Problems with DealAssistant and MyWebSearch

**toladogold** · 2009-10-02, 17:49

Hi, I have problems with DealAssistant and MyWebSearch and can't seem to get rid of them. I'm a very basic computer user, but have followed your instructions and hopefully have done it right. Could you help me with this please.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:34 PM, on 2/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredigames.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PremiereAdvertisingPlatform - {547395D9-934A-CED6-B851-F238C86079E5} - C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DealAssistant] C:\Users\Owner\AppData\Roaming\DealAssistant\dealassistant.exe
O4 - HKCU\..\Run: [SfKg6wIPuSpdcduD7] C:\Users\Owner\AppData\Roaming\Microsoft\Windows\oulwsv.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.box10.com/moto-x-freestyle.html"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZKxdm220YYAU
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/The%20Enchanting%20Islands/Images/stg_drm.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Tropix%202%20-%20Quest%20for%20the%20Golden%20Banana/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\516\G2AWinLogon.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Findbasic Service - Unknown owner - C:\ProgramData\Findbasic\findbasic125.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe
O23 - Service: Google Update Service (gupdate1ca352042073a72) (gupdate1ca352042073a72) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 13247 bytes

**Shaba** · 2009-10-05, 21:06

Hi toladogold

Please post spybot report next

**toladogold** · 2009-10-06, 11:59

Sorry, don't know what report you're talking about. Do you mean i should do a scan and send you the results?

**Shaba** · 2009-10-06, 19:09

Yes if spybot finds those

**toladogold** · 2009-10-07, 15:27

--- Search result list ---

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-08-20 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-07-28 advcheck.dll (1.6.3.17)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-09-08 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-09-08 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-09-08 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-09-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-08-19 Includes\Malware.sbi (*)
2009-09-08 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-09-08 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-09-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-09-08 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-08-25 Includes\Trojans.sbi (*)
2009-09-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

--- System information ---
Windows Vista (Build: 6002) Service Pack 2 (6.0.6002)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB929729)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB941833)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)

--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35696
MD5: 452FA961163EF4AEE4815796A13AB2CF

Located: HK_LM:Run, AppleSyncNotifier
command: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
file: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
size: 177440
MD5: 633B66014DDEDA70C21CFD327BDC214A

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 305440
MD5: D1458A77A6E15462CB96D34089549BAC

Located: HK_LM:Run, mcagent_exe
command: "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
file: C:\Program Files\McAfee.com\Agent\mcagent.exe
size: 645328
MD5: EAE3C29E6B437F970D014E59D462A66E

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 417792
MD5: 8CBD57D84729DEBEE1E83CB5FA3E3D7A

Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\Windows\SOUNDMAN.EXE
size: 598016
MD5: A41A73F3D1BE4350CBA9125247EFF330

Located: HK_CU:Run, MySpaceIM
where: .DEFAULT...
command: C:\Program Files\MySpace\IM\MySpaceIM.exe
file: C:\Program Files\MySpace\IM\MySpaceIM.exe
size: 9117696
MD5: 24FB0BE24236C791201486D04DB7C41B

Located: HK_CU:Run, Picasa Media Detector
where: .DEFAULT...
command: C:\Program Files\Picasa2\PicasaMediaDetector.exe
file: C:\Program Files\Picasa2\PicasaMediaDetector.exe
size: 443968
MD5: EF1ECB9DF42AF6BF7514BB5EBC5C59EC

Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: 9E35FF7F943AE0FB89192BFE058B7FD4

Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-19...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 16FC5B430123238E522B18E63C257AF8

Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: 9E35FF7F943AE0FB89192BFE058B7FD4

Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-20...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 16FC5B430123238E522B18E63C257AF8

Located: HK_CU:Run, DealAssistant
where: S-1-5-21-2490314987-2349913300-1285092130-1000...
command: C:\Users\Owner\AppData\Roaming\DealAssistant\dealassistant.exe
file: C:\Users\Owner\AppData\Roaming\DealAssistant\dealassistant.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, EA Core
where: S-1-5-21-2490314987-2349913300-1285092130-1000...
command: "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
file: C:\Program Files\Electronic Arts\EADM\Core.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, SfKg6wIPuSpdcduD7
where: S-1-5-21-2490314987-2349913300-1285092130-1000...
command: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\oulwsv.exe
file: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\oulwsv.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Skype
where: S-1-5-21-2490314987-2349913300-1285092130-1000...
command: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
file: C:\Program Files\Skype\Phone\Skype.exe
size: 25623336
MD5: 9780A4EC41060F6164CC5DDDC815DB34

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-2490314987-2349913300-1285092130-1000...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887

Located: HK_CU:RunOnce, Shockwave Updater
where: S-1-5-21-2490314987-2349913300-1285092130-1000...
command: C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.box10.com/moto-x-freestyle.html"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, MySpaceIM
where: S-1-5-18...
command: C:\Program Files\MySpace\IM\MySpaceIM.exe
file: C:\Program Files\MySpace\IM\MySpaceIM.exe
size: 9117696
MD5: 24FB0BE24236C791201486D04DB7C41B

Located: HK_CU:Run, Picasa Media Detector
where: S-1-5-18...
command: C:\Program Files\Picasa2\PicasaMediaDetector.exe
file: C:\Program Files\Picasa2\PicasaMediaDetector.exe
size: 443968
MD5: EF1ECB9DF42AF6BF7514BB5EBC5C59EC

Located: Startup (common), Microsoft Office.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5BC65464354A9FD3BEAA28E18839734A

Located: Startup (user), OneNote 2007 Screen Clipper and Launcher.lnk
where: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
file: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
size: 98696
MD5: A6D772AA861E673636D48B6EB452ADE3

Located: Startup (disabled), LimeWire On Startup (DISABLED)
command: C:\PROGRA~1\LimeWire\LimeWire.exe -startup
file: C:\PROGRA~1\LimeWire\LimeWire.exe
size: 122880
MD5: 7B5D624FBB163CE7ACA3BDA9290F6702

Located: WinLogon, GoToAssist
command: C:\Program Files\Citrix\GoToAssist\516\G2AWinLogon.dll
file: C:\Program Files\Citrix\GoToAssist\516\G2AWinLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 27/02/2009 12:07:26 PM
Date (last access): 22/05/2009 9:28:38 PM
Date (last write): 27/02/2009 12:07:26 PM
Filesize: 75128
Attributes: archive
MD5: 5CF6190CD875DA6B35256FEE573E7908
CRC32: 764BA81B
Version: 9.1.0.163

{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Skype add-on (mastermind)
CLSID name: Skype add-on (mastermind)
Path: C:\Program Files\Skype\Toolbars\Internet Explorer\
Long name: SkypeIEPlugin.dll
Short name: SKYPEI~1.DLL
Date (created): 4/08/2009 3:47:42 PM
Date (last access): 15/09/2009 8:38:18 PM
Date (last write): 4/08/2009 3:47:42 PM
Filesize: 1586472
Attributes: archive
MD5: D419F7E912A83A86B41FC1AE11AED22B
CRC32: 4A645895
Version: 3.3.0.3928

{243B17DE-77C7-46BF-B94B-0B5F309A0E64} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
description: Microsoft Money
classification: Open for discussion
known filename: mnyside.dll
info link: http://www.microsoft.com/money/default.asp
info source: TonyKlein
Path: C:\Program Files\Microsoft Money\System\
Long name: mnyside.dll
Short name:
Date (created): 17/07/2002 11:00:00 AM
Date (last access): 16/06/2007 3:05:38 PM
Date (last write): 17/07/2002 11:00:00 AM
Filesize: 163906
Attributes: archive
MD5: BEED9AE28E5696C7C2EEA11075E258CE
CRC32: D7C7E8B5
Version: 11.0.0.716

{27B4851A-3207-45A2-B947-BE8AFE6163AB} (McAfee Phishing Filter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: McAfee Phishing Filter
CLSID name: McAfee Phishing Filter
Path: c:\PROGRA~1\mcafee\msk\
Long name: mskapbho.dll
Short name:
Date (created): 22/09/2009 6:10:46 PM
Date (last access): 8/07/2009 2:48:48 PM
Date (last write): 8/07/2009 2:48:48 PM
Filesize: 246800
Attributes: archive
MD5: 7B54980334E33FC209B5C56D80BF5A60
CRC32: DDC1BCFD
Version: 10.15.101.0

{3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: RealPlayer Download and Record Plugin for Internet Explorer
Path: C:\Program Files\Real\RealPlayer\
Long name: rpbrowserrecordplugin.dll
Short name: RPBROW~1.DLL
Date (created): 24/12/2008 8:43:18 PM
Date (last access): 24/12/2008 8:43:18 PM
Date (last write): 24/12/2008 8:43:18 PM
Filesize: 308856
Attributes: archive
MD5: 33440A3EF90AF7ED74EE55CA634A9CFA
CRC32: B00E58A9
Version: 1.0.1.57

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 20/08/2009 1:50:56 PM
Date (last access): 20/08/2009 1:50:56 PM
Date (last write): 26/01/2009 3:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14

{547395D9-934A-CED6-B851-F238C86079E5} (PremiereAdvertisingPlatform)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: PremiereAdvertisingPlatform
CLSID name: PremiereAdvertisingPlatform
Path: C:\Program Files\PremiereAdvertisingPlatform\
Long name: PremiereAdvertisingPlatform.dll

{5C255C8A-E604-49b4-9D64-90988571CECB} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: ssv.dll
Short name:
Date (created): 19/10/2007 10:58:54 AM
Date (last access): 24/09/2007 11:31:44 PM
Date (last write): 25/09/2007 1:11:34 AM
Filesize: 501136
Attributes: archive
MD5: D787E3123FAD2BD58AB45B9A5C360ACD
CRC32: DDC625C2
Version: 6.0.30.5

{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: scriptproxy
CLSID name: scriptproxy
Path: c:\PROGRA~1\mcafee\VIRUSS~1\
Long name: scriptsn.dll
Short name:
Date (created): 20/03/2009 8:46:44 PM
Date (last access): 8/07/2009 1:43:46 PM
Date (last write): 8/07/2009 1:43:46 PM
Filesize: 62784
Attributes: archive
MD5: E7FD30A856E6BD3EAB92B9D6C76E6B1B
CRC32: EA160385
Version: 14.0.0.433

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 22/01/2009 3:41:30 PM
Date (last access): 16/09/2009 5:01:04 PM
Date (last write): 22/01/2009 3:41:30 PM
Filesize: 408448
Attributes: archive
MD5: B7899C3E21B299D7A3C0DA96CAE340BD
CRC32: 288935F8
Version: 5.0.818.5

