Virus keeps popping up cmd window with MSLTST~1.exe

Unknown · August 2008

Hi Guys. I'm new to this forum and was hoping someone could help me out.

Every time I turn on my computer, I get a cmd window titled C:\Windows\System32\MSLTST~1.EXE.
There's also another window that pops up that says: "C:\Windows\System32\MSLTST~1.EXE. The NTVDM CPU has encountered an illegal instruction.CS:1220 IP:0202 OP:63 74 69 76 65. Choose "Close" to terminate application"

I have a bad feeling this is a virus. Because of this, my Windows Explorer windows keep closing, and I cannot reach the internet connection. I'm using another computer to write this, and the connection on the same network is fine. My Symantec Anti-Virus has been disabled because it's not working properly, so that may be a big reason for why this happened. Here is a HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:54 PM, on 8/3/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ooVoo\ooVoo.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AIM6\aim6.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Dmitriy\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Update Helper - {25D596E9-BD03-4D4A-8310-5DF3B31E8D26} - C:\Program Files\Google\Update\1.2.121.17\GoopdateBho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Update Helper - {A4CC8907-3EA6-49EE-8B74-D09660120910} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\Windows\system32\msltstsoft_updt.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\ooVoo.exe /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Dmitriy\AppData\Local\Temp\ljJAQHwV.dll,c
O4 - HKCU\..\Run: [BM1fca6d01] Rundll32.exe "C:\Users\Dmitriy\AppData\Local\Temp\hhpfcqwg.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/popca...aploader_v6.cab
O18 - Protocol: bw+0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: GoToAssist - C:\Windows\
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dlbc_device - - C:\Windows\system32\dlbccoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c8e0ae994275a0) (gupdate1c8e0ae994275a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 26155 bytes

Katana · August 2008

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Installed Programs

Please could you give me a list of the programs that are installed.

Start HijackThis
Click on the Misc Tools button
Click on the Open Uninstall Manager button.

You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.

dimsh2000 · August 2008

I decided to go into safe mode and run Kaspersky Online Scanner. With that, I found some DLLs in my Users/[username]/AppData/Local/Temp folder that were not supposed to be there, and got rid of those and their registry values. I think that got rid of most of the problems. I don't feel confident about running ComboFix, so I'll see what the Anti-Malware does.

Anti-Malware Log:

Malwarebytes' Anti-Malware 1.24
Database version: 1030
Windows 6.0.6001 Service Pack 1

11:18:44 PM 8/6/2008
mbam-log-8-6-2008 (23-18-37).txt

Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 469315
Time elapsed: 3 hour(s), 0 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{24daafb8-b7f5-463f-88c1-d497611fc253} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8710fc9f-0816-49d7-ae14-4ba5269e838c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\ (Rogue.RegistrySmart) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> No action taken.
C:\Program Files\Maximum Software (Rogue.Multiple) -> No action taken.
C:\Program Files\Maximum Software\Bug Doctor (Rogue.Multiple) -> No action taken.
C:\Users\Dmitriy\AppData\Roaming\RegistrySmart (Rogue.RegistrySmart) -> No action taken.
C:\Users\Dmitriy\AppData\Roaming\RegistrySmart\Log (Rogue.RegistrySmart) -> No action taken.
C:\Users\Dmitriy\AppData\Roaming\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> No action taken.

Files Infected:
C:\Program Files\Maximum Software\Bug Doctor\error_list(fixed).log (Rogue.Multiple) -> No action taken.
C:\Program Files\Maximum Software\Bug Doctor\error_list.log (Rogue.Multiple) -> No action taken.
C:\Program Files\Maximum Software\Bug Doctor\unins000.exe (Rogue.Multiple) -> No action taken.
C:\Users\Dmitriy\AppData\Roaming\RegistrySmart\Log\2008 Aug 02 - 01_36_38 PM_201.log (Rogue.RegistrySmart) -> No action taken.
C:\Users\Dmitriy\AppData\Roaming\RegistrySmart\Log\2008 Aug 02 - 01_40_56 PM_310.log (Rogue.RegistrySmart) -> No action taken.
C:\Users\Dmitriy\AppData\Roaming\RegistrySmart\Registry Backups\2008-08-02_13-42-20.reg (Rogue.RegistrySmart) -> No action taken.

