - C:\Documents and Settings\George\Local Settings\Application Data\Adobe
[08/11/2008 04:08 PM | 02,115,528 | -H-- | M] () - C:\Documents and Settings\George\Local Settings\Application Data\IconCache.db
[08/22/2008 06:43 AM | ---D | M] - C:\Documents and Settings\George\Local Settings\Application Data\Microsoft
[08/13/2008 10:54 AM | ---D | M] - C:\Documents and Settings\All Users\Documents\Addresses
[08/12/2008 03:07 PM | 00,026,112 | ---- | M] () - C:\Documents and Settings\All Users\Documents\Aunt Val.doc
[08/13/2008 10:51 AM | 00,030,720 | ---- | M] () - C:\Documents and Settings\All Users\Documents\Josh at Reischl Physical Therapy.doc
[08/12/2008 03:41 PM | 00,025,088 | ---- | M] () - C:\Documents and Settings\George\My Documents\Dr Jerry Express Scripts request.doc
[08/22/2008 05:25 PM | R--D | M] - C:\Documents and Settings\George\My Documents\My Pictures
[08/06/2008 09:16 AM | ---D | M] - C:\Documents and Settings\George\My Documents\soccer
[08/12/2008 02:06 PM | 00,015,872 | ---- | M] () - C:\Documents and Settings\George\My Documents\State Farm Receipts from 2007 Fire.xls
[08/23/2008 02:25 PM | 00,000,734 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[08/23/2008 02:21 PM | 00,001,729 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[08/09/2008 11:33 AM | 00,000,696 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/17/2008 01:58 PM | 00,001,734 | ---- | M] () - C:\Documents and Settings\George\Desktop\HijackThis.lnk
[08/23/2008 02:44 PM | 00,208,384 | ---- | M] (Paul McLain and Fred de Vries) - C:\Documents and Settings\George\Desktop\JavaRa.exe
[08/23/2008 03:11 PM | 00,382,352 | ---- | M] (Sun Microsystems, Inc.) - C:\Documents and Settings\George\Desktop\jdk-6u7-windows-i586-p-iftw.exe
[08/23/2008 03:03 PM | 00,382,352 | ---- | M] (Sun Microsystems, Inc.) - C:\Documents and Settings\George\Desktop\jdk-6u7-windows-i586-p-iftw.exe.bak
[08/23/2008 03:11 PM | 81,208,728 | ---- | M] () - C:\Documents and Settings\George\Desktop\jdk-6u7-windows-i586-p.exe
[08/23/2008 02:44 PM | 00,002,495 | ---- | M] () - C:\Documents and Settings\George\Desktop\Microsoft Office Excel 2003.lnk
[08/22/2008 07:13 AM | 00,002,497 | ---- | M] () - C:\Documents and Settings\George\Desktop\Microsoft Office Word 2003.lnk
[08/23/2008 05:34 PM | 01,274,880 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\George\Desktop\OTViewIt.exe
[08/13/2008 06:56 PM | 00,000,933 | ---- | M] () - C:\Documents and Settings\George\Desktop\Spybot - Search & Destroy.lnk
[08/13/2008 09:59 PM | 00,000,690 | ---- | M] () - C:\Documents and Settings\George\Desktop\SpywareBlaster.lnk
[08/23/2008 02:21 PM | ---D | M] - C:\Program Files\Common Files\Adobe
[08/23/2008 02:24 PM | ---D | M] - C:\Program Files\Common Files\Adobe AIR
[08/09/2008 11:32 AM | ---D | M] - C:\Program Files\Common Files\Download Manager

< End of report >
OTViewIt Extras logfile created on: 8/23/2008 5:34:41 PM - Run 3
OTViewIt by OldTimer - Version 1.0.0.8 Folder = C:\Documents and Settings\George\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.01 Mb Total Physical Memory | 74.20 Mb Available Physical Memory | 29.10% Memory free
616.21 Mb Paging File | 238.39 Mb Available in Paging File | 38.69% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.33 Gb Total Space | 44.38 Gb Free Space | 58.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

===== File Associations =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.html [@ = YBrowser.HTML] - [08/11/2006 08:53 PM | 00,668,184 | ---- | M] (Yahoo!, Inc.) - C:\Program Files\Yahoo!\browser\ybrowser.exe
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

===== Uninstall List =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}" = iTunes
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0C2FE695-DE14-4989-BEBC-CA3DCDCC5F2A}" = Mickey Mouse Kindergarten
"{0EB768CD-EF48-4C66-8BCB-2DA8166B2654}" = GradeQuick Web Plugin
"{0EE11800-A1BD-11D3-BFEB-005004AF2D32}" = Risk II
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
"{1126EA35-9A55-4152-AA35-29865470F172}" = Memory Card Utility
"{1FB63359-E6C4-4965-81BD-164E2FA52F22}" = Phonics Quest
"{2390090F-3453-41A8-8416-373C26AB2750}" = Disney Pixar 1st Grade
"{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Camera Support Core Library
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java™ SE Development Kit 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{411C452C-7F92-405E-B9A0-EA6BD3C4A630}" = Mickey Mouse Preschool
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{54AA707B-68DA-49A4-9916-68DD670241BD}" = AT&T Yahoo! Music Jukebox
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}" = Easy CD & DVD Creator 6
"{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = RAW Image Task 1.1
"{6ED10BF2-311A-4017-ACB0-E6B5039588F9}" = Disney Reading Quest With Aladdin
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Camera Window
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4C418D9-832B-4D65-99B6-F3B3EF1F1DDF}" = Winnie the Pooh Kindergarten Deluxe
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BDAC64EB-F3CF-47EC-AB54-42D3BD3A8633}" = Winnie the Pooh Preschool
"{BED27751-CD2A-4C2F-9813-00B9B60C76FE}" = Railroad Tycoon II - Platinum
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C61177FD-37C4-4C5F-BE6C-E04A8AC399B6}" = EclipseCrossword
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = RemoteCapture Task 1.0.3
"{D2EE7CBE-54E9-426C-84A5-E08BFBE4BD76}" = Disney Pixar 1st Grade Print
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}" = Apple Mobile Device Support
"{D989BCC0-757C-4FB6-893C-512DF4382656}" = MetaFrame Presentation Server Client
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{EEDB23C9-50AB-4D25-B327-EE4FCDAE265F}" = Stanley Wild for Sharks
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Arthur's Kindergarten" = Arthur's Kindergarten
"Audacity_is1" = Audacity 1.2.6
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"BugsysClub Software" = BugsysClub Software
"Buzz Lightyear Astro Blasters" = Buzz Lightyear Astro Blasters
"Caillou's Alphabet" = Caillou's Alphabet
"Caillou's Counting" = Caillou's Counting
"Caillou's Thinking Skills" = Caillou's Thinking Skills
"CANONBJ_Deinstall_CNMCP43.DLL" = Canon S530D
"CDKNet" = CDK Players
"CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0" = Conexant HSF V92 56K RTAD Speakerphone PCI Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAO 3.5" = DAO 3.5
"DD Tournament Poker 1.1" = DD Tournament Poker 1.1
"DeductionPro 2003" = DeductionPro 2003
"Dragon Tales" = Dragon Tales
"ESPNMotion" = ESPNMotion
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Canon Camera Support Core Library
"InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"JumpStart Advanced Kindergarten" = JumpStart Advanced Kindergarten
"JumpStart World Presents Pet Playground" = JumpStart World Presents Pet Playground
"Just Grandma and Me" = Just Grandma and Me
"KB870669" = Microsoft Data Access Components KB870669
"KB891122" = Windows Media Format SDK Hotfix - KB891122
"KB892130" = Windows Genuine Advantage Validation Tool (KB892130)
"KB902344" = Hotfix for Windows Media Format SDK (KB902344)
"KB910998" = Hotfix for Windows Media Format SDK (KB910998)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB911565" = Security Update for Windows Media Player 10 (KB911565)
"KB917734_WMP10" = Security Update for Windows Media Player 10 (KB917734)
"KB923689" = Security Update for Windows XP (KB923689)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB928090-IE7" = Security Update for Windows Internet Explorer 7 (KB928090)
"KB929969" = Security Update for Windows Internet Explorer 7 (KB929969)
"KB931768-IE7" = Security Update for Windows Internet Explorer 7 (KB931768)
"KB933566-IE7" = Security Update for Windows Internet Explorer 7 (KB933566)
"KB936782_WMP10" = Security Update for Windows Media Player 10 (KB936782)
"KB937143-IE7" = Security Update for Windows Internet Explorer 7 (KB937143)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB939653-IE7" = Security Update for Windows Internet Explorer 7 (KB939653)
"KB941569" = Security Update for Windows XP (KB941569)
"KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615)
"KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB951978" = Update for Windows XP (KB951978)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Driver" = NVIDIA Display Driver
"PokerPages Software" = PokerPages S
  • 0

#7
emeraldnzl
Posted 24 August 2008 - 01:33 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello mdsteam,

Still some of that Extra text missing I think.

Please post so that I can fully assess.

Thank you.

emeraldnzl
  • 0

#8
mdsteam
Posted 24 August 2008 - 03:01 PM

mdsteam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Okay, Here is the Extras file again.
Thanks,
George.

