Help fast - a trojan found

michgal2kmichgal2k
edited July 2009 in Spyware & Virus Removal
When I bootup the PC - get message about Trojan found and wanting to steal passworks. Then some Personal AntiVirus (I never downloaded) appears. Please HELP - this PC is on a home network.

Here is the HJT logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:05:09 PM, on 6/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\PAV\pav.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
C:\Program Files\CreataCard\Plus\FMRemind.exe
C:\OPLIMIT\ocrawr32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\ESM2\SAgentNT.exe
C:\ESM2\EBRR.EXE
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IntraPort Client\vpn5000service.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F3 - REG:win.ini: load=C:\OPLIMIT\ocraware.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [DwlClient] "C:\Program Files\Common Files\Dell\EUSW\Support.exe"
O4 - HKLM\..\Run: [UpdReg] "C:\WINDOWS\UpdReg.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [eRoom 6] C:\Program Files\eRoom 5\erclient.exe
O4 - HKLM\..\Run: [MimBoot] "C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on FRAN] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P43 "Auto EPSON Stylus Photo R200 Series on FRAN" /O15 "\\FRAN\EPSONSty" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [\\D68LH9B1\EPSON Stylus Photo R200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P41 "\\D68LH9B1\EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on D68LH9B1] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P47 "Auto EPSON Stylus Photo R200 Series on D68LH9B1" /O20 "\\D68LH9B1\EPSONR200" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on UPSTAIRS-DESKTO] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P54 "Auto EPSON Stylus Photo R200 Series on UPSTAIRS-DESKTO" /O27 "\\UPSTAIRS-DESKTO\EPSONR200" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [PAV] C:\Program Files\PAV\pav.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P30 "EPSON Stylus Photo R200 Series" /M "Stylus Photo R200" /EF "HKCU"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [A00F1CEB36A.exe] C:\DOCUME~1\FRANSP~1\LOCALS~1\Temp\_A00F1CEB36A.exe
O4 - HKCU\..\Run: [A00F1CF1D7E.exe] C:\DOCUME~1\FRANSP~1\LOCALS~1\Temp\_A00F1CF1D7E.exe
O4 - Global Startup: CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Plus\FMRemind.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.servicemenutool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: Explorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.servicemenutool.com/redirect.php (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Fran Spraetz\Desktop\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: JavaConnect - http://imlab1.collab.ford.com/sametime/javaconnect/JavaConnect.cab
O16 - DPF: symsupportutil - http://www.symantec.com/techsupp/activedata/symsupportutil.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100350152906
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195159129596
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {8D83D301-E841-11D1-B155-00600823BCF9} (WebLine Browser Integration Classes) - http://live.landsend.com/webline/applets/msie40x.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs2b.instantservice.com/jars/customerxsigned41.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.aerialsexpress.com/ecwplugins/ncs.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A25BE7A9-3102-46B4-BAAE-462471B60ACB} (STConnectivityAgent Control) - https://myvpn.ford.com/sametime/javaconnect/InstallSTConnAgent.cab,DanaInfo=.ainndf6FjwuvlnMt37uRv87,CT=java+
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp2.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://myvpn.ford.com/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {FEDA837C-E930-41A4-855B-5E2B90626855} (DARTGrid.BlendedRatesCtl) - https://myvpn.ford.com/static/cab/DARTGrid.CAB,DanaInfo=.awxyChfx0Hoy2pMq32,CT=java+
O18 - Protocol: bw+0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: __c00B530D - C:\WINDOWS\system32\__c00B530D.dat (file missing)
O20 - Winlogon Notify: __c00DB807 - C:\WINDOWS\system32\__c00DB807.dat (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Epson Printer Status Agent (StatusAgent) - SEIKO EPSON CORPORATION - C:\ESM2\SAgentNT.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: VPN 5000 Service 1.00.00 (VPN5000Service) - Unknown owner - C:\Program Files\IntraPort Client\vpn5000service.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 26541 bytes

Comments

  • michgal2kmichgal2k
    edited June 2009
    Anyone out there? Can someone help me?
  • michgal2kmichgal2k
    edited June 2009
    Here is the HJT logfile

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:05:09 PM, on 6/14/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
    C:\Program Files\PAV\pav.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
    C:\Program Files\CreataCard\Plus\FMRemind.exe
    C:\OPLIMIT\ocrawr32.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\system32\E_S00RP1.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\ESM2\SAgentNT.exe
    C:\ESM2\EBRR.EXE
    C:\WINDOWS\system32\SAgent4.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\IntraPort Client\vpn5000service.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    F3 - REG:win.ini: load=C:\OPLIMIT\ocraware.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [DwlClient] "C:\Program Files\Common Files\Dell\EUSW\Support.exe"
    O4 - HKLM\..\Run: [UpdReg] "C:\WINDOWS\UpdReg.EXE"
    O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
    O4 - HKLM\..\Run: [eRoom 6] C:\Program Files\eRoom 5\erclient.exe
    O4 - HKLM\..\Run: [MimBoot] "C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe"
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on FRAN] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P43 "Auto EPSON Stylus Photo R200 Series on FRAN" /O15 "\\FRAN\EPSONSty" /M "Stylus Photo R200"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [\\D68LH9B1\EPSON Stylus Photo R200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P41 "\\D68LH9B1\EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
    O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on D68LH9B1] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P47 "Auto EPSON Stylus Photo R200 Series on D68LH9B1" /O20 "\\D68LH9B1\EPSONR200" /M "Stylus Photo R200"
    O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on UPSTAIRS-DESKTO] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P54 "Auto EPSON Stylus Photo R200 Series on UPSTAIRS-DESKTO" /O27 "\\UPSTAIRS-DESKTO\EPSONR200" /M "Stylus Photo R200"
    O4 - HKLM\..\Run: [PAV] C:\Program Files\PAV\pav.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON Stylus Photo R200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P30 "EPSON Stylus Photo R200 Series" /M "Stylus Photo R200" /EF "HKCU"
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [A00F1CEB36A.exe] C:\DOCUME~1\FRANSP~1\LOCALS~1\Temp\_A00F1CEB36A.exe
    O4 - HKCU\..\Run: [A00F1CF1D7E.exe] C:\DOCUME~1\FRANSP~1\LOCALS~1\Temp\_A00F1CF1D7E.exe
    O4 - Global Startup: CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Plus\FMRemind.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.servicemenutool.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: Explorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.servicemenutool.com/redirect.php (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Fran Spraetz\Desktop\AIM95\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: JavaConnect - http://imlab1.collab.ford.com/sameti...avaConnect.cab
    O16 - DPF: symsupportutil - http://www.symantec.com/techsupp/act...upportutil.CAB
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccom...ad/tgctlcm.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1100350152906
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.g...tl_0_0_0_1.ocx
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1195159129596
    O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/B...1/axofupld.cab
    O16 - DPF: {8D83D301-E841-11D1-B155-00600823BCF9} (WebLine Browser Integration Classes) - http://live.landsend.com/webline/applets/msie40x.cab
    O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs2b.instantservice.com/jars/...rxsigned41.cab
    O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.aerialsexpress.com/ecwplugins/ncs.cab
    O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/Visit.../TLIEFlash.CAB
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {A25BE7A9-3102-46B4-BAAE-462471B60ACB} (STConnectivityAgent Control) - https://myvpn.ford.com/sametime/java...uRv87,CT=java+
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp2.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://myvpn.ford.com/dana-cached/s...erSetupSP1.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - http://www.symantec.com/techsupp/act...ActiveData.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents...r/imloader.cab
    O16 - DPF: {FEDA837C-E930-41A4-855B-5E2B90626855} (DARTGrid.BlendedRatesCtl) - https://myvpn.ford.com/static/cab/DA...pMq32,CT=java+
    O18 - Protocol: bw+0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: offline-8876480 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O20 - Winlogon Notify: __c00B530D - C:\WINDOWS\system32\__c00B530D.dat (file missing)
    O20 - Winlogon Notify: __c00DB807 - C:\WINDOWS\system32\__c00DB807.dat (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Epson Printer Status Agent (StatusAgent) - SEIKO EPSON CORPORATION - C:\ESM2\SAgentNT.exe
    O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
    O23 - Service: VPN 5000 Service 1.00.00 (VPN5000Service) - Unknown owner - C:\Program Files\IntraPort Client\vpn5000service.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --
    End of file - 26541 bytes
  • KatanaKatana
    edited June 2009
    Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

    If you think you have similar problems, please post a log in the HJT forum and wait for help.
    Hello and welcome to the forums

    My name is Katana and I will be helping you to remove any infection(s) that you may have.