List of Prgorams:

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Activation Assistant for the 2007 Microsoft Office suites
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Setup
Adobe Shockwave Player 11
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AIM 6
Apple Mobile Device Support
Apple Mobile Device Support
Apple Software Update
AuthenTec Fingerprint Sensor Minimum Install
Auto Gordian Knot 2.45
AutoCAD 2007 - English
Autodesk DWF Viewer
AviSynth 2.5
Bonjour
C@B Automatic Updates Policy
Canon Utilities Digital Photo Professional 3.3
Canon Utilities PhotoStitch
CDDRV_Installer
CinemaForge
Command & Conquer Red Alert 2
ConvertXtoDVD 2.2.3.258g
Counter-Strike: Source
Dell Photo Printer 720
DVD Decrypter (Remove Only)
ESU for Microsoft Vista
Fast AVI MPEG Joiner 1.1.2
GetDataBack for NTFS
Google Earth
Google Earth
Google Earth Plugin
Google Earth Plugin
Google Update
Google Updater
GoToAssist 8.0.0.480
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
hott notes 4
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Total Care Advisor
HP Update
HP User Guides 0056
HP Wireless Assistant
HPNetworkAssistant
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iPod for Windows 2006-03-23
iTunes
iTunes
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
Kaspersky Online Scanner
KhalInstallWrapper
K-Lite Codec Pack 3.7.0 Full
LimeWire 4.18.3
LiveUpdate 3.2 (Symantec Corporation)
Logitech Desktop Messenger
Logitech SetPoint
Malwarebytes' Anti-Malware
ManyCam 2.1 (remove only)
MATLAB R2007b
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Flight Simulator X
Microsoft Office 2003 Web Components
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0.1)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 Parser and SDK
My HP Games
Need for Speed - Most Wanted v1.3 ( RE )
ooVoo
PDF Settings
Photodex Presenter
Photomatix Pro version 3.0
Power MP3 Cutter Joiner 1.11
PowerISO
ProShow Gold
QuickTime
QuickTime
RAM Defrag (remove only)
RealPlayer
Realtek High Definition Audio Driver
Registry Finder 1.2
Revo Uninstaller 1.71
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB947801)
Skype™ 3.8
SmartDefrag Beta6.00
Spelling Dictionaries Support For Adobe Reader 8
Symantec AntiVirus
Symantec Technical Support Web Controls
Synaptics Pointing Device Driver
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb953463)
Viewpoint Media Player
Westwood Shared Internet Components
Windows Installer Clean Up
Windows Media Player Firefox Plugin
WinRAR archiver
XviD MPEG4 Video Codec (remove only)
YPOPs! 0.9.5.3

Katana · August 2008

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire 4.18.3

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please note: you must NOT use this whilst we are cleaning your machine.

Remove Programs

Now click Start---Control Panel. Double click Add or Remove Programs (XP) / Programs and Features (Vista) . If any of the following programs are listed there,
click on the program to highlight it, and click on remove.

Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6

Now close the Control Panel.

Deckard's System Scanner (DSS)

Please download Deckard's System Scanner (DSS) to your Desktop.
Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply

dimsh2000 · August 2008

main.txt:
Deckard's System Scanner v20071014.68
Run by Dmitriy on 2008-08-07 23:01:17
Computer is in Normal Mode.

-- Last 5 Restore Point(s) --
6: 2008-08-08 03:58:04 UTC - RP599 - Windows Update
5: 2008-08-07 08:52:09 UTC - RP598 - Removed Java(TM) SE Runtime Environment 6
4: 2008-08-07 08:50:53 UTC - RP597 - Removed Java(TM) 6 Update 5
3: 2008-08-07 08:49:16 UTC - RP596 - Removed Java(TM) 6 Update 3
2: 2008-08-06 02:56:34 UTC - RP595 - Windows Update

-- First Restore Point --
1: 2008-08-05 10:11:15 UTC - RP594 - Windows Backup

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Dmitriy.exe)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:00 PM, on 8/7/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ooVoo\ooVoo.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Dmitriy\Desktop\Adobe Photoshop CS3 Extended Portable Edition\CSDATA\1000000800002i\svchost.exe
C:\Users\Dmitriy\Desktop\dss.exe
C:\Users\Dmitriy\Desktop\Dmitriy.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Update Helper - {25D596E9-BD03-4D4A-8310-5DF3B31E8D26} - C:\Program Files\Google\Update\1.2.121.17\GoopdateBho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Update Helper - {A4CC8907-3EA6-49EE-8B74-D09660120910} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\ooVoo.exe /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: GoToAssist - C:\Windows\
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dlbc_device - - C:\Windows\system32\dlbccoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c8e0ae994275a0) (gupdate1c8e0ae994275a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 25654 bytes

-- File Associations

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - AutoCADScriptFile - shell\open\command - "C:\Windows\system32\NOTEPAD.EXE" "%1"

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 cvintdrv - c:\windows\system32\drivers\cvintdrv.sys

S3 SRTSPL - c:\windows\system32\drivers\srtspl.sys <Not Verified; Symantec Corporation; AutoProtect>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\hp\quickplay\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\hp\quickplay\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>
R2 ScsiAccess - c:\program files\photodex\proshowgold\scsiaccess.exe
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S3 Com4Qlb - "c:\program files\hewlett-packard\hp quick launch buttons\com4qlb.exe" <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>
S3 OpcEnum -

-- Device Manager: Disabled

No disabled devices found.