OTViewIt Extras logfile created on: 8/23/2008 5:34:41 PM - Run 3
OTViewIt by OldTimer - Version 1.0.0.8 Folder = C:\Documents and Settings\George\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.01 Mb Total Physical Memory | 74.20 Mb Available Physical Memory | 29.10% Memory free
616.21 Mb Paging File | 238.39 Mb Available in Paging File | 38.69% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.33 Gb Total Space | 44.38 Gb Free Space | 58.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

===== File Associations =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.html [@ = YBrowser.HTML] - [08/11/2006 08:53 PM | 00,668,184 | ---- | M] (Yahoo!, Inc.) - C:\Program Files\Yahoo!\browser\ybrowser.exe
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

===== Uninstall List =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}" = iTunes
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0C2FE695-DE14-4989-BEBC-CA3DCDCC5F2A}" = Mickey Mouse Kindergarten
"{0EB768CD-EF48-4C66-8BCB-2DA8166B2654}" = GradeQuick Web Plugin
"{0EE11800-A1BD-11D3-BFEB-005004AF2D32}" = Risk II
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
"{1126EA35-9A55-4152-AA35-29865470F172}" = Memory Card Utility
"{1FB63359-E6C4-4965-81BD-164E2FA52F22}" = Phonics Quest
"{2390090F-3453-41A8-8416-373C26AB2750}" = Disney Pixar 1st Grade
"{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Camera Support Core Library
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java™ SE Development Kit 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{411C452C-7F92-405E-B9A0-EA6BD3C4A630}" = Mickey Mouse Preschool
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{54AA707B-68DA-49A4-9916-68DD670241BD}" = AT&T Yahoo! Music Jukebox
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}" = Easy CD & DVD Creator 6
"{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = RAW Image Task 1.1
"{6ED10BF2-311A-4017-ACB0-E6B5039588F9}" = Disney Reading Quest With Aladdin
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Camera Window
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4C418D9-832B-4D65-99B6-F3B3EF1F1DDF}" = Winnie the Pooh Kindergarten Deluxe
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BDAC64EB-F3CF-47EC-AB54-42D3BD3A8633}" = Winnie the Pooh Preschool
"{BED27751-CD2A-4C2F-9813-00B9B60C76FE}" = Railroad Tycoon II - Platinum
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C61177FD-37C4-4C5F-BE6C-E04A8AC399B6}" = EclipseCrossword
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = RemoteCapture Task 1.0.3
"{D2EE7CBE-54E9-426C-84A5-E08BFBE4BD76}" = Disney Pixar 1st Grade Print
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}" = Apple Mobile Device Support
"{D989BCC0-757C-4FB6-893C-512DF4382656}" = MetaFrame Presentation Server Client
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{EEDB23C9-50AB-4D25-B327-EE4FCDAE265F}" = Stanley Wild for Sharks
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Arthur's Kindergarten" = Arthur's Kindergarten
"Audacity_is1" = Audacity 1.2.6
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"BugsysClub Software" = BugsysClub Software
"Buzz Lightyear Astro Blasters" = Buzz Lightyear Astro Blasters
"Caillou's Alphabet" = Caillou's Alphabet
"Caillou's Counting" = Caillou's Counting
"Caillou's Thinking Skills" = Caillou's Thinking Skills
"CANONBJ_Deinstall_CNMCP43.DLL" = Canon S530D
"CDKNet" = CDK Players
"CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0" = Conexant HSF V92 56K RTAD Speakerphone PCI Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAO 3.5" = DAO 3.5
"DD Tournament Poker 1.1" = DD Tournament Poker 1.1
"DeductionPro 2003" = DeductionPro 2003
"Dragon Tales" = Dragon Tales
"ESPNMotion" = ESPNMotion
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Canon Camera Support Core Library
"InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"JumpStart Advanced Kindergarten" = JumpStart Advanced Kindergarten
"JumpStart World Presents Pet Playground" = JumpStart World Presents Pet Playground
"Just Grandma and Me" = Just Grandma and Me
"KB870669" = Microsoft Data Access Components KB870669
"KB891122" = Windows Media Format SDK Hotfix - KB891122
"KB892130" = Windows Genuine Advantage Validation Tool (KB892130)
"KB902344" = Hotfix for Windows Media Format SDK (KB902344)
"KB910998" = Hotfix for Windows Media Format SDK (KB910998)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB911565" = Security Update for Windows Media Player 10 (KB911565)
"KB917734_WMP10" = Security Update for Windows Media Player 10 (KB917734)
"KB923689" = Security Update for Windows XP (KB923689)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB928090-IE7" = Security Update for Windows Internet Explorer 7 (KB928090)
"KB929969" = Security Update for Windows Internet Explorer 7 (KB929969)
"KB931768-IE7" = Security Update for Windows Internet Explorer 7 (KB931768)
"KB933566-IE7" = Security Update for Windows Internet Explorer 7 (KB933566)
"KB936782_WMP10" = Security Update for Windows Media Player 10 (KB936782)
"KB937143-IE7" = Security Update for Windows Internet Explorer 7 (KB937143)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB939653-IE7" = Security Update for Windows Internet Explorer 7 (KB939653)
"KB941569" = Security Update for Windows XP (KB941569)
"KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615)
"KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB951978" = Update for Windows XP (KB951978)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Driver" = NVIDIA Display Driver
"PokerPages Software" = PokerPages Software
"Quicken 2002 Basic" = Quicken 2002 Basic
"Reader Rabbit Learn To Read With Phonics" = Reader Rabbit Learn To Read With Phonics
"Ready to Read with Pooh" = Disney's Ready to Read with Pooh
"RealPlayer 6.0" = RealPlayer
"Risk" = Risk
"rrpw32.exe" = Reader Rabbit's Preschool
"RRTW32.EXE" = Reader Rabbit's Toddler
"SBC Yahoo! DSL Activation" = SBC Yahoo! DSL Activation
"SBC.MCCInstall" = AT&T Self Support Tool
"Scholastic's I SPY Junior" = Scholastic's I SPY Junior
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SpongeBob SquarePants Typing" = SpongeBob SquarePants Typing
"SpywareBlaster_is1" = SpywareBlaster 4.1
"Ssbwincd.exe" = Super Solvers Spellbound
"StarFlyers Alien Space Chase" = StarFlyers Alien Space Chase
"Tiberian Sun" = Command & Conquer Tiberian Sun
"UltimateBet" = UltimateBet
"WGA" = Windows Genuine Advantage Validation Tool (KB892130)
"WgaNotify" = Windows Genuine Advantage Notifications (KB905474)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WOLAPI" = Westwood Shared Internet Components
"Yahoo! Applications" = AT&T Yahoo! Applications
"Yahoo! Photos Drag-Drop Uploader 1v6" = Yahoo! Photos Easy Upload Tool 1v6
"Yahoo! Search Defender" = Yahoo! Search Protection

===== Uninstall List =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

===== Winsock2 Catalogs =====

===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Handlers =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

bw+0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw+0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw-0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw00:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw00s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw-0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw10:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw10s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw20:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw20s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw30:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw30s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw40:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw40s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw50:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw50s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw60:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw60s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw70:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw70s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw80:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw80s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw90:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw90s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwa0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwa0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwb0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwb0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwc0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwc0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwd0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwd0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwe0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwe0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwf0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwf0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKLM - BackWeb GA Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

bwg0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwg0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwh0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwh0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwi0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwi0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwj0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwj0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwk0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwk0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwl0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwl0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwm0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwm0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwn0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwn0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwo0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwo0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwp0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwp0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwq0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwq0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwr0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwr0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bws0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bws0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwt0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwt0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwu0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwu0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwv0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwv0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bww0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bww0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwx0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwx0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwy0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwy0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwz0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwz0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

offline-8876480:{C551C26C-EE59-4AFA-9395-3F4A6B50C74A} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

===== Protocol Filters =====

< End of report >
  • 0

#9
emeraldnzl
Posted 24 August 2008 - 03:30 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again mdsteam,

Thanks for the logs. :)

Before we proceed we need to backup your Registry. Making changes to your computers registry is a dangerous proceedure and backup will allow us to recover information if necessary.

Download and install ERUNT (Emergency Recovery Utility NT) from here lars Hederer or here Snapfiles.com.

Click on ERUNT and follow the prompts to backup your registry to a location of your choosing.

Now

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\WINDOWS\System32\syspilog.pil
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F
purity
EmptyTemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Next

Kaspersky only works if you are using Internet Explorer.

Please do an online scan with Kaspersky WebScanner.

Click on the Kaspersky Online Scanner button. A box will come up, click Accept, this will allow it to install an ActiveX component and download its latest anti-virus database. (Note: It may take a couple of minutes)

  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    * Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    * Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    * Now click on the Save as Text button:
  • Save the file to your desktop.
Copy and paste that information in your next post.

So when you come back please post
  • OTMoveIt2 report
  • Kaspersky scan results
  • 0

#10
mdsteam
Posted 24 August 2008 - 09:38 PM

mdsteam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi emeraldnzl,

Here are the two files.
Thanks,
George.
Explorer killed successfully
C:\WINDOWS\System32\syspilog.pil moved successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\\ deleted successfully.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\George\LOCALS~1\Temp\IadHide5.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\George\LOCALS~1\Temp\~DF5F4F.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\George\LOCALS~1\Temp\hsperfdata_George\2372 scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08242008_151500

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\DOCUME~1\George\LOCALS~1\Temp\IadHide5.dll
C:\DOCUME~1\George\LOCALS~1\Temp\IadHide5.dll NOT unregistered.
C:\DOCUME~1\George\LOCALS~1\Temp\IadHide5.dll moved successfully.
C:\DOCUME~1\George\LOCALS~1\Temp\~DF5F4F.tmp moved successfully.
File C:\DOCUME~1\George\LOCALS~1\Temp\hsperfdata_George\2372 not found!