    Please observe these rules while we work:
    1. Please Read All Instructions Carefully
    2. If you don't understand something, stop and ask! Don't keep going on.
    3. Please do not run any other tools or scans whilst I am helping you
    4. Please continue to respond until I give you the "All Clear"
      (Just because you can't see a problem doesn't mean it isn't there)


    If you can do those few things, everything should go smoothly laechel.gif

    Please Note, your security programs may give warnings for some of the tools I will ask you to use.
    Be assured, any links I give are safe

    I apologize for the delay in responding, but as you can probably see the forums are quite busy.
    Unfortunately there are far more people needing help than there are helpers.

    If you still require help please do the following


    Download and Run RSIT
    • Please download Random's System Information Tool by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open:
      • log.txt will be opened maximized.
      • info.txt will be opened minimized.
    • Please post the contents of both log.txt and info.txt.
  • michgal2kmichgal2k
    edited June 2009
    Sorry Katana - Had a death in family I am dealing with. In the meantime - I do have a question. Is it safe to turn PC on and proceed with the download? Last time I turned it on - I got all sorts of warnings and all I did was run the HJT log.
    Wanted to ask before proceeding.
    Thanks - funeral is Thursday so if I do not answer right away PLEASE do no think don;t care or want your help. Thanks for understanding,
  • KatanaKatana
    edited June 2009
    michgal2k wrote:
    1) Had a death in family I am dealing with.
    2) Is it safe to turn PC on and proceed with the download?

    1) My condolences :( Just reply when you are able.
    2) I suspect the warnings are part of the infection, designed to make you buy the rogue program.

    Please do the following when you can.


    Malwarebytes' Anti-Malware

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      • Update Malwarebytes' Anti-Malware
      • and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If requested, please reboot
      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


    Download and Run RSIT
    • Please download Random's System Information Tool by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open:
      • log.txt will be opened maximized.
      • info.txt will be opened minimized.
    • Please post the contents of both log.txt and info.txt.
  • michgal2kmichgal2k
    edited June 2009
    Malwarebytes' Anti-Malware 1.38
    Database version: 2328
    Windows 5.1.2600 Service Pack 3

    6/24/2009 10:29:18 AM
    mbam-log-2009-06-24 (10-29-18).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 196014
    Time elapsed: 1 hour(s), 12 minute(s), 36 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 10
    Registry Values Infected: 7
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 11

    Memory Processes Infected:
    C:\Program Files\PAV\pav.exe (Rogue.PersonalAntiVirus) -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\iexplorr29.clsis (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2e59498d-7e44-4452-9044-0973b080b9e8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{54ed9b49-81d1-4866-95a6-30f01de0047e} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2e59498d-7e44-4452-9044-0973b080b9e8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00b530d (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00db807 (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\webmedia.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Toolbar (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\navigator (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f1ceb36a.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f1cf1d7e.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pav (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\WebMediaViewer (Trojan.Zlob) -> Quarantined and deleted successfully.

    Files Infected:
    c:\documents and settings\Fran Spraetz\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
    c:\documents and settings\Fran Spraetz\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
    c:\documents and settings\Fran Spraetz\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
    c:\documents and settings\Fran Spraetz\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
    c:\documents and settings\fran spraetz\favorites\Run Virus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\start menu\Run Virus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\start menu\Programs\accessories\system tools\Run Virus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\Desktop\Run Virus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\start menu\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\Desktop\Online Spyware Test.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Program Files\PAV\pav.exe (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
  • michgal2kmichgal2k
    edited June 2009
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Fran Spraetz at 2009-06-24 10:35:14
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 37 GB (65%) free of 57 GB
    Total RAM: 511 MB (30% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:35:33 AM, on 6/24/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
    C:\Program Files\CreataCard\Plus\FMRemind.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\OPLIMIT\ocrawr32.exe
    C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\system32\E_S00RP1.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\ESM2\SAgentNT.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\SAgent4.exe
    C:\ESM2\EBRR.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\IntraPort Client\vpn5000service.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Fran Spraetz\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Fran Spraetz.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    F3 - REG:win.ini: load=C:\OPLIMIT\ocraware.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [DwlClient] "C:\Program Files\Common Files\Dell\EUSW\Support.exe"
    O4 - HKLM\..\Run: [UpdReg] "C:\WINDOWS\UpdReg.EXE"
    O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
    O4 - HKLM\..\Run: [eRoom 6] C:\Program Files\eRoom 5\erclient.exe
    O4 - HKLM\..\Run: [MimBoot] "C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe"
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on FRAN] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P43 "Auto EPSON Stylus Photo R200 Series on FRAN" /O15 "\\FRAN\EPSONSty" /M "Stylus Photo R200"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [\\D68LH9B1\EPSON Stylus Photo R200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P41 "\\D68LH9B1\EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
    O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on D68LH9B1] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P47 "Auto EPSON Stylus Photo R200 Series on D68LH9B1" /O20 "\\D68LH9B1\EPSONR200" /M "Stylus Photo R200"
    O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on UPSTAIRS-DESKTO] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P54 "Auto EPSON Stylus Photo R200 Series on UPSTAIRS-DESKTO" /O27 "\\UPSTAIRS-DESKTO\EPSONR200" /M "Stylus Photo R200"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON Stylus Photo R200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P30 "EPSON Stylus Photo R200 Series" /M "Stylus Photo R200" /EF "HKCU"
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
    O4 - Global Startup: CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Plus\FMRemind.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.servicemenutool.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: Explorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.servicemenutool.com/redirect.php (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Fran Spraetz\Desktop\AIM95\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: JavaConnect - http://imlab1.collab.ford.com/sametime/javaconnect/JavaConnect.cab
    O16 - DPF: symsupportutil - http://www.symantec.com/techsupp/activedata/symsupportutil.CAB
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100350152906
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195159129596
    O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
    O16 - DPF: {8D83D301-E841-11D1-B155-00600823BCF9} (WebLine Browser Integration Classes) - http://live.landsend.com/webline/applets/msie40x.cab
    O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs2b.instantservice.com/jars/customerxsigned41.cab
    O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.aerialsexpress.com/ecwplugins/ncs.cab
    O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A25BE7A9-3102-46B4-BAAE-462471B60ACB} (STConnectivityAgent Control) - https://myvpn.ford.com/sametime/javaconnect/InstallSTConnAgent.cab,DanaInfo=.ainndf6FjwuvlnMt37uRv87,CT=java+
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp2.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://myvpn.ford.com/dana-cached/setup/JuniperSetupSP1.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - http://www.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O16 - DPF: {FEDA837C-E930-41A4-855B-5E2B90626855} (DARTGrid.BlendedRatesCtl) - https://myvpn.ford.com/static/cab/DARTGrid.CAB,DanaInfo=.awxyChfx0Hoy2pMq32,CT=java+
    O18 - Protocol: bw+0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: offline-8876480 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Epson Printer Status Agent (StatusAgent) - SEIKO EPSON CORPORATION - C:\ESM2\SAgentNT.exe
    O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
    O23 - Service: VPN 5000 Service 1.00.00 (VPN5000Service) - Unknown owner - C:\Program Files\IntraPort Client\vpn5000service.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --
    End of file - 26247 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\dfrg.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CF0B8EE-6596-11D5-A98E-0003470BB48E}]
    CCHelper Class - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll [2002-02-10 65536]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-06-10 1107224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-16 1004800]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-19 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-19 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - Pa&nicware Pop-Up Stopper Pro - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll [2002-04-01 237568]
    {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-16 1004800]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "DwlClient"=C:\Program Files\Common Files\Dell\EUSW\Support.exe [2003-05-15 245760]
    "UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
    "NvCplDaemon"=NvQTwk,NvCplDaemon initialize []
    "diagent"=C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [2002-04-03 135264]
    "AdaptecDirectCD"=C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe [2003-06-08 684032]
    "RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2002-10-24 26112]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2004-10-13 278528]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2004-11-14 98304]
    "EPSON Stylus Photo R200 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE [2003-07-08 99840]
    "eRoom 6"=C:\Program Files\eRoom 5\erclient.exe []
    "MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe [2006-01-19 11776]
    "MMTray"=C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [2006-01-19 110592]
    "Auto EPSON Stylus Photo R200 Series on FRAN"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE [2003-07-08 99840]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-19 148888]
    "\\D68LH9B1\EPSON Stylus Photo R200 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE [2003-07-08 99840]
    "Auto EPSON Stylus Photo R200 Series on D68LH9B1"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE [2003-07-08 99840]
    "Auto EPSON Stylus Photo R200 Series on UPSTAIRS-DESKTO"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE [2003-07-08 99840]
    "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-10 1948440]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "EPSON Stylus Photo R200 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE [2003-07-08 99840]
    "Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe []
    "PhotoShow Deluxe Media Manager"=C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe [2005-05-09 192512]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk - C:\Program Files\CreataCard\Plus\FMRemind.exe
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
    Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
    C:\WINDOWS\system32\avgrsstx.dll [2009-06-10 11952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{076394AD-7FDD-44EF-A075-32C68DBAB99B}"= []