-- Scheduled Tasks

2008-08-07 20:52:24 296 --a

C:\Windows\Tasks\GoogleUpdateTask.job
2008-08-07 20:52:24 386 --a

C:\Windows\Tasks\AutoSmartDefrag.job
2008-08-07 01:05:23 422 --ah

C:\Windows\Tasks\User_Feed_Synchronization-{DCD8360D-CDA0-4901-90A9-0B853D2B75D3}.job
2008-08-05 03:30:00 390 --a

C:\Windows\Tasks\RegSweep Scheduled Scan.job
2008-08-05 03:30:00 430 --a

C:\Windows\Tasks\RegistrySmart Scheduled Scan.job
2008-05-30 17:15:00 394 --a

C:\Windows\Tasks\1-Click Maintenance.job

-- Files created between 2008-07-07 and 2008-08-07

2008-08-06 20:14:24 0 d

C:\Users\All Users\Malwarebytes
2008-08-06 20:14:24 0 d

C:\Program Files\Malwarebytes' Anti-Malware
2008-08-04 22:19:41 0 dr-h

C:\MSOCache
2008-08-04 00:56:50 0 d

C:\Users\All Users\Kaspersky Lab
2008-08-03 00:03:52 0 d

C:\COOL
2008-08-02 23:39:06 0 d

C:\Program Files\Common Files\Control Panels
2008-08-02 02:02:00 0 d

C:\Program Files\Canon
2008-08-02 01:59:48 0 d

C:\Program Files\Common Files\Canon
2008-07-31 01:38:18 0 d

C:\Users\All Users\acccore
2008-07-31 01:20:27 0 d

C:\Program Files\Windows Installer Clean Up
2008-07-29 23:36:43 0 d

C:\Program Files\Symantec
2008-07-29 23:36:31 0 d

C:\Program Files\Symantec AntiVirus
2008-07-22 22:49:44 0 d

C:\Users\All Users\Symantec
2008-07-20 13:49:58 0 d

C:\Program Files\AceLogix
2008-07-19 16:40:52 0 d

C:\Program Files\iTunes
2008-07-17 20:58:31 0 d

C:\Users\All Users\ALM
2008-07-17 20:21:53 0 d

C:\Program Files\Photodex Presenter
2008-07-17 20:21:41 0 d

C:\Program Files\Photodex
2008-07-13 23:17:30 0 d

C:\Program Files\VS Revo Group
2008-07-07 20:56:31 0 d

C:\Users\All Users\Google

-- Find3M Report

2008-08-07 23:00:57 0 d

C:\Users\Dmitriy\AppData\Roaming\Skype
2008-08-07 01:53:02 0 d

C:\Program Files\Java
2008-08-06 20:14:26 0 d

C:\Users\Dmitriy\AppData\Roaming\Malwarebytes
2008-08-04 22:25:56 0 d

C:\Program Files\Microsoft Works
2008-08-04 22:25:28 0 d

C:\Program Files\MSBuild
2008-08-04 22:21:23 0 d

C:\Program Files\Microsoft Visual Studio 8
2008-08-04 21:44:15 0 d

C:\Program Files\ooVoo
2008-08-02 23:50:19 0 d

C:\Users\Dmitriy\AppData\Roaming\LimeWire
2008-08-02 23:40:00 0 d

C:\Program Files\Common Files\Adobe
2008-08-02 23:39:06 0 d

C:\Program Files\Common Files
2008-08-02 23:38:12 0 d

C:\Users\Dmitriy\AppData\Roaming\Adobe
2008-08-02 22:26:31 0 d

C:\Users\Dmitriy\AppData\Roaming\uTorrent
2008-08-02 21:16:03 0 d

C:\Users\Dmitriy\AppData\Roaming\Thinstall
2008-08-02 13:32:34 0 d

C:\Program Files\AIM6
2008-08-02 02:06:15 0 d

C:\Users\Dmitriy\AppData\Roaming\Canon
2008-08-02 02:03:13 0 d

C:\Program Files\PanoramaStudio
2008-08-02 00:17:28 0 d

C:\Program Files\MSECache
2008-08-01 09:52:06 0 d

C:\Program Files\Google
2008-07-31 00:57:27 0 d

C:\Program Files\Eusing Free Registry Cleaner
2008-07-31 00:32:41 0 d

C:\Program Files\Bonjour
2008-07-30 01:30:00 0 d

C:\Program Files\QuickTime
2008-07-29 23:39:40 0 d

C:\Program Files\Common Files\Symantec Shared
2008-07-19 16:45:44 577 --a

C:\Users\Dmitriy\AppData\Roaming\AutoGK.ini
2008-07-19 16:40:54 0 d

C:\Program Files\iPod
2008-07-19 12:11:28 0 d

C:\Users\Dmitriy\AppData\Roaming\JAM Software
2008-07-17 08:52:48 0 d

C:\Program Files\HP Games
2008-07-13 23:35:58 0 d

C:\Program Files\Real
2008-07-09 01:17:35 0 d

C:\Program Files\Windows Mail
2008-06-29 00:21:05 0 d

C:\Program Files\Sagasoft
2008-06-28 01:08:47 0 d

C:\Program Files\LimeWire
2008-06-21 00:05:05 0 d

C:\Users\Dmitriy\AppData\Roaming\Mozilla
2008-06-16 17:46:55 0 d

C:\Users\Dmitriy\AppData\Roaming\PanoramaStudio
2008-06-16 16:57:43 0 d--h

C:\Program Files\InstallShield Installation Information
2008-06-16 16:48:06 0 d

C:\Users\Dmitriy\AppData\Roaming\ArcSoft

-- Registry Dump

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25D596E9-BD03-4D4A-8310-5DF3B31E8D26}]
08/02/2008 12:01 AM 184816 --a----t- C:\Program Files\Google\Update\1.2.121.17\GoopdateBho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4CC8907-3EA6-49EE-8B74-D09660120910}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/19/2008 12:38 AM]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [01/16/2007 11:34 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/28/2008 02:05 AM]