Second File

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, August 24, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, August 24, 2008 23:41:04
Records in database: 1141523
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 93887
Threat name: 29
Infected objects: 113
Suspicious objects: 0
Duration of the scan: 04:16:26


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01180000.VBN Infected: Trojan.Win32.Dialer.aqm 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01180001.VBN Infected: Trojan.Win32.Dialer.aqm 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\011C0000.VBN Infected: Backdoor.Win32.Haxdoor.bb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01740001.VBN Infected: Backdoor.Win32.Haxdoor.ay 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01880000.VBN Infected: Backdoor.Win32.Small.flb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01A40000.VBN Infected: Backdoor.Win32.Small.flb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01DC0000.VBN Infected: Trojan-GameThief.Win32.OnLineGames.srvk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03700000.VBN Infected: Trojan.Win32.Agent.yxr 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F80000.VBN Infected: Trojan-GameThief.Win32.OnLineGames.srvk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\040C0000.VBN Infected: Trojan.Win32.DNSChanger.haw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04640000.VBN Infected: Backdoor.Win32.Small.flb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04640001.VBN Infected: Backdoor.Win32.Small.flb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04640002.VBN Infected: Trojan-GameThief.Win32.OnLineGames.snmv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04640003.VBN Infected: Trojan.Win32.Dialer.aql 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\059C0000.VBN Infected: Trojan-Downloader.Win32.Delf.lso 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05A80000.VBN Infected: Trojan-Downloader.Win32.Delf.lso 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05DC0000.VBN Infected: Backdoor.Win32.Haxdoor.ar 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06340001.VBN Infected: Trojan-Downloader.Win32.Delf.hi 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08800000.VBN Infected: Backdoor.Win32.Small.flb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08840000.VBN Infected: Backdoor.Win32.Small.flb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\088C0000.VBN Infected: Backdoor.Win32.Small.flb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08900000.VBN Infected: Trojan-GameThief.Win32.OnLineGames.sovd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08BC0000.VBN Infected: Trojan-Proxy.Win32.Agent.awk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08C80000.VBN Infected: Trojan-Downloader.Win32.Delf.hi 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08D40000.VBN Infected: Backdoor.Win32.Haxdoor.bb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08D40001.VBN Infected: Backdoor.Win32.Haxdoor.ar 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09040000.VBN Infected: Trojan-GameThief.Win32.WOW.bpl 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09040001.VBN Infected: Trojan-Downloader.Win32.Delf.lso 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09380000.VBN Infected: Trojan-GameThief.Win32.OnLineGames.sovd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09540000.VBN Infected: Trojan-Spy.Win32.Agent.ck 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09A00001.VBN Infected: Backdoor.Win32.Haxdoor.bb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09A00003.VBN Infected: Backdoor.Win32.Haxdoor.ay 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09A00005.VBN Infected: Backdoor.Win32.Haxdoor.ar 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09A00007.VBN Infected: Trojan-Downloader.Win32.Delf.hi 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09A00009.VBN Infected: Trojan-Downloader.Win32.Delf.hi 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09A0000B.VBN Infected: Backdoor.Win32.Haxdoor.bb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09A0000D.VBN Infected: Backdoor.Win32.Haxdoor.ar 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09A0000F.VBN Infected: Trojan-Spy.Win32.Agent.ck 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09B80000.VBN Infected: Trojan-GameThief.Win32.OnLineGames.spgv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09B80001.VBN Infected: Trojan-GameThief.Win32.OnLineGames.spgv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09B80002.VBN Infected: Trojan.Win32.Agent.ynl 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09B80002.VBN Infected: Trojan-Proxy.Win32.Small.uy 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09C40000.VBN Infected: Trojan.Win32.Agent.ynl 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09C40000.VBN Infected: Trojan-Proxy.Win32.Small.uy 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09C40001.VBN Infected: Trojan-Proxy.Win32.Agent.awp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09C40002.VBN Infected: Trojan.Win32.Dialer.aql 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09C40003.VBN Infected: Trojan.Win32.Agent.ynl 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09C40003.VBN Infected: Trojan-Proxy.Win32.Small.uy 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09C40004.VBN Infected: Trojan-Proxy.Win32.Agent.awp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09C40005.VBN Infected: Trojan.Win32.Dialer.aql 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09C40006.VBN Infected: Trojan-GameThief.Win32.OnLineGames.spgv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09C40007.VBN Infected: Trojan.Win32.Dialer.aql 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09D40000.VBN Infected: Trojan-GameThief.Win32.OnLineGames.snmv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09D40001.VBN Infected: Trojan-GameThief.Win32.OnLineGames.snmv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09D40002.VBN Infected: Trojan-Proxy.Win32.Agent.awp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09D40003.VBN Infected: Trojan-GameThief.Win32.OnLineGames.snmv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09D40004.VBN Infected: Trojan-GameThief.Win32.OnLineGames.spgv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09D40005.VBN Infected: Trojan-GameThief.Win32.OnLineGames.snmv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09D40006.VBN Infected: Trojan.Win32.Agent.ynl 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09D40006.VBN Infected: Trojan-Proxy.Win32.Small.uy 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09D40007.VBN Infected: Trojan-Proxy.Win32.Agent.awp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DC40000.VBN Infected: Trojan.Win32.DNSChanger.haw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DC40001.VBN Infected: Trojan-GameThief.Win32.OnLineGames.srvk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DCC0000.VBN Infected: Trojan.Win32.Agent.yxr 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DCC0001.VBN Infected: Trojan.Win32.Agent.zbc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DCC0002.VBN Infected: Trojan.Win32.Agent.zbc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000.VBN Infected: Trojan-Downloader.Win32.Delf.lso 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F600000.VBN Infected: Trojan-Downloader.Win32.Delf.ltr 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F700000.VBN Infected: Trojan-Downloader.Win32.Delf.ltr 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FA40000.VBN Infected: Trojan-GameThief.Win32.OnLineGames.srvk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB80000.VBN Infected: Trojan-Proxy.Win32.Agent.awp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB80001.VBN Infected: Trojan-Proxy.Win32.Agent.awp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB80002.VBN Infected: Trojan-GameThief.Win32.WOW.bsn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB80003.VBN Infected: Trojan-GameThief.Win32.WOW.bsn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB80004.VBN Infected: Trojan-GameThief.Win32.OnLineGames.snmv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB80005.VBN Infected: Trojan-GameThief.Win32.OnLineGames.snmv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB80006.VBN Infected: Trojan-Proxy.Win32.Agent.awp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB80007.VBN Infected: Trojan-Proxy.Win32.Agent.awp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB80008.VBN Infected: Trojan.Win32.Agent.ynl 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB80008.VBN Infected: Trojan-Proxy.Win32.Small.uy 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB80009.VBN Infected: Trojan.Win32.Agent.ynl 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB80009.VBN Infected: Trojan-Proxy.Win32.Small.uy 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB8000A.VBN Infected: Trojan.Win32.Dialer.aql 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB8000B.VBN Infected: Trojan.Win32.Dialer.aql 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB8000C.VBN Infected: Trojan.Win32.Dialer.aql 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB8000D.VBN Infected: Trojan.Win32.Dialer.aql 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB8000E.VBN Infected: Trojan-Proxy.Win32.Agent.awp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB8000F.VBN Infected: Trojan-Proxy.Win32.Agent.awp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB80010.VBN Infected: Trojan-GameThief.Win32.OnLineGames.spgv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB80011.VBN Infected: Trojan-GameThief.Win32.OnLineGames.spgv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB80012.VBN Infected: Trojan-Proxy.Win32.Agent.awp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB80013.VBN Infected: Trojan-Proxy.Win32.Agent.awp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB80014.VBN Infected: Trojan-GameThief.Win32.OnLineGames.snmv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB80015.VBN Infected: Trojan-GameThief.Win32.OnLineGames.snmv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB80016.VBN Infected: Trojan-GameThief.Win32.OnLineGames.spgv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB80017.VBN Infected: Trojan-GameThief.Win32.OnLineGames.spgv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB80018.VBN Infected: Trojan.Win32.Agent.ynl 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB80018.VBN Infected: Trojan-Proxy.Win32.Small.uy 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB80019.VBN Infected: Trojan.Win32.Agent.ynl 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB80019.VBN Infected: Trojan-Proxy.Win32.Small.uy 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB8001A.VBN Infected: Backdoor.Win32.Small.flb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB8001B.VBN Infected: Backdoor.Win32.Small.flb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB8001C.VBN Infected: Backdoor.Win32.Small.flb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB8001D.VBN Infected: Backdoor.Win32.Small.flb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB8001E.VBN Infected: Backdoor.Win32.Small.flb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FF00000.VBN Infected: Backdoor.Win32.Small.flb 1
C:\Program Files\SBC_SST_Installer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 2
C:\WINDOWS\system32\atsxyzd.sys Infected: Trojan.Win32.DNSChanger.hpo 1
C:\WINDOWS\system32\cfexfst.sys Infected: Trojan-Clicker.Win32.VB.bng 1
C:\WINDOWS\system32\edbvfct.sys Infected: Trojan-Clicker.Win32.VB.brm 1
C:\WINDOWS\system32\macidwe.exe Infected: Trojan.Win32.Agent.zem 1
C:\WINDOWS\system32\tdxdowkc.exe Infected: Trojan.Win32.Agent.zen 1

The selected area was scanned.
  • 0

Advertisements

#11
emeraldnzl
Posted 25 August 2008 - 03:08 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello mdsteam,
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\Program Files\SBC_SST_Installer.exe
C:\WINDOWS\system32\atsxyzd.sys
C:\WINDOWS\system32\cfexfst.sys
C:\WINDOWS\system32\edbvfct.sys
C:\WINDOWS\system32\macidwe.exe
C:\WINDOWS\system32\tdxdowkc.exe
purity
EmptyTemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Now

Please close all windows and re-open OTViewIt
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need more than one post to get it all on the forum; that's fine.
So when you come back please post
  • OTMoveIt2 report
  • OTViewIt reports

Note: It's possible OTViewIt will only produce one report. That's OK just post that one back.
  • 0

#12
mdsteam
Posted 25 August 2008 - 09:54 PM

mdsteam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi emeraldnzl,

I think I was able to attach all three correctly.