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "notification packages"=
    scecli
    scecli

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WDFNet]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    ""=
    "NoDriveTypeAutoRun"=
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
    "C:\Program Files\XoloX\XoloxEXE.exe"="C:\Program Files\XoloX\XoloxEXE.exe:*:Enabled:Xolox"
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:Connection Manager"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
    "C:\Program Files\AIM95\aim.exe"="C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
    "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
    "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
    "C:\Program Files\Neoteris\Secure Application Manager\dsSamProxy.exe"="C:\Program Files\Neoteris\Secure Application Manager\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy"
    "C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
    "C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
    "C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe"="C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe:*:Disabled:Secure Application Manager Proxy"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
    "C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "C:\Program Files\AIM95\aim.exe"="C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    shell\AutoRun\command - F:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41c87fb7-5904-11de-a3a6-00038a000015}]
    shell\AutoRun\command - F:\LaunchU3.exe


    ======List of files/folders created in the last 1 months======

    2009-06-24 10:35:14 ----D---- C:\rsit
    2009-06-24 09:11:30 ----D---- C:\Documents and Settings\Fran Spraetz\Application Data\Malwarebytes
    2009-06-24 09:11:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-06-24 09:11:18 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-06-14 13:07:41 ----D---- C:\Documents and Settings\Fran Spraetz\Application Data\U3
    2009-06-10 22:46:41 ----HD---- C:\$AVG8.VAULT$
    2009-06-10 22:17:50 ----A---- C:\WINDOWS\system32\avgrsstx.dll
    2009-06-10 22:17:17 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    2009-06-10 22:16:44 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
    2009-06-10 18:06:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
    2009-06-10 18:06:40 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
    2009-06-10 18:02:52 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
    2009-06-10 18:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
    2009-06-08 19:31:38 ----D---- C:\Program Files\Common Files\Uninstall
    2009-06-08 19:31:02 ----D---- C:\Program Files\PAV
    2009-06-01 21:03:56 ----D---- C:\WINDOWS\ie8updates
    2009-06-01 20:58:39 ----A---- C:\WINDOWS\system32\ieencode.dll

    ======List of files/folders modified in the last 1 months======

    2009-06-24 10:35:10 ----D---- C:\WINDOWS\Prefetch
    2009-06-24 10:33:09 ----D---- C:\WINDOWS\Temp
    2009-06-24 10:32:56 ----A---- C:\wialog.txt
    2009-06-24 10:31:15 ----D---- C:\WINDOWS\system32\DRIVERS
    2009-06-24 10:31:15 ----D---- C:\WINDOWS
    2009-06-24 10:30:45 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-06-24 10:30:10 ----A---- C:\WINDOWS\OPLIMIT.INI
    2009-06-24 10:29:18 ----AD---- C:\Program Files
    2009-06-24 09:08:29 ----D---- C:\WINDOWS\SYSTEM32
    2009-06-24 09:08:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-06-22 20:37:14 ----A---- C:\WINDOWS\winzip32.ini
    2009-06-22 20:37:14 ----A---- C:\WINDOWS\WIN.INI
    2009-06-22 20:04:56 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-06-14 13:07:21 ----HD---- C:\WINDOWS\INF
    2009-06-10 22:16:33 ----SHD---- C:\WINDOWS\Installer
    2009-06-10 18:06:57 ----RSHDC---- C:\WINDOWS\system32\DLLCACHE
    2009-06-10 18:06:48 ----A---- C:\WINDOWS\imsins.BAK
    2009-06-10 18:06:30 ----HD---- C:\WINDOWS\$hf_mig$
    2009-06-10 18:02:21 ----D---- C:\WINDOWS\system32\en-US
    2009-06-10 18:02:20 ----D---- C:\Program Files\Internet Explorer
    2009-06-10 18:02:02 ----D---- C:\WINDOWS\ie7updates
    2009-06-08 19:31:38 ----AD---- C:\Program Files\Common Files
    2009-06-07 20:58:21 ----D---- C:\WINDOWS\Media
    2009-06-07 20:58:21 ----D---- C:\WINDOWS\Help
    2009-06-01 12:51:12 ----A---- C:\WINDOWS\system32\MRT.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-06-10 327688]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-10 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-10 108552]
    R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2003-06-08 62288]
    R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2003-06-08 23436]
    R1 cdudf_XP;cdudf_XP; C:\WINDOWS\system32\drivers\cdudf_XP.sys [2008-11-18 241280]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 pwd_2K;pwd_2K; C:\WINDOWS\system32\drivers\pwd_2K.sys [2003-06-08 144250]
    R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
    R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2008-11-18 206464]
    R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
    R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2002-10-24 8552]
    R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\System32\drivers\CdaC15BA.SYS []
    R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-23 289887]
    R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-23 115807]
    R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-23 391199]
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2001-10-22 9855]
    R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
    R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-23 199711]
    R2 SpeakerPhone;SpeakerPhone; C:\WINDOWS\System32\DRIVERS\HSF_SPKP.sys [2001-08-23 73279]
    R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
    R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-23 50751]
    R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-23 488383]
    R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-04-30 139776]
    R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2002-06-30 1172416]
    R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2002-06-30 167155]
    R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-06-08 30662]
    R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-04-17 927133]
    R3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2002-08-30 1293440]
    R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-01-03 9856]
    R3 Step;Cisco Systems VPN Adapter; C:\WINDOWS\System32\DRIVERS\step.sys [2001-11-28 75888]
    R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2001-09-27 28396]
    R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2002-06-30 594832]
    S1 AEC671X;AEC671X; C:\WINDOWS\System32\drivers\AEC671X.SYS [1998-05-05 12128]
    S1 DMX3191;DMX3191; C:\WINDOWS\System32\drivers\DMX3191.SYS [1999-02-23 17700]
    S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
    S2 PV8630;PV8630 WDM Device Driver; C:\WINDOWS\System32\PV8630.sys [2000-07-05 17284]
    S2 UDNT;UDNT; C:\WINDOWS\system32\drivers\UDNT.sys [1998-09-18 76260]
    S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-23 67167]
    S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
    S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-06-08 25930]
    S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys []
    S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-23 542879]
    S3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\System32\drivers\NMSCFG.SYS []
    S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
    S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-23 57471]
    S3 SDTHOOK;SDTHOOK; C:\WINDOWS\System32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]
    S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []
    S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [2004-08-04 31744]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
    S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
    S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
    S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-23 13952]
    S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
    S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
    S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-02-23 100032]
    R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-10 298776]
    R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\System32\drivers\CDAC11BA.EXE [2003-02-22 52736]
    R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
    R2 EPSON_PM_RPCV2_01;EPSON V3 Service2(03); C:\WINDOWS\system32\E_S00RP1.EXE [2004-02-19 65536]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-19 152984]
    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
    R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2002-04-17 61440]
    R2 StatusAgent;Epson Printer Status Agent; C:\ESM2\SAgentNT.exe [1999-09-17 213504]
    R2 StatusAgent4;Epson Printer Status Agent4; C:\WINDOWS\system32\SAgent4.exe [2004-04-30 122880]
    R2 VPN5000Service;VPN 5000 Service 1.00.00; C:\Program Files\IntraPort Client\vpn5000service.exe [2001-11-28 205784]
    R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2001-11-26 65536]
    R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
    R3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-10-13 327680]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-03-14 69632]
    S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632]
    S3 NMSSvc;Intel(R) NMS; C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 1118208]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    EOF
  • michgal2kmichgal2k
    edited June 2009
    info.txt logfile of random's system information tool 1.06 2009-06-24 10:35:37