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 16/06/2009 12:46:04 AM
Date (last access): 16/06/2009 12:46:04 AM
Date (last write): 16/06/2009 12:46:04 AM
Filesize: 2403392
Attributes: readonly archive
MD5: 6319F2D4708DBCAE37CFA03DA10782C0
CRC32: D51D8296
Version: 4.0.1601.4978

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\
Long name: swg.dll
Short name:
Date (created): 24/03/2009 10:52:22 AM
Date (last access): 24/03/2009 10:52:22 AM
Date (last write): 24/03/2009 10:52:22 AM
Filesize: 668656
Attributes: archive
MD5: D1585B06DED161E13B905DC4FFBF7F12
CRC32: 88D5BAA5
Version: 5.1.1309.3572

{B164E929-A1B6-4A06-B104-2CD0E90A88FF} (McAfee SiteAdvisor BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: McAfee SiteAdvisor BHO
Path: c:\PROGRA~1\mcafee\SITEAD~1\
Long name: McIEPlg.dll
Short name:
Date (created): 20/03/2009 8:49:36 PM
Date (last access): 13/02/2009 11:44:56 AM
Date (last write): 13/02/2009 11:44:56 AM
Filesize: 150032
Attributes: archive
MD5: 4428FA80C5AC5D0C8F764207E651B65E
CRC32: 2025B4F6
Version: 1.0.2.158

{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
description: Microsoft Money
classification: Open for discussion
known filename: mnyviewer.dll
info link: http://www.microsoft.com/money/default.asp
info source: TonyKlein

--- ActiveX list ---
{149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control)
DPF name:
CLSID name: SpinTop DRM Control
Installer:
Codebase: file:///C:/Program%20Files/The%20Enchanting%20Islands/Images/stg_drm.ocx
Path: C:\Program Files\Women's Murder Club - Twice in a Blue Moon\Images\
Long name: stg_drm.ocx
Short name:
Date (created): 10/09/2009 5:53:44 AM
Date (last access): 3/10/2009 8:58:12 PM
Date (last write): 10/09/2009 5:53:44 AM
Filesize: 181584
Attributes: archive
MD5: C3068473076E4FC48E45EF16706C75B9
CRC32: 888A0DC0
Version: 1.0.0.8

{20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class)
DPF name:
CLSID name: Checkers Class
Installer:
Codebase: http://messenger.zone.msn.com/binary...r.cab56986.cab
Path: C:\Windows\Downloaded Program Files\
Long name: msgrchkr.dll
Short name:
Date (created): 28/02/2007 2:21:04 PM
Date (last access): 28/02/2007 2:21:04 PM
Date (last write): 28/02/2007 2:21:04 PM
Filesize: 131472
Attributes: archive
MD5: 1E5CFDF9AEBDD84305A4C8154277A269
CRC32: 73C871D0
Version: 9.5.7087.1

{233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\Windows\Downloaded Program Files\swdir.inf
Codebase: http://download.macromedia.com/pub/s...irector/sw.cab
description:
classification: Legitimate
known filename: SwDir.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\system32\Adobe\Director\
Long name: SwDir.dll
Short name:
Date (created): 29/04/2009 6:29:00 PM
Date (last access): 16/06/2009 12:45:14 AM
Date (last write): 29/04/2009 6:29:00 PM
Filesize: 202168
Attributes: archive
MD5: 1B3A14C57997CC19974BA9F2BE5BD543
CRC32: D43621A2
Version: 11.5.0.596

{3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control)
DPF name:
CLSID name: Windows Live OneCare safety scanner control
Installer: C:\Windows\Downloaded Program Files\wlscCtrl2.inf
Codebase: http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab
Path: %ProgramFiles%\Windows Live Safety Center\
Long name: wlscCtrl2.dll

{5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class)
DPF name:
CLSID name: UnoCtrl Class
Installer: C:\Windows\Downloaded Program Files\GAME_UNO1.INF
Codebase: http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
description:
classification: Legitimate
known filename: unomsnger.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: GAME_UNO1.dll
Short name: GAME_U~1.DLL
Date (created): 28/09/2007 4:41:28 AM
Date (last access): 28/09/2007 4:41:28 AM
Date (last write): 28/09/2007 4:41:28 AM
Filesize: 381960
Attributes: archive
MD5: 80F4A456633F78A26A3C6B16E64EFEC5
CRC32: 7DFC41A5
Version: 1.0.1201.1

{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab)
DPF name: System Requirements Lab
CLSID name: System Requirements Lab Class
Installer:
Codebase: http://www.nvidia.com/content/Driver...sysreqlab2.cab
Path: C:\Windows\Downloaded Program Files\
Long name: sysreqlab2.dll
Short name: SYSREQ~1.DLL
Date (created): 29/03/2007 11:07:12 AM
Date (last access): 29/03/2007 11:07:12 AM
Date (last write): 29/03/2007 11:07:12 AM
Filesize: 206384
Attributes: archive
MD5: ED3B0F1BA60554B9D2E5AE1B02AD9306
CRC32: E2F1D780
Version: 2.30.0.0

{6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class)
DPF name:
CLSID name: ContactExtractor Class
Installer:
Codebase: http://www.facebook.com/controls/contactx.dll
Path: C:\Windows\Downloaded Program Files\
Long name: contactx.dll
Short name:
Date (created): 7/12/2008 1:51:50 PM
Date (last access): 7/12/2008 1:51:50 PM
Date (last write): 7/12/2008 1:51:42 PM
Filesize: 160488
Attributes: archive
MD5: 238A6FFC7EE17330C1C5859C7827EE2D
CRC32: 79676D36
Version: 1.0.0.1

{8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control)
DPF name:
CLSID name: Facebook Photo Uploader 5 Control
Installer: C:\Windows\Downloaded Program Files\PhotoUploader55.inf
Codebase: http://upload.facebook.com/controls/...Uploader55.cab
Path: C:\Windows\Downloaded Program Files\
Long name: PhotoUploader55.ocx
Short name: PHOTOU~2.OCX
Date (created): 29/07/2009 9:21:24 PM
Date (last access): 29/07/2009 9:21:24 PM
Date (last write): 29/07/2009 9:21:24 PM
Filesize: 3540488
Attributes: archive
MD5: B36353934BB8B0E7CC8557AC5143EF41
CRC32: 3AC3C312
Version: 5.5.8.1

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 24/09/2007 11:31:44 PM
Date (last access): 24/09/2007 11:31:44 PM
Date (last write): 25/09/2007 1:11:34 AM
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get.../ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control)
DPF name:
CLSID name: MySpace Uploader Control
Installer: C:\Windows\Downloaded Program Files\MySpaceUploader2.inf
Codebase: http://lads.myspace.com/upload/MySpaceUploader2.cab
Path: C:\Windows\Downloaded Program Files\
Long name: MySpaceUploader2.ocx
Short name: MYSPAC~1.OCX
Date (created): 14/05/2009 6:00:56 PM
Date (last access): 14/05/2009 6:00:56 PM
Date (last write): 14/05/2009 6:00:56 PM
Filesize: 3525696
Attributes: archive
MD5: DCE8E7C3E671006011C042F9A1F96DEC
CRC32: 9F1551E2
Version: 5.7.16.0

{A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl)
DPF name:
CLSID name: Diagnostics ActiveX WebControl
Installer: C:\Windows\Downloaded Program Files\DiagWebControl.inf
Codebase: http://support.microsoft.com/mats/DiagWebControl.cab
Path: C:\Windows\Downloaded Program Files\
Long name: DiagWAPI.dll
Short name:
Date (created): 25/08/2009 11:43:10 AM
Date (last access): 25/08/2009 11:43:10 AM
Date (last write): 25/08/2009 11:43:10 AM
Filesize: 128240
Attributes: archive
MD5: 807C94C248848A2C5A6CF67F75CF04B4
CRC32: 461CE22F
Version: 1.5.0.15

{B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer)
DPF name:
CLSID name: MSN Games - Installer
Installer:
Codebase: http://messenger.zone.msn.com/binary...o.cab56649.cab
description:
classification: Legitimate
known filename: ZIntro.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: ZIntro.ocx
Short name:
Date (created): 19/02/2007 11:26:28 AM
Date (last access): 19/02/2007 11:26:28 AM
Date (last write): 19/02/2007 11:26:28 AM
Filesize: 159128
Attributes: archive
MD5: E681AC948003CCA59C6C00D3F5EC3D4B
CRC32: C8723760
Version: 9.5.6649.1

{C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zone.msn.com/binary...t.cab56907.cab
description:
classification: Legitimate
known filename: MessengerStatsPAClient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: MessengerStatsPAClient.dll
Short name: MESSEN~1.DLL
Date (created): 22/02/2007 10:41:12 PM
Date (last access): 22/02/2007 10:41:12 PM
Date (last write): 22/02/2007 10:41:12 PM
Filesize: 304544
Attributes: archive
MD5: 8945CCA5FC4F25168E8B6F401EFAF51F
CRC32: 0F12FD23
Version: 9.5.6907.1

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_01.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: ssv.dll
Short name:
Date (created): 19/10/2007 10:58:54 AM
Date (last access): 24/09/2007 11:31:44 PM
Date (last write): 25/09/2007 1:11:34 AM
Filesize: 501136
Attributes: archive
MD5: D787E3123FAD2BD58AB45B9A5C360ACD
CRC32: DDC625C2
Version: 6.0.30.5

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_02.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: ssv.dll
Short name:
Date (created): 19/10/2007 10:58:54 AM
Date (last access): 24/09/2007 11:31:44 PM
Date (last write): 25/09/2007 1:11:34 AM
Filesize: 501136
Attributes: archive
MD5: D787E3123FAD2BD58AB45B9A5C360ACD
CRC32: DDC625C2
Version: 6.0.30.5

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: ssv.dll
Short name:
Date (created): 19/10/2007 10:58:54 AM
Date (last access): 24/09/2007 11:31:44 PM
Date (last write): 25/09/2007 1:11:34 AM
Filesize: 501136
Attributes: archive
MD5: D787E3123FAD2BD58AB45B9A5C360ACD
CRC32: DDC625C2
Version: 6.0.30.5

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 24/09/2007 11:31:44 PM
Date (last access): 24/09/2007 11:31:44 PM
Date (last write): 25/09/2007 1:11:34 AM
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5

{CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control)
DPF name:
CLSID name: ArmHelper Control
Installer:
Codebase: file:///C:/Program%20Files/Tropix%202%20-%20Quest%20for%20the%20Golden%20Banana/Images/armhelper.ocx
Path:
Long name: ./Images/armhelper.ocx