Thanks again.

Explorer killed successfully
C:\Program Files\SBC_SST_Installer.exe moved successfully.
C:\WINDOWS\system32\atsxyzd.sys moved successfully.
C:\WINDOWS\system32\cfexfst.sys moved successfully.
C:\WINDOWS\system32\edbvfct.sys moved successfully.
C:\WINDOWS\system32\macidwe.exe moved successfully.
C:\WINDOWS\system32\tdxdowkc.exe moved successfully.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\George\LOCALS~1\Temp\IadHide5.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\George\LOCALS~1\Temp\~DF7949.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08252008_203654

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\DOCUME~1\George\LOCALS~1\Temp\IadHide5.dll
C:\DOCUME~1\George\LOCALS~1\Temp\IadHide5.dll NOT unregistered.
C:\DOCUME~1\George\LOCALS~1\Temp\IadHide5.dll moved successfully.
C:\DOCUME~1\George\LOCALS~1\Temp\~DF7949.tmp moved successfully.


OTViewIt logfile created on: 8/25/2008 8:44:48 PM - Run 4
OTViewIt by OldTimer - Version 1.0.0.8 Folder = C:\Documents and Settings\George\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.01 Mb Total Physical Memory | 4.30 Mb Available Physical Memory | 1.69% Memory free
616.21 Mb Paging File | 288.40 Mb Available in Paging File | 46.80% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.33 Gb Total Space | 44.57 Gb Free Space | 58.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEORGE-I9EFJQO4
Current User Name: George
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[05/21/2003 01:21 AM | 00,090,112 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
[06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[08/18/2004 04:13 PM | 00,868,352 | ---- | M] (Roxio) - C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
[08/18/2004 04:13 PM | 00,319,488 | ---- | M] (Roxio, Inc.) - C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
[05/18/2005 02:49 PM | 00,282,624 | ---- | M] (Walt Disney Internet Group) - C:\Program Files\DIGStream\digstream.exe
[03/14/2002 09:41 AM | 00,630,784 | ---- | M] (CANON INC.) - C:\Program Files\Canon\BJCard\BJLaunch.exe
[11/19/2006 11:41 PM | 00,380,928 | ---- | M] (Motive, Inc.) - C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
[07/19/2005 11:05 AM | 00,135,168 | ---- | M] (Musicmatch, Inc.) - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
[07/19/2005 11:05 AM | 00,053,248 | ---- | M] (Musicmatch Inc.) - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
[04/22/2005 08:49 PM | 00,397,312 | ---- | M] (Yahoo! Inc.) - C:\Program Files\Yahoo!\YOP\yop.exe
[07/21/2006 05:19 PM | 00,129,536 | ---- | M] (Yahoo! Inc.) - C:\Program Files\Yahoo!\browser\ybrwicon.exe
[02/04/2008 03:18 PM | 00,267,048 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[01/10/2008 09:41 AM | 00,223,984 | ---- | M] (Yahoo! Inc.) - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
[06/12/2008 02:38 AM | 00,034,672 | ---- | M] (Adobe Systems Incorporated) - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
[08/17/2001 03:36 PM | 00,024,064 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\devldr32.exe
[03/03/2006 03:18 PM | 00,200,704 | ---- | M] (Yahoo!, Inc.) - C:\Program Files\Yahoo!\browser\ycommon.exe
[02/21/2006 11:10 PM | 00,036,864 | ---- | M] (Logitech) - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[08/18/2004 04:13 PM | 00,118,784 | ---- | M] (Roxio, Inc.) - C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
[07/07/2008 09:42 AM | 02,156,368 | RHS- | M] (Safer Networking Limited) - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[07/12/2008 09:16 PM | 00,125,624 | ---- | M] (Google) - C:\Program Files\Google\Google Updater\GoogleUpdater.exe
[08/04/2005 03:42 AM | 00,528,384 | ---- | M] (Logitech Inc.) - C:\Program Files\Logitech\SetPoint\SetPoint.exe
[07/31/2001 10:53 PM | 00,036,864 | ---- | M] (Intuit) - C:\QUICKENW\QWDLLS.EXE
[10/03/2007 02:56 PM | 00,054,512 | ---- | M] (Yahoo! Inc.) - C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
[10/10/2003 09:06 AM | 00,192,512 | ---- | M] () - C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
[08/04/2005 03:42 AM | 00,028,160 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
[08/30/2007 06:43 PM | 00,103,664 | ---- | M] (Yahoo! Inc.) - C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
[10/31/2007 03:09 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[03/14/2002 09:41 AM | 00,049,152 | ---- | M] (CANON INC.) - C:\Program Files\Canon\BJCard\Bjmcmng.exe
[05/21/2003 01:22 AM | 00,032,768 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
[06/02/2007 08:43 PM | 00,138,680 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[05/21/2003 01:27 AM | 00,610,304 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
[10/06/2003 02:16 PM | 00,081,920 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe
[02/04/2008 03:18 PM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[08/23/2008 05:34 PM | 01,274,880 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\George\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[10/31/2007 03:09 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Bjmcmng) Canon BJ Memory Card Manager [Auto | Running]
[03/14/2002 09:41 AM | 00,049,152 | ---- | M] (CANON INC.) - C:\Program Files\Canon\BJCard\Bjmcmng.exe

(DefWatch) DefWatch [Auto | Running]
[05/21/2003 01:22 AM | 00,032,768 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[04/13/2008 05:12 PM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(gusvc) Google Updater Service [Auto | Running]
[06/02/2007 08:43 PM | 00,138,680 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

(IDriverT) InstallDriver Table Manager [On_Demand | Stopped]
[04/04/2005 12:41 AM | 00,069,632 | ---- | M] (Macrovision Corporation) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

(iPod Service) iPod Service [On_Demand | Running]
[02/04/2008 03:18 PM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(Norton AntiVirus Server) Symantec AntiVirus Client [Auto | Running]
[05/21/2003 01:27 AM | 00,610,304 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

(NVSvc) NVIDIA Display Driver Service [Auto | Running]
[10/06/2003 02:16 PM | 00,081,920 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe

(vsmon) TrueVector Internet Monitor [Auto | Stopped]
File not found - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

(YPCService) YPCService [On_Demand | Stopped]
[05/19/2003 05:07 PM | 00,086,016 | ---- | M] (Yahoo! Inc.) - C:\WINDOWS\system32\YPcservice.exe

===== Driver Services - Non-Microsoft Only =====

(basic2) basic2 [On_Demand | Running]
[07/18/2001 07:01 PM | 00,077,426 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\basic2.sys

(Cdr4_xp) Cdr4_xp [System | Running]
[10/18/2006 04:00 AM | 00,002,432 | ---- | M] (Sonic Solutions) - C:\WINDOWS\System32\drivers\cdr4_xp.sys

(Cdralw2k) Cdralw2k [System | Running]
[10/18/2006 04:00 AM | 00,002,560 | ---- | M] (Sonic Solutions) - C:\WINDOWS\System32\drivers\cdralw2k.sys

(cdudf_xp) cdudf_xp [System | Running]
[08/18/2004 04:13 PM | 00,260,224 | ---- | M] (Roxio) - C:\WINDOWS\System32\drivers\Cdudf_xp.sys

(ctljystk) Creative SBLive! Gameport [On_Demand | Running]
[08/17/2001 05:19 AM | 00,003,712 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\ctljystk.sys

(dmboot) dmboot [Disabled | Stopped]
[04/13/2008 11:44 AM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[04/13/2008 11:44 AM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Boot | Running]
[07/16/2003 09:21 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(dvd_2K) dvd_2K [On_Demand | Stopped]
[08/18/2004 04:13 PM | 00,021,993 | ---- | M] (Roxio) - C:\WINDOWS\System32\drivers\Dvd_2k.sys

(emu10k) Creative SB Live! (WDM) [On_Demand | Running]
[08/17/2001 05:19 AM | 00,283,904 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\emu10k1m.sys

(emu10k1) Creative Interface Manager Driver (WDM) [On_Demand | Running]
[08/17/2001 05:19 AM | 00,006,912 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\ctlfacem.sys

(Fallback) Fallback [Auto | Running]
[07/18/2001 07:04 PM | 00,310,899 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\fallback.sys

(Fsks) Fsks [Auto | Running]
[07/18/2001 07:06 PM | 00,127,405 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\fsksnt.sys

(GEARAspiWDM) GEAR CDRom Filter [On_Demand | Running]
[09/19/2006 04:44 PM | 00,015,664 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(hsf_msft) hsf_msft [On_Demand | Stopped]
[08/17/2001 06:28 AM | 00,542,879 | ---- | M] (Conexant) - C:\WINDOWS\system32\drivers\HSF_MSFT.sys