    ======Uninstall list======

    -->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /R
    -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
    Adobe ActiveShare 1.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchiSetup -ether"C:\Program Files\InstallShield Installation Information\{B3C7CA81-27EB-11D4-A59C-00E02C071F5C}" UNINSTALL
    Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
    Adobe Photoshop Elements 2.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
    Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
    Advanced Drawing-->C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\BRODER~1\ADVANC~1\DeIsL1.isu"
    America Online-->C:\Program Files\Common Files\aolshare\Aolunins_us.exe
    AOL Coach Version 1.0(Build:20011028.1)-->C:\WINDOWS\AolCInUn.exe
    AOL Instant Messenger-->C:\Program Files\AIM95\uninstll.exe -LOG= C:\Program Files\AIM95\install.log -OEM=
    Applian PicturePerfect-->C:\WINDOWS\iun506.exe C:\Program Files\Applian\Classic_Games\irunin.ini
    AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Classic PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
    ClickArt® 10,000 Image Pack-->C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\BRODER~1\CLICKA~1\DeIsL1.isu"
    ClickArt® Gallery-->C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\BRODER~1\CLICKA~2\DeIsL1.isu"
    Comcast PhotoShow Deluxe 4-->"C:\Program Files\Comcast\Comcast PhotoShow 4\data\Xtras\Uninstall.exe"
    Conexant HSF V92 56K RTAD Speakerphone PCI Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0\HXFSETUP.EXE -U -IVEN_14F1&DEV_2016&SUBSYS_021913E0
    coverXP (remove only)-->"C:\Program Files\coverXP\cxp-uninst.exe"
    CreataCard Plus 3-->C:\WINDOWS\uninst.exe -f"C:\Program Files\CreataCard\Plus\DeIsL1.isu"
    Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
    Dell Picture Studio - Dell Image Expert-->MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
    Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
    Dell Support-->MsiExec.exe /X{43FCA273-9534-40DB-B7C5-D7758875616A}
    Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
    DP Editor Ver.1.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\DP Editor\Uninst.isu"
    DrawPlus 3.0-->C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\BRODER~1\DrawPlus\DeIsL1.isu"
    DriverGuide Toolkit-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEA5EF64-B694-4B79-9A2C-0FF738906A1D}\setup.exe"
    Easy CD Creator 5 Platinum-->MsiExec.exe /I{8851E12C-0EF9-11D4-A788-009027ABA5D0}
    eCleaner 2.01-->C:\PROGRA~1\eCleaner\UNWISE.EXE C:\PROGRA~1\eCleaner\INSTALL.LOG
    EPSON PhotoCenter -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76E927F-E292-434B-9661-3858F5D7BF63}\setup.exe" -l0x9 anything
    EPSON Print CD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\setup.exe" -l0x9 -SYSTEM
    EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    EPSON SP R200 Reference Guide-->C:\Program Files\epson\guide\spr200_e\uninstall.exe
    EPSON Status Monitor 2-->C:\ESM2\STMSetup.exe /UNINSTALL
    Family Lawyer 8.0-->C:\PROGRA~1\PARSON~1\FAMILY~1.0\UNQFL80.EXE
    Film Factory-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON Software\Film Factory\Uninst.isu"
    FinePixViewer Ver.2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Image Web Server IE Plugins 1,7,0,424-->C:\PROGRA~1\EARTHR~1\IMAGEW~1\Client\CABInst.exe -u
    iMesh 6-->C:\PROGRA~1\IMESHA~1\iMesh6\UNWISE.EXE C:\PROGRA~1\IMESHA~1\iMesh6\INSTALL.LOG
    IMZ-->regsvr32 /s /u C:\WINDOWS\System32\wiestcrxedr.dll
    Intel(R) PRO Ethernet Adapter and Software-->Prounstl.exe
    Intel(R) PROSet II-->MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4}
    InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
    Internet Explorer Security Plugin 2006-->"C:\Program Files\Video Access ActiveX Object\iesuninst.exe"
    Internet Security Add-On-->"C:\Program Files\Video Access ActiveX Object\isunst.exe"
    ItsDeductible Express-->MsiExec.exe /X{36495C59-089C-49D1-BD15-9E5BD86DC9A1}
    ItsDeductible-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ItsDeductible\DeIsL2.isu" -cC:\PROGRA~1\ITSDED~1\_ISREG32.DLL
    iTunes-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
    J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
    J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
    J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
    J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
    Java 2 Runtime Environment, SE v1.4.1_03-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4B03AEB-33D3-11D7-9D37-00010240CE95}\setup.exe" Anytext
    Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
    Java 2 Runtime Environment, SE v1.4.2_06-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
    Java Web Start-->"C:\Program Files\Java Web Start\uninst-javaws.exe"
    Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    jv16 PowerTools 1.3-->"C:\Program Files\jv16 PowerTools\unins000.exe"
    Kaspersky Online Scanner-->C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    Legal Search-->C:\PROGRA~1\PARSON~1\LEGALS~1\UNWISE.EXE C:\PROGRA~1\PARSON~1\LEGALS~1\INSTALL.LOG
    Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
    LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
    Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
    Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office XP Professional-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
    Microsoft Picture It! Express 7.0-->MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE130}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
    Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
    Microsoft Works 2002 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe D:\
    Microsoft Works 6.0-->MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
    Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
    Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
    MP3 CD Converter 4.00-->"C:\Program Files\MP3 CD Converter\unins000.exe"
    MP3 WAV Converter 2.65-->C:\PROGRA~1\MP3WAV~1\UNWISE.EXE C:\PROGRA~1\MP3WAV~1\INSTALL.LOG
    MP3 WAV Converter-->C:\PROGRA~1\MP3WAV~1\UNWISE.EXE C:\PROGRA~1\MP3WAV~1\INSTALL.LOG
    MSN Messenger 7.5-->MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
    MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
    Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
    NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvdd.inf
    Ofoto Easy Upload ActiveX Control-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\Downloaded Program Files\axofupld.inf, Uninstall
    OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
    P.I.M. II Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{735D7AC9-BC7B-4491-9D06-7F4642849E7C}\setup.exe" -l0x9 anything
    Paint Shop Pro 7-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
    Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
    Panicware Pop-Up Stopper Pro-->C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG
    Photo Finale-->"C:\Program Files\Photo Finale\PhotoFinale.exe" -uninstall
    Photo Organizer-->C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\BRODER~1\PHOTOO~1.8\DeIsL1.isu"
    Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
    PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
    QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
    RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
    Remedy 4.0.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41F3347E-846B-4F54-BEB3-7363C42A4882}\Setup.exe" -l0x9 -Remove
    SafeCast Shared Components-->C:\WINDOWS\CDAC13BA.EXE /uninstall
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
    Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
    Shockwave-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
    Shutterfly Express-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{787E4F18-C7FF-4BA5-9637-66F95C7445CF}\Setup.exe"
    Snood-->C:\Program Files\Microsoft ActiveSync\Snood\Uninstall.exe Snood
    Sound Blaster Live!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}\setup.exe" -l0x9
    SyncExpress 2002 (Remove only)-->C:\PROGRA~1\MI3AA1~1\SYNCEX~1\uninst.exe C:\WINDOWS\INF\oesy2002.inf
    The Plain-Language Law Dictionary-->C:\PROGRA~1\PARSON~1\THEPLA~1\UNWISE.EXE C:\PROGRA~1\PARSON~1\THEPLA~1\INSTALL.LOG
    TurboTax Deluxe 2004-->C:\Program Files\TurboTax\Deluxe 2004\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2004\Uninstall.log" -NoGui
    TurboTax Deluxe 2005-->C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
    TurboTax ItsDeductible 2004-->MsiExec.exe /X{B82919F6-31AA-43B3-B566-5DE35D69069A}
    TurboTax ItsDeductible 2005-->MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
    UnderCoverXP 1.10-->"C:\Program Files\UnderCoverXP\unins000.exe"
    Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    VPN 5000 Client-->C:\Program Files\IntraPort Client\UninstallNT.EXE C:\Program Files\IntraPort Client\INSTALL.LOG
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Application Compatibility Update[Q319580]-->C:\WINDOWS\$NtUninstallQ319580$\spuninst\spuninst.exe
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
    WinRescue XP-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\WNRSQXPZ.INF, DefaultUninstall.ntx86
    WinZip-->C:\Program Files\WinZip\WINZIP32.EXE /uninstall

    =====HijackThis Backups=====

    O16 - DPF: {0DD4833D-DFFA-11D3-94D7-0050DAC353B6} (DndCtrl Class) - http://www.ofoto.com/OfotoDND.cab [2007-12-26]
    O2 - BHO: sxgaqlwspcsjhpwkybyk - {eddfa927-0ef6-463a-b94d-b972f901aede} - C:\DOCUME~1\FRANSP~1\APPLIC~1\ufrlvstdr.dll (disabled by BHODemon) [2007-12-26]
    O2 - BHO: IExplorr29.clsIS - {54ED9B49-81D1-4866-95A6-30F01DE0047E} - c:\windows\iexplorr29.dll (disabled by BHODemon) [2007-12-26]
    O16 - DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} (Gif89 Class) - http://www.americanoakresort.com/xplug.ocx [2007-12-26]
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/cpbrkpie.cab [2007-12-26]
    O16 - DPF: {C7932801-AF0C-11D6-8137-0050DA5F0293} - http://www.grokster.com/rdx/RdxIE.cab [2007-12-26]

    ======Hosts File======

    127.0.0.1 localhost

    ======Security center information======

    AV: AVG Anti-Virus Free

    ======System event log======

    Computer Name: BASEMENT
    Event Code: 7000
    Message: The UDNT service failed to start due to the following error:
    The system cannot find the device specified.