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\Windows\Downloaded Program Files\CONFLICT.55\swflash.inf
Codebase: http://fpdownload2.macromedia.com/ge...sh/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\Windows\system32\Macromed\Flash\
Long name: Flash10c.ocx
Short name:
Date (created): 18/07/2009 11:12:12 AM
Date (last access): 20/08/2009 10:08:50 AM
Date (last write): 18/07/2009 11:12:12 AM
Filesize: 3979680
Attributes: readonly archive
MD5: 43C6ACDFB92A18C3E516E6BD5F1ACD51
CRC32: D6F40D46
Version: 10.0.32.18

{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class)
DPF name:
CLSID name: Minesweeper Flags Class
Installer:
Codebase: http://messenger.zone.msn.com/binary...r.cab56986.cab
description:
classification: Legitimate
known filename: MineSweeper.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: MineSweeper.dll
Short name: MINESW~1.DLL
Date (created): 28/02/2007 2:21:04 PM
Date (last access): 28/02/2007 2:21:04 PM
Date (last write): 28/02/2007 2:21:04 PM
Filesize: 130472
Attributes: archive
MD5: E661E91B5929632665683222D509D271
CRC32: 63A9B975
Version: 9.5.6986.1

--- Process list ---
PID: 3764 (1940) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
size: 186904
MD5: 9E41266C68C11D7101A2D18CD1F7553E
PID: 1636 (1048) C:\Windows\system32\Dwm.exe
size: 81920
MD5: 01DD1004181FD46ECDC3628228EB269D
PID: 4032 (3840) C:\Windows\Explorer.EXE
size: 2926592
MD5: D07D4C3038F3578FFCE1C0237F2A1253
PID: 1964 ( 832) c:\PROGRA~1\mcafee.com\agent\mcagent.exe
size: 645328
MD5: EAE3C29E6B437F970D014E59D462A66E
PID: 2704 (1100) C:\Windows\system32\taskeng.exe
size: 169984
MD5: E5BBFC283D6F5D69B41E464676361020
PID: 3104 (4032) C:\Windows\SOUNDMAN.EXE
size: 598016
MD5: A41A73F3D1BE4350CBA9125247EFF330
PID: 3752 (4032) C:\Program Files\iTunes\iTunesHelper.exe
size: 305440
MD5: D1458A77A6E15462CB96D34089549BAC
PID: 1536 (4032) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 3728 (4032) C:\Program Files\Skype\Phone\Skype.exe
size: 25623336
MD5: 9780A4EC41060F6164CC5DDDC815DB34
PID: 4104 (4032) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
size: 98696
MD5: A6D772AA861E673636D48B6EB452ADE3
PID: 5280 (3728) C:\Program Files\Skype\Plugin Manager\skypePM.exe
size: 77360
MD5: A3996F435192AAEE6CB5D7E45E3A51FF
PID: 3604 (1100) C:\Windows\system32\taskeng.exe
size: 169984
MD5: E5BBFC283D6F5D69B41E464676361020
PID: 5436 (1100) C:\Windows\system32\wuauclt.exe
size: 53472
MD5: 62BB79160F86CD962F312C68C6239BFD
PID: 5900 (3604) C:\Windows\system32\sdclt.exe
size: 1169408
MD5: 0427038DD4FC9C653AEE8B0E0C36323A
PID: 1992 ( 832) C:\PROGRA~1\INCRED~1\bin\IMApp.exe
size: 143408
MD5: 82DE7916EAB1FE749BCBC2C997BB7F88
PID: 2228 (4032) C:\Program Files\Internet Explorer\iexplore.exe
size: 638216
MD5: C33BD196A0301F9B23D9A003D30ED8B0
PID: 6128 (2228) C:\Program Files\Internet Explorer\iexplore.exe
size: 638216
MD5: C33BD196A0301F9B23D9A003D30ED8B0
PID: 6104 ( 832) C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
size: 257440
MD5: AE619F242F2CE340F3B33DDEAA88248D
PID: 5176 ( 832) C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
size: 238888
MD5: AE82B3B6A33DC23019B604DA5920D726
PID: 764 (4032) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 452 ( 4) smss.exe
size: 64000
PID: 524 ( 512) csrss.exe
size: 6144
PID: 572 ( 512) wininit.exe
size: 96768
PID: 584 ( 564) csrss.exe
size: 6144
PID: 616 ( 572) services.exe
size: 279552
PID: 628 ( 572) lsass.exe
size: 9728
PID: 640 ( 572) lsm.exe
size: 229888
PID: 724 ( 564) winlogon.exe
size: 314368
PID: 832 ( 616) svchost.exe
size: 21504
PID: 892 ( 616) svchost.exe
size: 21504
PID: 932 ( 616) svchost.exe
size: 21504
PID: 1020 ( 616) svchost.exe
size: 21504
PID: 1048 ( 616) svchost.exe
size: 21504
PID: 1060 ( 616) LVPrcSrv.exe
PID: 1100 ( 616) svchost.exe
size: 21504
PID: 1204 (1020) audiodg.exe
size: 88576
PID: 1236 ( 616) svchost.exe
size: 21504
PID: 1288 ( 616) SLsvc.exe
size: 3408896
PID: 1392 ( 616) svchost.exe
size: 21504
PID: 1524 ( 616) svchost.exe
size: 21504
PID: 1744 ( 616) spoolsv.exe
size: 127488
PID: 1772 ( 616) svchost.exe
size: 21504
PID: 2032 ( 616) alg.exe
size: 59392
PID: 292 ( 616) AppleMobileDeviceService.exe
PID: 340 ( 616) mDNSResponder.exe
PID: 360 ( 616) svchost.exe
size: 21504
PID: 484 ( 616) findbasic125.exe
PID: 1520 ( 616) iWinTrusted.exe
PID: 1412 ( 12) GoogleUpdate.exe
PID: 1940 ( 616) LVComSer.exe
PID: 1168 ( 616) McSACore.exe
PID: 1232 ( 616) McProxy.exe
PID: 372 (1168) rundll32.exe
size: 44544
PID: 1972 ( 616) Mcshield.exe
PID: 2160 ( 616) MpfSrv.exe
PID: 2212 ( 616) msdtc.exe
size: 105984
PID: 2268 ( 616) msksrver.exe
PID: 2356 ( 616) svchost.exe
size: 21504
PID: 2412 ( 616) svchost.exe
size: 21504
PID: 2484 ( 616) svchost.exe
size: 21504
PID: 2556 ( 616) TosBtSrv.exe
PID: 2616 ( 616) UI0Detect.exe
size: 35840
PID: 2712 ( 616) svchost.exe
size: 21504
PID: 2772 ( 616) SearchIndexer.exe
size: 441344
PID: 2864 ( 616) SDWinSec.exe
size: 1153368
MD5: 794D4B48DFB6E999537C7C3947863463
PID: 3784 (1100) taskeng.exe
size: 169984
PID: 2612 ( 616) mcmscsvc.exe
PID: 1340 ( 484) findbasic.exe
PID: 3856 ( 616) mcsysmon.exe
PID: 4516 ( 616) iPodService.exe
PID: 4688 ( 616) McNASvc.exe
PID: 6048 ( 616) svchost.exe
size: 21504
PID: 240 (4804) mcbuilder.exe
size: 275968

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 7/10/2009 9:19:03 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://mystart.incredigames.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\System32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896

--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 10: MSAFD RfComm [Bluetooth]
GUID: {9FC48064-7298-43E4-B7BD-181F2089792A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD RfComm [Bluetooth]

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F0F36E5B-E2CF-490B-B78A-39ED5D75B194}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F0F36E5B-E2CF-490B-B78A-39ED5D75B194}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{818D500F-D943-4257-95A5-CFD5C3AE9A9C}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{818D500F-D943-4257-95A5-CFD5C3AE9A9C}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{842C9C07-BF36-4E9E-B0FE-BB8E50363DEA}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{842C9C07-BF36-4E9E-B0FE-BB8E50363DEA}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6A52C23F-71F7-4E2E-98F5-C1D094991C61}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6A52C23F-71F7-4E2E-98F5-C1D094991C61}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{84515D64-3732-42BE-8168-D4B7565F6FCF}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{84515D64-3732-42BE-8168-D4B7565F6FCF}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9301A1AA-AFB7-488A-A016-617ACB5804D9}] SEQPACKET 11
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9301A1AA-AFB7-488A-A016-617ACB5804D9}] DATAGRAM 11
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EE4FFEE7-7514-475C-99A5-3F696951B124}] SEQPACKET 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EE4FFEE7-7514-475C-99A5-3F696951B124}] DATAGRAM 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F0F36E5B-E2CF-490B-B78A-39ED5D75B194}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F0F36E5B-E2CF-490B-B78A-39ED5D75B194}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{818D500F-D943-4257-95A5-CFD5C3AE9A9C}] SEQPACKET 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 28: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{818D500F-D943-4257-95A5-CFD5C3AE9A9C}] DATAGRAM 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 29: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{842C9C07-BF36-4E9E-B0FE-BB8E50363DEA}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 30: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{842C9C07-BF36-4E9E-B0FE-BB8E50363DEA}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 31: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6A52C23F-71F7-4E2E-98F5-C1D094991C61}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 32: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6A52C23F-71F7-4E2E-98F5-C1D094991C61}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 33: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{84515D64-3732-42BE-8168-D4B7565F6FCF}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 34: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{84515D64-3732-42BE-8168-D4B7565F6FCF}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 4: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP

Namespace Provider 5: Bluetooth Namespace
GUID: {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D}
Filename: %SystemRoot%\system32\wshbth.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\wshbth.dll
DB protocol: Bluetooth-Namespace

Namespace Provider 6: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 7: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

**Shaba** · 2009-10-07, 20:19

So looks like it didn't find anything.

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)

**toladogold** · 2009-10-08, 09:11

By the way, I also have incredigames's "MyStart" which has taken over from Google and I can't seem to get rid of that either.