(K56) K56 [Auto | Running]
[07/18/2001 07:06 PM | 00,426,783 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\k56nt.sys

(L8042mou) Logitech SetPoint PS/2 Mouse Filter Driver [On_Demand | Running]
[07/23/2005 12:41 AM | 00,055,040 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\L8042mou.Sys

(LMouKE) Logitech SetPoint Mouse Filter Driver [On_Demand | Running]
[07/23/2005 12:41 AM | 00,068,864 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\LMouKE.Sys

(MCSTRM) MCSTRM [Auto | Running]
[11/25/2007 04:07 PM | 00,008,413 | ---- | M] (RealNetworks, Inc.) - C:\WINDOWS\System32\drivers\mcstrm.sys

(mmc_2K) mmc_2K [On_Demand | Running]
[08/18/2004 04:13 PM | 00,022,777 | ---- | M] (Roxio) - C:\WINDOWS\System32\drivers\Mmc_2k.sys

(NAVAP) NAVAP [On_Demand | Running]
[05/02/2003 09:08 PM | 00,224,256 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys

(NAVAPEL) NAVAPEL [Auto | Running]
[05/02/2003 09:08 PM | 00,030,208 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys

(NAVENG) NAVENG [On_Demand | Running]
[08/22/2008 01:00 AM | 00,089,104 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080822.003\NAVENG.SYS

(NAVEX15) NAVEX15 [On_Demand | Running]
[08/22/2008 01:00 AM | 00,873,552 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080822.003\NAVEX15.SYS

(nv) nv [On_Demand | Running]
[10/06/2003 02:16 PM | 01,550,043 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys

(PCAMPR5) PCAMPR5 NDIS Protocol Driver [On_Demand | Stopped]
File not found - C:\WINDOWS\system32\PCAMPR5.SYS

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[07/16/2003 09:36 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(pwd_2k) pwd_2k [System | Running]
[08/18/2004 04:13 PM | 00,118,409 | ---- | M] (Roxio) - C:\WINDOWS\System32\drivers\pwd_2K.sys

(PxHelp20) PxHelp20 [Boot | Running]
[10/18/2006 04:00 AM | 00,036,624 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\pxhelp20.sys

(Rksample) Rksample [On_Demand | Running]
[07/18/2001 07:01 PM | 00,067,654 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\rksample.sys

(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [On_Demand | Running]
[08/03/2004 11:31 PM | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) - C:\WINDOWS\system32\drivers\rtl8139.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[11/13/2007 03:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(sfman) Creative SoundFont Manager Driver (WDM) [On_Demand | Running]
[08/17/2001 05:19 AM | 00,036,480 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\sfmanm.sys

(SoftFax) SoftFax [Auto | Running]
[07/18/2001 07:05 PM | 00,217,019 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\faxnt.sys

(SpeakerPhone) SpeakerPhone [Auto | Running]
[07/18/2001 07:07 PM | 00,080,449 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\spkpnt.sys

(SymEvent) SymEvent [On_Demand | Running]
[08/18/2004 08:25 AM | 00,073,496 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\SYMEVENT.SYS

(Tones) Tones [Auto | Running]
[07/18/2001 07:04 PM | 00,056,607 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\tonesnt.sys

(UdfReadr_xp) UdfReadr_xp [System | Running]
[08/18/2004 04:13 PM | 00,213,120 | ---- | M] (Roxio) - C:\WINDOWS\System32\drivers\UdfReadr_xp.sys

(V124) V124 [Auto | Running]
[07/18/2001 07:01 PM | 00,534,125 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\v124nt.sys

(vsdatant) vsdatant [System | Stopped]
File not found - C:\WINDOWS\System32\vsdatant.sys

(winachsf) winachsf [On_Demand | Running]
[07/25/2001 05:58 PM | 00,584,336 | ---- | M] (Conexant Systems) - C:\WINDOWS\system32\drivers\hsf_cnxt.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM | 00,034,672 | ---- | M] (Adobe Systems Incorporated)
"BJLaunchEXE" = C:\Program Files\Canon\BJCard\BJLaunch.exe [03/14/2002 09:41 AM | 00,630,784 | ---- | M] (CANON INC.)
"DIGStream" = C:\Program Files\DIGStream\digstream.exe [05/18/2005 02:49 PM | 00,282,624 | ---- | M] (Walt Disney Internet Group)
"Google Desktop Search" = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [08/03/2007 11:07 AM | 01,836,544 | ---- | M] (Google)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [02/04/2008 03:18 PM | 00,267,048 | ---- | M] (Apple Inc.)
"mmtask" = "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [07/19/2005 11:05 AM | 00,053,248 | ---- | M] (Musicmatch Inc.)
"MMTray" = "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [07/19/2005 11:05 AM | 00,135,168 | ---- | M] (Musicmatch, Inc.)
"Motive SmartBridge" = C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe [11/19/2006 11:41 PM | 00,380,928 | ---- | M] (Motive, Inc.)
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [10/06/2003 02:16 PM | 05,058,560 | ---- | M] (NVIDIA Corporation)
"nwiz" = nwiz.exe /install [10/06/2003 02:16 PM | 00,741,376 | ---- | M] (NVIDIA Corporation)
"QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [02/01/2008 12:13 AM | 00,385,024 | ---- | M] (Apple Inc.)
"RoxioAudioCentral" = "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [08/18/2004 04:13 PM | 00,319,488 | ---- | M] (Roxio, Inc.)
"RoxioDragToDisc" = "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [08/18/2004 04:13 PM | 00,868,352 | ---- | M] (Roxio)
"RoxioEngineUtility" = "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [08/18/2004 04:11 PM | 00,065,536 | ---- | M] (Roxio)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"vptray" = C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe [05/21/2003 01:21 AM | 00,090,112 | ---- | M] (Symantec Corporation)
"YBrowser" = C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [07/21/2006 05:19 PM | 00,129,536 | ---- | M] (Yahoo! Inc.)
"YOP" = C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart [04/22/2005 08:49 PM | 00,397,312 | ---- | M] (Yahoo! Inc.)
"YSearchProtection" = "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [01/10/2008 09:41 AM | 00,223,984 | ---- | M] (Yahoo! Inc.)
"Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"" =
"Installed" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"" =
"Installed" = 1
"NoChange" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"" =
"Installed" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [02/21/2006 11:10 PM | 00,036,864 | ---- | M] (Logitech)
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [07/07/2008 09:42 AM | 02,156,368 | RHS- | M] (Safer Networking Limited)
"Yahoo! Pager" = "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet [08/30/2007 06:43 PM | 04,670,704 | ---- | M] (Yahoo! Inc.)
"YSearchProtection" = C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [01/10/2008 09:41 AM | 00,223,984 | ---- | M] (Yahoo! Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[10/10/2003 09:06 AM | 00,217,088 | ---- | M] (Motive Communications, Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
[07/31/2001 10:52 PM | 00,036,864 | ---- | M] (Intuit) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
[07/12/2008 09:16 PM | 00,125,624 | ---- | M] (Google) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
[02/21/2006 11:09 PM | 00,196,608 | ---- | M] (Logitech) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
[08/04/2005 03:42 AM | 00,528,384 | ---- | M] (Logitech Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
[07/31/2001 10:53 PM | 00,036,864 | ---- | M] (Intuit) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
[10/03/2007 02:56 PM | 00,054,512 | ---- | M] (Yahoo! Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe

[George Startup Folder - C:\Documents and Settings\George\Start Menu\Programs\Startup]

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
HKLM CLSID: (&Yahoo! Toolbar Helper) - [03/10/2008 05:58 AM | 00,879,856 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
HKLM CLSID: (Adobe PDF Link Helper) - [06/11/2008 10:33 PM | 00,075,128 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
HKLM CLSID: (RealPlayer Download and Record Plugin for Internet Explorer) - [11/25/2007 03:51 PM | 00,370,296 | ---- | M] (RealPlayer) C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
HKLM CLSID: (Spybot-S&D IE Protection) - [07/07/2008 09:41 AM | 01,562,448 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
HKLM CLSID: (Yahoo! IE Services Button) - [10/31/2006 05:33 PM | 00,198,136 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
HKLM CLSID: (Google Toolbar Notifier BHO) - [07/12/2008 09:16 PM | 00,654,320 | ---- | M] (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}]
HKLM CLSID: (SidebarAutoLaunch Class) - [02/03/2005 06:07 PM | 00,124,032 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [03/10/2008 05:58 AM | 00,879,856 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [03/10/2008 05:58 AM | 00,879,856 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID]
"{17492023-C23A-453E-A040-C7C580BBF700}" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" = 1
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}" = 1073741857
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}" = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls]
"C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL" - [07/27/2007 10:22 PM | 00,145,408 | ---- | M] (Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 05:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [02/21/2006 11:10 PM | 00,036,864 | ---- | M] (Logitech)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 11:53 AM | 00,558,080 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 05:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe [06/23/2008 02:20 AM | 00,625,664 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo! Games\Boggle Supreme\BoggleSupreme.exe" = C:\Program Files\Yahoo! Games\Boggle Supreme\BoggleSupreme.exe File not found
"C:\Program Files\Marble Blast Gold\MarbleBlast.exe" = C:\Program Files\Marble Blast Gold\MarbleBlast.exe File not found
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe [02/01/2008 12:13 AM | 07,525,680 | ---- | M] (Apple Inc.)
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe [09/22/2004 06:46 PM | 00,073,728 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe [11/25/2007 03:50 PM | 00,214,560 | ---- | M] (RealNetworks, Inc.)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe File not found
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe [10/03/2007 02:56 PM | 06,190,320 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [02/21/2006 11:10 PM | 00,036,864 | ---- | M] (Logitech)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 11:53 AM | 00,558,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\GameHouse\Jigsaw\Jigsaw.exe" = C:\Program Files\GameHouse\Jigsaw\Jigsaw.exe [09/03/2003 01:05 PM | 01,231,361 | ---- | M] (GameHouse)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [02/04/2008 03:18 PM | 19,926,824 | ---- | M] (Apple Inc.)
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 05:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [04/13/2008 05:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04/13/2008 05:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [04/13/2008 05:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/13/2008 05:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04/13/2008 05:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplore]
"DllName" = File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
"DllName" = C:\WINDOWS\system32\NavLogon.dll [05/21/2003 01:19 AM | 00,045,056 | ---- | M] ()