    Record Number: 51580
    Source Name: Service Control Manager
    Time Written: 20090130181129.000000-300
    Event Type: error
    User:

    Computer Name: BASEMENT
    Event Code: 2511
    Message: The server service was unable to recreate the share MouseWare because the directory C:\Documents and Settings\All Users\Start Menu\Programs\Logitech\MouseWare no longer exists. Please run "net share MouseWare /delete" to delete the share, or recreate the directory C:\Documents and Settings\All Users\Start Menu\Programs\Logitech\MouseWare.

    Record Number: 51579
    Source Name: Server
    Time Written: 20090130181053.000000-300
    Event Type: warning
    User:

    Computer Name: BASEMENT
    Event Code: 2511
    Message: The server service was unable to recreate the share Webroot because the directory C:\Program Files\Webroot no longer exists. Please run "net share Webroot /delete" to delete the share, or recreate the directory C:\Program Files\Webroot.

    Record Number: 51578
    Source Name: Server
    Time Written: 20090130181053.000000-300
    Event Type: warning
    User:

    Computer Name: BASEMENT
    Event Code: 36
    Message: The time service has not been able to synchronize the system time
    for 49152 seconds because none of the time providers has been able to
    provide a usable time stamp. The system clock is unsynchronized.

    Record Number: 51564
    Source Name: W32Time
    Time Written: 20090129014237.000000-300
    Event Type: warning
    User:

    Computer Name: BASEMENT
    Event Code: 8021
    Message: The browser was unable to retrieve a list of servers from the browser master \\FRAN-LAPTOP on the network \Device\NetBT_Tcpip_{FC7517D6-EF1A-40DE-BA56-B4FFD74646C5}.
    The data is the error code.

    Record Number: 51557
    Source Name: BROWSER
    Time Written: 20090128185246.000000-300
    Event Type: warning
    User:

    =====Application event log=====

    Computer Name: BASEMENT
    Event Code: 1517
    Message: Windows saved user BASEMENT\Fran Spraetz registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Record Number: 22759
    Source Name: Userenv
    Time Written: 20081125142938.000000-300
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: BASEMENT
    Event Code: 1517
    Message: Windows saved user BASEMENT\Fran Spraetz registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Record Number: 22691
    Source Name: Userenv
    Time Written: 20081119230151.000000-300
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: BASEMENT
    Event Code: 1015
    Message: Failed to connect to server. Error: 0x800401F0

    Record Number: 22629
    Source Name: MsiInstaller
    Time Written: 20081118213111.000000-300
    Event Type: warning
    User: BASEMENT\Fran Spraetz

    Computer Name: BASEMENT
    Event Code: 101
    Message: Information Level: error

    Internet connection not detected.

    Record Number: 22424
    Source Name: Automatic LiveUpdate Scheduler
    Time Written: 20081111144653.000000-300
    Event Type: error
    User: NT AUTHORITY\SYSTEM

    Computer Name: BASEMENT
    Event Code: 1517
    Message: Windows saved user BASEMENT\Fran Spraetz registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Record Number: 22104
    Source Name: Userenv
    Time Written: 20081024230418.000000-240
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Common Files\Adaptec Shared\System
    "windir"=%SystemRoot%
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
    "PROCESSOR_REVISION"=0207
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "FP_NO_HOST_CHECK"=NO
    EOF
  • michgal2kmichgal2k
    edited June 2009
    Sorry Katana - had to do separate posts for each log - kept getting error message regarding length.
  • KatanaKatana
    edited June 2009
    Step 1

    Fix With HJT

    Close all other windows and then start HiJack This
    Click Do A System Scan Only
    When it has finished scanning put a check next to the following lines IF still present
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

    O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.servicemenutool.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: Explorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.servicemenutool.com/redirect.php (file missing)
    You can remove all O18 Logitech lines eg.
    O18 - Protocol: bw+0 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {79CE3B44-6B4E-43E5-AA18-DDB2731B5292} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    - Close ALL open windows (especially Internet Explorer!)-
    Now click Fix checked
    Click yes to any prompts
    Close HijackThis


    Step 2

    Please Download GMER to your desktop

    Download GMER and extract it to your desktop.

    ***Please close any open programs ***

    Double-click gmer.exe. The program will begin to run.

    **Caution**
    These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

    If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
    • Click Yes.
    • Once the scan is complete, you may receive another notice about rootkit activity.
    • Click OK.
    • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

    If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
    • Click the Scan button and let the program do its work. GMER will produce a log.
    • Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.


    DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

    Please post the results from the GMER scan in your reply.


    Step 3

    Kaspersky Online Scanner .
    Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
    NOTE:- This scan is best done from IE (Internet Explorer)
    NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
    Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

    Read the Requirements and limitations before you click Accept.
    Once the database has downloaded, click My Computer in the left pane
    Now go and put the kettle on !
    When the scan has completed, click Save Report As...
    Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


    **Note**

    To optimize scanning time and produce a more sensible report for review:
    • Close any open programs.
    • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

    Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


    Logs/Information to Post in Reply
    Please post the following logs/Information in your reply
    • GMER Log
    • Kaspersky Log
    • How are things running now ?




    Additional Notes


    Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

    Adobe Reader is a large program and uses unnecessary space.
    If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

    There is a newer version of Adobe Acrobat Reader available.
    • Please go to this link Adobe Acrobat Reader Download Link
    • Click Download
    • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
    • Click the Continue button
    • Click Run, and click Run again
    • Next click the Install Now button and follow the on screen prompts



    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

    Please download Java SE Runtime Environment (JRE) . ( don't install it yet )
    • Scroll down to where it says "Java SE Runtime Environment (JRE)".
    • Click the "Download" button to the right.
      • Platform = Windows
      • Language = Multi Language
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.


    Now download JavaRa and unzip it to your desktop.

    ***Please close any instances of Internet Explorer (or other web browser) before continuing!***

    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.


    Now install the Java SE Runtime Environment (JRE) package you downloaded
    (it comes with a toolbar pre-selected, so make sure you uncheck the box)

    You can delete JavaRa (zip and exe)

    Remove Programs

    Older versions of some programs have vulnerabilities that malware can use to infect your system.

    Now click Start---Control Panel. Double click Add or Remove Programs (XP) / Programs and Features (Vista) . If any of the following programs are still listed there,
    click on the program to highlight it, and click on remove.
    • Adobe Reader 7.1.0

      J2SE Runtime Environment 5.0 Update 10
      J2SE Runtime Environment 5.0 Update 11
      J2SE Runtime Environment 5.0 Update 8
      J2SE Runtime Environment 5.0 Update 9
      Java 2 Runtime Environment, SE v1.4.1_03
      Java 2 Runtime Environment, SE v1.4.2_05
      Java 2 Runtime Environment, SE v1.4.2_06
      Java(TM) 6 Update 13
      Java(TM) 6 Update 3
      Java(TM) 6 Update 5
      Java(TM) 6 Update 7
      Java(TM) SE Runtime Environment 6 Update 1
    Now close the Control Panel.
  • michgal2kmichgal2k
    edited June 2009
    GMER 1.0.15.14972 - http://www.gmer.net
    Rootkit scan 2009-06-26 15:09:37
    Windows 5.1.2600 Service Pack 3


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \FileSystem\Fastfat \Fat F08F2D20
    Device \FileSystem\Fastfat \Fat F0902428

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Services - GMER 1.0.15 ----

    Service C:\Documents and Settings\Fran Spraetz\Desktop\5B5C27ECC275ADB8\5B5C27ECC275ADB8 (*** hidden *** ) [AUTO] 5B5C27ECC275ADB8 <-- ROOTKIT !!!

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\5B5C27ECC275ADB8@Type 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\5B5C27ECC275ADB8@Start 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\5B5C27ECC275ADB8@ErrorControl 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\5B5C27ECC275ADB8@ImagePath \??\C:\Documents and Settings\Fran Spraetz\Desktop\5B5C27ECC275ADB8\5B5C27ECC275ADB8
    Reg HKLM\SYSTEM\CurrentControlSet\Services\5B5C27ECC275ADB8\Security
    Reg HKLM\SYSTEM\CurrentControlSet\Services\5B5C27ECC275ADB8\Security@Security 0x01 0x00 0x14 0x80 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\5B5C27ECC275ADB8@Type 1
    Reg HKLM\SYSTEM\ControlSet002\Services\5B5C27ECC275ADB8@Start 2
    Reg HKLM\SYSTEM\ControlSet002\Services\5B5C27ECC275ADB8@ErrorControl 0
    Reg HKLM\SYSTEM\ControlSet002\Services\5B5C27ECC275ADB8@ImagePath \??\C:\Documents and Settings\Fran Spraetz\Desktop\5B5C27ECC275ADB8\5B5C27ECC275ADB8
    Reg HKLM\SYSTEM\ControlSet002\Services\5B5C27ECC275ADB8\Security
    Reg HKLM\SYSTEM\ControlSet002\Services\5B5C27ECC275ADB8\Security@Security 0x01 0x00 0x14 0x80 ...

    ---- EOF - GMER 1.0.15 ----
    KASPERSKY ONLINE SCANNER 7.0 REPORT
    Saturday, June 27, 2009
    Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Program database last update: Friday, June 26, 2009 18:45:29
    Records in database: 2392289

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    A:\
    C:\
    D:\
    E:\

    Scan statistics:
    Files scanned: 97208
    Threat name: 0
    Infected objects: 0
    Suspicious objects: 0
    Duration of the scan: 03:44:11

    No malware has been detected. The scan area is clean.

    The selected area was scanned.

    As to how it running - haven't used it until I was told it was OK. Being on a network I have been afraid to infect the others. Also I have not done the other changes and updates YET - I will once I get the green light.
  • KatanaKatana
    edited June 2009
    Download and Run ComboFix (by sUBs)
    Please visit this webpage for instructions for downloading and running ComboFix:

    Bleeping Computer ComboFix Tutorial

    • You must download it to and run it from your Desktop
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply
    • Re-enable all the programs that were disabled during the running of ComboFix..



    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
    This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper
  • michgal2kmichgal2k
    edited June 2009
    ComboFix 09-06-26.02 - Fran Spraetz 06/27/2009 14:16.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.254 [GMT -4:00]
    Running from: c:\documents and settings\Fran Spraetz\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\PAV
    c:\windows\Readme.txt
    c:\windows\system\oeminfo.ini
    c:\windows\system32\_006972_.tmp.dll
    c:\windows\system32\_006973_.tmp.dll
    c:\windows\system32\_006974_.tmp.dll
    c:\windows\system32\_006975_.tmp.dll
    c:\windows\system32\_006982_.tmp.dll
    c:\windows\system32\_006983_.tmp.dll
    c:\windows\system32\_006984_.tmp.dll
    c:\windows\system32\_006985_.tmp.dll
    c:\windows\system32\_006987_.tmp.dll
    c:\windows\system32\_006988_.tmp.dll
    c:\windows\system32\_006991_.tmp.dll
    c:\windows\system32\_006992_.tmp.dll
    c:\windows\system32\_006994_.tmp.dll
    c:\windows\system32\_006995_.tmp.dll
    c:\windows\system32\_006996_.tmp.dll
    c:\windows\system32\_006998_.tmp.dll
    c:\windows\system32\_007001_.tmp.dll
    c:\windows\system32\_007002_.tmp.dll
    c:\windows\system32\_007004_.tmp.dll
    c:\windows\system32\_007006_.tmp.dll
    c:\windows\system32\_007007_.tmp.dll
    c:\windows\system32\_007009_.tmp.dll
    c:\windows\system32\_007012_.tmp.dll
    c:\windows\system32\_007014_.tmp.dll
    c:\windows\system32\_007015_.tmp.dll
    c:\windows\system32\_007016_.tmp.dll
    c:\windows\system32\_007017_.tmp.dll
    c:\windows\system32\_007018_.tmp.dll
    c:\windows\system32\_007021_.tmp.dll
    c:\windows\system32\_007022_.tmp.dll
    c:\windows\system32\_007023_.tmp.dll
    c:\windows\system32\_007024_.tmp.dll
    c:\windows\system32\_007025_.tmp.dll
    c:\windows\system32\_007030_.tmp.dll
    c:\windows\system32\_007032_.tmp.dll
    c:\windows\system32\_007033_.tmp.dll
    c:\windows\system32\Cache
    c:\windows\system32\tmp.reg
    C:\xcrashdump.dat

    .
    ((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-06-27 )))))))))))))))))))))))))))))))
    .

    2009-06-26 15:47 . 2009-06-11 02:17 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
    2009-06-26 15:47 . 2009-06-11 02:17 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
    2009-06-26 15:47 . 2009-06-11 02:16 1261344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwd.dll
    2009-06-26 15:47 . 2009-06-11 02:16 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
    2009-06-26 15:47 . 2009-06-11 02:16 352024 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
    2009-06-26 15:47 . 2009-06-11 02:17 27784 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmfx86.sys
    2009-06-26 15:45 . 2009-06-11 02:16 1452312 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
    2009-06-24 14:35 . 2009-06-24 14:35
    d
    w- C:\rsit
    2009-06-24 13:11 . 2009-06-24 13:11
    d
    w- c:\documents and settings\Fran Spraetz\Application Data\Malwarebytes
    2009-06-24 13:11 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-06-24 13:11 . 2009-06-24 13:11
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2009-06-24 13:11 . 2009-06-24 13:11
    d
    w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-06-24 13:11 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-06-14 17:08 . 2005-06-06 14:29 110592 ----a-w- c:\documents and settings\Fran Spraetz\Application Data\U3\temp\cleanup.exe
    2009-06-14 17:07 . 2009-06-14 17:08
    d
    w- c:\documents and settings\Fran Spraetz\Application Data\U3
    2009-06-11 02:46 . 2009-06-27 04:18
    d--h--w- C:\$AVG8.VAULT$
    2009-06-11 02:22 . 2009-06-02 17:37 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
    2009-06-11 02:17 . 2009-06-11 02:17 11952 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-06-11 02:17 . 2009-06-11 02:17 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-06-11 02:17 . 2009-06-11 02:17 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-06-11 02:17 . 2009-06-26 15:46 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-06-11 02:17 . 2009-06-27 13:51
    d
    w- c:\windows\system32\drivers\Avg
    2009-06-11 02:17 . 2009-06-11 02:17
    d
    w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
    2009-06-11 02:16 . 2009-06-11 02:16
    d
    w- c:\documents and settings\All Users\Application Data\avg8
    2009-06-08 23:31 . 2009-06-08 23:31
    d
    w- c:\program files\Common Files\Uninstall
    2009-06-04 01:25 . 2009-06-04 01:25
    d-sh--w- c:\documents and settings\Fran Spraetz\PrivacIE
    2009-06-03 00:23 . 2009-06-03 00:23
    d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2009-06-03 00:18 . 2009-06-03 00:18
    d-sh--w- c:\documents and settings\Fran Spraetz\IETldCache
    2009-06-02 01:03 . 2009-06-08 00:57
    d
    w- c:\windows\ie8updates
    2009-06-02 01:02 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2009-06-02 00:58 . 2009-04-29 04:55 78336 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
    2009-06-02 00:58 . 2009-04-29 04:55 78336 ----a-w- c:\windows\system32\ieencode.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-07 15:32 . 2008-08-10 19:00 345600 ----a-w- c:\windows\system32\localspl.dll
    2009-04-29 04:56 . 2004-02-06 22:05 827392 ----a-w- c:\windows\system32\wininet.dll
    2009-04-19 23:24 . 2009-04-19 23:25 410984 ----a-w- c:\windows\system32\deploytk.dll
    2009-04-19 23:23 . 2009-04-19 23:23 152576 ----a-w- c:\documents and settings\Fran Spraetz\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
    2009-04-17 12:26 . 2008-08-10 19:00 1847168 ----a-w- c:\windows\system32\win32k.sys
    2009-04-15 14:51 . 2004-05-14 00:58 585216 ----a-w- c:\windows\system32\rpcrt4.dll
    2009-04-04 18:44 . 2002-10-25 03:30 125656 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2004-08-04 07:56 . 2006-01-30 16:03 73728 --sha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-06-16 13:29 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
    "PhotoShow Deluxe Media Manager"="c:\progra~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe" [2005-05-09 192512]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="NvQTwk" [X]
    "DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2003-05-15 245760]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
    "AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-06-09 684032]
    "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2002-10-25 26112]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-10-13 278528]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-11-14 98304]
    "EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
    "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11776]
    "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592]
    "Auto EPSON Stylus Photo R200 Series on FRAN"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-19 148888]
    "\\D68LH9B1\EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
    "Auto EPSON Stylus Photo R200 Series on D68LH9B1"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
    "Auto EPSON Stylus Photo R200 Series on UPSTAIRS-DESKTO"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-11 1948440]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk - c:\program files\CreataCard\Plus\FMRemind.exe [2002-11-3 189952]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2002-10-24 45056]
    Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-7 24633]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-06-11 02:17 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\AIM95\\aim.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\StubInstaller.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "135:TCP"= 135:TCP:DCOM(135)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [6/10/2009 10:17 PM 327688]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [6/10/2009 10:17 PM 108552]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/10/2009 10:16 PM 298776]
    R3 Step;Cisco Systems VPN Adapter;c:\windows\SYSTEM32\DRIVERS\step.sys [11/3/2002 12:17 PM 75888]
    S1 AEC671X;AEC671X;c:\windows\SYSTEM32\DRIVERS\aec671x.sys [11/9/2002 12:02 PM 12128]
    S1 DMX3191;DMX3191;c:\windows\SYSTEM32\DRIVERS\dmx3191.sys [11/9/2002 12:02 PM 17700]
    S2 5B5C27ECC275ADB8;5B5C27ECC275ADB8;\??\c:\documents and settings\Fran Spraetz\Desktop\5B5C27ECC275ADB8\5B5C27ECC275ADB8 --> c:\documents and settings\Fran Spraetz\Desktop\5B5C27ECC275ADB8\5B5C27ECC275ADB8 [?]
    S2 PV8630;PV8630 WDM Device Driver;c:\windows\SYSTEM32\PV8630.sys [12/27/2003 12:46 PM 17284]
    S2 UDNT;UDNT;c:\windows\SYSTEM32\DRIVERS\udnt.sys [11/9/2002 12:02 PM 76260]
    S3 SDTHOOK;SDTHOOK;c:\windows\SYSTEM32\DRIVERS\SDTHOOK.SYS [12/26/2007 3:42 PM 44928]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-06-25 c:\windows\Tasks\dfrg.job
    - c:\windows\SYSTEM32\dfrg.msc [2001-08-23 12:00]
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
    HKLM-Run-eRoom 6 - c:\program files\eRoom 5\erclient.exe
    ShellExecuteHooks-{076394AD-7FDD-44EF-A075-32C68DBAB99B} - (no file)


    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = localhost
    IE: &Search -
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
    Trusted Zone: microsoft.com\download.windowsupdate
    Trusted Zone: microsoft.com\update
    Trusted Zone: musicmatch.com\online
    DPF: JavaConnect - hxxp://imlab1.collab.ford.com/sametime/javaconnect/JavaConnect.cab
    DPF: Microsoft XML Parser for Java
    DPF: {A25BE7A9-3102-46B4-BAAE-462471B60ACB} - hxxps://myvpn.ford.com/sametime/javaconnect/InstallSTConnAgent.cab,DanaInfo=.ainndf6FjwuvlnMt37uRv87,CT=java+
    DPF: {FEDA837C-E930-41A4-855B-5E2B90626855} - hxxps://myvpn.ford.com/static/cab/DARTGrid.CAB,DanaInfo=.awxyChfx0Hoy2pMq32,CT=java+
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-27 14:27
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\5B5C27ECC275ADB8]
    "ImagePath"="\??\c:\documents and settings\Fran Spraetz\Desktop\5B5C27ECC275ADB8\5B5C27ECC275ADB8"
    .
    DLLs Loaded Under Running Processes

    - - - - - - - > 'explorer.exe'(2852)
    c:\program files\Windows Media Player\wmpband.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Other Running Processes
    .
    c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\windows\SYSTEM32\DRIVERS\CDAC11BA.EXE
    c:\windows\SYSTEM32\CTsvcCDA.EXE
    c:\windows\SYSTEM32\E_S00RP1.EXE
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\windows\SYSTEM32\nvsvc32.exe
    c:\esm2\SAgentNT.exe
    c:\windows\SYSTEM32\SAgent4.exe
    c:\esm2\EBRR.exe
    c:\program files\IntraPort Client\vpn5000service.exe
    c:\progra~1\MUSICM~1\MUSICM~1\MMDiag.exe
    c:\windows\wanmpsvc.exe
    c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    c:\program files\CreataCard\Plus\fmnot32.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\windows\SYSTEM32\MsPMSPSv.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\SYSTEM32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2009-06-27 14:35 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-06-27 18:35

    Pre-Run: 38,447,132,672 bytes free
    Post-Run: 38,593,208,320 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

    239 --- E O F --- 2009-06-10 22:07
  • KatanaKatana
    edited June 2009
    Custom CFScript
    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
      Driver::
5B5C27ECC275ADB8
Folder::
c:\documents and settings\Fran Spraetz\Desktop\5B5C27ECC275ADB8

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\5B5C27ECC275ADB8]
ADS::
    • Save this as CFScript.txt and place it on your desktop.


      CFScriptb.gif


    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.


    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper

    Please perform the updates, and use your machine as normal to make sure the problems are gone.
  • michgal2kmichgal2k
    edited June 2009
    ComboFix 09-06-29.07 - Fran Spraetz 06/30/2009 17:34.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.206 [GMT -4:00]
    Running from: c:\documents and settings\Fran Spraetz\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Fran Spraetz\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Fran Spraetz\Desktop\5B5C27ECC275ADB8

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    \Legacy_5B5C27ECC275ADB8


    ((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 )))))))))))))))))))))))))))))))
    .

    2009-06-26 15:47 . 2009-06-11 02:17 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
    2009-06-26 15:47 . 2009-06-11 02:17 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
    2009-06-26 15:47 . 2009-06-11 02:16 1261344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwd.dll
    2009-06-26 15:47 . 2009-06-11 02:16 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
    2009-06-26 15:47 . 2009-06-11 02:16 352024 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
    2009-06-26 15:47 . 2009-06-11 02:17 27784 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmfx86.sys
    2009-06-26 15:45 . 2009-06-11 02:16 1452312 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
    2009-06-24 14:35 . 2009-06-24 14:35
    d
    w- C:\rsit
    2009-06-24 13:11 . 2009-06-24 13:11
    d
    w- c:\documents and settings\Fran Spraetz\Application Data\Malwarebytes
    2009-06-24 13:11 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-06-24 13:11 . 2009-06-24 13:11
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2009-06-24 13:11 . 2009-06-24 13:11
    d
    w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-06-24 13:11 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-06-14 17:08 . 2005-06-06 14:29 110592 ----a-w- c:\documents and settings\Fran Spraetz\Application Data\U3\temp\cleanup.exe
    2009-06-14 17:07 . 2009-06-14 17:08
    d
    w- c:\documents and settings\Fran Spraetz\Application Data\U3
    2009-06-11 02:46 . 2009-06-27 04:18
    d--h--w- C:\$AVG8.VAULT$
    2009-06-11 02:22 . 2009-06-02 17:37 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
    2009-06-11 02:17 . 2009-06-11 02:17 11952 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-06-11 02:17 . 2009-06-11 02:17 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-06-11 02:17 . 2009-06-11 02:17 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-06-11 02:17 . 2009-06-26 15:46 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-06-11 02:17 . 2009-06-30 21:27
    d
    w- c:\windows\system32\drivers\Avg
    2009-06-11 02:17 . 2009-06-11 02:17
    d
    w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
    2009-06-11 02:16 . 2009-06-11 02:16
    d
    w- c:\documents and settings\All Users\Application Data\avg8
    2009-06-08 23:31 . 2009-06-08 23:31
    d
    w- c:\program files\Common Files\Uninstall
    2009-06-04 01:25 . 2009-06-04 01:25
    d-sh--w- c:\documents and settings\Fran Spraetz\PrivacIE
    2009-06-03 00:23 . 2009-06-03 00:23
    d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2009-06-03 00:18 . 2009-06-03 00:18
    d-sh--w- c:\documents and settings\Fran Spraetz\IETldCache
    2009-06-02 01:03 . 2009-06-08 00:57
    d
    w- c:\windows\ie8updates
    2009-06-02 01:02 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2009-06-02 00:58 . 2009-04-29 04:55 78336 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
    2009-06-02 00:58 . 2009-04-29 04:55 78336 ----a-w- c:\windows\system32\ieencode.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-07 15:32 . 2008-08-10 19:00 345600 ----a-w- c:\windows\system32\localspl.dll
    2009-04-29 04:56 . 2004-02-06 22:05 827392 ----a-w- c:\windows\system32\wininet.dll
    2009-04-19 23:24 . 2009-04-19 23:25 410984 ----a-w- c:\windows\system32\deploytk.dll
    2009-04-19 23:23 . 2009-04-19 23:23 152576 ----a-w- c:\documents and settings\Fran Spraetz\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
    2009-04-17 12:26 . 2008-08-10 19:00 1847168 ----a-w- c:\windows\system32\win32k.sys
    2009-04-15 14:51 . 2004-05-14 00:58 585216 ----a-w- c:\windows\system32\rpcrt4.dll
    2009-04-04 18:44 . 2002-10-25 03:30 125656 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2004-08-04 07:56 . 2006-01-30 16:03 73728 --sha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-06-27_18.28.06 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-06-30 21:44 . 2009-06-30 21:44 16384 c:\windows\Temp\Perflib_Perfdata_5ac.dat
    + 2002-10-25 03:17 . 2009-06-27 18:31 48190 c:\windows\SYSTEM32\PERFC009.DAT
    - 2002-10-25 03:17 . 2009-06-27 18:29 48190 c:\windows\SYSTEM32\PERFC009.DAT
    + 2002-10-25 03:17 . 2009-06-27 18:31 369020 c:\windows\SYSTEM32\PERFH009.DAT
    - 2002-10-25 03:17 . 2009-06-27 18:29 369020 c:\windows\SYSTEM32\PERFH009.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-06-16 13:29 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
    "PhotoShow Deluxe Media Manager"="c:\progra~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe" [2005-05-09 192512]
    "Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [BU]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="NvQTwk" [X]
    "DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2003-05-15 245760]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
    "AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-06-09 684032]
    "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2002-10-25 26112]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-10-13 278528]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-11-14 98304]
    "EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
    "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11776]
    "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592]
    "Auto EPSON Stylus Photo R200 Series on FRAN"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-19 148888]
    "\\D68LH9B1\EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
    "Auto EPSON Stylus Photo R200 Series on D68LH9B1"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
    "Auto EPSON Stylus Photo R200 Series on UPSTAIRS-DESKTO"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-11 1948440]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk - c:\program files\CreataCard\Plus\FMRemind.exe [2002-11-3 189952]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2002-10-24 45056]
    Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-7 24633]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-06-11 02:17 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\AIM95\\aim.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\StubInstaller.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "135:TCP"= 135:TCP:DCOM(135)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [6/10/2009 10:17 PM 327688]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [6/10/2009 10:17 PM 108552]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/10/2009 10:16 PM 298776]
    R3 Step;Cisco Systems VPN Adapter;c:\windows\SYSTEM32\DRIVERS\step.sys [11/3/2002 12:17 PM 75888]
    S1 AEC671X;AEC671X;c:\windows\SYSTEM32\DRIVERS\aec671x.sys [11/9/2002 12:02 PM 12128]
    S1 DMX3191;DMX3191;c:\windows\SYSTEM32\DRIVERS\dmx3191.sys [11/9/2002 12:02 PM 17700]
    S2 PV8630;PV8630 WDM Device Driver;c:\windows\SYSTEM32\PV8630.sys [12/27/2003 12:46 PM 17284]
    S2 UDNT;UDNT;c:\windows\SYSTEM32\DRIVERS\udnt.sys [11/9/2002 12:02 PM 76260]
    S3 SDTHOOK;SDTHOOK;c:\windows\SYSTEM32\DRIVERS\SDTHOOK.SYS [12/26/2007 3:42 PM 44928]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-06-25 c:\windows\Tasks\dfrg.job
    - c:\windows\SYSTEM32\dfrg.msc [2001-08-23 12:00]
    .
    - - - - ORPHANS REMOVED - - - -

    ShellExecuteHooks-{076394AD-7FDD-44EF-A075-32C68DBAB99B} - (no file)


    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = localhost
    IE: &Search -
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
    Trusted Zone: microsoft.com\download.windowsupdate
    Trusted Zone: microsoft.com\update
    Trusted Zone: musicmatch.com\online
    DPF: JavaConnect - hxxp://imlab1.collab.ford.com/sametime/javaconnect/JavaConnect.cab
    DPF: Microsoft XML Parser for Java
    DPF: {A25BE7A9-3102-46B4-BAAE-462471B60ACB} - hxxps://myvpn.ford.com/sametime/javaconnect/InstallSTConnAgent.cab,DanaInfo=.ainndf6FjwuvlnMt37uRv87,CT=java+
    DPF: {FEDA837C-E930-41A4-855B-5E2B90626855} - hxxps://myvpn.ford.com/static/cab/DARTGrid.CAB,DanaInfo=.awxyChfx0Hoy2pMq32,CT=java+
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-30 17:45
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    DLLs Loaded Under Running Processes

    - - - - - - - > 'explorer.exe'(1268)
    c:\program files\Windows Media Player\wmpband.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Other Running Processes
    .
    c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\windows\SYSTEM32\DRIVERS\CDAC11BA.EXE
    c:\windows\SYSTEM32\CTsvcCDA.EXE
    c:\windows\SYSTEM32\E_S00RP1.EXE
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\windows\SYSTEM32\nvsvc32.exe
    c:\esm2\SAgentNT.exe
    c:\windows\SYSTEM32\SAgent4.exe
    c:\esm2\EBRR.exe
    c:\program files\IntraPort Client\vpn5000service.exe
    c:\windows\wanmpsvc.exe
    c:\windows\SYSTEM32\MsPMSPSv.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\progra~1\MUSICM~1\MUSICM~1\MMDiag.exe
    c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    c:\program files\CreataCard\Plus\fmnot32.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\SYSTEM32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2009-06-30 17:52 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-06-30 21:51
    ComboFix2.txt 2009-06-27 18:35

    Pre-Run: 38,571,569,152 bytes free
    Post-Run: 38,557,396,992 bytes free

    201 --- E O F --- 2009-06-10 22:07

    So am I clean now?
  • KatanaKatana
    edited June 2009
    michgal2k wrote:
    So am I clean now?

    It sure looks that way :)

    Use your machine normally for 24 hours, and then let me know if there are any problems.
  • michgal2kmichgal2k
    edited June 2009
    Thank you - I will do the updates (already started) and let you know! Could be a few days though, with the Holiday and all.
  • KatanaKatana
    edited July 2009
    Congratulations your logs look clean :)

    Let's see if I can help you keep it that way

    First lets tidy up

    Please delete RSIT.exe and C:\RSIT (entire folder)
    You can also delete any logs we have produced, and empty your Recycle bin.


    Uninstall Combofix
    • This will clear your System Volume Information restore points and remove all the infected files that were quarantined
    • Click START then RUN
    • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
      • CF_Cleanup.png




    The following is some info to help you stay safe and clean.


    You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
    ( Vista users must ensure that any programs are Vista compatible BEFORE installing )

    Online Scanners
    I would recommend a scan at one or more of the following sites at least once a month.

    http://www.pandasecurity.com/activescan
    http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

    !!! Make sure that all your programs are updated !!!
    Secunia Software Inspector does all the work for you, .... see HERE for details

    AntiSpyware
    • AntiSpyware is not the same thing as Antivirus.
      Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
      You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
      Most of the programs in this list have a free (for Home Users ) and paid versions,
      it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
    • Spybot - Search & Destroy <<< A must have program
      • It includes host protection and registry protection
      • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
    • MalwareBytes Anti-malware <<< A New and effective program
    • a-squared Free <<< A good "realtime" or "on demand" scanner
    • superantispyware <<< A good "realtime" or "on demand" scanner


    Prevention
    • These programs don't detect malware, they help stop it getting on your machine in the first place.
      Each does a different job, so you can have more than one
    • Winpatrol
      • An excellent startup manager and then some !!
      • Notifies you if programs are added to startup
      • Allows delayed startup
      • A must have addition
    • SpywareBlaster 4.0
      • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
    • SpywareGuard 2.2
      • SpywareGuard provides real-time protection against spyware.
      • Not required if you have other "realtime" antispyware or Winpatrol
    • ZonedOut
      • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
    • MVPS HOSTS
      • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
      • For information on how to download and install, please read this tutorial by WinHelp2002.
      • Not required if you are using other host file protections


    Internet Browsers
    • Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
      Using a different web browser can help stop malware getting on your machine.
      • Make your Internet Explorer more secure - This can be done by following these simple instructions:
        1. From within Internet Explorer click on the Tools menu and then click on Options.
        2. Click once on the Security tab
        3. Click once on the Internet icon so it becomes highlighted.
        4. Click once on the Custom Level button.
          • Change the Download signed ActiveX controls to Prompt
          • Change the Download unsigned ActiveX controls to Disable
          • Change the Initialise and script ActiveX controls not marked as safe to Disable
          • Change the Installation of desktop items to Prompt
          • Change the Launching programs and files in an IFRAME to Prompt
          • Change the Navigate sub-frames across different domains to Prompt
          • When all these settings have been made, click on the OK button.
          • If it prompts you as to whether or not you want to save the settings, press the Yes button.
        5. Next press the Apply button and then the OK to exit the Internet Properties page.

      If you are still using IE6 then either update, or get one of the following.
      • FireFox
        • With many addons available that make customization easy this is a very popular choice
        • NoScript and AdBlockPlus addons are essential
      • Opera
        • Another popular alternative
      • Netscape
        • Another popular alternative
        • Also has Addons available


    Cleaning Temporary Internet Files and Tracking Cookies
    • Temporary Internet Files are mainly the files that are downloaded when you open a web page.
      Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
      It is a good idea to empty the Temporary Internet Files folder on a regular basis.

      Tracking Cookies are files that websites use to monitor which sites you visit and how often.
      A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
      CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

      Both of these can be cleaned manually, but a quicker option is to use a program
    • ATF Cleaner
      • Free and very simple to use
    • CCleaner
      • Free and very flexible, you can chose which cookies to keep


    Also PLEASE read this article.....So How Did I Get Infected In The First Place

    The last and most important thing I can tell you is UPDATE.
    If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
    Malware changes on a day to day basis. You should update every week at the very least.

    If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


    If you could post back one more time to let me know everything is OK, then I can have this thread archived.

    Happy surfing K'
This discussion has been closed.