Results of RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-10-08 14:37:16
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 48 GB (31%) free of 153 GB
Total RAM: 1023 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:37:37 PM, on 8/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredigames.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PremiereAdvertisingPlatform - {547395D9-934A-CED6-B851-F238C86079E5} - C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DealAssistant] C:\Users\Owner\AppData\Roaming\DealAssistant\dealassistant.exe
O4 - HKCU\..\Run: [SfKg6wIPuSpdcduD7] C:\Users\Owner\AppData\Roaming\Microsoft\Windows\oulwsv.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.box10.com/moto-x-freestyle.html"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZKxdm220YYAU
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/The%20Enchanting%20Islands/Images/stg_drm.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Tropix%202%20-%20Quest%20for%20the%20Golden%20Banana/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\516\G2AWinLogon.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Findbasic Service - Unknown owner - C:\ProgramData\Findbasic\findbasic125.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe
O23 - Service: Google Update Service (gupdate1ca352042073a72) (gupdate1ca352042073a72) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 13533 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job
C:\Windows\tasks\User_Feed_Synchronization-{9B855E8D-610D-473F-A0DC-00A6900276B0}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}]
C:\Program Files\Microsoft Money\System\mnyside.dll [2002-07-17 163906]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-07-08 246800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-12-24 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{547395D9-934A-CED6-B851-F238C86079E5}]
PremiereAdvertisingPlatform - C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-07-08 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2009-06-16 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2009-06-16 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-07-10 645328]
"SoundMan"=C:\Windows\SOUNDMAN.EXE [2007-03-09 598016]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-09-02 25623336]
"DealAssistant"=C:\Users\Owner\AppData\Roaming\DealAssistant\dealassistant.exe []
"SfKg6wIPuSpdcduD7"=C:\Users\Owner\AppData\Roaming\Microsoft\Windows\oulwsv.exe []
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HiYo]
C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe [2007-05-20 208946]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
C:\PROGRA~1\Magentic\bin\Magentic.exe [2007-09-03 475180]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
C:\Program Files\Microsoft Money\System\mnyexpr.exe [2002-07-17 200767]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe [2008-04-18 9117696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2007-12-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2007-12-11 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe [2007-01-30 122880]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\516\G2AWinLogon.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b05eb7ce-16ce-11dc-b5c0-806e6f6e6963}]
shell\AutoRun\command - D:\autorun.exe

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2037-04-19 04:03:21 ----D---- C:\ProgramData\CyberLink
2037-04-19 04:02:59 ----D---- C:\Program Files\CyberLink
2037-04-19 03:54:35 ----D---- C:\ProgramData\Nero
2037-04-19 03:54:35 ----D---- C:\Program Files\Nero
2037-04-19 03:08:33 ----D---- C:\Windows\Panther
2037-04-19 03:08:19 ----SHD---- C:\Boot
2037-04-19 03:05:02 ----D---- C:\Program Files\Microsoft Visual Studio
2037-04-19 02:57:45 ----A---- C:\Windows\system32\msonpmon.dll
2037-04-19 02:57:18 ----D---- C:\Program Files\Microsoft Works
2037-04-19 02:57:03 ----D---- C:\Program Files\Common Files\DESIGNER
2037-04-19 02:56:44 ----D---- C:\Windows\PCHEALTH
2037-04-19 02:56:44 ----D---- C:\Program Files\Microsoft.NET
2037-04-19 02:55:38 ----D---- C:\Windows\SHELLNEW
2037-04-19 02:55:08 ----D---- C:\ProgramData\Microsoft Help
2037-04-19 02:55:08 ----D---- C:\Program Files\Microsoft Office
2037-04-19 02:54:46 ----RHD---- C:\MSOCache
2037-04-19 02:31:24 ----A---- C:\Windows\system32\d3dx9_30.dll
2037-04-19 02:31:24 ----A---- C:\Windows\system32\d3dx9_28.dll
2037-04-19 02:30:49 ----SHD---- C:\Windows\Installer
2037-04-19 02:29:47 ----D---- C:\arrow
2037-04-19 02:27:08 ----A---- C:\Windows\system32\NeroCheck.exe
2037-04-19 02:26:13 ----D---- C:\Program Files\Common Files\Nero
2037-04-19 02:25:50 ----A---- C:\Windows\system32\msxml3a.dll
2037-04-19 02:25:04 ----D---- C:\ProgramData\Ahead
2037-04-19 02:25:02 ----A---- C:\Windows\system32\TwnLib20.dll
2037-04-19 02:25:02 ----A---- C:\Windows\system32\picn20.dll
2037-04-19 02:24:57 ----D---- C:\Program Files\Common Files\Ahead
2037-04-19 02:24:55 ----D---- C:\Program Files\Ahead
2037-04-19 02:23:27 ----A---- C:\Windows\system32\ChCfg.exe
2037-04-19 02:22:44 ----D---- C:\Program Files\Realtek AC97
2037-04-19 02:22:38 ----A---- C:\Windows\system32\RtlCPAPI.dll
2037-04-19 02:22:36 ----HD---- C:\Program Files\InstallShield Installation Information
2037-04-19 02:22:06 ----D---- C:\Program Files\Common Files\InstallShield
2037-04-19 02:10:30 ----D---- C:\Windows\Debug
2037-04-19 02:09:09 ----D---- C:\Windows\Prefetch
2009-10-08 14:37:16 ----D---- C:\rsit
2009-10-07 11:04:03 ----A---- C:\Windows\system32\wups2.dll
2009-10-07 11:04:02 ----A---- C:\Windows\system32\wucltux.dll
2009-10-07 11:04:02 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-07 11:04:02 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-07 11:01:21 ----A---- C:\Windows\system32\wups.dll
2009-10-07 11:01:21 ----A---- C:\Windows\system32\wudriver.dll
2009-10-07 11:01:21 ----A---- C:\Windows\system32\wuapi.dll
2009-10-07 10:59:47 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-07 10:59:46 ----A---- C:\Windows\system32\wuapp.exe
2009-10-06 11:18:12 ----D---- C:\Program Files\Mad Skills Motocross Demo
2009-10-05 22:46:03 ----A---- C:\Windows\system32\d3dx9_33.dll
2009-10-03 20:58:10 ----D---- C:\Program Files\Women's Murder Club - Twice in a Blue Moon
2009-10-03 20:50:20 ----D---- C:\Program Files\Pantheon
2009-10-03 01:18:55 ----N---- C:\Windows\system32\MpSigStub.exe
2009-10-03 00:33:57 ----D---- C:\Users\Owner\AppData\Roaming\Magic Academy 2
2009-10-02 23:40:59 ----D---- C:\Program Files\Trend Micro
2009-10-02 23:34:03 ----D---- C:\Windows\ERDNT
2009-10-02 23:29:18 ----D---- C:\Program Files\ERUNT
2009-10-01 00:38:45 ----D---- C:\Windows\system32\WindowsPowerShell
2009-10-01 00:34:00 ----D---- C:\Program Files\Microsoft ATS
2009-09-29 01:39:45 ----D---- C:\ProgramData\Electronic Arts
2009-09-28 23:09:56 ----RA---- C:\Windows\system32\vp6vfw.dll
2009-09-28 22:28:42 ----D---- C:\Program Files\Electronic Arts
2009-09-28 16:11:54 ----A---- C:\Windows\system32\GEARAspi.dll
2009-09-28 16:08:19 ----D---- C:\Program Files\iPod
2009-09-28 16:08:05 ----D---- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-28 16:08:05 ----D---- C:\Program Files\iTunes
2009-09-28 16:02:33 ----D---- C:\Program Files\QuickTime
2009-09-28 15:47:03 ----D---- C:\Program Files\iPhone Configuration Utility
2009-09-27 21:25:47 ----D---- C:\ProgramData\SOS
2009-09-25 23:28:48 ----D---- C:\Windows\system32\eu-ES
2009-09-25 23:28:48 ----D---- C:\Windows\system32\ca-ES
2009-09-25 23:28:41 ----D---- C:\Windows\system32\vi-VN
2009-09-25 23:01:23 ----D---- C:\Users\Owner\AppData\Roaming\FlyWheelGames
2009-09-24 13:37:02 ----HD---- C:\Windows\PIF
2009-09-23 22:38:35 ----D---- C:\ProgramData\Findbasic
2009-09-23 22:38:35 ----D---- C:\Program Files\Findbasic
2009-09-23 22:38:31 ----D---- C:\Users\Owner\AppData\Roaming\DealAssistant
2009-09-23 22:38:30 ----A---- C:\Windows\system32\5c78.dll
2009-09-22 23:23:07 ----D---- C:\Program Files\iWin Games
2009-09-19 22:59:22 ----D---- C:\Users\Owner\AppData\Roaming\Merscom
2009-09-19 22:59:22 ----D---- C:\ProgramData\Merscom
2009-09-16 17:11:25 ----A---- C:\Windows\system32\d3dx9_32.dll
2009-09-16 17:08:29 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-09-16 17:01:56 ----D---- C:\Program Files\Microsoft
2009-09-16 17:00:23 ----D---- C:\Program Files\Windows Live SkyDrive
2009-09-16 16:59:17 ----D---- C:\Program Files\Windows Live
2009-09-16 16:52:31 ----D---- C:\Program Files\Common Files\Windows Live
2009-09-14 18:54:25 ----D---- C:\Users\Owner\AppData\Roaming\skypePM
2009-09-14 18:48:52 ----D---- C:\Users\Owner\AppData\Roaming\Skype
2009-09-14 17:42:54 ----D---- C:\Program Files\Common Files\Skype
2009-09-14 17:42:49 ----RD---- C:\Program Files\Skype
2009-09-14 17:42:20 ----D---- C:\ProgramData\Skype
2009-09-11 20:53:32 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-09-11 20:28:05 ----D---- C:\Program Files\Codemasters
2009-09-10 13:21:30 ----A---- C:\Windows\system32\jscript.dll
2009-09-10 13:21:12 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-10 13:21:09 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-10 13:21:08 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-10 13:21:08 ----A---- C:\Windows\system32\ARP.EXE
2009-09-10 13:21:07 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-10 13:21:07 ----A---- C:\Windows\system32\finger.exe
2009-09-10 13:21:06 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-10 13:21:05 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-10 13:21:03 ----A---- C:\Windows\system32\netevent.dll
2009-09-10 13:19:26 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-10 13:19:26 ----A---- C:\Windows\system32\wlanhlp.dll
2009-09-10 13:19:25 ----A---- C:\Windows\system32\wlansec.dll
2009-09-10 13:19:25 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-10 13:19:25 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-10 13:19:24 ----A---- C:\Windows\system32\wlanapi.dll
2009-09-10 13:19:15 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-10 13:19:14 ----A---- C:\Windows\system32\mf.dll
2009-09-10 13:19:13 ----A---- C:\Windows\system32\rrinstaller.exe
2009-09-10 13:19:13 ----A---- C:\Windows\system32\mfps.dll
2009-09-10 13:19:13 ----A---- C:\Windows\system32\mfpmp.exe
2009-09-10 13:19:12 ----A---- C:\Windows\system32\mferror.dll

