View Full Version : Virtumonde malware on my system please HELP!
Stefan Witvoet
2008-05-28, 00:32
I have this Virumonde infection that seem to have reared its head recently - I have constant popups asking me to have my system checked. SystemErrorFixer is the application that is constantly asking me to have them check my system.
I have followed all procedures - its taken me the best part of my day!!! to get to this point. Browsing certains sites at least has become possible so far, but the popups are still appearing.
I actually started from the back and worked my way toward the beginning on how to remove this but thought it may be best to ask the experts on how exactly to go about clearing the malware from my computer. Many thanks in advance!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:07 PM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hypnosis.com/scripts.aspx?section=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=en&client=dell-row&channel=nl&ibd=0060921
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/ig/dell?hl=en&client=dell-row&channel=nl&ibd=0060921
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMClient] C:\Program Files\MediaMelon\bin\MMClient.exe
O4 - HKLM\..\Run: [BM0ff53af2] Rundll32.exe "C:\WINDOWS\system32\ryrdaoqo.dll",s
O4 - HKLM\..\Run: [0cc6096e] rundll32.exe "C:\WINDOWS\system32\memtvlim.dll",b
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [\\WERKPC\EPSON Stylus DX9400F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE /FU "C:\DOCUME~1\Lieveke\LOCALS~1\Temp\E_S2B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.1.0.2016 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.1.0.2016 (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: USB Phone Driver Startup.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?f22add4f84fa4a1eb75d46185c489c21
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?f22add4f84fa4a1eb75d46185c489c21
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: bw+0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MobilePre Installer (MobilePreInstallerService) - M-Audio - C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: (no name) - http://www.wunderground.com/data/wximagenew/p/PushingTin/2.jpg
--
End of file - 26545 bytes
---------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:07 PM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hypnosis.com/scripts.aspx?section=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=en&client=dell-row&channel=nl&ibd=0060921
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/ig/dell?hl=en&client=dell-row&channel=nl&ibd=0060921
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMClient] C:\Program Files\MediaMelon\bin\MMClient.exe
O4 - HKLM\..\Run: [BM0ff53af2] Rundll32.exe "C:\WINDOWS\system32\ryrdaoqo.dll",s
O4 - HKLM\..\Run: [0cc6096e] rundll32.exe "C:\WINDOWS\system32\memtvlim.dll",b
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [\\WERKPC\EPSON Stylus DX9400F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE /FU "C:\DOCUME~1\Lieveke\LOCALS~1\Temp\E_S2B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.1.0.2016 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.1.0.2016 (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: USB Phone Driver Startup.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?f22add4f84fa4a1eb75d46185c489c21
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?f22add4f84fa4a1eb75d46185c489c21
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: bw+0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MobilePre Installer (MobilePreInstallerService) - M-Audio - C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: (no name) - http://www.wunderground.com/data/wximagenew/p/PushingTin/2.jpg
--
End of file - 26545 bytes
Stefan Witvoet
2008-05-28, 00:46
Tuesday, May 27, 2008 8:00:00 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/05/2008
Kaspersky Anti-Virus database records: 801429
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 185289
Number of viruses found 6
Number of infected objects 13
Number of suspicious objects 0
Duration of the scan process 02:25:34
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\All Users\Documents\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArtSmall.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{08115859-E625-4BCD-83A8-57E01873B42F}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{08115859-E625-4BCD-83A8-57E01873B42F}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{EFFDEB51-C913-4EE1-8B2A-C80112057955}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{EFFDEB51-C913-4EE1-8B2A-C80112057955}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Folder.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Favorites -- 4 and 5 star rated.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Favorites -- Have not heard recently.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Favorites -- Listen to late at night.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Favorites -- Listen to on Weekdays.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Favorites -- Listen to on Weekends.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Favorites -- One Audio CD worth.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Favorites -- One Data CD-R worth.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Fresh tracks -- yet to be played.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Fresh tracks -- yet to be rated.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Fresh tracks.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\High bitrate media in my library.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Low bitrate media in my library.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Music tracks I dislike.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Music tracks I have not rated.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Music tracks with content protection.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\00DD9BB0\01_Music_auto_rated_at_5_stars.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\00DD9BB0\02_Music_added_in_the_last_month.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\00DD9BB0\03_Music_rated_at_4_or_5_stars.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\00DD9BB0\04_Music_played_in_the_last_month.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\00DD9BB0\05_Pictures_taken_in_the_last_month.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\00DD9BB0\06_Pictures_rated_4_or_5_stars.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\00DD9BB0\07_TV_recorded_in_the_last_week.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\00DD9BB0\08_Video_rated_at_4_or_5_stars.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\00DD9BB0\09_Music_played_the_most.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\00DD9BB0\10_All_Music.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\00DD9BB0\11_All_Pictures.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\00DD9BB0\12_All_Video.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0001.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0002.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0003.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0004.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0005.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0006.