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 0
"startup" = 0

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{D85A5784-61A4-4512-B4A4-83F69FC3DDDD}]
Servers: 206.13.29.12,206.13.30.12 | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"DependOnGroup" = SCSI miniport;
"ErrorControl" = 1
"Group" = SCSI CDROM Class
"Start" = 1
"Tag" = 2
"Type" = 1
"DisplayName" = CD-ROM Driver
"ImagePath" = C:\WINDOWS\system32\drivers\cdrom.sys [04/13/2008 11:40 AM | 00,062,976 | ---- | M] (Microsoft Corporation)
"AutoRun" = 1
"AutoRunAlwaysDisable" = NEC MBR-7 ;NEC MBR-7.4 ;PIONEER CHANGR DRM-1804X;PIONEER CD-ROM DRM-6324X;PIONEER CD-ROM DRM-624X ;TORiSAN CD-ROM CDR_C36;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum]
"0" = IDE\CdRomHL-DT-ST_CD-RW_GCE-8160B________________2.11____\5&7208d00&0&0.0.0
"Count" = 1
"NextInstance" = 1
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] - [08/17/2004 04:26 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

===== CDRom AutoRun Settings =====

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
"BaseClass" = Drive

===== Hosts File =====

HOSTS File = (258498 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.139mm.com



[Files/Folders - Created Within 30 days]
[08/25/2008 08:41 PM | 26,746,8800 | -HS- | M] () - C:\hiberfil.sys
[08/24/2008 03:15 PM | ---D | C] - C:\_OTMoveIt
[08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[06/10/2008 01:21 AM | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[06/10/2008 02:32 AM | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javacpl.cpl
[06/10/2008 01:21 AM | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[06/10/2008 02:32 AM | 00,139,264 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[08/24/2008 03:13 PM | ---D | C] - C:\WINDOWS\ERDNT
[6 C:\WINDOWS\*.tmp files]
[08/09/2008 11:33 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/23/2008 05:19 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\NOS
[08/13/2008 08:00 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/16/2008 06:42 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
[08/09/2008 11:33 AM | ---D | C] - C:\Documents and Settings\George\Application Data\Malwarebytes
[08/12/2008 03:07 PM | 00,026,112 | ---- | M] () - C:\Documents and Settings\All Users\Documents\Aunt Val.doc
[08/13/2008 10:51 AM | 00,030,720 | ---- | M] () - C:\Documents and Settings\All Users\Documents\Josh at Reischl Physical Therapy.doc
[08/12/2008 03:41 PM | 00,025,088 | ---- | M] () - C:\Documents and Settings\George\My Documents\Dr Jerry Express Scripts request.doc
[08/12/2008 02:06 PM | 00,015,872 | ---- | M] () - C:\Documents and Settings\George\My Documents\State Farm Receipts from 2007 Fire.xls
[08/23/2008 02:25 PM | 00,000,734 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[08/23/2008 02:21 PM | 00,001,729 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[08/09/2008 11:33 AM | 00,000,696 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/24/2008 03:11 PM | 00,791,393 | ---- | M] (Lars Hederer ) - C:\Documents and Settings\George\Desktop\erunt-setup.exe
[08/24/2008 03:12 PM | 00,000,592 | ---- | M] () - C:\Documents and Settings\George\Desktop\ERUNT.lnk
[08/17/2008 01:58 PM | 00,001,734 | ---- | M] () - C:\Documents and Settings\George\Desktop\HijackThis.lnk
[08/23/2008 02:44 PM | 00,208,384 | ---- | M] (Paul McLain and Fred de Vries) - C:\Documents and Settings\George\Desktop\JavaRa.exe
[08/23/2008 03:11 PM | 00,382,352 | ---- | M] (Sun Microsystems, Inc.) - C:\Documents and Settings\George\Desktop\jdk-6u7-windows-i586-p-iftw.exe
[08/23/2008 03:03 PM | 00,382,352 | ---- | M] (Sun Microsystems, Inc.) - C:\Documents and Settings\George\Desktop\jdk-6u7-windows-i586-p-iftw.exe.bak
[08/23/2008 03:11 PM | 81,208,728 | ---- | M] () - C:\Documents and Settings\George\Desktop\jdk-6u7-windows-i586-p.exe
[08/24/2008 03:14 PM | 00,291,840 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\George\Desktop\OTMoveIt2.exe
[08/23/2008 05:34 PM | 01,274,880 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\George\Desktop\OTViewIt.exe
[08/13/2008 06:56 PM | 00,000,933 | ---- | M] () - C:\Documents and Settings\George\Desktop\Spybot - Search & Destroy.lnk
[08/13/2008 09:59 PM | 00,000,690 | ---- | M] () - C:\Documents and Settings\George\Desktop\SpywareBlaster.lnk
[08/23/2008 02:24 PM | ---D | C] - C:\Program Files\Common Files\Adobe AIR
[08/09/2008 11:32 AM | ---D | C] - C:\Program Files\Common Files\Download Manager
[08/24/2008 03:12 PM | ---D | C] - C:\Program Files\ERUNT
[08/18/2008 09:45 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08/23/2008 05:19 PM | ---D | C] - C:\Program Files\NOS
[08/13/2008 06:56 PM | ---D | C] - C:\Program Files\Spybot - Search & Destroy
[08/16/2008 06:42 PM | ---D | C] - C:\Program Files\SpywareBlaster
[08/23/2008 03:30 PM | ---D | C] - C:\Program Files\Sun
[08/17/2008 01:58 PM | ---D | C] - C:\Program Files\Trend Micro