======List of files/folders modified in the last 1 months======

2037-04-19 02:49:33 ----D---- C:\Windows\system32\NDF
2009-10-08 14:37:23 ----D---- C:\Windows\Temp
2009-10-08 13:36:39 ----D---- C:\Windows\Tasks
2009-10-08 13:32:43 ----D---- C:\Windows\tracing
2009-10-08 00:27:20 ----AD---- C:\ProgramData\TEMP
2009-10-07 21:19:23 ----D---- C:\Windows\rescache
2009-10-07 20:59:13 ----D---- C:\ProgramData\Google Updater
2009-10-07 20:53:59 ----D---- C:\Windows\system32\en-US
2009-10-07 20:53:59 ----D---- C:\Windows\System32
2009-10-07 12:34:17 ----D---- C:\Windows\winsxs
2009-10-07 11:08:29 ----D---- C:\Windows\system32\catroot2
2009-10-07 11:08:29 ----D---- C:\Windows\system32\catroot
2009-10-07 11:00:46 ----SHD---- C:\System Volume Information
2009-10-07 10:50:35 ----D---- C:\Windows
2009-10-06 11:18:12 ----RD---- C:\Program Files
2009-10-05 22:52:08 ----D---- C:\Program Files\iWin.com
2009-10-03 20:58:57 ----D---- C:\ProgramData\Flood Light Games
2009-10-03 20:58:56 ----D---- C:\Users\Owner\AppData\Roaming\Flood Light Games
2009-10-03 20:48:37 ----D---- C:\BigFishGamesCache
2009-10-02 18:15:43 ----A---- C:\Windows\NeroDigital.ini
2009-10-02 18:15:10 ----A---- C:\Windows\ntbtlog.txt
2009-10-02 01:15:21 ----HD---- C:\ProgramData
2009-10-01 22:33:23 ----D---- C:\Program Files\Oberon Media
2009-10-01 22:33:23 ----D---- C:\Program Files\IncrediGames
2009-10-01 20:42:13 ----D---- C:\Users\Owner\AppData\Roaming\Apple Computer
2009-10-01 20:14:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-01 20:14:50 ----D---- C:\Windows\inf
2009-10-01 01:41:29 ----D---- C:\Program Files\SGPSA
2009-10-01 01:12:06 ----D---- C:\Windows\Microsoft.NET
2009-10-01 00:49:23 ----D---- C:\Windows\AppPatch
2009-10-01 00:34:16 ----SD---- C:\Windows\Downloaded Program Files
2009-09-30 16:57:35 ----D---- C:\Windows\system32\drivers
2009-09-30 14:05:20 ----D---- C:\Program Files\Registry Mechanic
2009-09-30 00:55:49 ----D---- C:\Program Files\NCH Software
2009-09-28 16:11:53 ----DC---- C:\Windows\system32\DRVSTORE
2009-09-28 16:08:18 ----D---- C:\Program Files\Common Files\Apple
2009-09-27 21:09:08 ----D---- C:\Program Files\bfgclient
2009-09-26 00:01:46 ----RSD---- C:\Windows\assembly
2009-09-25 23:33:01 ----D---- C:\Program Files\Windows Mail
2009-09-25 23:33:01 ----D---- C:\Program Files\Windows Calendar
2009-09-25 23:33:01 ----D---- C:\Program Files\Movie Maker
2009-09-25 23:32:59 ----D---- C:\Program Files\Windows Sidebar
2009-09-25 23:32:59 ----D---- C:\Program Files\Windows Media Player
2009-09-25 23:32:59 ----D---- C:\Program Files\Internet Explorer
2009-09-25 23:32:58 ----D---- C:\Program Files\Windows Collaboration
2009-09-25 23:32:54 ----D---- C:\Program Files\Common Files\System
2009-09-25 23:32:52 ----D---- C:\Program Files\Windows Photo Gallery
2009-09-25 23:32:39 ----D---- C:\Program Files\Windows Defender
2009-09-25 23:32:38 ----D---- C:\Windows\servicing
2009-09-25 23:31:57 ----D---- C:\Windows\IME
2009-09-25 23:31:55 ----D---- C:\Windows\system32\XPSViewer
2009-09-25 23:31:54 ----D---- C:\Windows\system32\sk-SK
2009-09-25 23:31:54 ----D---- C:\Windows\system32\lv-LV
2009-09-25 23:31:54 ----D---- C:\Windows\system32\ko-KR
2009-09-25 23:31:54 ----D---- C:\Windows\system32\hr-HR
2009-09-25 23:31:54 ----D---- C:\Windows\system32\et-EE
2009-09-25 23:31:54 ----D---- C:\Windows\system32\da-DK
2009-09-25 23:31:26 ----D---- C:\Windows\system32\de-DE
2009-09-25 23:31:25 ----D---- C:\Windows\system32\it-IT
2009-09-25 23:31:25 ----D---- C:\Windows\system32\el-GR
2009-09-25 23:31:24 ----D---- C:\Windows\system32\oobe
2009-09-25 23:31:22 ----D---- C:\Windows\system32\migration
2009-09-25 23:31:10 ----D---- C:\Windows\system32\ru-RU
2009-09-25 23:31:10 ----D---- C:\Windows\system32\AdvancedInstallers
2009-09-25 23:31:09 ----D---- C:\Windows\system32\sv-SE
2009-09-25 23:31:09 ----D---- C:\Windows\system32\setup
2009-09-25 23:31:09 ----D---- C:\Windows\system32\hu-HU
2009-09-25 23:31:09 ----D---- C:\Windows\system32\he-IL
2009-09-25 23:31:09 ----D---- C:\Windows\system32\fr-FR
2009-09-25 23:31:09 ----D---- C:\Windows\system32\fi-FI
2009-09-25 23:31:09 ----D---- C:\Windows\system32\cs-CZ
2009-09-25 23:31:08 ----D---- C:\Windows\system32\SLUI
2009-09-25 23:31:08 ----D---- C:\Windows\system32\pt-PT
2009-09-25 23:31:02 ----D---- C:\Windows\system32\zh-CN
2009-09-25 23:31:02 ----D---- C:\Windows\system32\sr-Latn-CS
2009-09-25 23:31:02 ----D---- C:\Windows\system32\manifeststore
2009-09-25 23:31:02 ----D---- C:\Windows\system32\es-ES
2009-09-25 23:31:02 ----D---- C:\Windows\system32\en
2009-09-25 23:31:01 ----D---- C:\Windows\system32\zh-TW
2009-09-25 23:31:01 ----D---- C:\Windows\system32\uk-UA
2009-09-25 23:31:01 ----D---- C:\Windows\system32\sl-SI
2009-09-25 23:31:01 ----D---- C:\Windows\system32\pl-PL
2009-09-25 23:31:01 ----D---- C:\Windows\system32\ja-JP
2009-09-25 23:31:01 ----D---- C:\Windows\system32\bg-BG
2009-09-25 23:31:00 ----D---- C:\Windows\system32\ro-RO
2009-09-25 23:30:56 ----D---- C:\Windows\system32\th-TH
2009-09-25 23:30:51 ----D---- C:\Windows\system32\tr-TR
2009-09-25 23:30:47 ----D---- C:\Windows\system32\wbem
2009-09-25 23:30:39 ----D---- C:\Windows\system32\nl-NL
2009-09-25 23:30:39 ----D---- C:\Windows\system32\nb-NO
2009-09-25 23:30:39 ----D---- C:\Windows\system32\lt-LT
2009-09-25 23:30:39 ----D---- C:\Windows\system32\ar-SA
2009-09-25 23:30:37 ----D---- C:\Windows\system32\pt-BR
2009-09-25 23:30:37 ----D---- C:\Windows\system32\migwiz
2009-09-25 23:29:10 ----RSD---- C:\Windows\Fonts
2009-09-25 23:28:41 ----D---- C:\Windows\system32\Boot
2009-09-25 22:50:26 ----D---- C:\Users\Owner\AppData\Roaming\Princess Isabella
2009-09-23 22:41:06 ----D---- C:\Program Files\Mozilla Firefox
2009-09-23 14:04:35 ----D---- C:\Program Files\McAfee
2009-09-22 23:23:23 ----D---- C:\Windows\system32\Tasks
2009-09-16 17:04:53 ----D---- C:\Windows\SoftwareDistribution
2009-09-16 17:04:02 ----D---- C:\Program Files\MSN Messenger
2009-09-16 17:01:01 ----D---- C:\Program Files\Common Files\microsoft shared
2009-09-16 16:52:31 ----D---- C:\Program Files\Common Files
2009-09-16 16:52:21 ----SD---- C:\ProgramData\Microsoft
2009-09-14 17:48:39 ----D---- C:\Program Files\Google
2009-09-10 23:54:46 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-07-08 214024]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2009-07-16 130424]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS [2008-03-25 4137312]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-07-08 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-07-08 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-07-08 40552]
R3 NCHSSVAD;SoundTap Recorder; C:\Windows\system32\drivers\nchssvad.sys [2008-12-27 27136]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-12-11 8238688]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\sisnic.sys [2006-11-02 35328]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
S3 BthAvrcp;Bluetooth AVRCP Profile; C:\Windows\system32\DRIVERS\BthAvrcp.sys [2007-08-24 15872]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\Windows\system32\drivers\BVRPMPR5.SYS [2007-03-27 49904]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-07-08 34248]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcm;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2007-10-12 490776]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver; C:\Windows\system32\DRIVERS\wg111v2.sys []
S3 SiS315;SiS315; C:\Windows\system32\DRIVERS\sisgrp.sys [2006-11-02 256000]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2007-01-12 113792]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2007-01-24 73728]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2007-01-22 53376]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-01-12 40576]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbbus;LGE CDMA Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]
S3 USBModem;LGE CDMA USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;Bluetooth Support Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Findbasic Service;Findbasic Service; C:\ProgramData\Findbasic\findbasic125.exe [2009-09-23 54776]
R2 iWinTrusted;iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [2009-09-03 78104]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-10 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-07-08 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-07-10 894136]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-07-08 26640]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-02 118784]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-07-08 606736]
S2 gupdate1ca352042073a72;Google Update Service (gupdate1ca352042073a72); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-14 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe [2009-06-08 16680]
S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-07-08 68112]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-07-08 365072]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-27 145184]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S4 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-01-26 66872]