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0007.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0008.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0009.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0010.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0011.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0012.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0013.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0014.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0015.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0020.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0021.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0022.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0023.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0024.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0025.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0026.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0027.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0028.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0029.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0030.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0031.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0032.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0033.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0034.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0035.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0036.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0037.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0038.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0039.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0040.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0041.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0042.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0043.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0044.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0045.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0046.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0047.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0048.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0050.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0051.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0052.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0053.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0054.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0055.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0056.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0057.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0058.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0060.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0061.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0062.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0064.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0065.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0066.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0067.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0070.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0072.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0074.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0075.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0076.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0077.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0078.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0079.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0080.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0081.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0082.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0083.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0085.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0086.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0087.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0088.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0089.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0090.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\PICT0091.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\peter heims retrace nov 2006.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\printed items\Medway - Heliopause GCR contract.doc Object is locked skipped
C:\Documents and Settings\All Users\Documents\printed items\REMIX contract The Ballz.doc Object is locked skipped
C:\Documents and Settings\All Users\Documents\Scanned images\accept giro.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\Scanned images\afvalstofheffingen.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\Scanned images\belastingenhaarlemmermeer.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\Scanned images\belastingenhaarlemmermeeri.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\Scanned images\declaratie.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\Scanned images\eden.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\Scanned images\hostbasket.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\Scanned images\knysna.png Object is locked skipped
C:\Documents and Settings\All Users\Documents\Scanned images\knysna2.png Object is locked skipped
C:\Documents and Settings\All Users\Documents\Scanned images\medial laboratoria declaratie nota.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\Scanned images\nota chiro.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\Scanned images\Postbank.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\Scanned images\rijnl bart.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\Scanned images\Rijnland.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\Scanned images\rinlandi.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\Scanned images\tandartsI.png Object is locked skipped
C:\Documents and Settings\All Users\Documents\Scanned images\tandartsII.png Object is locked skipped
C:\Documents and Settings\All Users\Documents\Scanned images\taxatieverslagwoning.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\Scanned images\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\Scanned images\toelichting belastingen.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\Scanned images\toelichting belastingeni.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\Scanned images\verzekeringenI.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\Scanned images\verzekeringenII.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\Thumbs.db Object is locked skipped
C:\Documents and Settings\Lieveke\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\AUPNP.log Object is locked skipped
C:\Documents and Settings\Lieveke\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Lieveke\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Lieveke\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Lieveke\Application Data\Skype\lieveheksie\call256.dbb Object is locked skipped
C:\Documents and Settings\Lieveke\Application Data\Skype\lieveheksie\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Lieveke\Application Data\Skype\lieveheksie\chat512.dbb Object is locked skipped