"RtHDVCpl"="RtHDVCpl.exe" [10/09/2007 04:59 PM C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [10/03/2007 03:44 PM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [04/23/2007 06:11 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [02/13/2007 11:38 AM]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [03/01/2007 01:18 PM]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [01/10/2007 04:12 PM]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [09/15/2007 03:29 AM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [11/29/2007 02:17 AM C:\Windows\KHALMNPR.Exe]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [02/11/2008 08:13 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [02/11/2008 08:13 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [02/11/2008 08:13 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [03/29/2007 10:14 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/22/2006 05:12 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [11/28/2006 06:34 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"@=" []
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [03/20/2007 04:40 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/19/2008 12:33 AM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [05/30/2008 03:54 PM]
"ooVoo.exe"="C:\Program Files\ooVoo\ooVoo.exe" [08/04/2008 04:26 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [01/19/2008 12:33 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [06/19/2008 10:51 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=C:\Windows\pss\AutoCAD Startup Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\Windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\Windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Dmitriy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AutoBackup Launcher.lnk]
backup=C:\Windows\pss\AutoBackup Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Dmitriy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^YPOPs.lnk]
backup=C:\Windows\pss\YPOPs.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StxTrayMenu]
C:\Program Files\Seagate\SystemTray\FreeAgentLauncher.exe C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\Setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-08-07 23:06:11

dimsh2000 · August 2008

extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

-- System Information

Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz
Percentage of Memory in Use: 38%
Physical Memory (total/avail): 3061.5 MiB / 1881.43 MiB
Pagefile Memory (total/avail): 6324.03 MiB / 5094.35 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1898.21 MiB

C: is Fixed (NTFS) - 103.51 GiB total, 21.53 GiB free.
D: is Fixed (NTFS) - 8.27 GiB total, 1.32 GiB free.
E: is CDROM (No Media)
F: is Fixed (NTFS) - 931.51 GiB total, 214.14 GiB free.

\\.\PHYSICALDRIVE0 - ST9120823AS - 111.79 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 103.51 GiB - C:
\PARTITION1 - Installable File System - 8.27 GiB - D:

\\.\PHYSICALDRIVE1 - Seagate FreeAgent Pro IEEE 1394 SBP2 Device - 931.51 GiB - 1 partition
\PARTITION0 - Installable File System - 931.51 GiB - F:

-- Security Center

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: Symantec AntiVirus v10.2.0.276 (Symantec Corporation) Disabled
AS: Symantec AntiVirus v10.2.0.276 (Symantec Corporation) Disabled
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

-- Environment Variables

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Dmitriy\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DMITRIY-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Dmitriy
LOCALAPPDATA=C:\Users\Dmitriy\AppData\Local
LOGONSERVER=\\DMITRIY-PC
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;c:\program files\common files\roxio shared\dllshared;c:\program files\common files\roxio shared\dllshared;c:\program files\common files\roxio shared\9.0\dllshared;C:\Program Files\MATLAB\R2007b\bin;C:\Program Files\MATLAB\R2007b\bin\win32;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Pavilion
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Dmitriy\AppData\Local\Temp
TMP=C:\Users\Dmitriy\AppData\Local\Temp
USERDOMAIN=Dmitriy-PC
USERNAME=Dmitriy
USERPART=E:
USERPROFILE=C:\Users\Dmitriy
windir=C:\Windows