-----------------EOF-----------------

**toladogold** · 2009-10-08, 09:12

info.txt logfile of random's system information tool 1.06 2009-10-08 14:37:48

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Airport Mania (remove only)-->"C:\Program Files\iWin.com\Airport Mania\Uninstall.exe"
America's Army-->MsiExec.exe /I{D873FA4B-C374-4F8A-8D9A-130DB56FAB16}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Aveyond: Lord of Twilight (remove only)-->"C:\Program Files\iWin.com\Aveyond Lord of Twilight\Uninstall.exe"
Babysitting Mania (remove only)-->"C:\Program Files\iWin.com\Babysitting Mania\Uninstall.exe"
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon MP180-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP180\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP180 /L0x0009
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Deer Hunter - The 2005 Season Demo-->"C:\Program Files\Atari\Deer Hunter 2005 Demo\unins000.exe"
Dream Chronicles: The Chosen Child (remove only)-->"C:\Program Files\iWin.com\Dream Chronicles The Chosen Child\Uninstall.exe"
Dream Vacation Solitaire FREE-->"C:\Program Files\IncrediGames\Dream Vacation Solitaire FREE\Uninstall.exe" "C:\Program Files\IncrediGames\Dream Vacation Solitaire FREE\install.log"
Enemy Territory - QUAKE Wars(TM) Demo 2-->C:\Program Files\InstallShield Installation Information\{0E1B773B-B396-4FA4-BBB9-01F8D1F74C57}\setup.exe -runfromtemp -l0x0409
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
FFPremiereAdvertisingPlatform-->C:\Program Files\Mozilla Firefox\extensions\PremiereAdvertisingPlatform@PremiereAdvertisingPlatform\uninstall.exe uninstall=premiereadvertisingplatformff
Findbasic 1.0 build 125-->C:\Program Files\Findbasic\uninstall.exe
Fishdom (remove only)-->"C:\Program Files\iWin.com\Fishdom\Uninstall.exe"
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Chrome-->"C:\Program Files\Google\Chrome\Application\3.0.195.25\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GoToAssist 8.0.0.516-->C:\Program Files\Citrix\GoToAssist\516\G2AUninstaller.exe /uninstall
Heroes Of Hellas (remove only)-->"C:\Program Files\iWin.com\Heroes Of Hellas\Uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IncrediMail Xe-->C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log
iPhone Configuration Utility-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1}
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
iWin Games (remove only)-->"C:\Program Files\iWin Games\Uninstall.exe"
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Jewel Quest Mysteries: Trail of the Midnight Heart (remove only)-->"C:\Program Files\iWin.com\Jewel Quest Mysteries Trail of the Midnight Heart\Uninstall.exe"
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Just Cause 1.00.0000-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9E270CC-AE42-4BD8-B9C6-1EB3A8657FF5}\setup.exe" -l0x9 -removeonly
Karate 3D-->C:\Windows\IsUninst.exe -f"C:\Program Files\Nodtronics Pty Ltd\Karate 3D\Uninst.isu"
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
LimeWire 4.12.11-->"C:\Program Files\LimeWire\uninstall.exe"
Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Mad Skills Motocross Demo-->C:\Program Files\Mad Skills Motocross Demo\uninstall.exe
Magentic-->C:\PROGRA~1\Magentic\bin\mgsetup.exe /remove /addon:Magentic
Magic Academy 2 (remove only)-->"C:\Program Files\iWin.com\Magic Academy 2\Uninstall.exe"
Magic Utilities 2008 Version 5.51-->"C:\Program Files\Mgutil\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
McAfee Virtual Technician-->MsiExec.exe /I{FCC07EEA-FA18-4A21-9105-9666603C6885}
MessengerDiscovery 1.5.0800-->"C:\Program Files\MessengerDiscovery\unins001.exe"
MessengerDiscovery 2.0.44-->"C:\Program Files\MessengerDiscovery 2\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Age of Empires Gold-->"C:\Program Files\Microsoft Games\Age of Empires\UNINSTAL.EXE" /runtemp
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Money System Pack-->MsiExec.exe /I{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7}
Microsoft Money-->MsiExec.exe /I{01A2E33A-8ADA-42D1-9173-8F65149E952F}
Microsoft Motocross Madness 2 Trial-->"C:\Program Files\Microsoft Games\Motocross Madness 2 Trial\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
Mirar-->mshta.exe http://remove.getmirar.com/
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
Nancy Drew Dossier: Resorting to Danger (remove only)-->"C:\Program Files\iWin.com\Nancy Drew Dossier Resorting to Danger\Uninstall.exe"
Nero 7 Essentials-->MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033}
Nero 7 Essentials-->MsiExec.exe /X{2D0ECDC9-1595-473C-8716-35FEE3C01033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Paintball Heroes-->C:\Windows\IsUninst.exe -f"C:\Program Files\Nodtronics Pty Ltd\Paintball Heroes\Uninst.isu"
Pantheon-->"C:\Program Files\Pantheon\Uninstall.exe"
PFConfig 1.0.223-->C:\Program Files\PFConfig\uninst.exe
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Prism Video Converter-->C:\Program Files\NCH Software\Prism\uninst.exe
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Race Driver 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A137D52E-FA96-4815-85F5-E7B8F66837DB}\setup.exe" -l0x9 -removeonly
RealArcade-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst" "AddRemove"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->Alcrmv.exe -r -m
Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Soldier of Fortune Platinum-->C:\Windows\IsUninst.exe -f"C:\Program Files\Raven\SOF PLATINUM\sofplat.isu"
SoundTap Streaming Audio Recorder-->C:\Program Files\NCH Swift Sound\SoundTap\uninst.exe
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Splinter Cell Pandora Tomorrow-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}\Setup.exe" -l0x9
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StarOffice 8-->MsiExec.exe /I{86E2FE20-6679-4F30-B8E0-36D5BF6018BE}
Super Motocross Kings-->C:\Windows\IsUninst.exe -f"C:\Program Files\Nodtronics Pty Ltd\Super Motocross Kings\Uninst.isu"
Superbike Racing-->C:\Windows\IsUninst.exe -f"C:\Program Files\NodTronics Pty Ltd\Superbike Racing\Uninst.isu"
Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Townopolis (remove only)-->"C:\Program Files\iWin.com\Townopolis\Uninstall.exe"
Transport Giant-->MsiExec.exe /I{14288914-DED4-43D3-8B24-7F7EA9BDB0A5}
Tweak UI-->"C:\Windows\system32\mshta.exe" "res://C:\Windows\system32\TweakUI.exe/uninstall.hta"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb973514)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {03B11C77-336F-43B4-9B43-79890BA84504}
WinAce Archiver - Powered by AdVantage-->"C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Windows Driver Package - Nokia Modem (10/12/2007 3.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ee12375f\nokia_bluetooth.inf
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Women's Murder Club - Twice in a Blue Moon-->C:\Program Files\Women's Murder Club - Twice in a Blue Moon\uninstall.exe

======Security center information======

AS: Spybot - Search and Destroy (outdated)
AS: Windows Defender

======System event log======

Computer Name: Owner-PC
Event Code: 4227
Message: TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections from a given local endpoint to a given remote endpoint.
Record Number: 210847
Source Name: Tcpip
Time Written: 20090515114825.144533-000
Event Type: Warning
User:

Computer Name: Owner-PC
Event Code: 4227
Message: TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections from a given local endpoint to a given remote endpoint.
Record Number: 210844
Source Name: Tcpip
Time Written: 20090515104026.476874-000
Event Type: Warning
User:

Computer Name: Owner-PC
Event Code: 4227
Message: TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections from a given local endpoint to a given remote endpoint.
Record Number: 210833
Source Name: Tcpip
Time Written: 20090515083621.025335-000
Event Type: Warning
User:

Computer Name: Owner-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
SCMNdisP
Record Number: 210803
Source Name: Service Control Manager
Time Written: 20090515082524.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 7022
Message: The Diagnostic Service Host service hung on starting.
Record Number: 210802
Source Name: Service Control Manager
Time Written: 20090515082524.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Owner-PC
Event Code: 1002
Message: The program iexplore.exe version 7.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 2df0 Start Time: 01c8feee6e5eb502 Termination Time: 0
Record Number: 46963
Source Name: Application Hang
Time Written: 20080815155018.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 1002
Message: The program iexplore.exe version 7.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 222c Start Time: 01c8feed52cc72f3 Termination Time: 0
Record Number: 46961
Source Name: Application Hang
Time Written: 20080815155003.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6001.18000, time stamp 0x47918f11, faulting module Flash9d.ocx, version 9.0.47.0, time stamp 0x466daac0, exception code 0xc0000005, fault offset 0x000a24b2, process id 0x2f7c, application start time 0x01c8fee9ce2dc2bb.
Record Number: 46959
Source Name: Application Error
Time Written: 20080815154057.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2490314987-2349913300-1285092130-1000_Classes:
Process 880 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2490314987-2349913300-1285092130-1000_CLASSES

Record Number: 46845
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080814163058.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Owner-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
6 user registry handles leaked from \Registry\User\S-1-5-21-2490314987-2349913300-1285092130-1000:
Process 880 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2490314987-2349913300-1285092130-1000
Process 3328 (\Device\HarddiskVolume1\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-2490314987-2349913300-1285092130-1000\Software\Ahead\Nero Home\MediaLibrary
Process 3328 (\Device\HarddiskVolume1\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-2490314987-2349913300-1285092130-1000\Software\Ahead\Nero Home\MediaLibrary
Process 3328 (\Device\HarddiskVolume1\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-2490314987-2349913300-1285092130-1000\Software\Ahead\Nero Home\MediaLibrary
Process 3328 (\Device\HarddiskVolume1\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-2490314987-2349913300-1285092130-1000\Software\Ahead\Nero Home\MediaLibrary\Scanner
Process 3328 (\Device\HarddiskVolume1\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-2490314987-2349913300-1285092130-1000\Software\Ahead\Nero Home\MediaLibrary\Scanner

Record Number: 46844
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080814163056.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: Owner-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x254ba

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 65523
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081224164144.812875-000
Event Type: Audit Success
User:

Computer Name: Owner-PC
Event Code: 4616
Message: The system time was changed.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Process Information:
Process ID: 0x514
Name: C:\Windows\System32\svchost.exe

Previous Time: 1:41:34 AM 25/12/2008
New Time: 1:41:34 AM 25/12/2008

This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Record Number: 65522
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081224164136.859750-000
Event Type: Audit Success
User:

Computer Name: Owner-PC
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 65521
Source Name: Microsoft-Windows-Eventlog
Time Written: 20081224164135.531625-000
Event Type: Audit Success
User:

Computer Name: Owner-PC
Event Code: 4647
Message: User initiated logoff:

Subject:
Security ID: S-1-5-21-2490314987-2349913300-1285092130-1000
Account Name: Owner
Account Domain: Owner-PC
Logon ID: 0x19233

This event is generated when a logoff is initiated but the token reference count is not zero and the logon session cannot be destroyed. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Record Number: 65520
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081224164122.829362-000
Event Type: Audit Success
User:

Computer Name: Owner-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 65519
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081224150714.797414-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0605
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

**Shaba** · 2009-10-08, 15:59

First if all, you have too little RAM for Vista to work smoothly.

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire 4.12.11

I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete info.txt from c:\rsit folder.

Please run a new rsit log scan when finished and post the log back here.