[Files/Folders - Modified Within 30 days]
[08/25/2008 08:41 PM | 26,746,8800 | -HS- | M] () - C:\hiberfil.sys
[08/25/2008 08:36 PM | R--D | M] - C:\Program Files
[08/24/2008 03:13 PM | ---D | M] - C:\WINDOWS
[08/24/2008 03:15 PM | ---D | M] - C:\_OTMoveIt
[08/16/2008 12:00 AM | ---D | M] - C:\WINDOWS\System32\drivers\etc
[08/16/2008 12:00 AM | 00,258,498 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts
[08/13/2008 07:02 PM | 00,258,498 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080816-000021.backup
[08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/23/2008 02:31 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[2 C:\WINDOWS\System32\*.tmp files]
[08/23/2008 02:31 PM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/18/2008 09:45 PM | ---D | M] - C:\WINDOWS\System32\drivers
[08/24/2008 03:26 PM | 00,002,206 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/14/2008 03:16 AM | -H-D | M] - C:\WINDOWS\$hf_mig$
[6 C:\WINDOWS\*.tmp files]
[08/25/2008 08:41 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/23/2008 05:19 PM | --SD | M] - C:\WINDOWS\Downloaded Program Files
[08/24/2008 03:13 PM | ---D | M] - C:\WINDOWS\ERDNT
[08/22/2008 06:04 AM | ---D | M] - C:\WINDOWS\Help
[08/14/2008 03:12 AM | ---D | M] - C:\WINDOWS\ie7updates
[08/14/2008 03:16 AM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/23/2008 01:20 AM | -H-D | M] - C:\WINDOWS\inf
[08/23/2008 03:31 PM | -HSD | M] - C:\WINDOWS\Installer
[08/09/2008 11:03 AM | ---D | M] - C:\WINDOWS\network diagnostic
[08/24/2008 04:07 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/25/2008 08:42 PM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[08/25/2008 08:36 PM | ---D | M] - C:\WINDOWS\system32
[08/25/2008 08:44 PM | ---D | M] - C:\WINDOWS\Temp
[08/14/2008 03:05 AM | 00,000,766 | ---- | M] () - C:\WINDOWS\win.ini
[08/23/2008 02:19 PM | ---D | M] - C:\WINDOWS\WinSxS
[08/11/2008 12:48 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/25/2008 08:41 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/23/2008 02:22 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Adobe
[08/25/2008 08:39 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\DIGStream
[08/25/2008 08:28 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Google Updater
[08/09/2008 11:33 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/23/2008 05:19 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\NOS
[08/13/2008 08:00 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/16/2008 06:42 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
[08/23/2008 02:05 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Viewpoint
[08/09/2008 11:33 AM | ---D | M] - C:\Documents and Settings\George\Application Data\Malwarebytes
[08/23/2008 02:37 PM | ---D | M] - C:\Documents and Settings\George\Local Settings\Application Data\Adobe
[08/11/2008 04:08 PM | 02,115,528 | -H-- | M] () - C:\Documents and Settings\George\Local Settings\Application Data\IconCache.db
[08/22/2008 06:43 AM | ---D | M] - C:\Documents and Settings\George\Local Settings\Application Data\Microsoft
[08/13/2008 10:54 AM | ---D | M] - C:\Documents and Settings\All Users\Documents\Addresses
[08/12/2008 03:07 PM | 00,026,112 | ---- | M] () - C:\Documents and Settings\All Users\Documents\Aunt Val.doc
[08/13/2008 10:51 AM | 00,030,720 | ---- | M] () - C:\Documents and Settings\All Users\Documents\Josh at Reischl Physical Therapy.doc
[08/12/2008 03:41 PM | 00,025,088 | ---- | M] () - C:\Documents and Settings\George\My Documents\Dr Jerry Express Scripts request.doc
[08/22/2008 05:25 PM | R--D | M] - C:\Documents and Settings\George\My Documents\My Pictures
[08/06/2008 09:16 AM | ---D | M] - C:\Documents and Settings\George\My Documents\soccer
[08/12/2008 02:06 PM | 00,015,872 | ---- | M] () - C:\Documents and Settings\George\My Documents\State Farm Receipts from 2007 Fire.xls
[08/23/2008 02:25 PM | 00,000,734 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[08/23/2008 02:21 PM | 00,001,729 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[08/09/2008 11:33 AM | 00,000,696 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/24/2008 03:11 PM | 00,791,393 | ---- | M] (Lars Hederer ) - C:\Documents and Settings\George\Desktop\erunt-setup.exe
[08/24/2008 03:12 PM | 00,000,592 | ---- | M] () - C:\Documents and Settings\George\Desktop\ERUNT.lnk
[08/17/2008 01:58 PM | 00,001,734 | ---- | M] () - C:\Documents and Settings\George\Desktop\HijackThis.lnk
[08/23/2008 02:44 PM | 00,208,384 | ---- | M] (Paul McLain and Fred de Vries) - C:\Documents and Settings\George\Desktop\JavaRa.exe
[08/23/2008 03:11 PM | 00,382,352 | ---- | M] (Sun Microsystems, Inc.) - C:\Documents and Settings\George\Desktop\jdk-6u7-windows-i586-p-iftw.exe
[08/23/2008 03:03 PM | 00,382,352 | ---- | M] (Sun Microsystems, Inc.) - C:\Documents and Settings\George\Desktop\jdk-6u7-windows-i586-p-iftw.exe.bak
[08/23/2008 03:11 PM | 81,208,728 | ---- | M] () - C:\Documents and Settings\George\Desktop\jdk-6u7-windows-i586-p.exe
[08/23/2008 02:44 PM | 00,002,495 | ---- | M] () - C:\Documents and Settings\George\Desktop\Microsoft Office Excel 2003.lnk
[08/22/2008 07:13 AM | 00,002,497 | ---- | M] () - C:\Documents and Settings\George\Desktop\Microsoft Office Word 2003.lnk
[08/24/2008 03:14 PM | 00,291,840 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\George\Desktop\OTMoveIt2.exe
[08/23/2008 05:34 PM | 01,274,880 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\George\Desktop\OTViewIt.exe
[08/13/2008 06:56 PM | 00,000,933 | ---- | M] () - C:\Documents and Settings\George\Desktop\Spybot - Search & Destroy.lnk
[08/13/2008 09:59 PM | 00,000,690 | ---- | M] () - C:\Documents and Settings\George\Desktop\SpywareBlaster.lnk
[08/23/2008 02:21 PM | ---D | M] - C:\Program Files\Common Files\Adobe
[08/23/2008 02:24 PM | ---D | M] - C:\Program Files\Common Files\Adobe AIR
[08/09/2008 11:32 AM | ---D | M] - C:\Program Files\Common Files\Download Manager

< End of report >
OTViewIt Extras logfile created on: 8/25/2008 8:44:49 PM - Run 4
OTViewIt by OldTimer - Version 1.0.0.8 Folder = C:\Documents and Settings\George\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.01 Mb Total Physical Memory | 4.30 Mb Available Physical Memory | 1.69% Memory free
616.21 Mb Paging File | 288.40 Mb Available in Paging File | 46.80% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.33 Gb Total Space | 44.57 Gb Free Space | 58.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

===== File Associations =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.html [@ = YBrowser.HTML] - [08/11/2006 08:53 PM | 00,668,184 | ---- | M] (Yahoo!, Inc.) - C:\Program Files\Yahoo!\browser\ybrowser.exe
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

===== Uninstall List =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}" = iTunes
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0C2FE695-DE14-4989-BEBC-CA3DCDCC5F2A}" = Mickey Mouse Kindergarten
"{0EB768CD-EF48-4C66-8BCB-2DA8166B2654}" = GradeQuick Web Plugin
"{0EE11800-A1BD-11D3-BFEB-005004AF2D32}" = Risk II
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
"{1126EA35-9A55-4152-AA35-29865470F172}" = Memory Card Utility
"{1FB63359-E6C4-4965-81BD-164E2FA52F22}" = Phonics Quest
"{2390090F-3453-41A8-8416-373C26AB2750}" = Disney Pixar 1st Grade
"{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Camera Support Core Library
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java™ SE Development Kit 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{411C452C-7F92-405E-B9A0-EA6BD3C4A630}" = Mickey Mouse Preschool
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{54AA707B-68DA-49A4-9916-68DD670241BD}" = AT&T Yahoo! Music Jukebox
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}" = Easy CD & DVD Creator 6
"{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = RAW Image Task 1.1
"{6ED10BF2-311A-4017-ACB0-E6B5039588F9}" = Disney Reading Quest With Aladdin
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Camera Window
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4C418D9-832B-4D65-99B6-F3B3EF1F1DDF}" = Winnie the Pooh Kindergarten Deluxe
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BDAC64EB-F3CF-47EC-AB54-42D3BD3A8633}" = Winnie the Pooh Preschool
"{BED27751-CD2A-4C2F-9813-00B9B60C76FE}" = Railroad Tycoon II - Platinum
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C61177FD-37C4-4C5F-BE6C-E04A8AC399B6}" = EclipseCrossword
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = RemoteCapture Task 1.0.3
"{D2EE7CBE-54E9-426C-84A5-E08BFBE4BD76}" = Disney Pixar 1st Grade Print
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}" = Apple Mobile Device Support
"{D989BCC0-757C-4FB6-893C-512DF4382656}" = MetaFrame Presentation Server Client
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{EEDB23C9-50AB-4D25-B327-EE4FCDAE265F}" = Stanley Wild for Sharks
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Arthur's Kindergarten" = Arthur's Kindergarten
"Audacity_is1" = Audacity 1.2.6
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"BugsysClub Software" = BugsysClub Software
"Buzz Lightyear Astro Blasters" = Buzz Lightyear Astro Blasters
"Caillou's Alphabet" = Caillou's Alphabet
"Caillou's Counting" = Caillou's Counting
"Caillou's Thinking Skills" = Caillou's Thinking Skills
"CANONBJ_Deinstall_CNMCP43.DLL" = Canon S530D
"CDKNet" = CDK Players
"CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0" = Conexant HSF V92 56K RTAD Speakerphone PCI Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAO 3.5" = DAO 3.5
"DD Tournament Poker 1.1" = DD Tournament Poker 1.1
"DeductionPro 2003" = DeductionPro 2003
"Dragon Tales" = Dragon Tales
"ERUNT_is1" = ERUNT 1.1j
"ESPNMotion" = ESPNMotion
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Canon Camera Support Core Library
"InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"JumpStart Advanced Kindergarten" = JumpStart Advanced Kindergarten
"JumpStart World Presents Pet Playground" = JumpStart World Presents Pet Playground
"Just Grandma and Me" = Just Grandma and Me
"KB870669" = Microsoft Data Access Components KB870669
"KB891122" = Windows Media Format SDK Hotfix - KB891122
"KB892130" = Windows Genuine Advantage Validation Tool (KB892130)
"KB902344" = Hotfix for Windows Media Format SDK (KB902344)
"KB910998" = Hotfix for Windows Media Format SDK (KB910998)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB911565" = Security Update for Windows Media Player 10 (KB911565)
"KB917734_WMP10" = Security Update for Windows Media Player 10 (KB917734)
"KB923689" = Security Update for Windows XP (KB923689)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB928090-IE7" = Security Update for Windows Internet Explorer 7 (KB928090)
"KB929969" = Security Update for Windows Internet Explorer 7 (KB929969)
"KB931768-IE7" = Security Update for Windows Internet Explorer 7 (KB931768)
"KB933566-IE7" = Security Update for Windows Internet Explorer 7 (KB933566)
"KB936782_WMP10" = Security Update for Windows Media Player 10 (KB936782)
"KB937143-IE7" = Security Update for Windows Internet Explorer 7 (KB937143)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
  • 0

#13
mdsteam
Posted 25 August 2008 - 09:56 PM

mdsteam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I don't know if you need/want it, but I noticed the extras log didn't get accepted. So here it is again.