-- User Profiles

Dmitriy

-- Add/Remove Programs

--> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
--> "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
--> "C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
--> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
--> "C:\Program Files\HP Games\Family Feud\Uninstall.exe"
--> "C:\Program Files\HP Games\FATE\Uninstall.exe"
--> "C:\Program Files\HP Games\Final Drive Fury\Uninstall.exe"
--> "C:\Program Files\HP Games\Flip Words\Uninstall.exe"
--> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Lemonade Tycoon 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
--> "C:\Program Files\HP Games\Otto\Uninstall.exe"
--> "C:\Program Files\HP Games\Penguins!\Uninstall.exe"
--> "C:\Program Files\HP Games\Phoenix Assault\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
--> "C:\Program Files\HP Games\Puzzle Express\Uninstall.exe"
--> "C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
--> "C:\Program Files\HP Games\Snowboard SuperJam\Uninstall.exe"
--> "C:\Program Files\HP Games\SpongeBob SquarePants Krabby Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Super Granny\Uninstall.exe"
--> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
--> "C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
--> "C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Add or Remove Adobe Creative Suite 3 Master Collection --> C:\Program Files\Common Files\Adobe\Installers\8bb24e071e5922899698c2105557bd2\Setup.exe
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe After Effects CS3 Presets --> MsiExec.exe /I{185D0A67-E066-44AE-926D-F6305813301C}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Contribute CS3 --> MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
Adobe Creative Suite 3 Master Collection --> MsiExec.exe /I{7162AC2C-733F-4127-ACAD-C5F0F27D123D}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe InDesign CS3 --> MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Premiere Pro CS3 --> MsiExec.exe /I{A6CDBEB9-2DF5-4455-A647-F3DF0441D5C3}
Adobe Premiere Pro CS3 Functional Content --> MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content --> MsiExec.exe /I{0742B739-DCA3-4A21-AADD-B7CBF49C2058}
Adobe Setup --> MsiExec.exe /I{9BA4F9C5-7CB4-492C-9B97-89E36AFA0AB9}
Adobe Shockwave Player 11 --> C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server --> MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles --> MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AuthenTec Fingerprint Sensor Minimum Install --> MsiExec.exe /X{7F362F06-A9A3-440F-8B19-6A01A72723C4}
Auto Gordian Knot 2.45 --> C:\Program Files\AutoGK\uninst.exe
AutoCAD 2007 - English --> MsiExec.exe /I{5783F2D7-5001-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove /q0
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
C@B Automatic Updates Policy --> "C:\Program Files\C@B\AU_Policy\Uninstall.exe"
Canon Utilities Digital Photo Professional 3.3 --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CinemaForge --> C:\Windows\system32\xmirage.exe c:\program files\CinemaForge\UninstallCF.xmfg
Command & Conquer Red Alert 2 --> C:\Westwood\RA2\Uninstll.EXE
ConvertXtoDVD 2.2.3.258g --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
Counter-Strike: Source --> C:\Program Files\Counter-Strike Source\Uninst.exe
Dell Photo Printer 720 --> C:\Program Files\Dell Photo Printer 720\Install\x86\Uninst.exe
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
ESU for Microsoft Vista --> MsiExec.exe /X{1517A7CB-5F00-4A88-8F06-E89B6DB63784}
Fast AVI MPEG Joiner 1.1.2 --> "C:\Program Files\Fast AVI MPEG Joiner\unins000.exe"
GetDataBack for NTFS --> "C:\Program Files\Runtime Software\GetDataBack for NTFS\Uninstall.exe" "C:\Program Files\Runtime Software\GetDataBack for NTFS\install.log" -u
Google Earth --> MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google Earth Plugin --> MsiExec.exe /I{2798F1E1-544E-11DD-98EB-005056806466}
Google Earth Plugin --> MsiExec.exe /I{BFBC7230-3FBD-11DD-9B49-005056806466}
Google Update --> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GoToAssist 8.0.0.480 --> C:\Program Files\Citrix\GoToAssist\480\G2AUninstaller.exe /uninstall
Hewlett-Packard Active Check for Health Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2 --> "C:\Users\Dmitriy\Desktop\HijackThis.exe" /uninstall
hott notes 4 --> C:\Program Files\Hott Notes 4\uninst.exe
HP Active Support Library --> C:\Program Files\InstallShield Installation Information\{11BB336F-0E58-4977-B866-F24FA334616B}\setup.exe -runfromtemp -l0x0409
HP Active Support Library 32 bit components --> MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Doc Viewer --> MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support --> MsiExec.exe /I{9061CEF2-51F5-42C9-8A70-9ED351C6597A}
HP Quick Launch Buttons 6.20 B1 --> C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP QuickPlay 3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Total Care Advisor --> MsiExec.exe /X{F6B29003-A078-4491-AFBE-62EFB6CFFE19}
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0056 --> MsiExec.exe /I{5AB56552-6938-4686-9F87-DB0ED8D1E06B}
HP Wireless Assistant --> MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
HPNetworkAssistant --> MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
Intel(R) Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
Intel® Matrix Storage Manager --> C:\Windows\system32\imsmudlg.exe -uninstall
iPod for Windows 2006-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
iTunes --> MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 3.7.0 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
LimeWire 4.18.3 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
ManyCam 2.1 (remove only) --> "C:\Program Files\ManyCam 2.1\uninstall.exe"
MATLAB R2007b --> C:\Program Files\MATLAB\R2007b\uninstall\uninstall.exe C:\Program Files\MATLAB\R2007b\
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft Flight Simulator X --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90120000-00A4-0409-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs --> MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Motorola SM56 Data Fax Modem --> rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSCU for Microsoft Vista --> MsiExec.exe /X{3FFB3B34-D639-4384-9AE9-DDE58430D86F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
My HP Games --> "C:\Program Files\HP Games\Uninstall.exe"
Need for Speed - Most Wanted v1.3 ( RE ) --> MsiExec.exe /I{7CD9421E-4FDF-4833-A5F0-1F0FAB476629}
ooVoo --> "C:\Program Files\InstallShield Installation Information\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}\setup.exe" -runfromtemp -l0x0009 -removeonly
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Photodex Presenter --> C:\Program Files\Photodex Presenter\uninst.exe
Photomatix Pro version 3.0 --> "C:\Program Files\PhotomatixPro3\unins000.exe"
Power MP3 Cutter Joiner 1.11 --> "C:\Program Files\Sagasoft\Power MP3 Cutter Joiner\unins000.exe"
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
ProShow Gold --> C:\Program Files\Photodex\ProShowGold\proshow.exe . -u
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RAM Defrag (remove only) --> "C:\Program Files\RAM Def\uninstall.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Registry Finder 1.2 --> "C:\Program Files\AceLogix\Registry Finder\unins000.exe"
Revo Uninstaller 1.71 --> C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Roxio Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive --> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9 --> MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmartDefrag Beta6.00 --> "C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Symantec AntiVirus --> MsiExec.exe /I{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}
Symantec Technical Support Web Controls --> MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft Office Outlook 2007 (KB952142) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Westwood Shared Internet Components --> C:\Westwood\Internet\UnstllAP.EXE
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XviD MPEG4 Video Codec (remove only) --> "C:\Windows\system32\xvid-uninstall.exe"
YPOPs! 0.9.5.3 --> "C:\Program Files\YPOPs\unins000.exe"

-- Application Event Log

Event Record #/Type73456 / Warning
Event Submitted/Written: 08/07/2008 08:52:06 PM
Event ID/Source: 22 / Symantec AntiVirus
Event Description:
Symantec AntiVirus Auto-Protect failed to load.

Event Record #/Type73452 / Success
Event Submitted/Written: 08/07/2008 08:51:57 PM
Event ID/Source: 5617 / WinMgmt
Event Description:

Event Record #/Type73450 / Success
Event Submitted/Written: 08/07/2008 08:51:52 PM
Event ID/Source: 5615 / WinMgmt
Event Description:

Event Record #/Type73445 / Success
Event Submitted/Written: 08/07/2008 08:51:43 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type73430 / Warning
Event Submitted/Written: 08/07/2008 02:00:36 AM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2528530604-3278383238-209517444-1000_Classes:
Process 1104 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2528530604-3278383238-209517444-1000_CLASSES

-- Security Event Log

No Errors/Warnings found.

-- System Event Log

Event Record #/Type227164 / Warning
Event Submitted/Written: 08/07/2008 11:04:15 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Dmitriy-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Dmitriy-PC27 can't undo changes that you allow.

For more information please see the following:
%Dmitriy-PC275

Scan ID: {783BF759-1CB8-4F58-B931-A855CC1340FB}

User: Dmitriy-PC\Dmitriy

Name: %Dmitriy-PC271

ID: %Dmitriy-PC272

Severity ID: %Dmitriy-PC273

Category ID: %Dmitriy-PC274

Path Found: %Dmitriy-PC276

Alert Type: %Dmitriy-PC278

Detection Type: 1.1.1600.02

Event Record #/Type227163 / Warning
Event Submitted/Written: 08/07/2008 11:04:15 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Dmitriy-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Dmitriy-PC27 can't undo changes that you allow.

For more information please see the following:
%Dmitriy-PC275

Scan ID: {90C95733-55AC-49CE-A5FF-4D0A3AD94570}

User: Dmitriy-PC\Dmitriy

Name: %Dmitriy-PC271

ID: %Dmitriy-PC272

Severity ID: %Dmitriy-PC273

Category ID: %Dmitriy-PC274

Path Found: %Dmitriy-PC276

Alert Type: %Dmitriy-PC278

Detection Type: 1.1.1600.02

Event Record #/Type227162 / Warning
Event Submitted/Written: 08/07/2008 11:04:15 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Dmitriy-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Dmitriy-PC27 can't undo changes that you allow.

For more information please see the following:
%Dmitriy-PC275

Scan ID: {5B77B48D-02B0-4DD5-A7B1-33402F641A49}

User: Dmitriy-PC\Dmitriy

Name: %Dmitriy-PC271

ID: %Dmitriy-PC272

Severity ID: %Dmitriy-PC273

Category ID: %Dmitriy-PC274

Path Found: %Dmitriy-PC276

Alert Type: %Dmitriy-PC278

Detection Type: 1.1.1600.02

Event Record #/Type227161 / Warning
Event Submitted/Written: 08/07/2008 11:04:12 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Dmitriy-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Dmitriy-PC27 can't undo changes that you allow.

For more information please see the following:
%Dmitriy-PC275

Scan ID: {2B87069D-9FB7-4CD4-BF51-14029CA3FA8F}

User: Dmitriy-PC\Dmitriy

Name: %Dmitriy-PC271

ID: %Dmitriy-PC272

Severity ID: %Dmitriy-PC273

Category ID: %Dmitriy-PC274

Path Found: %Dmitriy-PC276

Alert Type: %Dmitriy-PC278

Detection Type: 1.1.1600.02

Event Record #/Type227160 / Warning
Event Submitted/Written: 08/07/2008 11:04:12 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Dmitriy-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Dmitriy-PC27 can't undo changes that you allow.

For more information please see the following:
%Dmitriy-PC275

Scan ID: {77ADA74A-049F-4147-9FA4-77007392F9EB}

User: Dmitriy-PC\Dmitriy

Name: %Dmitriy-PC271

ID: %Dmitriy-PC272

Severity ID: %Dmitriy-PC273

Category ID: %Dmitriy-PC274

Path Found: %Dmitriy-PC276

Alert Type: %Dmitriy-PC278

Detection Type: 1.1.1600.02

-- End of Deckard's System Scanner: finished at 2008-08-07 23:06:11

Katana · August 2008

Please note:- Due to the restrictions on Vista, all tools should be started by Right-Click >>> Run As Administrator
Fix With HJT

Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Google Update Helper - {A4CC8907-3EA6-49EE-8B74-D09660120910} - (no file)

O18 - Protocol: bw+0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {B9352824-2BE2-4F97-9AFA-B7AC62935224} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: GoToAssist - C:\Windows\

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal
Copy/paste the the following file path into the window
C:\Users\Dmitriy\Desktop\Adobe Photoshop CS3 Extended Portable Edition\CSDATA\1000000800002i\svchost.exe
Click Submit/Send File
Please post back, to let me know the results.

If Virustotal is too busy please try Jotti

Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan << LINK

Click the Scan Now button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV
When the scan is finished, a report will be generated
Next to Scan Details click the small Save button and save the report to your desktop.
Please post the report in your reply.

Sasha · August 2008

Sasha,

Please do not post in another members thread.
If you require help then follow steps #7 and #8 HERE and then start your own topic.

Katana

dimsh2000 · August 2008

I've removed all of those lines with HJT

Log from VirusTotal Scan:

File has already been analysed:

MD5: b7cac0b6a0daa9f036b00d46c0d28783 First received: 09.06.2007 22:47:40 (CET) Date: 05.25.2008 16:52:28 (CET) [>75D] Results: 4/32 Permalink: analisis/11479e59bba296405b95a9f9da5cf3da
Antivirus Version Last Update Result AhnLab-V3 - - - AntiVir - - - Authentium - - - Avast - - - AVG - - - BitDefender - - - CAT-QuickHeal - - (Suspicious) - DNAScan ClamAV - - - DrWeb - - - eSafe - - - eTrust-Vet - - - Ewido - - - F-Prot - - - F-Secure - - - Fortinet - - - GData - - - Ikarus - - Trojan.Crypt.XPACK Kaspersky - - - McAfee - - - Microsoft - - - NOD32v2 - - - Norman - - - Panda - - - Prevx1 - - Malicious Software Rising - - - Sophos - - - Sunbelt - - - Symantec - - - TheHacker - - - VBA32 - - - VirusBuster - - - Webwasher-Gateway - - Win32.Malware.gen (suspicious) Additional information MD5: b7cac0b6a0daa9f036b00d46c0d28783 SHA1: 8dc8850a49fddc62ea38fa5264e40c4ac56ef5d0 SHA256: 7d253cea0bca7a082a50498d60e0d666e020cc240e404928549872ba4398b9fd SHA512: e0e03e66b94f0f3e9a39cdc620e431f4e9d8e8178e9665ff8138c62b9deafdcd990cca959ad4b5caae8352efae0dae34cd053c5b443f3fbc40bb0a03eea76821
ActiveScan Log:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-09 01:06:02
PROTECTIONS: 2
MALWARE: 21
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Symantec Antivirus Corporate Edition 10.2 No Yes
Windows Defender 1.1.3807.0 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\Low\dmitriy@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\dmitriy@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\dmitriy@doubleclick[3].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\Low\dmitriy@doubleclick[3].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\dmitriy@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\dmitriy@atdmt[3].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\Low\dmitriy@atdmt[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\dmitriy@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\Low\dmitriy@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\Low\dmitriy@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\dmitriy@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\dmitriy@mediaplex[3].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\dmitriy@com[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\dmitriy@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\Low\dmitriy@ad.yieldmanager[3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\Low\dmitriy@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\dmitriy@ad.yieldmanager[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\Low\dmitriy@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\dmitriy@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\Low\dmitriy@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\dmitriy@bs.serving-sys[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\Low\dmitriy@server.iad.liveperson[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\dmitriy@advertising[3].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\Low\dmitriy@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\dmitriy@advertising[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\Low\dmitriy@media.adrevolver[3].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\Low\dmitriy@statse.webtrendslive[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\dmitriy@ads.pointroll[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\Low\dmitriy@realmedia[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\dmitriy@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\Low\dmitriy@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\Low\dmitriy@zedo[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\Low\dmitriy@bluestreak[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\Low\dmitriy@bluestreak[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\Low\dmitriy@adrevolver[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\dmitriy@adrevolver[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\dmitriy@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\Low\dmitriy@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Dmitriy\AppData\Roaming\Microsoft\Windows\Cookies\dmitriy@atwola[2].txt
02235358 Generic Malware Virus/Trojan No 0 Yes No C:\Westwood\RA2\RA2v1006crk.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location k��ʈ�0s5
;===================================================================================================================================================================================
No C:\HP\BIN\EndProcess.exe k��ʈ�0s5
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description k��ʈ�0s5
;===================================================================================================================================================================================
;===================================================================================================================================================================================

I've been having problems with Symantec AntiVirus working, so I've uninstalled it and am trying to install AVG. In the process of not having anything in a couple of days, i think I acquired those tracking cookies. Otherwise, I think the original problem is fixed.

Katana · August 2008

OTMoveIt
Please download OTMoveIt2 by OldTimer and save it to your desktop

Double-click OTMoveIt2.exe to run it.
Copy the lines in the codebox below.

C:\Users\Dmitriy\Desktop\Adobe Photoshop CS3 Extended Portable Edition\CSDATA\1000000800002i\svchost.exe
C:\Westwood\RA2\RA2v1006crk.exe

Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

dimsh2000 · August 2008

C:\Users\Dmitriy\Desktop\Adobe Photoshop CS3 Extended Portable Edition\CSDATA\1000000800002i\svchost.exe moved successfully.
C:\Westwood\RA2\RA2v1006crk.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08092008_020849

Katana · August 2008

Congratulations your logs look clean

Let's see if I can help you keep it that way

First lets tidy up

Please note:- Due to the restrictions on Vista, all tools should be started by Right-Click >>> Run As Administrator
Open OTMoveIt Click Cleanup,
it will now connect to the internet and get a list of files to delete.
When a box pops up click YES.

Delete any logs we have produced and empty your recycle bin

Turn off System Restore.

Click the Vista/Start icon
Right Click Computer
Click Properties.
Click the System Protection tab.
Uncheck All drives
Click "Turn Off System Restore" at the prompt then click "Apply",
Restart your computer

Turn ON System Restore

Click the Vista/Start icon
Right Click Computer
Click Properties.
Click the System Protection tab.
Checkmark All drives that were selected previously
then click "Apply",
Restart your computer

The following is some info to help you stay safe and clean.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

AntiSpyware isnot the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
[*]Spybot - Search & Destroy <<< A must have program

It includes host protection and registry protection
A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites

[*] MalwareBytes Anti-malware <<< A New and effective program
[*]a-squared Free <<< A good "realtime" or "on demand" scanner
[*]superantispyware <<< A good "realtime" or "on demand" scanner

Prevention

Winpatrol
- An excellent startup manager and then some !!
- Notifies you if programs are added to startup
- Allows delayed startup
- A must have addition
SpywareBlaster 4.0
- SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2
- SpywareGuard provides real-time protection against spyware.
- Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut
- Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS
- This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
- For information on how to download and install, please read this tutorial by WinHelp2002.
- Not required if you are using other host file protections

Internet Browsers

Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys. Using a different web browser can help stop malware getting on your machine.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
  - Change the Download signed ActiveX controls to Prompt
  - Change the Download unsigned ActiveX controls to Disable
  - Change the Initialise and script ActiveX controls not marked as safe to Disable
  - Change the Installation of desktop items to Prompt
  - Change the Launching programs and files in an IFRAME to Prompt
  - Change the Navigate sub-frames across different domains to Prompt
  - When all these settings have been made, click on the OK button.
  - If it prompts you as to whether or not you want to save the settings, press the Yes button.
5. Next press the Apply button and then the OK to exit the Internet Properties page.

If you are still using IE6 then either update, or get one of the following.

FireFox
- With many addons available that make customization easy this is a very popular choice
- NoScript and AdBlockPlus addons are essential
Opera
- Another popular alternative
Netscape
- Another popular alternative
- Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

ATF Cleaner
- Free and very simple to use
CCleaner
- Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again

If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

dimsh2000 · August 2008

Thanks for all the help!
Everything works fine now

Katana · August 2008

Glad we could be of assistance! This topic is now closed.

If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own Thread instead

Virus keeps popping up cmd window with MSLTST~1.exe

Comments