**toladogold** · 2009-10-09, 16:53

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-10-09 22:40:43
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 46 GB (30%) free of 153 GB
Total RAM: 1023 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:51 PM, on 9/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredigames.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PremiereAdvertisingPlatform - {547395D9-934A-CED6-B851-F238C86079E5} - C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DealAssistant] C:\Users\Owner\AppData\Roaming\DealAssistant\dealassistant.exe
O4 - HKCU\..\Run: [SfKg6wIPuSpdcduD7] C:\Users\Owner\AppData\Roaming\Microsoft\Windows\oulwsv.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.box10.com/moto-x-freestyle.html"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZKxdm220YYAU
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/The%20Enchanting%20Islands/Images/stg_drm.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Tropix%202%20-%20Quest%20for%20the%20Golden%20Banana/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\516\G2AWinLogon.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Findbasic Service - Unknown owner - C:\ProgramData\Findbasic\findbasic125.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe
O23 - Service: Google Update Service (gupdate1ca352042073a72) (gupdate1ca352042073a72) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 13386 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job
C:\Windows\tasks\User_Feed_Synchronization-{9B855E8D-610D-473F-A0DC-00A6900276B0}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}]
C:\Program Files\Microsoft Money\System\mnyside.dll [2002-07-17 163906]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-07-08 246800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-12-24 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{547395D9-934A-CED6-B851-F238C86079E5}]
PremiereAdvertisingPlatform - C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-07-08 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2009-06-16 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2009-06-16 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-07-10 645328]
"SoundMan"=C:\Windows\SOUNDMAN.EXE [2007-03-09 598016]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-09-02 25623336]
"DealAssistant"=C:\Users\Owner\AppData\Roaming\DealAssistant\dealassistant.exe []
"SfKg6wIPuSpdcduD7"=C:\Users\Owner\AppData\Roaming\Microsoft\Windows\oulwsv.exe []
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HiYo]
C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe [2007-05-20 208946]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
C:\PROGRA~1\Magentic\bin\Magentic.exe [2007-09-03 475180]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
C:\Program Files\Microsoft Money\System\mnyexpr.exe [2002-07-17 200767]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe [2008-04-18 9117696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2007-12-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2007-12-11 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe -startup []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\516\G2AWinLogon.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b05eb7ce-16ce-11dc-b5c0-806e6f6e6963}]
shell\AutoRun\command - D:\autorun.exe

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2037-04-19 04:03:21 ----D---- C:\ProgramData\CyberLink
2037-04-19 04:02:59 ----D---- C:\Program Files\CyberLink
2037-04-19 03:54:35 ----D---- C:\ProgramData\Nero
2037-04-19 03:54:35 ----D---- C:\Program Files\Nero
2037-04-19 03:08:33 ----D---- C:\Windows\Panther
2037-04-19 03:08:19 ----SHD---- C:\Boot
2037-04-19 03:05:02 ----D---- C:\Program Files\Microsoft Visual Studio
2037-04-19 02:57:45 ----A---- C:\Windows\system32\msonpmon.dll
2037-04-19 02:57:18 ----D---- C:\Program Files\Microsoft Works
2037-04-19 02:57:03 ----D---- C:\Program Files\Common Files\DESIGNER
2037-04-19 02:56:44 ----D---- C:\Windows\PCHEALTH
2037-04-19 02:56:44 ----D---- C:\Program Files\Microsoft.NET
2037-04-19 02:55:38 ----D---- C:\Windows\SHELLNEW
2037-04-19 02:55:08 ----D---- C:\ProgramData\Microsoft Help
2037-04-19 02:55:08 ----D---- C:\Program Files\Microsoft Office
2037-04-19 02:54:46 ----RHD---- C:\MSOCache
2037-04-19 02:31:24 ----A---- C:\Windows\system32\d3dx9_30.dll
2037-04-19 02:31:24 ----A---- C:\Windows\system32\d3dx9_28.dll
2037-04-19 02:30:49 ----SHD---- C:\Windows\Installer
2037-04-19 02:29:47 ----D---- C:\arrow
2037-04-19 02:27:08 ----A---- C:\Windows\system32\NeroCheck.exe
2037-04-19 02:26:13 ----D---- C:\Program Files\Common Files\Nero
2037-04-19 02:25:50 ----A---- C:\Windows\system32\msxml3a.dll
2037-04-19 02:25:04 ----D---- C:\ProgramData\Ahead
2037-04-19 02:25:02 ----A---- C:\Windows\system32\TwnLib20.dll
2037-04-19 02:25:02 ----A---- C:\Windows\system32\picn20.dll
2037-04-19 02:24:57 ----D---- C:\Program Files\Common Files\Ahead
2037-04-19 02:24:55 ----D---- C:\Program Files\Ahead
2037-04-19 02:23:27 ----A---- C:\Windows\system32\ChCfg.exe
2037-04-19 02:22:44 ----D---- C:\Program Files\Realtek AC97
2037-04-19 02:22:38 ----A---- C:\Windows\system32\RtlCPAPI.dll
2037-04-19 02:22:36 ----HD---- C:\Program Files\InstallShield Installation Information
2037-04-19 02:22:06 ----D---- C:\Program Files\Common Files\InstallShield
2037-04-19 02:10:30 ----D---- C:\Windows\Debug
2037-04-19 02:09:09 ----D---- C:\Windows\Prefetch
2009-10-08 14:37:16 ----D---- C:\rsit
2009-10-07 11:04:03 ----A---- C:\Windows\system32\wups2.dll
2009-10-07 11:04:02 ----A---- C:\Windows\system32\wucltux.dll
2009-10-07 11:04:02 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-07 11:04:02 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-07 11:01:21 ----A---- C:\Windows\system32\wups.dll
2009-10-07 11:01:21 ----A---- C:\Windows\system32\wudriver.dll
2009-10-07 11:01:21 ----A---- C:\Windows\system32\wuapi.dll
2009-10-07 10:59:47 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-07 10:59:46 ----A---- C:\Windows\system32\wuapp.exe
2009-10-06 11:18:12 ----D---- C:\Program Files\Mad Skills Motocross Demo
2009-10-05 22:46:03 ----A---- C:\Windows\system32\d3dx9_33.dll
2009-10-03 20:58:10 ----D---- C:\Program Files\Women's Murder Club - Twice in a Blue Moon
2009-10-03 20:50:20 ----D---- C:\Program Files\Pantheon
2009-10-03 01:18:55 ----N---- C:\Windows\system32\MpSigStub.exe
2009-10-03 00:33:57 ----D---- C:\Users\Owner\AppData\Roaming\Magic Academy 2
2009-10-02 23:40:59 ----D---- C:\Program Files\Trend Micro
2009-10-02 23:34:03 ----D---- C:\Windows\ERDNT
2009-10-02 23:29:18 ----D---- C:\Program Files\ERUNT
2009-10-01 00:38:45 ----D---- C:\Windows\system32\WindowsPowerShell
2009-10-01 00:34:00 ----D---- C:\Program Files\Microsoft ATS
2009-09-29 01:39:45 ----D---- C:\ProgramData\Electronic Arts
2009-09-28 23:09:56 ----RA---- C:\Windows\system32\vp6vfw.dll
2009-09-28 22:28:42 ----D---- C:\Program Files\Electronic Arts
2009-09-28 16:11:54 ----A---- C:\Windows\system32\GEARAspi.dll
2009-09-28 16:08:19 ----D---- C:\Program Files\iPod
2009-09-28 16:08:05 ----D---- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-28 16:08:05 ----D---- C:\Program Files\iTunes
2009-09-28 16:02:33 ----D---- C:\Program Files\QuickTime
2009-09-28 15:47:03 ----D---- C:\Program Files\iPhone Configuration Utility
2009-09-27 21:25:47 ----D---- C:\ProgramData\SOS
2009-09-25 23:28:48 ----D---- C:\Windows\system32\eu-ES
2009-09-25 23:28:48 ----D---- C:\Windows\system32\ca-ES
2009-09-25 23:28:41 ----D---- C:\Windows\system32\vi-VN
2009-09-25 23:01:23 ----D---- C:\Users\Owner\AppData\Roaming\FlyWheelGames
2009-09-24 13:37:02 ----HD---- C:\Windows\PIF
2009-09-23 22:38:35 ----D---- C:\ProgramData\Findbasic
2009-09-23 22:38:35 ----D---- C:\Program Files\Findbasic
2009-09-23 22:38:31 ----D---- C:\Users\Owner\AppData\Roaming\DealAssistant
2009-09-23 22:38:30 ----A---- C:\Windows\system32\5c78.dll
2009-09-22 23:23:07 ----D---- C:\Program Files\iWin Games
2009-09-19 22:59:22 ----D---- C:\Users\Owner\AppData\Roaming\Merscom
2009-09-19 22:59:22 ----D---- C:\ProgramData\Merscom
2009-09-16 17:11:25 ----A---- C:\Windows\system32\d3dx9_32.dll
2009-09-16 17:08:29 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-09-16 17:01:56 ----D---- C:\Program Files\Microsoft
2009-09-16 17:00:23 ----D---- C:\Program Files\Windows Live SkyDrive
2009-09-16 16:59:17 ----D---- C:\Program Files\Windows Live
2009-09-16 16:52:31 ----D---- C:\Program Files\Common Files\Windows Live
2009-09-14 18:54:25 ----D---- C:\Users\Owner\AppData\Roaming\skypePM
2009-09-14 18:48:52 ----D---- C:\Users\Owner\AppData\Roaming\Skype
2009-09-14 17:42:54 ----D---- C:\Program Files\Common Files\Skype
2009-09-14 17:42:49 ----RD---- C:\Program Files\Skype
2009-09-14 17:42:20 ----D---- C:\ProgramData\Skype
2009-09-11 20:53:32 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-09-11 20:28:05 ----D---- C:\Program Files\Codemasters
2009-09-10 13:21:30 ----A---- C:\Windows\system32\jscript.dll
2009-09-10 13:21:12 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-10 13:21:09 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-10 13:21:08 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-10 13:21:08 ----A---- C:\Windows\system32\ARP.EXE
2009-09-10 13:21:07 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-10 13:21:07 ----A---- C:\Windows\system32\finger.exe
2009-09-10 13:21:06 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-10 13:21:05 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-10 13:21:03 ----A---- C:\Windows\system32\netevent.dll
2009-09-10 13:19:26 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-10 13:19:26 ----A---- C:\Windows\system32\wlanhlp.dll
2009-09-10 13:19:25 ----A---- C:\Windows\system32\wlansec.dll
2009-09-10 13:19:25 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-10 13:19:25 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-10 13:19:24 ----A---- C:\Windows\system32\wlanapi.dll
2009-09-10 13:19:15 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-10 13:19:14 ----A---- C:\Windows\system32\mf.dll
2009-09-10 13:19:13 ----A---- C:\Windows\system32\rrinstaller.exe
2009-09-10 13:19:13 ----A---- C:\Windows\system32\mfps.dll
2009-09-10 13:19:13 ----A---- C:\Windows\system32\mfpmp.exe
2009-09-10 13:19:12 ----A---- C:\Windows\system32\mferror.dll