OTViewIt Extras logfile created on: 8/25/2008 8:44:49 PM - Run 4
OTViewIt by OldTimer - Version 1.0.0.8 Folder = C:\Documents and Settings\George\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.01 Mb Total Physical Memory | 4.30 Mb Available Physical Memory | 1.69% Memory free
616.21 Mb Paging File | 288.40 Mb Available in Paging File | 46.80% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.33 Gb Total Space | 44.57 Gb Free Space | 58.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

===== File Associations =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.html [@ = YBrowser.HTML] - [08/11/2006 08:53 PM | 00,668,184 | ---- | M] (Yahoo!, Inc.) - C:\Program Files\Yahoo!\browser\ybrowser.exe
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

===== Uninstall List =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}" = iTunes
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0C2FE695-DE14-4989-BEBC-CA3DCDCC5F2A}" = Mickey Mouse Kindergarten
"{0EB768CD-EF48-4C66-8BCB-2DA8166B2654}" = GradeQuick Web Plugin
"{0EE11800-A1BD-11D3-BFEB-005004AF2D32}" = Risk II
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
"{1126EA35-9A55-4152-AA35-29865470F172}" = Memory Card Utility
"{1FB63359-E6C4-4965-81BD-164E2FA52F22}" = Phonics Quest
"{2390090F-3453-41A8-8416-373C26AB2750}" = Disney Pixar 1st Grade
"{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Camera Support Core Library
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java™ SE Development Kit 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{411C452C-7F92-405E-B9A0-EA6BD3C4A630}" = Mickey Mouse Preschool
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{54AA707B-68DA-49A4-9916-68DD670241BD}" = AT&T Yahoo! Music Jukebox
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}" = Easy CD & DVD Creator 6
"{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = RAW Image Task 1.1
"{6ED10BF2-311A-4017-ACB0-E6B5039588F9}" = Disney Reading Quest With Aladdin
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Camera Window
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4C418D9-832B-4D65-99B6-F3B3EF1F1DDF}" = Winnie the Pooh Kindergarten Deluxe
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BDAC64EB-F3CF-47EC-AB54-42D3BD3A8633}" = Winnie the Pooh Preschool
"{BED27751-CD2A-4C2F-9813-00B9B60C76FE}" = Railroad Tycoon II - Platinum
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C61177FD-37C4-4C5F-BE6C-E04A8AC399B6}" = EclipseCrossword
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = RemoteCapture Task 1.0.3
"{D2EE7CBE-54E9-426C-84A5-E08BFBE4BD76}" = Disney Pixar 1st Grade Print
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}" = Apple Mobile Device Support
"{D989BCC0-757C-4FB6-893C-512DF4382656}" = MetaFrame Presentation Server Client
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{EEDB23C9-50AB-4D25-B327-EE4FCDAE265F}" = Stanley Wild for Sharks
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Arthur's Kindergarten" = Arthur's Kindergarten
"Audacity_is1" = Audacity 1.2.6
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"BugsysClub Software" = BugsysClub Software
"Buzz Lightyear Astro Blasters" = Buzz Lightyear Astro Blasters
"Caillou's Alphabet" = Caillou's Alphabet
"Caillou's Counting" = Caillou's Counting
"Caillou's Thinking Skills" = Caillou's Thinking Skills
"CANONBJ_Deinstall_CNMCP43.DLL" = Canon S530D
"CDKNet" = CDK Players
"CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0" = Conexant HSF V92 56K RTAD Speakerphone PCI Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAO 3.5" = DAO 3.5
"DD Tournament Poker 1.1" = DD Tournament Poker 1.1
"DeductionPro 2003" = DeductionPro 2003
"Dragon Tales" = Dragon Tales
"ERUNT_is1" = ERUNT 1.1j
"ESPNMotion" = ESPNMotion
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Canon Camera Support Core Library
"InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"JumpStart Advanced Kindergarten" = JumpStart Advanced Kindergarten
"JumpStart World Presents Pet Playground" = JumpStart World Presents Pet Playground
"Just Grandma and Me" = Just Grandma and Me
"KB870669" = Microsoft Data Access Components KB870669
"KB891122" = Windows Media Format SDK Hotfix - KB891122
"KB892130" = Windows Genuine Advantage Validation Tool (KB892130)
"KB902344" = Hotfix for Windows Media Format SDK (KB902344)
"KB910998" = Hotfix for Windows Media Format SDK (KB910998)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB911565" = Security Update for Windows Media Player 10 (KB911565)
"KB917734_WMP10" = Security Update for Windows Media Player 10 (KB917734)
"KB923689" = Security Update for Windows XP (KB923689)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB928090-IE7" = Security Update for Windows Internet Explorer 7 (KB928090)
"KB929969" = Security Update for Windows Internet Explorer 7 (KB929969)
"KB931768-IE7" = Security Update for Windows Internet Explorer 7 (KB931768)
"KB933566-IE7" = Security Update for Windows Internet Explorer 7 (KB933566)
"KB936782_WMP10" = Security Update for Windows Media Player 10 (KB936782)
"KB937143-IE7" = Security Update for Windows Internet Explorer 7 (KB937143)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB939653-IE7" = Security Update for Windows Internet Explorer 7 (KB939653)
"KB941569" = Security Update for Windows XP (KB941569)
"KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615)
"KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB951978" = Update for Windows XP (KB951978)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Driver" = NVIDIA Display Driver
"PokerPages Software" = PokerPages Software
"Quicken 2002 Basic" = Quicken 2002 Basic
"Reader Rabbit Learn To Read With Phonics" = Reader Rabbit Learn To Read With Phonics
"Ready to Read with Pooh" = Disney's Ready to Read with Pooh
"RealPlayer 6.0" = RealPlayer
"Risk" = Risk
"rrpw32.exe" = Reader Rabbit's Preschool
"RRTW32.EXE" = Reader Rabbit's Toddler
"SBC Yahoo! DSL Activation" = SBC Yahoo! DSL Activation
"SBC.MCCInstall" = AT&T Self Support Tool
"Scholastic's I SPY Junior" = Scholastic's I SPY Junior
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SpongeBob SquarePants Typing" = SpongeBob SquarePants Typing
"SpywareBlaster_is1" = SpywareBlaster 4.1
"Ssbwincd.exe" = Super Solvers Spellbound
"StarFlyers Alien Space Chase" = StarFlyers Alien Space Chase
"Tiberian Sun" = Command & Conquer Tiberian Sun
"UltimateBet" = UltimateBet
"WGA" = Windows Genuine Advantage Validation Tool (KB892130)
"WgaNotify" = Windows Genuine Advantage Notifications (KB905474)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WOLAPI" = Westwood Shared Internet Components
"Yahoo! Applications" = AT&T Yahoo! Applications
"Yahoo! Photos Drag-Drop Uploader 1v6" = Yahoo! Photos Easy Upload Tool 1v6
"Yahoo! Search Defender" = Yahoo! Search Protection

===== Uninstall List =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

===== Winsock2 Catalogs =====

===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Handlers =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

bw+0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw+0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw-0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw00:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw00s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw-0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw10:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw10s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw20:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw20s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw30:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw30s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw40:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw40s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw50:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw50s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw60:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw60s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw70:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw70s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw80:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw80s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw90:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bw90s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwa0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwa0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwb0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwb0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwc0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwc0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwd0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwd0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwe0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwe0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwf0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwf0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKLM - BackWeb GA Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

bwg0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwg0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwh0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwh0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwi0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwi0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwj0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwj0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwk0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwk0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwl0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwl0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwm0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwm0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwn0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwn0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwo0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwo0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwp0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwp0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwq0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwq0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwr0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwr0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bws0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bws0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwt0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwt0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwu0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwu0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwv0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwv0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bww0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bww0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwx0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwx0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwy0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwy0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwz0:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

bwz0s:{c551c26c-ee59-4afa-9395-3f4a6b50c74a} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

offline-8876480:{C551C26C-EE59-4AFA-9395-3F4A6B50C74A} [HKLM - BackWeb Proactive Portal Pluggable Protocol]
[02/21/2006 11:10 PM | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

===== Protocol Filters =====

< End of report >
  • 0

#14
emeraldnzl
Posted 26 August 2008 - 02:25 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello mdsteam,

Yep, thanks for both those logs.

Getting closer to the end now.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\Documents and Settings\All Users\Application Data\Viewpoint
purity
EmptyTemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Next

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

When you come back please post
  • OTMoveIt2 report
  • MBAM scan results
  • along with a new HijackThis log
  • 0

#15
mdsteam
Posted 26 August 2008 - 10:27 PM

mdsteam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi emeraldnzl,
Here are those three files.

Explorer killed successfully
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint moved successfully.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\George\LOCALS~1\Temp\IadHide5.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\George\LOCALS~1\Temp\~DFEB3B.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08262008_204701

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\DOCUME~1\George\LOCALS~1\Temp\IadHide5.dll
C:\DOCUME~1\George\LOCALS~1\Temp\IadHide5.dll NOT unregistered.
C:\DOCUME~1\George\LOCALS~1\Temp\IadHide5.dll moved successfully.
C:\DOCUME~1\George\LOCALS~1\Temp\~DFEB3B.tmp moved successfully.


Malwarebytes' Anti-Malware 1.25
Database version: 1078
Windows 5.1.2600 Service Pack 3

9:22:49 PM 8/26/2008
mbam-log-08-26-2008 (21-22-49).txt

Scan type: Quick Scan
Objects scanned: 52793
Time elapsed: 13 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:40 PM, on 8/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\notepad.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1145120080159
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.game...inematycoon.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DA35FAA-BF24-4E08-B780-8D123FEF5316}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D85A5784-61A4-4512-B4A4-83F69FC3DDDD}: NameServer = 206.13.29.12,206.13.30.12
O18 - Protocol: bw+0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C551C26C-EE59-4AFA-9395-3F4A6B50C74A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: iexplore - \\T0c.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 23698 bytes
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP