Spyware problem - haven't seen it before

Hitch-Hiker

Hey, how's it going.
So, What's happening is random pieces of text (always just single words) on pretty much all websites are being highlighted and linked to a site called spyonyou. It's some dumbass ad site. Anyway, I haven't seen any noticeable affects on the running of my PC but it's really goddam annoying having all these links on every page I go to. I've ran AVG, Spybot and Ad-aware with n luck.
Any ideas? Anyone heard of this?

ActorSeeksJob

Do this

CLICK HERE to download the HijackThis Installer:

1. Save HJTInstall.exe to your desktop.
2. Double-click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
8. Come back here to this thread and paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Hitch-Hiker

Thanks. I'll try that later.

Hitch-Hiker

Got the logfile. Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:57, on 30/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\FlashMute\FlashMute.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EnigmaBHO - {5CFEE306-E014-48A4-876D-06FF09EBB0F3} - C:\Program Files\ADS Plugins\Enigma.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [awxDTools] rundll32 C:\PROGRA~1\arniWORX\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [FlashMute] C:\Program Files\FlashMute\FlashMute.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Keyboard Closure Setup.lnk = ?
O4 - Global Startup: Remocon Driver.lnk = ?
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ie\msntabres.dll.mui/229?1aa035f6953e48d18afa714afa60c66d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ie\msntabres.dll.mui/230?1aa035f6953e48d18afa714afa60c66d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149073143718
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EED45F77-1AF0-4749-B214-0C7D0D4237B5}: NameServer = 192.168.1.254
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 8050 bytes

ActorSeeksJob

Well your log is clean. It seems this

random pieces of text (always just single words) on pretty much all websites are being highlighted and linked to a site called spyonyou

Is due to the program C:\Program Files\ADS Plugins\Enigma.dll which you or somebody in your family installed themselves. It is a privacy tool to ensure the NSA don't spy on you....

If you want to get rid of it, do the following, just make sure you ask your family first

Go to Start > Control Panel > Add or Remove Programs > Remove ADS Plugins


That should do the trick.

Hitch-Hiker

Thanks dude. Much obliged. I'll let you know if it works.

Hitch-Hiker

Perfect, all fixed up. Thanks again.

Enjeh

Im getting the same problem, and i've done what's written here but i still have that thing :S

my logfile or whever:

Logfile of HijackThis v1.99.1
Scan saved at 21:00:29, on 2007-07-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\WINDOWS\vsnpstd3.exe
C:\Program\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Messenger\msmsgs.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Program\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\Program\BitComet\BitComet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Linus Strömberg\Skrivbord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137500644531
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://noliakameran.net.umea.se/activex/AMC.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe

ActorSeeksJob

Hello Enjeh

Your log looks fine...

Did you have the program C:\Program Files\ADS Plugins on your PC?


Please do the following for me


Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)


So post the two DSS texts in full in your next reply

Enjeh

ohh hokay...

Deckard's System Scanner v20070729.57
Extra logfile - please post this as an attachment with your post.

---

-- System Information

---

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Swedish

CPU 0: AMD Athlon(tm) 64 Processor 3500+
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 1022.42 MiB / 528.84 MiB
Pagefile Memory (total/avail): 2457.61 MiB / 2011.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1960.27 MiB

C: is Fixed (NTFS) - 227.97 GiB total, 101.79 GiB free.
is CDROM (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is CDROM (No Media)


-- Security Center

---

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Panda Titanium 2005 Personal Firewall v4.02.02 (Panda Software)
AV: Panda Titanium Antivirus 2005 v4.02.02 (Panda Software)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program\\MSN Messenger\\msncall.exe"="C:\\Program\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program\\MSN Messenger\\livecall.exe"="C:\\Program\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program\\MSN Messenger\\msncall.exe"="C:\\Program\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program\\MSN Messenger\\livecall.exe"="C:\\Program\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program\\Sierra\\FEAR\\FEAR.exe"="C:\\Program\\Sierra\\FEAR\\FEAR.exe:*:Enabled:FEAR"


-- Environment Variables

---

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Linus Str”mberg\Application Data
CLASSPATH=.;C:\Program\Java\jre1.5.0_11\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program\Delade filer
COMPUTERNAME=LINUS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Linus Str”mberg
LOGONSERVER=\\LINUS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program\Panda Software\Panda Titanium Antivirus 2005\;C:\Program\Delade filer\Adobe\AGL;C:\Program\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program
PROMPT=$P$G
QTJAVA=C:\Program\Java\jre1.5.0_11\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\LINUSS~1\LOKALA~1\Temp
TMP=C:\DOCUME~1\LINUSS~1\LOKALA~1\Temp
USERDOMAIN=LINUS
USERNAME=Linus Str”mberg
USERPROFILE=C:\Documents and Settings\Linus Str”mberg
windir=C:\WINDOWS


-- User Profiles

---

Linus Strömberg (admin)


-- Add/Remove Programs

---

--> .
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\Program\Lavasoft\AD-AWA~1\UNWISE.EXE C:\Program\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program\Delade filer\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program\Delade filer\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0 - Svenska --> MsiExec.exe /I{AC76BA86-7AD7-1053-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVIVO Codecs --> MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}
AXIS Media Control Embedded --> rundll32 "C:\Program\Axis Communications\AXIS Media Control Embedded\AxisMediaControlEmb.dll",UninstallMe
Battlefield 2(TM) --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x1d -removeonly
Counter-Strike: Condition Zero --> C:\Valve\CONDIT~1\UNWISE.EXE C:\Valve\CONDIT~1\INSTALL.LOG
Counter-Strike: Source --> MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
DC++ 0.698 --> "C:\Program\DC++\uninstall.exe"
Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
FEAR --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 -removeonly
Hamachi 1.0.1.5 --> C:\Program\Hamachi\uninstall.exe
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HighMAT-tillägg till Microsoft Windows XP-guiden Skriv till CD-skiva --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 1.99.1 --> C:\Documents and Settings\Linus Strömberg\Skrivbord\HijackThis.exe /uninstall
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.6) --> C:\Program\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers --> C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
Panda Titanium Antivirus 2005 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{BB85F18B-43C6-48B5-ABA9-6A5DDA65AA1B}\setup.exe"
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Realtek AC'97 Audio --> Alcrmv.exe -r -m
Säkerhetsuppdatering för Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Steam --> C:\Valve\Steam\UNWISE.EXE C:\Valve\Steam\INSTALL.LOG
TeamSpeak 2 RC2 --> C:\Program\Teamspeak2_RC2\unins000.exe
Tibia --> "C:\Program\Tibia\unins000.exe"
TibiaCam TV Lite 1.6 --> "C:\Program\TibiaCam TV Lite\unins000.exe"
TrackMania Nations ESWC 1.7.9 --> "C:\Program\TrackMania Nations ESWC\unins000.exe"
Uppdatering för Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB900930) --> "C:\WINDOWS\$NtUninstallKB900930$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
USB PC Camera Plus --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\Setup.exe" -l0x9
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VentriloMIX --> C:\Program Files\VentriloMIX\Uninstal.exe
Winamp (remove only) --> "C:\Program\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{2E55A582-4FFE-4FF2-8D4D-E7D275FF89BD}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program\WinRAR\uninstall.exe
WinZip --> "C:\Program\WinZip\WINZIP32.EXE" /uninstall
World of Warcraft --> C:\Program\Delade filer\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
XnView 1.90.3 --> C:\Program\XnView\unins000.exe


-- End of Deckard's System Scanner: finished at 2007-08-01 at 06:33:17

---

Deckard's System Scanner v20070729.57
Run by Linus Strömberg on 2007-08-01 at 06:31:35
Computer is in Normal Mode.

---

-- System Restore

---

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
63: 2007-08-01 04:31:37 UTC - RP171 - Deckard's System Scanner Restore Point
62: 2007-07-31 18:31:02 UTC - RP170 - Java(TM) 6 Update 2 installerades
61: 2007-07-31 18:24:41 UTC - RP169 - Java(TM) SE Runtime Environment 6 Update 1 togs bort
60: 2007-07-31 05:06:36 UTC - RP168 - Systemkontrollpunkt
59: 2007-07-29 13:36:15 UTC - RP167 - Systemkontrollpunkt


-- First Restore Point --
1: 2007-05-04 17:09:15 UTC - RP109 - Systemkontrollpunkt


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Linus Strömberg.exe)

---

Logfile of HijackThis v1.99.1
Scan saved at 06:32:43, on 2007-08-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\WINDOWS\vsnpstd3.exe
C:\Program\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Messenger\msmsgs.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Program\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\Documents and Settings\Linus Strömberg\Skrivbord\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\DOCUME~1\LINUSS~1\SKRIVB~1\Linus Strömberg.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137500644531
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://noliakameran.net.umea.se/activex/AMC.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe


-- File Associations

---

.js - JSFile - shell\open\command - C:\Program\PANDAS~1\PANDAT~1\PAVSCRIP.EXE "%1" %*
.vbs - VBSFile - shell\open\command - C:\Program\PANDAS~1\PANDAT~1\PAVSCRIP.EXE "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R0 netflt (Panda Preventium Driver.) - c:\windows\system32\drivers\netflt.sys <Not Verified; Panda Software; © Panda Software 2005>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 ShldDrv (Panda File Shield Driver) - c:\windows\system32\drivers\shlddrv.sys <Not Verified; Panda Software; Panda®Shield>
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
R2 cpoint (Panda CPoint Driver) - c:\windows\system32\drivers\cpoint.sys <Not Verified; Panda Software; © Panda Software 2005>
R2 PavProc (Panda Process Protection Driver) - c:\windows\system32\drivers\pavproc.sys <Not Verified; Panda Software; PandaShield>
R3 AvFlt (Antivirus Filter Driver) - c:\windows\system32\drivers\av5flt.sys (file missing)
R3 SNPSTD3 (USB PC Camera (SNPSTD3)) - c:\windows\system32\drivers\snpstd3.sys <Not Verified; ; PC Camera driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R2 PAVFIRES (Panda Firewall Service) - "c:\program\panda software\panda titanium antivirus 2005\firewall\pavfires.exe" <Not Verified; Panda Software; Internet Security Technologies>
R2 PAVFNSVR (Panda Function Service) - "c:\program\panda software\panda titanium antivirus 2005\pavfnsvr.exe" <Not Verified; Panda Software; Panda Software PavFnSvr>
R2 Pavkre (Panda Pavkre) - "c:\program\panda software\panda titanium antivirus 2005\pavkre.exe" <Not Verified; Panda Software; PavKre Aplicación>
R2 PavProt (Panda PavProt) - "c:\program\panda software\panda titanium antivirus 2005\pavprot.exe" <Not Verified; Panda Software; PavProt Application>
R2 PavPrSrv (Panda Process Protection Service) - "c:\program\delade filer\panda software\pavshld\pavprsrv.exe" <Not Verified; Panda Software; PandaShield>
R2 PAVSRV (Panda anti-virus service) - "c:\program\panda software\panda titanium antivirus 2005\pavsrv51.exe" <Not Verified; Panda Software; Panda Antivirus for Windows NT/2000/XP/2003>
R2 PREVSRV (Panda Preventium+ Service) - "c:\program\panda software\panda titanium antivirus 2005\prevsrv.exe" <Not Verified; Panda Software; prevsrv>
R2 PSIMSVC (Panda IManager Service) - "c:\program\panda software\panda titanium antivirus 2005\psimsvc.exe" <Not Verified; Panda Software Internacional; Panda Antivirus>


-- Files created between 2007-07-01 and 2007-08-01

---

2007-07-31 19:31:56 0 d

---

C:\Program\Trend Micro
2007-07-25 17:24:20 0 d

---

C:\Program\Sierra
2007-07-25 16:48:53 98304 --a

---

C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2007-07-25 16:39:10 0 d

---

C:\Program\DAEMON Tools
2007-07-25 16:36:46 682232 --a

---

C:\WINDOWS\system32\drivers\sptd.sys
2007-07-01 20:28:37 0 d

---

C:\Program\Zylom Games
2007-07-01 20:28:37 0 d

---

C:\Documents and Settings\All Users\Application Data\Zylom


-- Find3M Report

---

2007-07-31 20:34:03 0 d

---

C:\Program\Java
2007-07-31 16:39:37 0 d

---

C:\Program\DC++
2007-07-30 21:03:05 0 d

---

C:\Program\World of Warcraft
2007-07-28 02:44:55 0 d

---

C:\Program\TrackMania Nations ESWC
2007-07-25 17:24:51 0 d--h

---

C:\Program\InstallShield Installation Information
2007-07-13 17:34:07 0 d

---

C:\Documents and Settings\Linus Strömberg\Application Data\Tibia
2007-07-11 15:58:20 404004 --a

---

C:\WINDOWS\system32\perfh01D.dat
2007-07-11 15:58:20 73728 --a

---

C:\WINDOWS\system32\perfc01D.dat
2007-07-08 15:00:03 0 d

---

C:\Program\Delade filer
2007-06-26 22:40:58 0 d

---

C:\Program\Tibia
2007-06-25 15:20:49 0 d

---

C:\Program\TibiaCam TV Lite
2007-06-17 11:09:12 0 d

---

C:\Program\Winamp
2007-06-13 00:08:54 0 d

---

C:\Documents and Settings\Linus Strömberg\Application Data\XnView
2007-06-04 14:05:16 43520 --a

---

C:\WINDOWS\system32\CmdLineExt03.dll


-- Registry Dump

---

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 16:08 C:\WINDOWS\SOUNDMAN.EXE]
"APVXDWIN"="C:\Program\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.exe" [2005-03-31 19:08]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-01-14 12:00]
"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2007-02-16 11:54]
"ISUSPM Startup"="C:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" []
"ISUSScheduler"="C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 21:00]
"Steam"="" []
"MsnMsgr"="C:\Program\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55]
"MSMSGS"="C:\Program\Messenger\msmsgs.exe" [2004-10-13 18:24]

C:\Documents and Settings\Linus Str”mberg\Start-meny\Program\Autostart\
Adobe Gamma.lnk - C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1df49bff-5918-11db-ac05-806d6172696f}]
AutoRun\command- \Setup.EXE




-- End of Deckard's System Scanner: finished at 2007-08-01 at 06:33:17

---

ActorSeeksJob

I can see nothing wrong.. Can you tell me what exactly is wrong and what you did to fix it?

Enjeh

ActorSeeksJob wrote:

I can see nothing wrong.. Can you tell me what exactly is wrong and what you did to fix it?

I got the problem Hitch-Hiker had, I did as you wrote, or almost

I removed C:\Program Files\ADS Plugins\Enigma.dll first with the HijackThis then i removed the program like;
Start > Control Panel > Add or Remove Programs > Remove ADS Plugins

but is still get like this ;

http://img.photobucket.com/albums/v626/Lajnus/Thingies/qwe.png

ActorSeeksJob

Did you delete this folder ?
C:\Program Files\ADS Plugins

Enjeh

yes, i did.. i guess since i cant find it anymore ;p

ActorSeeksJob

I'm sorry Enjeh, your logs are showing absolutely no traces of the program, there is nothing I can do to get rid of it...I thought there would be some traces of the program but there doesn't seem to be.

Only thing I can think is to reinstall the program, then uninstall it. That should remove all the traces supposedly.

reidyg

Hi Guys

I think I have a problem too. Started to get this annoying pop up sayin "No Dial Tone". From watching task manager, I see cmd.exe popping up for a second every now and then. The pop up is called win38.temp.exe. This is my Hijackthis Log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:17, on 02/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row-

rel&channel=ie&ibd=2061007
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ie/hws/sb/dell-row-

rel/en/side.html?channel=ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-

row-rel&channel=ie&ibd=2061007
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ie/ig/dell?hl=en&client=dell-

row-rel&channel=ie&ibd=2061007
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ucd.ie:8484
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh

Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download

Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download

Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download

Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02

\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} -

C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -

http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) -

https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161110803015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162945451296
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -

http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) -

http://www.intel.com/design/motherbd/boardid/BoardID.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) -

http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/su/ocx/15026/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\DVDXST~1\DVDXUT~1.6\DVDGhost\DVDGHO~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. -

C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program

Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Unknown owner - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program

Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared

Files\RichVideo.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program

Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU

Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba

Stack\TosBtSrv.exe
O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft

Shared\MSInfo\Network.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program

Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9024 bytes

ActorSeeksJob

First we need to turn off word wrap, so open up notepad there, click "Format" at the top and uncheck "Word wrap"

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

So post the SDFix report and the two DSS texts in full in your next reply

reidyg

Hi Actor

Here are my reports...



SDFix: Version 1.95

Run by Gerard on 02/08/2007 at 13:14

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Service runtime2 - Deleted after Reboot

Normal Mode:
Checking Files:

Trojan Files Found:

C:\107785~1 - Deleted
C:\WINDOWS\Temp\win2F8D.tmp.exe - Deleted
C:\WINDOWS\Temp\win2F9B.tmp.exe - Deleted
C:\WINDOWS\Temp\win2F8D.tmp.exe - Deleted
C:\WINDOWS\Temp\win2F9B.tmp.exe - Deleted
C:\WINDOWS\system32\0_exception.nls - Deleted
C:\WINDOWS\Temp\startdrv.exe - Deleted
C:\WINDOWS\system32\drivers\runtime2.sys - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:

---

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\OpenOffice.org 2.1\\program\\swriter.exe"="C:\\Program Files\\OpenOffice.org 2.1\\program\\swriter.exe:*:Enabled:swriter"
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\\Documents and Settings\\Gerard\\My Documents\\My Downloads\\utorrent.exe"="C:\\Documents and Settings\\Gerard\\My Documents\\My Downloads\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Launch Veoh"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\Gerard\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Gerard\\Desktop\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\DOCUME~1\\Gerard\\LOCALS~1\\Temp\\win11F.tmp.exe"="C:\\DOCUME~1\\Gerard\\LOCALS~1\\Temp\\win11F.tmp.exe:*:Enabled:win11F.tmp"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:

---

Backups Folder: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\Gerard\Local Settings\Temp\Free Download Manager\tic14E.tmp
C:\Documents and Settings\Gerard\Local Settings\Temp\Free Download Manager\tic15.tmp
C:\Documents and Settings\Gerard\Local Settings\Temp\Free Download Manager\tic152.tmp
C:\Documents and Settings\Gerard\Local Settings\Temp\Free Download Manager\tic154.tmp
C:\Documents and Settings\Gerard\Local Settings\Temp\Free Download Manager\tic156.tmp
C:\Documents and Settings\Gerard\Local Settings\Temp\Free Download Manager\tic158.tmp
C:\Documents and Settings\Gerard\Local Settings\Temp\Free Download Manager\tic15A.tmp
C:\Documents and Settings\Gerard\Local Settings\Temp\Free Download Manager\tic15C.tmp
C:\Documents and Settings\Gerard\Local Settings\Temp\Free Download Manager\tic15E.tmp
C:\Documents and Settings\Gerard\Local Settings\Temp\Free Download Manager\tic160.tmp
C:\Documents and Settings\Gerard\Local Settings\Temp\Free Download Manager\tic162.tmp
C:\Documents and Settings\Gerard\Local Settings\Temp\Free Download Manager\tic168.tmp
C:\Documents and Settings\Gerard\Local Settings\Temp\Free Download Manager\tic16D.tmp
C:\Documents and Settings\Gerard\Local Settings\Temp\Free Download Manager\tic16F.tmp
C:\Documents and Settings\Gerard\Local Settings\Temp\Free Download Manager\tic171.tmp
C:\Documents and Settings\Gerard\Local Settings\Temp\Free Download Manager\tic173.tmp
C:\Documents and Settings\Gerard\Local Settings\Temp\Free Download Manager\tic175.tmp
C:\Documents and Settings\Gerard\Local Settings\Temp\Free Download Manager\tic177.tmp
C:\Documents and Settings\Gerard\Local Settings\Temp\Free Download Manager\tic17C.tmp
C:\Documents and Settings\Gerard\Local Settings\Temp\Free Download Manager\tic17E.tmp
C:\Documents and Settings\Gerard\Local Settings\Temp\Free Download Manager\tic34.tmp
C:\Documents and Settings\Gerard\Local Settings\Temp\Free Download Manager\tic8.tmp
C:\Documents and Settings\Premiere\Local Settings\Temp\Free Download Manager\tic36.tmp
C:\Documents and Settings\Premiere\Local Settings\Temp\Free Download Manager\tic38.tmp
C:\Documents and Settings\Premiere\Local Settings\Temp\Free Download Manager\tic4.tmp
C:\Documents and Settings\Premiere\Local Settings\Temp\Free Download Manager\tic57.tmp
C:\Documents and Settings\Premiere\Local Settings\Temp\Free Download Manager\tic6.tmp
C:\WINDOWS\system32\RO5624.tmp.LOG
C:\WINDOWS\system32\RO5627.tmp.LOG
C:\WINDOWS\system32\RO562C.tmp.LOG
C:\WINDOWS\system32\RO562F.tmp.LOG
C:\WINDOWS\system32\RO5634.tmp.LOG
C:\WINDOWS\system32\RO5637.tmp.LOG
C:\WINDOWS\system32\RO563C.tmp.LOG
C:\WINDOWS\system32\RO563F.tmp.LOG
C:\WINDOWS\system32\RO5644.tmp.LOG
C:\WINDOWS\system32\RO5647.tmp.LOG
C:\WINDOWS\system32\RO564C.tmp.LOG
C:\WINDOWS\system32\RO564F.tmp.LOG
C:\WINDOWS\system32\ROB01F.tmp.LOG
C:\WINDOWS\system32\ROB024.tmp.LOG
C:\WINDOWS\system32\ROB027.tmp.LOG
C:\WINDOWS\system32\ROB02C.tmp.LOG
C:\WINDOWS\system32\ROB02F.tmp.LOG
C:\WINDOWS\system32\ROB034.tmp.LOG
C:\WINDOWS\system32\ROB037.tmp.LOG
C:\WINDOWS\system32\ROB03C.tmp.LOG
C:\WINDOWS\system32\ROB03F.tmp.LOG
C:\WINDOWS\system32\ROB044.tmp.LOG
C:\WINDOWS\system32\ROB047.tmp.LOG
C:\WINDOWS\system32\ROB04C.tmp.LOG
C:\WINDOWS\system32\ROEAFF.tmp.LOG
C:\WINDOWS\system32\ROEB04.tmp.LOG
C:\WINDOWS\system32\ROEB07.tmp.LOG
C:\WINDOWS\system32\ROEB0C.tmp.LOG
C:\WINDOWS\system32\ROEB0F.tmp.LOG
C:\WINDOWS\system32\ROEB14.tmp.LOG
C:\WINDOWS\system32\ROEB17.tmp.LOG
C:\WINDOWS\system32\ROEB1C.tmp.LOG
C:\WINDOWS\system32\ROEB1F.tmp.LOG
C:\WINDOWS\system32\ROEB24.tmp.LOG
C:\WINDOWS\system32\ROEB27.tmp.LOG
C:\WINDOWS\system32\ROEB2C.tmp.LOG
C:\WINDOWS\system32\ROFF6C.tmp.LOG
C:\WINDOWS\system32\ROFF6F.tmp.LOG
C:\WINDOWS\system32\ROFF74.tmp.LOG
C:\WINDOWS\system32\ROFF77.tmp.LOG
C:\WINDOWS\system32\ROFF7C.tmp.LOG
C:\WINDOWS\system32\ROFF7F.tmp.LOG
C:\WINDOWS\system32\ROFF84.tmp.LOG
C:\WINDOWS\system32\ROFF87.tmp.LOG
C:\WINDOWS\system32\ROFF8C.tmp.LOG
C:\WINDOWS\system32\ROFF8F.tmp.LOG
C:\WINDOWS\system32\ROFF94.tmp.LOG
C:\WINDOWS\system32\ROFF97.tmp.LOG

Finished

Deckard's System Scanner v20070729.57
Run by Gerard on 2007-08-02 at 13:49:08
Computer is in Normal Mode.

---

-- System Restore

---

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
165: 2007-08-02 12:49:13 UTC - RP797 - Deckard's System Scanner Restore Point
164: 2007-08-02 04:34:18 UTC - RP796 - System Checkpoint
163: 2007-08-01 04:04:09 UTC - RP795 - Configured SigmaTel Audio
162: 2007-08-01 03:46:45 UTC - RP794 - Configured SigmaTel Audio
161: 2007-08-01 03:31:36 UTC - RP793 - Configured SigmaTel Audio


-- First Restore Point --
1: 2007-05-07 05:59:28 UTC - RP633 - Software Distribution Service 2.0


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Gerard.exe)

---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:50:16, on 02/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Documents and Settings\Gerard\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Gerard.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row-rel&channel=ie&ibd=2061007
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ie/hws/sb/dell-row-rel/en/side.html?channel=ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row-rel&channel=ie&ibd=2061007
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ie/ig/dell?hl=en&client=dell-row-rel&channel=ie&ibd=2061007
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ucd.ie:8484
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07B52960-B02F-4823-9F23-DEB9DC1C3858} - (no file)
O2 - BHO: (no name) - {4E3C9B0A-8A8D-4855-BCE4-036667B63715} - C:\WINDOWS\system32\awtqq.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - (no file)
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\svbmeayg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\wgoleiqw.dll",forkonce
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161110803015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162945451296
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/su/ocx/15026/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\DVDXST~1\DVDXUT~1.6\DVDGhost\DVDGHO~1.DLL
O20 - Winlogon Notify: awtqq - C:\WINDOWS\system32\awtqq.dll
O20 - Winlogon Notify: gebbbyw - gebbbyw.dll (file missing)
O20 - Winlogon Notify: mljgh - C:\WINDOWS\
O20 - Winlogon Notify: rqroopo - rqroopo.dll (file missing)
O20 - Winlogon Notify: wintuh32 - C:\WINDOWS\SYSTEM32\wintuh32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Unknown owner - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Network.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10239 bytes

-- File Associations

---

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R0 PBADRV - c:\windows\system32\drivers\pbadrv.sys <Not Verified; Dell Inc; PBA Driver>
R0 TPkd - c:\windows\system32\drivers\tpkd.sys <Not Verified; PACE Anti-Piracy, Inc.; InterLok(R)>
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 nipplpt2 (Novell iCapture Lpt Redirector 2) - c:\windows\system32\drivers\nipplpt.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.6.0.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.6.0.0>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 SentEmul - c:\windows\system32\drivers\sentemul.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S0 ntcdrdrv - c:\windows\system32\drivers\ntcdrdrv.sys (file missing)
S3 bdfdll - c:\program files\softwin\bitdefender10\bdfdll.sys (file missing)
S3 cdrmkaun - c:\docume~1\gerard\locals~1\temp\cdrmkaun.sys (file missing)
S3 CSRBC (CSRBC.Sys CSR test driver) - c:\windows\system32\drivers\csrbcxp.sys <Not Verified; CSR, plc; CsrUsb Device Driver>
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 LHidUsbK (SetPoint USB Receiver device driver) - c:\windows\system32\drivers\lhidusbk.sys <Not Verified; Logitech Inc.; Logitech SetPoint>
S3 NTPASp50 (NTPASp50 NDIS Protocol Driver) - c:\windows\system32\drivers\ntpasp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Microsoft(R) Windows NT(R) Operating System>
S3 USBIO (USBIO Driver (usbio.sys)) - c:\windows\system32\drivers\usbio.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R2 Rpcnet (Remote Procedure Call (RPC) Net) - c:\windows\system32\rpcnet.exe <Not Verified; Absolute Software Corp.; Installation/Management Application>

S2 AvidStartup (Avid Startup) - system32\avidstartup.exe <Not Verified; ; AvidStartup>
S2 Windows Network Log Manage - c:\program files\common files\microsoft shared\msinfo\network.exe (file missing)
S3 AvidSDMService (Avid SDM Service) - system32\avidsdmservice.exe <Not Verified; Avid Technology, Inc.; Avid Technology, Inc. AvidSDMService>
S3 DataSvr2 - "c:\program files\wave systems corp\common\dataserver.exe" <Not Verified; Wave Systems Corp.; Authentication Manager>
S3 DigiRefresh (Digidesign MME Refresh Service) - c:\program files\digidesign\drivers\mmerefresh.exe -s <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Digidesign MME Binder>
S3 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe (file missing)
S3 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
S3 tcsd_win32.exe (NTRU Hybrid TSS v2.0.25 TCS) - "c:\program files\ntru cryptosystems\ntru hybrid tss v2.0.25\bin\tcsd_win32.exe"
S3 TOSHIBA Bluetooth Service - c:\program files\toshiba\bluetooth toshiba stack\tosbtsrv.exe <Not Verified; TOSHIBA CORPORATION; Bluetooth Stack for Windows by TOSHIBA>
S3 WLANKEEPER (Intel(R) PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel(R) Corporation; SSO Service>


-- Scheduled Tasks

---

2007-08-02 01:35:03 330 --ah

---

C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-08-01 20:12:17 424 --ah

---

C:\WINDOWS\Tasks\User_Feed_Synchronization-{51E6FFF8-1A42-4DE6-8930-B4BF8781AD60}.job


-- Files created between 2007-07-02 and 2007-08-02

---

2007-08-02 13:13:20 0 -rahs---- C:\MSDOS.SYS
2007-08-02 13:13:20 0 -rahs---- C:\IO.SYS
2007-08-02 13:12:22 0 d

---

C:\WINDOWS\ERUNT
2007-08-02 12:53:28 125504 --a

---

C:\WINDOWS\system32\wgoleiqw.dll
2007-08-02 12:50:31 69184 --a

---

C:\WINDOWS\system32\svbmeayg.dll
2007-08-02 12:50:30 4672 --a

---

C:\WINDOWS\system32\jcctvvai.exe
2007-08-02 12:50:28 66112 --a

---

C:\WINDOWS\system32\estyxuqt.exe
2007-08-02 12:50:25 4672 --a

---

C:\WINDOWS\system32\bjgfbklj.exe
2007-08-02 12:48:29 706795 ---hs---- C:\WINDOWS\system32\qqtwa.bak2
2007-08-02 12:34:59 0 d

---

C:\Program Files\Trend Micro
2007-08-02 04:46:51 7680 --a

---

C:\WINDOWS\system32\drivers\ip6fw.sys
2007-08-02 02:51:22 17408 --a

---

C:\WINDOWS\system32\rpcnetp.dll
2007-08-02 02:50:23 17408 --a

---

C:\WINDOWS\system32\rpcnetp.exe
2007-08-01 23:46:18 6466 ---hs---- C:\WINDOWS\system32\qqtwa.bak1
2007-08-01 23:45:32 228960

---

n--- C:\WINDOWS\system32\awtqq.dll
2007-08-01 23:42:09 12800 --a

---

C:\Program Files\s2f.exe <Not Verified; Search2find LLC; Search2find>
2007-08-01 23:40:39 19968 --a

---

C:\WINDOWS\system32\wintuh32.dll
2007-08-01 23:39:04 0 d

---

C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\AVG7
2007-08-01 18:58:13 0 dr-h

---

C:\Documents and Settings\Gerard\Recent
2007-08-01 18:54:05 0 d

---

C:\Program Files\Cure It
2007-08-01 04:23:58 90112 --a

---

C:\WINDOWS\system32\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
2007-08-01 04:23:58 303104 --a

---

C:\WINDOWS\sttray.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
2007-08-01 04:23:37 0 d

---

C:\Program Files\Intel Desktop Board Audio Driver
2007-08-01 02:27:47 0 d

---

C:\Program Files\Microsoft Bootvis
2007-08-01 01:01:20 561152 --a

---

C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
2007-08-01 01:01:20 0 d--h

---

C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings
2007-08-01 01:01:20 0 d---s---- C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies
2007-08-01 01:01:20 0 d

---

C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data
2007-08-01 01:01:20 0 d---s---- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Microsoft
2007-08-01 00:28:39 0 d

---

C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2007-08-01 00:28:36 0 d

---

C:\Program Files\Diskeeper Corporation
2007-08-01 00:16:47 0 d

---

C:\Documents and Settings\NetworkService\Application Data\AVG7
2007-07-25 02:02:27 237568 --a

---

C:\Documents and Settings\LocalService\ntuser.dat
2007-07-19 17:36:32 688128 --a

---

C:\WINDOWS\system32\Euphoria.scr
2007-07-19 17:35:27 903168 --a

---

C:\WINDOWS\Ice Crystal.scr <Not Verified; Jan Kolarik & Ondrej Vaverka; Screensaver created with InstantStorm>
2007-07-19 17:35:27 495104 --a

---

C:\WINDOWS\Ice Crystal.exe <Not Verified; Jan Kolarik & Ondrej Vaverka; Screensaver created with InstantStorm>
2007-07-19 17:35:27 0 d

---

C:\WINDOWS\Ice Crystal Uninstaller
2007-07-18 16:08:37 0 d

---

C:\Program Files\iPod
2007-07-18 15:42:43 0 d

---

C:\Program Files\a-squared HiJackFree
2007-07-18 13:54:50 0 d

---

C:\Documents and Settings\Gerard\Application Data\ExecutiveSoftware
2007-07-18 13:47:13 20 --a

---

C:\WINDOWS\GndGGGg.dat
2007-07-10 03:18:06 60416 --a

---

C:\WINDOWS\system32\DSETUP.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2007-07-05 16:40:28 32768 --a

---

C:\WINDOWS\system32\nipplgex.dll <Not Verified; Novell, Inc.; Novell iPrint>
2007-07-05 16:40:28 45056 --a

---

C:\WINDOWS\system32\iprntlgn.exe <Not Verified; Novell, Inc.; Novell iPrint>
2007-07-03 02:09:25 0 d

---

C:\Documents and Settings\Gerard\DoctorWeb


-- Find3M Report

---

2007-08-02 13:44:51 47104 --a

---

C:\WINDOWS\system32\rpcnet.dll <Not Verified; Absolute Software Corp.; Installation/Management Application>
2007-08-02 13:44:22 47104 --a

---

C:\WINDOWS\system32\rpcnet.exe <Not Verified; Absolute Software Corp.; Installation/Management Application>
2007-08-02 02:13:37 0 d

---

C:\Documents and Settings\Gerard\Application Data\Lavasoft
2007-08-01 23:39:08 0 d

---

C:\Documents and Settings\Gerard\Application Data\AVG7
2007-08-01 03:55:45 0 d

---

C:\Program Files\Java
2007-08-01 03:55:36 0 d--h

---

C:\Program Files\InstallShield Installation Information
2007-07-25 01:41:07 0 d

---

C:\Program Files\Apoint
2007-07-20 14:07:07 0 d

---

C:\Documents and Settings\Gerard\Application Data\Adobe
2007-07-20 13:24:32 0 d

---

C:\Program Files\Common Files
2007-07-18 16:42:37 47360 --a

---

C:\Documents and Settings\Gerard\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-07-18 16:42:37 55 --a

---

C:\Documents and Settings\Gerard\Application Data\pcouffin.log
2007-07-18 16:42:37 1144 --a

---

C:\Documents and Settings\Gerard\Application Data\pcouffin.inf
2007-07-18 16:42:37 7176 --a

---

C:\Documents and Settings\Gerard\Application Data\pcouffin.cat
2007-07-18 16:42:37 81920 --a

---

C:\Documents and Settings\Gerard\Application Data\ezpinst.exe
2007-07-18 16:11:37 0 d

---

C:\Program Files\QuickTime Alternative
2007-07-18 16:08:44 0 d

---

C:\Program Files\iTunes
2007-07-18 16:02:52 0 d

---

C:\Program Files\Boris FX, Inc
2007-07-18 04:52:26 552 --a

---

C:\WINDOWS\system32\d3d8caps.dat
2007-07-17 21:47:16 0 d

---

C:\Documents and Settings\Gerard\Application Data\Free Download Manager
2007-07-12 16:14:36 0 d

---

C:\Documents and Settings\Gerard\Application Data\OpenOffice.org2
2007-07-04 20:59:32 0 d

---

C:\Documents and Settings\Gerard\Application Data\Wave Systems Corp
2007-07-04 19:03:38 0 d

---

C:\Documents and Settings\Gerard\Application Data\Apple Computer
2007-06-18 03:02:48 111627 --a

---

C:\WINDOWS\system32\nvModes.dat
2007-06-18 02:53:37 0 d

---

C:\Program Files\Dell
2007-06-10 21:27:39 0 d

---

C:\Program Files\MSXML 4.0
2007-06-06 20:24:58 0 d

---

C:\Program Files\WebCyberCoach
2007-05-11 05:37:15 802816 --a

---

C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-05-11 05:37:15 823296 --a

---

C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-11 05:37:15 823296 --a

---

C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-11 05:37:15 740442 --a

---

C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-06 15:46:17 27 --a

---

C:\Documents and Settings\Gerard\Application Data\avetoasts.ini
2007-05-05 03:25:23 14 --a

---

C:\WINDOWS\system32\SystemInfo32.sys
2007-05-05 03:25:01 14 --a

---

C:\WINDOWS\system32\SysEngine2.SYS
2007-05-02 15:50:21 262144 --a

---

C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-05-02 15:50:21 86016 --a

---

C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>


-- Registry Dump

---

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07B52960-B02F-4823-9F23-DEB9DC1C3858}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E3C9B0A-8A8D-4855-BCE4-036667B63715}]
01/08/2007 23:45 228960

---

C:\WINDOWS\system32\awtqq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C47A9554-195A-4769-9B13-04F15B450A39}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]
02/08/2007 12:50 69184 --a

---

C:\WINDOWS\system32\svbmeayg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [28/04/2007 19:05]
"NVHotkey"="nvHotkey.dll" [28/04/2007 19:05 C:\WINDOWS\system32\nvhotkey.dll]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [07/10/2005 14:13]
"SystemOptimizer"="C:\WINDOWS\system32\wgoleiqw.dll" [02/08/2007 12:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [06/05/2007 03:52]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Gerard\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [07/01/2007 18:42:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqq]
C:\WINDOWS\system32\awtqq.dll 01/08/2007 23:45 228960 C:\WINDOWS\system32\awtqq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebbbyw]
gebbbyw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgh]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqroopo]
rqroopo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 11/09/2006 20:17 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintuh32]
wintuh32.dll 01/08/2007 23:40 19968 C:\WINDOWS\system32\wintuh32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\DVDXST~1\DVDXUT~1.6\DVDGhost\DVDGHO~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Gerard^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Premiere^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPrint Event Monitor]
C:\WINDOWS\system32\iprntlgn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPrint Tray]
C:\WINDOWS\system32\iprntctl.exe TRAY_ICON

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
"C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDesk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /installquiet


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]
"%ProgramFiles%\Windows Sidebar\.\regsvr32.exe" /s wlsrvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]
"%ProgramFiles%\Windows Sidebar\.\regsvr32.exe" /s sbdrop.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
%SystemRoot%\system32\hidec /W "%VAIOTOOLS%\regtlib.exe" "%ProgramFiles%\Windows Sidebar\sidebar.exe"



-- End of Deckard's System Scanner: finished at 2007-08-02 at 13:51:03

---

Deckard's System Scanner v20070729.57
Extra logfile - please post this as an attachment with your post.

---

-- System Information

---

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel(R) CPU T2400 @ 1.83GHz
CPU 1: Genuine Intel(R) CPU T2400 @ 1.83GHz
Percentage of Memory in Use: 25%
Physical Memory (total/avail): 2046.05 MiB / 1518.06 MiB
Pagefile Memory (total/avail): 3938.15 MiB / 3579.09 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1945.8 MiB

C: is Fixed (NTFS) - 111.68 GiB total, 48.67 GiB free.
is CDROM (UDF)
E: is CDROM (No Media)


-- Security Center

---

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.476 v7.5.476 (GRISOFT) Disabled

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\OpenOffice.org 2.1\\program\\swriter.exe"="C:\\Program Files\\OpenOffice.org 2.1\\program\\swriter.exe:*:Enabled:swriter"
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\\Documents and Settings\\Gerard\\My Documents\\My Downloads\\utorrent.exe"="C:\\Documents and Settings\\Gerard\\My Documents\\My Downloads\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Launch Veoh"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\Gerard\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Gerard\\Desktop\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\DOCUME~1\\Gerard\\LOCALS~1\\Temp\\win11F.tmp.exe"="C:\\DOCUME~1\\Gerard\\LOCALS~1\\Temp\\win11F.tmp.exe:*:Enabled:win11F.tmp"


-- Environment Variables

---

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Gerard\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DGGVXH2J
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Gerard
LOGONSERVER=\\DGGVXH2J
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Wave Systems Corp\Dell Preboot Manager\Access Client\v5\;C:\Program Files\Autodesk\Backburner\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Avid;C:\Program Files\VAIOXP\Libraries\;C:\PROGRA~1\DISKEE~1\DISKEE~1\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Gerard\LOCALS~1\Temp
TMP=C:\DOCUME~1\Gerard\LOCALS~1\Temp
USERDOMAIN=DGGVXH2J
USERNAME=Gerard
USERPROFILE=C:\Documents and Settings\Gerard
VAIO=C:\Program Files\VAIOXP\Libraries\
VAIOTOOLS=C:\Program Files\VAIOXP\Tools\
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles

---

Gerard (admin)
Premiere (admin)
Administrator (admin)


-- Add/Remove Programs

---

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> MsiExec.exe /I{0CDCA5CD-C404-41FD-9216-9B4B3D24A7AA}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3414C9E5-FCFE-11D8-8469-00D0B726B56E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9104A09A-EC83-11D8-8469-00D0B726B56E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9104A09A-EC83-11D8-8469-00D0B726B56E}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9744AE38-1CC6-414F-96CE-0643AEE30A9B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9744AE38-1CC6-414F-96CE-0643AEE30A9B}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware SE Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe After Effects 7.0 --> msiexec /I {DD362256-A7A2-4524-9457-213DDC2AFC2A}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Encore DVD 2.0 --> msiexec /I {2ECE7ECE-D15B-4999-8B8D-01C998F489D5}
Adobe ExtendScript Toolkit 1.0 --> MsiExec.exe /I{B74D4E10-0000-0000-0000-EDED00000102}
Adobe ExtendScript Toolkit 1.0 --> MsiExec.exe /I{B74D4E10-0000-0000-0000-EDED00000103}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 2.1 --> MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Premiere Pro 2.0 --> msiexec /I {FA17A726-B229-4116-B793-A2AB1A4EAE2E}
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Avid Codecs LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30D5D4BF-D869-4FAD-AFA3-5367C6EA8A99}\SETUP.exe" -l0x9 -removeonly
Avid Codecs PE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FABC839A-8445-4830-9CE1-860584F32648}\setup.exe" -l0x9 -removeonly
Avid DIO Runtime --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C0F62AFB-ABC2-4979-B21B-148EEEA2B6BD}\setup.exe" -l0x9 -removeonly
Avid DVD by Sonic --> MsiExec.exe /I{353073E8-1185-4823-8F3A-A1F4AF6DD2CD}
Avid EDL Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCDB24FB-6BE8-48BA-952D-0402DF7CD6E9}\setup.exe" -l0x9 -removeonly
Avid FilmScribe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0F224BAB-03E7-47A9-8A25-5226A1C7A916}\setup.exe" -l0x9 -removeonly
Avid FX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{010875D4-C6B4-4D23-87FC-0DB193F608F3}\setup.exe" -l0x9 -removeonly
Avid Log Exchange --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2AE66E3C-469C-441E-B410-208C25F64D57}\setup.exe" -l0x9 -removeonly
Avid Media Composer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E15DB50A-1DF9-4AF6-8DB0-1D6D5FFC17E1}\setup.exe" -l0x9 -removeonly
Avid MediaLog --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{270CF75C-CE46-4672-9DEC-AA53DEDF5306}\setup.exe" -l0x9 -removeonly
Avid MetaSync --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24B559F6-262E-4607-BA98-24CFF4E7C2CA}\setup.exe" -l0x9 -removeonly
Avid Xpress Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0533B9AF-DC07-4580-B5A1-C025D77B4105}\setup.exe" -l0x9 -removeonly
Axialis IconWorkshop 6.0 --> C:\Program Files\Axialis\IconWorkshop\UnInstall.exe "IconWorkshop" "IconWorkshop.exe"
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Boris Continuum Complete AVX 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D48A4ACB-1CF9-48EA-9E37-C20CD9456845}\Setup.exe" -l0x9 -removeonly
Broadcom Advanced Control Suite --> MsiExec.exe /X{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Broadcom TPM Driver Installer --> MsiExec.exe /X{35748B06-FCFC-4700-8285-DAD41689E4FE}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\setup.exe" -l0x9 /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Zen Micro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D944236D-7992-41D6-8257-930B5832F1CC}\SETUP.EXE" -l0x9 /remove
Digidesign Audio Drivers 7.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F1D8E17-2AE6-4608-901D-42146D7D9C68}\setup.exe" -l0x9 -removeonly
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Diskeeper 2007 Pro Premier --> MsiExec.exe /X{0A3F1E56-3F5D-4943-BBB7-22F730C7A22B}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Document Manager Lite --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2} /l1033
DVD Ghost 2.5 --> "C:\Program Files\DVD X Studios\DVD X Utilities 2.6\DVDGhost\unins000.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVD X Utilities 2.6 --> "C:\Program Files\DVD X Studios\DVD X Utilities 2.6\unins000.exe"
EMBASSY Security Center --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEAFE1E5-076B-430A-96D9-B567792AFA88}
EMBASSY Trust Suite by Wave Systems --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1802FA6-54E9-4B24-BD2A-B50866819795}\setup.exe" -l0x9
ETS Launch Pad --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{DD41AC25-61B2-4FC9-90AA-672F32139AC3} /l1033
ETS Upgrade --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{72FECEA1-E87F-4192-89FA-D0FBF92885BB}
Final Draft 7 --> MsiExec.exe /I{78D62D17-D970-42DA-B8CF-5E5576293B33}
Free Download Manager 2.1 --> "C:\Program Files\Free Download Manager\unins000.exe"
getPlus(R)_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Guitar Pro 5.2 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Ice Crystal --> "C:\WINDOWS\Ice Crystal Uninstaller\unins000.exe"
IconX --> C:\PROGRA~1\Stardock\OBJECT~1\IconX\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\IconX\INSTALL.LOG
Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterLok Driver Kit --> MsiExec.exe /X{1A24F9E8-009D-40FC-ABED-2AAFFAB0F4F0}
iTunes --> MsiExec.exe /I{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Codec Pack 3.01 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
KhalSetup --> MsiExec.exe /I{C89C8D86-4423-4A58-AA40-DD259ACE07C1}
KhalSetup --> MsiExec.exe /I{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
LogonStudio --> C:\PROGRA~1\WINCUS~1\LOGONS~1\UNWISE.EXE C:\PROGRA~1\WINCUS~1\LOGONS~1\INSTALL.LOG
Magic Bullet Suite 2.1 --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe After Effects 7.0\Support Files\Plug-ins\mbsuite21.log
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{90CC4231-94AC-45CD-991A-0253BFAC0650}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Bootvis --> MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 6.0 Parser --> MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Native Instruments Traktor DJ Studio 3 --> C:\PROGRA~1\NATIVE~1\TRAKTO~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\TRAKTO~1\INSTALL.LOG
Nero 7 Lite v7.7.5.1 --> "C:\Program Files\Nero\unins000.exe"
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Novell iPrint Client v04.26.00 --> C:\WINDOWS\system32\iprint\setupipp.exe /uninstall
NTRU Hybrid TSS v2.0.25 --> MsiExec.exe /I{0BA2A0BA-7F4D-4B7B-AE94-5F0233AC8A5A}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA PureVideo Decoder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}\setup.exe" -l0x9 -uninstall
OpenOffice.org 2.2 --> MsiExec.exe /I{A1C8D94A-4303-4489-B585-4B6E6CD408CB}
Preboot Manager --> MsiExec.exe /I{8CE90089-DCC9-4393-A535-802072333C35}
Private Information Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{0B0A2153-58A6-4244-B458-25EDF5FCD809} /l1033
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime Alternative 1.81 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Secure Update --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D1E829E9-88B8-47C6-A75E-0D40E2C09D50} /l1033
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Wizards --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4} /l1033
Sentinel Protection Installer 7.2.2 --> MsiExec.exe /I{6DC0632A-A838-4B34-AC19-0FA18E1C533C}
Sentinel Virtual Dongle v1.01 --> RunDLL32.exe advpack.dll,LaunchINFSection sentemul.inf, UnInstall
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SkinStudio --> C:\PROGRA~1\Stardock\OBJECT~1\SKINST~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\SKINST~1\INSTALL.LOG
Skype 3.1 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
upekmsi --> MsiExec.exe /I{D648B20B-A789-407E-8CA4-9BDDBBE342C8}
VAIOXP --> MsiExec.exe /X{BB05D173-9681-4812-A7FA-BD4042A3DA00}
Veoh Player --> C:\Program Files\InstallShield Installation Information\{3D5A72E1-1467-4199-8CF6-12DA8D502A6B}\setup.exe -runfromtemp -l0x0409
Virtual Desktop Manager Powertoy for Wind

Enjeh

ActorSeeksJob wrote:

I'm sorry Enjeh, your logs are showing absolutely no traces of the program, there is nothing I can do to get rid of it...I thought there would be some traces of the program but there doesn't seem to be.

Only thing I can think is to reinstall the program, then uninstall it. That should remove all the traces supposedly.

Ohh my fault, it was in the firefox addon's to. now it's gone --"

ActorSeeksJob

Haha thanks for letting me know
At least you got a free check up on your PC !!