======List of files/folders modified in the last 1 months======

2037-04-19 02:49:33 ----D---- C:\Windows\system32\NDF
2009-10-09 22:40:49 ----D---- C:\Windows\Temp
2009-10-09 22:31:23 ----D---- C:\Program Files\LimeWire
2009-10-09 22:10:47 ----AD---- C:\ProgramData\TEMP
2009-10-09 22:04:17 ----D---- C:\Users\Owner\AppData\Roaming\Playrix Entertainment
2009-10-09 22:00:50 ----D---- C:\Program Files\iWin.com
2009-10-09 20:27:43 ----D---- C:\Windows\tracing
2009-10-09 16:20:14 ----SHD---- C:\System Volume Information
2009-10-09 14:35:51 ----D---- C:\Windows\Tasks
2009-10-09 14:31:22 ----D---- C:\Windows
2009-10-08 22:00:18 ----D---- C:\ProgramData\Google Updater
2009-10-08 16:19:22 ----D---- C:\Users\Owner\AppData\Roaming\PlayFirst
2009-10-08 16:19:22 ----D---- C:\ProgramData\PlayFirst
2009-10-07 21:19:23 ----D---- C:\Windows\rescache
2009-10-07 20:53:59 ----D---- C:\Windows\system32\en-US
2009-10-07 20:53:59 ----D---- C:\Windows\System32
2009-10-07 12:34:17 ----D---- C:\Windows\winsxs
2009-10-07 11:08:29 ----D---- C:\Windows\system32\catroot2
2009-10-07 11:08:29 ----D---- C:\Windows\system32\catroot
2009-10-06 11:18:12 ----RD---- C:\Program Files
2009-10-03 20:58:57 ----D---- C:\ProgramData\Flood Light Games
2009-10-03 20:58:56 ----D---- C:\Users\Owner\AppData\Roaming\Flood Light Games
2009-10-03 20:48:37 ----D---- C:\BigFishGamesCache
2009-10-02 18:15:43 ----A---- C:\Windows\NeroDigital.ini
2009-10-02 18:15:10 ----A---- C:\Windows\ntbtlog.txt
2009-10-02 01:15:21 ----HD---- C:\ProgramData
2009-10-01 22:33:23 ----D---- C:\Program Files\Oberon Media
2009-10-01 22:33:23 ----D---- C:\Program Files\IncrediGames
2009-10-01 20:42:13 ----D---- C:\Users\Owner\AppData\Roaming\Apple Computer
2009-10-01 20:14:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-01 20:14:50 ----D---- C:\Windows\inf
2009-10-01 01:41:29 ----D---- C:\Program Files\SGPSA
2009-10-01 01:12:06 ----D---- C:\Windows\Microsoft.NET
2009-10-01 00:49:23 ----D---- C:\Windows\AppPatch
2009-10-01 00:34:16 ----SD---- C:\Windows\Downloaded Program Files
2009-09-30 16:57:35 ----D---- C:\Windows\system32\drivers
2009-09-30 14:05:20 ----D---- C:\Program Files\Registry Mechanic
2009-09-30 00:55:49 ----D---- C:\Program Files\NCH Software
2009-09-28 16:11:53 ----DC---- C:\Windows\system32\DRVSTORE
2009-09-28 16:08:18 ----D---- C:\Program Files\Common Files\Apple
2009-09-27 21:09:08 ----D---- C:\Program Files\bfgclient
2009-09-26 00:01:46 ----RSD---- C:\Windows\assembly
2009-09-25 23:33:01 ----D---- C:\Program Files\Windows Mail
2009-09-25 23:33:01 ----D---- C:\Program Files\Windows Calendar
2009-09-25 23:33:01 ----D---- C:\Program Files\Movie Maker
2009-09-25 23:32:59 ----D---- C:\Program Files\Windows Sidebar
2009-09-25 23:32:59 ----D---- C:\Program Files\Windows Media Player
2009-09-25 23:32:59 ----D---- C:\Program Files\Internet Explorer
2009-09-25 23:32:58 ----D---- C:\Program Files\Windows Collaboration
2009-09-25 23:32:54 ----D---- C:\Program Files\Common Files\System
2009-09-25 23:32:52 ----D---- C:\Program Files\Windows Photo Gallery
2009-09-25 23:32:39 ----D---- C:\Program Files\Windows Defender
2009-09-25 23:32:38 ----D---- C:\Windows\servicing
2009-09-25 23:31:57 ----D---- C:\Windows\IME
2009-09-25 23:31:55 ----D---- C:\Windows\system32\XPSViewer
2009-09-25 23:31:54 ----D---- C:\Windows\system32\sk-SK
2009-09-25 23:31:54 ----D---- C:\Windows\system32\lv-LV
2009-09-25 23:31:54 ----D---- C:\Windows\system32\ko-KR
2009-09-25 23:31:54 ----D---- C:\Windows\system32\hr-HR
2009-09-25 23:31:54 ----D---- C:\Windows\system32\et-EE
2009-09-25 23:31:54 ----D---- C:\Windows\system32\da-DK
2009-09-25 23:31:26 ----D---- C:\Windows\system32\de-DE
2009-09-25 23:31:25 ----D---- C:\Windows\system32\it-IT
2009-09-25 23:31:25 ----D---- C:\Windows\system32\el-GR
2009-09-25 23:31:24 ----D---- C:\Windows\system32\oobe
2009-09-25 23:31:22 ----D---- C:\Windows\system32\migration
2009-09-25 23:31:10 ----D---- C:\Windows\system32\ru-RU
2009-09-25 23:31:10 ----D---- C:\Windows\system32\AdvancedInstallers
2009-09-25 23:31:09 ----D---- C:\Windows\system32\sv-SE
2009-09-25 23:31:09 ----D---- C:\Windows\system32\setup
2009-09-25 23:31:09 ----D---- C:\Windows\system32\hu-HU
2009-09-25 23:31:09 ----D---- C:\Windows\system32\he-IL
2009-09-25 23:31:09 ----D---- C:\Windows\system32\fr-FR
2009-09-25 23:31:09 ----D---- C:\Windows\system32\fi-FI
2009-09-25 23:31:09 ----D---- C:\Windows\system32\cs-CZ
2009-09-25 23:31:08 ----D---- C:\Windows\system32\SLUI
2009-09-25 23:31:08 ----D---- C:\Windows\system32\pt-PT
2009-09-25 23:31:02 ----D---- C:\Windows\system32\zh-CN
2009-09-25 23:31:02 ----D---- C:\Windows\system32\sr-Latn-CS
2009-09-25 23:31:02 ----D---- C:\Windows\system32\manifeststore
2009-09-25 23:31:02 ----D---- C:\Windows\system32\es-ES
2009-09-25 23:31:02 ----D---- C:\Windows\system32\en
2009-09-25 23:31:01 ----D---- C:\Windows\system32\zh-TW
2009-09-25 23:31:01 ----D---- C:\Windows\system32\uk-UA
2009-09-25 23:31:01 ----D---- C:\Windows\system32\sl-SI
2009-09-25 23:31:01 ----D---- C:\Windows\system32\pl-PL
2009-09-25 23:31:01 ----D---- C:\Windows\system32\ja-JP
2009-09-25 23:31:01 ----D---- C:\Windows\system32\bg-BG
2009-09-25 23:31:00 ----D---- C:\Windows\system32\ro-RO
2009-09-25 23:30:56 ----D---- C:\Windows\system32\th-TH
2009-09-25 23:30:51 ----D---- C:\Windows\system32\tr-TR
2009-09-25 23:30:47 ----D---- C:\Windows\system32\wbem
2009-09-25 23:30:39 ----D---- C:\Windows\system32\nl-NL
2009-09-25 23:30:39 ----D---- C:\Windows\system32\nb-NO
2009-09-25 23:30:39 ----D---- C:\Windows\system32\lt-LT
2009-09-25 23:30:39 ----D---- C:\Windows\system32\ar-SA
2009-09-25 23:30:37 ----D---- C:\Windows\system32\pt-BR
2009-09-25 23:30:37 ----D---- C:\Windows\system32\migwiz
2009-09-25 23:29:10 ----RSD---- C:\Windows\Fonts
2009-09-25 23:28:41 ----D---- C:\Windows\system32\Boot
2009-09-25 22:50:26 ----D---- C:\Users\Owner\AppData\Roaming\Princess Isabella
2009-09-23 22:41:06 ----D---- C:\Program Files\Mozilla Firefox
2009-09-23 14:04:35 ----D---- C:\Program Files\McAfee
2009-09-22 23:23:23 ----D---- C:\Windows\system32\Tasks
2009-09-16 17:04:53 ----D---- C:\Windows\SoftwareDistribution
2009-09-16 17:04:02 ----D---- C:\Program Files\MSN Messenger
2009-09-16 17:01:01 ----D---- C:\Program Files\Common Files\microsoft shared
2009-09-16 16:52:31 ----D---- C:\Program Files\Common Files
2009-09-16 16:52:21 ----SD---- C:\ProgramData\Microsoft
2009-09-14 17:48:39 ----D---- C:\Program Files\Google
2009-09-10 23:54:46 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-07-08 214024]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2009-07-16 130424]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS [2008-03-25 4137312]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-07-08 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-07-08 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-07-08 40552]
R3 NCHSSVAD;SoundTap Recorder; C:\Windows\system32\drivers\nchssvad.sys [2008-12-27 27136]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-12-11 8238688]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\sisnic.sys [2006-11-02 35328]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
S3 BthAvrcp;Bluetooth AVRCP Profile; C:\Windows\system32\DRIVERS\BthAvrcp.sys [2007-08-24 15872]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\Windows\system32\drivers\BVRPMPR5.SYS [2007-03-27 49904]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-07-08 34248]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcm;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2007-10-12 490776]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver; C:\Windows\system32\DRIVERS\wg111v2.sys []
S3 SiS315;SiS315; C:\Windows\system32\DRIVERS\sisgrp.sys [2006-11-02 256000]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2007-01-12 113792]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2007-01-24 73728]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2007-01-22 53376]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-01-12 40576]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbbus;LGE CDMA Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]
S3 USBModem;LGE CDMA USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;Bluetooth Support Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Findbasic Service;Findbasic Service; C:\ProgramData\Findbasic\findbasic125.exe [2009-09-23 54776]
R2 iWinTrusted;iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [2009-09-03 78104]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-10 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-07-08 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-07-10 894136]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-07-08 26640]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-02 118784]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-07-08 606736]
S2 gupdate1ca352042073a72;Google Update Service (gupdate1ca352042073a72); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-14 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe [2009-06-08 16680]
S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-07-08 68112]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-07-08 365072]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-27 145184]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S4 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-01-26 66872]

-----------------EOF-----------------

Thread: Problems with DealAssistant and MyWebSearch

Thread Tools

Display

Problems with DealAssistant and MyWebSearch

Posting Permissions