C:\Documents and Settings\Lieveke\Application Data\Skype\lieveheksie\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\Lieveke\Application Data\Skype\lieveheksie\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\Lieveke\Application Data\Skype\lieveheksie\chatmsg2048.dbb Object is locked skipped
C:\Documents and Settings\Lieveke\Application Data\Skype\lieveheksie\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Lieveke\Application Data\Skype\lieveheksie\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Lieveke\Application Data\Skype\lieveheksie\chatsync\e4\e4e3335caa0e0197.dat Object is locked skipped
C:\Documents and Settings\Lieveke\Application Data\Skype\lieveheksie\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Lieveke\Application Data\Skype\lieveheksie\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Lieveke\Application Data\Skype\lieveheksie\index2.dat Object is locked skipped
C:\Documents and Settings\Lieveke\Application Data\Skype\lieveheksie\profile4096.dbb Object is locked skipped
C:\Documents and Settings\Lieveke\Application Data\Skype\lieveheksie\transfer256.dbb Object is locked skipped
C:\Documents and Settings\Lieveke\Application Data\Skype\lieveheksie\transfer512.dbb Object is locked skipped
C:\Documents and Settings\Lieveke\Application Data\Skype\lieveheksie\user1024.dbb Object is locked skipped
C:\Documents and Settings\Lieveke\Application Data\Skype\lieveheksie\user16384.dbb Object is locked skipped
C:\Documents and Settings\Lieveke\Application Data\Skype\lieveheksie\user256.dbb Object is locked skipped
C:\Documents and Settings\Lieveke\Application Data\Skype\lieveheksie\user4096.dbb Object is locked skipped
C:\Documents and Settings\Lieveke\Application Data\Skype\lieveheksie\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Lieveke\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Lieveke\LimeWire Saved\DreamWeaver CS3 Keygen + Activation\DreamWeaver CS3 Keygen + Activation.exe/data0000.cab/is154693.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.tso skipped
C:\Documents and Settings\Lieveke\LimeWire Saved\DreamWeaver CS3 Keygen + Activation\DreamWeaver CS3 Keygen + Activation.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.tso skipped
C:\Documents and Settings\Lieveke\LimeWire Saved\DreamWeaver CS3 Keygen + Activation\DreamWeaver CS3 Keygen + Activation.exe Rsrc-Package: infected - 2 skipped
C:\Documents and Settings\Lieveke\LimeWire Saved\Flash CS3 WinAll Keygen.rar/Flash CS3 Keygen.rar/Flash Keygen.exe Infected: Trojan-Dropper.Win32.Binder.z skipped
C:\Documents and Settings\Lieveke\LimeWire Saved\Flash CS3 WinAll Keygen.rar/Flash CS3 Keygen.rar Infected: Trojan-Dropper.Win32.Binder.z skipped
C:\Documents and Settings\Lieveke\LimeWire Saved\Flash CS3 WinAll Keygen.rar RAR: infected - 2 skipped
C:\Documents and Settings\Lieveke\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Lieveke\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Lieveke\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Lieveke\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Lieveke\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lieveke\Local Settings\History\History.IE5\MSHist012008052720080528\index.dat Object is locked skipped
C:\Documents and Settings\Lieveke\Local Settings\Temp\hsperfdata_Lieveke\3352 Object is locked skipped
C:\Documents and Settings\Lieveke\Local Settings\Temp\Perflib_Perfdata_1214.dat Object is locked skipped
C:\Documents and Settings\Lieveke\Local Settings\Temp\Perflib_Perfdata_d88.dat Object is locked skipped
C:\Documents and Settings\Lieveke\Local Settings\Temp\Perflib_Perfdata_e64.dat Object is locked skipped
C:\Documents and Settings\Lieveke\Local Settings\Temp\~DF9669.tmp Object is locked skipped
C:\Documents and Settings\Lieveke\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Lieveke\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lieveke\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Lieveke\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\MediaMelon\bin\mmclient.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0396804.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tsk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP650\A0396832.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ttc skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP650\A0396833.dll Infected: Trojan-Downloader.Win32.ConHook.te skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP650\A0396834.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tsz skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP655\A0399499.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ttc skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP657\change.log Object is locked skipped
C:\WINDOWS\$_hpcst$.hpc Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\fbadqgcr.dll Infected: Trojan-Downloader.Win32.ConHook.te skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\rgkesnvf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tsz skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Rorschach112
2008-05-28, 00:52
You got infected because you downloaded cracks
Please download the OTMoveIt2 by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe).
Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
[kill explorer]
C:\Documents and Settings\Lieveke\LimeWire Saved\DreamWeaver CS3 Keygen + Activation
C:\Documents and Settings\Lieveke\LimeWire Saved\Flash CS3 WinAll Keygen.rar
C:\WINDOWS\system32\fbadqgcr.dll
C:\WINDOWS\system32\rgkesnvf.dll
purity
[start explorer]
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Stefan Witvoet
2008-05-28, 01:03
Hi Roscharch, indeed keygens were the culprits...
I did not manage to locate the folder you stated but have pasted the results...
-----------------------------------------------------------------------
Explorer killed successfully
C:\Documents and Settings\Lieveke\LimeWire Saved\DreamWeaver CS3 Keygen + Activation moved successfully.
C:\Documents and Settings\Lieveke\LimeWire Saved\Flash CS3 WinAll Keygen.rar moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fbadqgcr.dll
C:\WINDOWS\system32\fbadqgcr.dll NOT unregistered.
C:\WINDOWS\system32\fbadqgcr.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rgkesnvf.dll
C:\WINDOWS\system32\rgkesnvf.dll NOT unregistered.
C:\WINDOWS\system32\rgkesnvf.dll moved successfully.
< purity >
Explorer started successfully
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05282008_000021
Rorschach112
2008-05-28, 01:04
If you download cracks you will get infected every time
Please visit this web page for instructions for downloading and running ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
This includes installing the Windows XP Recovery Console in case you have not installed it yet.
For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.
Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.
Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
Stefan Witvoet
2008-05-28, 01:40
ComboFix 08-05-26.2 - Lieveke 2008-05-28 0:08:39.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1403 [GMT 2:00]
Running from: G:\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM0ff53af2.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cbXPiJbX.dll
C:\WINDOWS\system32\CKkUEfhk.ini
C:\WINDOWS\system32\CKkUEfhk.ini2
C:\WINDOWS\system32\duyueivr.ini
C:\WINDOWS\system32\milvtmem.ini
C:\WINDOWS\system32\XbJiPXbc.ini
C:\WINDOWS\system32\XbJiPXbc.ini2
.
((((((((((((((((((((((((( Files Created from 2008-04-27 to 2008-05-27 )))))))))))))))))))))))))))))))
.
2008-05-27 22:59 . 2008-05-27 22:59 116,224 --a------ C:\WINDOWS\system32\memtvlim.dll
2008-05-27 22:58 . 2008-05-27 22:58 133,632 --a------ C:\WINDOWS\system32\atcthcad.dll
2008-05-27 22:53 . 2008-05-27 22:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-27 22:50 . 2008-05-27 22:50 126,976 --a------ C:\WINDOWS\system32\ryrdaoqo.dll
2008-05-27 20:02 . 2008-05-27 20:02 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-27 20:02 . 2008-05-27 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-27 20:00 . 2008-05-27 20:00 139,422 --a------ C:\kasperskysreport.html
2008-05-27 16:51 . 2008-05-27 16:51 126,976 --a------ C:\WINDOWS\system32\pttyjsfj.dll
2008-05-27 16:32 . 2008-05-27 16:32 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-27 16:32 . 2008-05-27 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-27 15:03 . 2008-05-27 15:03 125,440 --a------ C:\WINDOWS\system32\twfudmyi.dll
2008-05-27 14:58 . 2008-05-27 15:43 474 --ahs---- C:\WINDOWS\system32\jxumlthr.ini
2008-05-27 14:22 . 2008-05-27 14:22 125,440 --a------ C:\WINDOWS\system32\ywlgthmu.dll
2008-05-27 13:19 . 2008-05-27 13:19 <DIR> d-------- C:\_OTMoveIt
2008-05-27 09:34 . 2008-05-27 09:34 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-27 08:47 . 2008-05-27 08:47 <DIR> d-------- C:\Program Files\PCCheckupOnline
2008-05-25 23:46 . 2008-05-25 23:46 59,392 --a------ C:\WINDOWS\system32\rqRKBUol.dll
2008-05-25 23:45 . 2008-05-25 23:45 59,392 --a------ C:\WINDOWS\system32\yayyYPFw.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 22:23 --------- d-----w C:\Documents and Settings\Lieveke\Application Data\Skype
2008-05-27 22:01 --------- d-----w C:\Documents and Settings\Lieveke\Application Data\skypePM
2008-05-27 09:44 --------- d-----w C:\Documents and Settings\Lieveke\Application Data\AVG7
2008-05-27 06:49 --------- d-----w C:\Program Files\Dell
2008-05-25 21:44 --------- d-----w C:\Documents and Settings\Lieveke\Application Data\LimeWirePlus
2008-05-25 21:30 92,160 ----a-w C:\WINDOWS\Help\ADOBE CS3 FLASH KEYGEN.EXE
2008-05-24 06:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-05-22 08:27 --------- d-----w C:\Program Files\MediaMelon
2008-05-14 10:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-29 13:48 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-04-22 10:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\EPSON
2008-04-22 08:08 --------- d-----w C:\Program Files\LimeWire Plus
2008-04-22 08:07 --------- d-----w C:\Program Files\LimewirePlus
2008-04-04 18:44 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-04 18:44 --------- d-----w C:\Program Files\Skype
2008-04-04 18:44 --------- d-----w C:\Program Files\Common Files\Skype
2008-04-04 18:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-03-29 10:26 --------- d-----w C:\Program Files\Java
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 16:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-05-31 11:01 216 ----a-w C:\Documents and Settings\Lieveke\Application Data\wklnhst.dat
2007-01-18 18:13 88 --sh--r C:\WINDOWS\system32\C26030DCEE.sys
2006-09-27 12:19 56 --sh--r C:\WINDOWS\system32\EEDC3060C2.sys
2007-01-18 18:16 6,060 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-27_15.41.11.64 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-27 13:17:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-27 22:18:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-05-24 10:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 13:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 13:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{129FA2A1-408C-4824-83A4-5001581FD01E}]
2008-05-25 23:45 59392 --a------ C:\WINDOWS\system32\yayyYPFw.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F1DF333-96F7-4BC5-A98D-0A720517E9D3}]
C:\WINDOWS\system32\khfEUkKC.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71F2FA48-8079-4F64-B5A3-05D0E23BB4B9}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEA8B0F5-11A6-4083-802D-46C1C983719B}]
2008-05-28 00:24 370688 --a------ C:\WINDOWS\system32\jkkHApmj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dc9106d5-6e61-4fcc-b71d-20871f5c13c2}]
2008-05-28 00:32 133632 --a------ C:\WINDOWS\system32\onvnrafk.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-07-16 22:29 389120]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 07:42 401491]
"VoipBuster"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" [2008-02-13 21:31 8811824]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 23:36 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"\\WERKPC\EPSON Stylus DX9400F Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFE.exe" [2007-03-23 08:00 182272]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 00:30 282624 C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 19:48 761947]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-06-29 13:13 1032192]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 16:08 1347584]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02 86016]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-21 09:13 579584]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 01:00 385024]
"DigidesignMMERefresh"="C:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2006-05-10 02:31 61440]
"M-Audio Taskbar Icon"="C:\WINDOWS\System32\M-AudioTaskBarIcon.exe" [2005-11-09 16:32 91136]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 15:49 1121280]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33 122941]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06 2027792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"MMClient"="C:\Program Files\MediaMelon\bin\MMClient.exe" [2008-05-28 03:14 107513]
"0cc6096e"="C:\WINDOWS\system32\memtvlim.dll" [2008-05-27 22:59 116224]
"BM0ff53af2"="C:\WINDOWS\system32\kpdrvygc.dll" [2008-05-28 00:27 126976]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 08:16 219136]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-14 02:04 5562368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Common Files\logishrd\WUApp32.exe" [2007-07-19 02:45 439568]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{129FA2A1-408C-4824-83A4-5001581FD01E}"= C:\WINDOWS\system32\yayyYPFw.dll [2008-05-25 23:45 59392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayyYPFw]
yayyYPFw.dll 2008-05-25 23:45 59392 C:\WINDOWS\system32\yayyYPFw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"Midi1"= evolusbn.dll
"midi6"= evolusbn.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkkHApmj
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-12-09 21:29 49152 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2006-09-21 10:08 169984 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
C:\Program Files\Logitech\Video\InstallHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
--a------ 2004-11-11 06:15 111816 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\3dsmax6\\3dsmax.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Voipwise.com\\Voipwise\\Voipwise.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MediaMelon\\bin\\MMClient.exe"=
"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"C:\\Program Files\\LimeWire Plus\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
R0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFilt.sys [2006-05-10 02:29]
R0 sojubus;sojubus;C:\WINDOWS\system32\DRIVERS\sojubus.sys [2003-10-05 11:41]
R0 sojuscsi;sojuscsi;C:\WINDOWS\system32\DRIVERS\sojuscsi.sys [2003-09-28 11:57]
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 21:27]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys [2006-01-12 23:27]
R2 MobilePreInstallerService;MobilePre Installer;C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe [2005-06-15 15:00]
R2 UnoInstallerService;Uno Installer;C:\Program Files\M-Audio Uno\UnoInst.exe [2004-12-04 02:06]
R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys [2006-01-12 23:29]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
S3 EVOLUSB;%EVOL_USB_SvcDesc%;C:\WINDOWS\system32\drivers\evolusb.sys [2004-10-20 17:50]
S3 iLokDrvr;iLok;C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys [2006-10-05 18:06]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
S3 ma763004;M-Audio MobilePre USB;C:\WINDOWS\system32\drivers\MA763004.sys [2005-11-09 18:00]
.
Contents of the 'Scheduled Tasks' folder
"2008-05-21 16:38:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-27 21:52:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-27 21:22:12 C:\WINDOWS\Tasks\User_Feed_Synchronization-{56D53F11-D5DC-47A5-B45E-9602887E5261}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 00:21:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\\\WERKPC\\EPSON Stylus DX9400F Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATICFE.EXE /FU \"C:\\DOCUME~1\\Lieveke\\LOCALS~1\\Temp\\E_S2B.tmp\" /EF \"HKCU\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\yayyYPFw.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\memtvlim.dll
-> C:\WINDOWS\system32\kpdrvygc.dll
-> C:\WINDOWS\system32\jkkHApmj.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-05-28 0:38:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-27 22:36:15
ComboFix2.txt 2008-05-27 13:43:29
Pre-Run: 38,028,115,968 bytes free
Post-Run: 38,032,437,248 bytes free
270 --- E O F --- 2008-05-17 10:02:56
Stefan Witvoet
2008-05-28, 01:42
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:22 AM, on 5/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hypnosis.com/scripts.aspx?section=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=en&client=dell-row&channel=nl&ibd=0060921
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/ig/dell?hl=en&client=dell-row&channel=nl&ibd=0060921
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMClient] C:\Program Files\MediaMelon\bin\MMClient.exe
O4 - HKLM\..\Run: [BM0ff53af2] Rundll32.exe "C:\WINDOWS\system32\kpdrvygc.dll",s
O4 - HKLM\..\Run: [0cc6096e] rundll32.exe "C:\WINDOWS\system32\jbyhdlrs.dll",b
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [\\WERKPC\EPSON Stylus DX9400F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE /FU "C:\DOCUME~1\Lieveke\LOCALS~1\Temp\E_S2B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.1.0.2016 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.1.0.2016 (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: USB Phone Driver Startup.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?f22add4f84fa4a1eb75d46185c489c21
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?f22add4f84fa4a1eb75d46185c489c21
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: bw+0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MobilePre Installer (MobilePreInstallerService) - M-Audio - C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: (no name) - http://www.wunderground.com/data/wximagenew/p/PushingTin/2.jpg
--
End of file - 26441 bytes
Rorschach112
2008-05-28, 01:49
More keygens :(
1. Close any open browsers.
2. Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\WINDOWS\system32\memtvlim.dll
C:\WINDOWS\system32\atcthcad.dll
C:\WINDOWS\system32\ryrdaoqo.dll
C:\WINDOWS\system32\pttyjsfj.dll
C:\WINDOWS\system32\twfudmyi.dll
C:\WINDOWS\system32\jxumlthr.ini
C:\WINDOWS\system32\ywlgthmu.dll
C:\WINDOWS\system32\rqRKBUol.dll
C:\WINDOWS\system32\yayyYPFw.dll
C:\WINDOWS\Help\ADOBE CS3 FLASH KEYGEN.EXE
C:\WINDOWS\system32\drivers\lvuvc.hs
Folder::
Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{129FA2A1-408C-4824-83A4-5001581FD01E}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayyYPFw]
DirLook::
C:\Documents and Settings\Lieveke\LimeWire Saved
C:\WINDOWS\Help
Save this as CFScript.txt, in the same location as ComboFix.exe
http://i266.photobucket.com/albums/ii277/sUBs_/Combo-Do.gif
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Stefan Witvoet
2008-05-28, 02:14
:trample: yeah keygens...
I've learnt my lesson.... :sad:
Rorschach112
2008-05-28, 02:16
Hope so, go on with the instructions there
You can see nearly every user here that has a Virtumonde infection is because they downloaded cracks and keygens. And there are a lot of people with Virtumonde !
Stefan Witvoet
2008-05-28, 02:21
For the time lost it would've been more sensible to actually have just purchased the software and paid the rightful owners of such! as opposed to being suckered into the antispyware downloads required to correct the problems....
I am just waiting for the log file from ComboFix to be generated.
Stefan Witvoet
2008-05-28, 02:30
ComboFix 08-05-26.2 - Lieveke 2008-05-28 0:53:19.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1417 [GMT 2:00]
Running from: G:\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lieveke\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\Help\ADOBE CS3 FLASH KEYGEN.EXE
C:\WINDOWS\system32\atcthcad.dll
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\WINDOWS\system32\jxumlthr.ini
C:\WINDOWS\system32\memtvlim.dll
C:\WINDOWS\system32\pttyjsfj.dll
C:\WINDOWS\system32\rqRKBUol.dll
C:\WINDOWS\system32\ryrdaoqo.dll
C:\WINDOWS\system32\twfudmyi.dll
C:\WINDOWS\system32\yayyYPFw.dll
C:\WINDOWS\system32\ywlgthmu.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM0ff53af2.xml
C:\WINDOWS\Help\ADOBE CS3 FLASH KEYGEN.EXE
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\atcthcad.dll
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\WINDOWS\system32\jkkHApmj.dll
C:\WINDOWS\system32\jmpAHkkj.ini
C:\WINDOWS\system32\jmpAHkkj.ini2
C:\WINDOWS\system32\jxumlthr.ini
C:\WINDOWS\system32\memtvlim.dll
C:\WINDOWS\system32\pttyjsfj.dll
C:\WINDOWS\system32\rqRKBUol.dll
C:\WINDOWS\system32\ryrdaoqo.dll
C:\WINDOWS\system32\srldhybj.ini
C:\WINDOWS\system32\twfudmyi.dll
C:\WINDOWS\system32\yayyYPFw.dll
C:\WINDOWS\system32\ywlgthmu.dll
.
((((((((((((((((((((((((( Files Created from 2008-04-27 to 2008-05-27 )))))))))))))))))))))))))))))))
.
2008-05-28 00:38 . 2008-05-28 00:38 116,224 --a------ C:\WINDOWS\system32\jbyhdlrs.dll
2008-05-28 00:37 . 2008-05-28 00:37 294 --ahs---- C:\WINDOWS\system32\milvtmem.ini
2008-05-28 00:32 . 2008-05-28 00:32 133,632 --a------ C:\WINDOWS\system32\onvnrafk.dll
2008-05-28 00:27 . 2008-05-28 00:27 126,976 --a------ C:\WINDOWS\system32\kpdrvygc.dll
2008-05-27 22:53 . 2008-05-27 22:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-27 20:02 . 2008-05-27 20:02 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-27 20:02 . 2008-05-27 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-27 20:00 . 2008-05-27 20:00 139,422 --a------ C:\kasperskysreport.html
2008-05-27 16:32 . 2008-05-27 16:32 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-27 16:32 . 2008-05-27 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-27 13:19 . 2008-05-27 13:19 <DIR> d-------- C:\_OTMoveIt
2008-05-27 09:34 . 2008-05-27 09:34 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-27 08:47 . 2008-05-27 08:47 <DIR> d-------- C:\Program Files\PCCheckupOnline
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 23:05 --------- d-----w C:\Documents and Settings\Lieveke\Application Data\Skype
2008-05-27 22:01 --------- d-----w C:\Documents and Settings\Lieveke\Application Data\skypePM
2008-05-27 09:44 --------- d-----w C:\Documents and Settings\Lieveke\Application Data\AVG7
2008-05-27 06:49 --------- d-----w C:\Program Files\Dell
2008-05-25 21:44 --------- d-----w C:\Documents and Settings\Lieveke\Application Data\LimeWirePlus
2008-05-24 06:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-05-22 08:27 --------- d-----w C:\Program Files\MediaMelon
2008-05-14 10:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-22 10:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\EPSON
2008-04-22 08:08 --------- d-----w C:\Program Files\LimeWire Plus
2008-04-22 08:07 --------- d-----w C:\Program Files\LimewirePlus
2008-04-04 18:44 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-04 18:44 --------- d-----w C:\Program Files\Skype
2008-04-04 18:44 --------- d-----w C:\Program Files\Common Files\Skype
2008-04-04 18:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-03-29 10:26 --------- d-----w C:\Program Files\Java
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 16:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-05-31 11:01 216 ----a-w C:\Documents and Settings\Lieveke\Application Data\wklnhst.dat
2007-01-18 18:13 88 --sh--r C:\WINDOWS\system32\C26030DCEE.sys
2006-09-27 12:19 56 --sh--r C:\WINDOWS\system32\EEDC3060C2.sys
2007-01-18 18:16 6,060 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Documents and Settings\Lieveke\LimeWire Saved ----
2008-04-27 17:29 3786752 --a------ C:\Documents and Settings\Lieveke\LimeWire Saved\Wolter Kroes - Ik Ben Je Prooi.mp3
2008-04-22 10:10 3725392 --a------ C:\Documents and Settings\Lieveke\LimeWire Saved\Marco Borsato - Wit Licht .mp3
---- Directory of C:\WINDOWS\Help ----
2008-05-25 23:30 92160 --a------ C:\WINDOWS\Help\ADOBE CS3 FLASH KEYGEN.EXE
2006-11-08 17:12 20386 --a------ C:\WINDOWS\Help\wmperr10.chw
2006-09-14 17:00 337725 --------- C:\WINDOWS\Help\wmp11.chm
2006-09-01 08:43 54197 --------- C:\WINDOWS\Help\ieakmmc.chm
2006-09-01 08:43 503758 --a------ C:\WINDOWS\Help\iexplore.chm
2006-09-01 08:43 30064 --a------ C:\WINDOWS\Help\iesupp.chm
2006-09-01 08:43 12607 --a------ C:\WINDOWS\Help\ieeula.chm
2006-08-21 16:57 1077321 --a------ C:\WINDOWS\Help\SBSI\Training\orun32.exe
2006-06-29 09:37 74909 --a------ C:\WINDOWS\Help\wuauhelp.chm
2005-12-19 16:08 3118687 --a------ C:\WINDOWS\Help\bcmwlhlp.chm
2005-12-16 20:58 3118687 --a------ C:\WINDOWS\Help\MUI\0009\bcmwlhlp.chm
2004-09-22 18:46 89413 --a------ C:\WINDOWS\Help\wmperr10.chm
2004-09-22 18:46 611873 --a------ C:\WINDOWS\Help\wmp10.chm
2004-08-04 06:00 999 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\bktrh.gif
2004-08-04 06:00 99799 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L5DE.SWF
2004-08-04 06:00 992090 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U1L3GE.WAV
2004-08-04 06:00 98921 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U1L2BE.SWF
2004-08-04 06:00 98841 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U1L1GE.SWF
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L9_F.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L9_B.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L9_A.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L8_E.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L8_A.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L7_F.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L7_A.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L6_F.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L6_A.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L5_H.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L5_E.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L5_D.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L5_A.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L4_H.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L4_A.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L3_E.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L3_A.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L2_I.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L2_C.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L2_B.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L2_A.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L17_E.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L17_B.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L17_A.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L16_E.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L16_A.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L15_F.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L15_E.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L15_A.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L14_E.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L14_A.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L13_F.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L13_D.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L13_B.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L13_A.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L12_E.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L12_A.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L11_F.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L11_A.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L10_F.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L10_B.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L10_A.LDZ
2004-08-04 06:00 9828 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L1_A.LDZ
2004-08-04 06:00 97423 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U1L1EE.SWF
2004-08-04 06:00 97317 --a------ C:\WINDOWS\Help\printing.chm
2004-08-04 06:00 97117 --a------ C:\WINDOWS\Help\mplayer2.hlp
2004-08-04 06:00 958810 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U2L4BE.WAV
2004-08-04 06:00 9585 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Css\controls.css
2004-08-04 06:00 95655 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U4L1FE.SWF
2004-08-04 06:00 956506 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U5L1BE.WAV
2004-08-04 06:00 953946 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U2L5EE.WAV
2004-08-04 06:00 947290 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U1L1FE.WAV
2004-08-04 06:00 94044 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U3L5FE.SWF
2004-08-04 06:00 9353 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L8_DA.CBZ
2004-08-04 06:00 9329 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L12_CA.CBZ
2004-08-04 06:00 93230 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L2BE.SWF
2004-08-04 06:00 931674 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U1L2BE.WAV
2004-08-04 06:00 9309 --a------ C:\WINDOWS\Help\agt0413.hlp
2004-08-04 06:00 93036 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U3L3DE.SWF
2004-08-04 06:00 929882 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U3L1DE.WAV
2004-08-04 06:00 9251 --a------ C:\WINDOWS\Help\agt041d.hlp
2004-08-04 06:00 92415 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U4L3CE.SWF
2004-08-04 06:00 9224 --a------ C:\WINDOWS\Help\Tours\htmlTour\start_windows.htm
2004-08-04 06:00 91255 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U5L1CE.SWF
2004-08-04 06:00 91007 --a------ C:\WINDOWS\Help\conf.chm
2004-08-04 06:00 9041 --a------ C:\WINDOWS\Help\agt041f.hlp
2004-08-04 06:00 9001 --a------ C:\WINDOWS\Help\agt0408.hlp
2004-08-04 06:00 8987 --a------ C:\WINDOWS\Help\agt040e.hlp
2004-08-04 06:00 8975 --a------ C:\WINDOWS\Help\agt0405.hlp
2004-08-04 06:00 89734 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U1L1DE.SWF
2004-08-04 06:00 89679 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U3L5BE.SWF
2004-08-04 06:00 895322 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U4L3CE.WAV
2004-08-04 06:00 8953 --a------ C:\WINDOWS\Help\signin.hlp
2004-08-04 06:00 8917 --a------ C:\WINDOWS\Help\agt0415.hlp
2004-08-04 06:00 8882 --a------ C:\WINDOWS\Help\agt040c.hlp
2004-08-04 06:00 887386 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U2L1FE.WAV
2004-08-04 06:00 88717 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U4L1CE.SWF
2004-08-04 06:00 8856 --a------ C:\WINDOWS\Help\agt0407.hlp
2004-08-04 06:00 8830 --a------ C:\WINDOWS\Help\agt0c0a.hlp
2004-08-04 06:00 8818 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\SHAMMI14.HLP
2004-08-04 06:00 8803 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\SHAMMI09.HLP
2004-08-04 06:00 8799 --a------ C:\WINDOWS\Help\agt0816.hlp
2004-08-04 06:00 8799 --a------ C:\WINDOWS\Help\agt0419.hlp
2004-08-04 06:00 8792 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\SHAMMI13.HLP
2004-08-04 06:00 8783 --a------ C:\WINDOWS\Help\agt0406.hlp
2004-08-04 06:00 8758 --a------ C:\WINDOWS\Help\agt0416.hlp
2004-08-04 06:00 87480 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U4L2DE.SWF
2004-08-04 06:00 8747 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\SHAMMI02.HLP
2004-08-04 06:00 8746 --a------ C:\WINDOWS\Help\agt0410.hlp
2004-08-04 06:00 87264 --a------ C:\WINDOWS\Help\Tours\htmlTour\img089.jpg
2004-08-04 06:00 8721 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L3_DA.CBZ
2004-08-04 06:00 86789 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L4DE.SWF
2004-08-04 06:00 8677 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm7.gif
2004-08-04 06:00 8675 --a------ C:\WINDOWS\Help\Tours\htmlTour\start_control.htm
2004-08-04 06:00 8662 --a------ C:\WINDOWS\Help\agt040b.hlp
2004-08-04 06:00 8654 --a------ C:\WINDOWS\Help\agt0414.hlp
2004-08-04 06:00 865114 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U1L2CE.WAV
2004-08-04 06:00 8648 --a------ C:\WINDOWS\Help\agt0409.hlp
2004-08-04 06:00 8639 --a------ C:\WINDOWS\Help\Tours\htmlTour\img014.jpg
2004-08-04 06:00 86196 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud5.wav
2004-08-04 06:00 86180 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud4.wav
2004-08-04 06:00 86180 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud2.wav
2004-08-04 06:00 858467 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U5L2BE.SWF
2004-08-04 06:00 855 --a------ C:\WINDOWS\Help\Tours\htmlTour\nav_blank.gif
2004-08-04 06:00 8534 --a------ C:\WINDOWS\Help\Tours\htmlTour\start_menu.htm
2004-08-04 06:00 8531 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\SHAMMI12.HLP
2004-08-04 06:00 8528 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\SHAMMI07.HLP
2004-08-04 06:00 8523 --a------ C:\WINDOWS\Help\Tours\htmlTour\start_icons.htm
2004-08-04 06:00 8518 --a------ C:\WINDOWS\Help\Tours\htmlTour\connected_multiple.htm
2004-08-04 06:00 849498 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U2L1DE.WAV
2004-08-04 06:00 84668 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L3DE.SWF
2004-08-04 06:00 8454 --a------ C:\WINDOWS\Help\Tours\htmlTour\connected_networks.htm
2004-08-04 06:00 84292 --a------ C:\WINDOWS\Help\ipsecsnp.hlp
2004-08-04 06:00 8402 --a------ C:\WINDOWS\Help\Tours\htmlTour\start_taskbar.htm
2004-08-04 06:00 84 --a------ C:\WINDOWS\Help\nocontnt.cnt
2004-08-04 06:00 838 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L2_BA.CBZ
2004-08-04 06:00 8353 --a------ C:\WINDOWS\Help\Tours\htmlTour\unlock_playing.htm
2004-08-04 06:00 833841 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U4L1BE.SWF
2004-08-04 06:00 830298 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U4L1CE.WAV
2004-08-04 06:00 8298 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\contents.htm
2004-08-04 06:00 81976 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U3L5EE.SWF
2004-08-04 06:00 81926 --a------ C:\WINDOWS\Help\ntdef.chm
2004-08-04 06:00 819034 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U1L1GE.WAV
2004-08-04 06:00 818778 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U3L3FE.WAV
2004-08-04 06:00 817754 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U4L3BE.WAV
2004-08-04 06:00 81568 --a------ C:\WINDOWS\Help\infrared.chm
2004-08-04 06:00 8123 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\SHAMMI04.HLP
2004-08-04 06:00 810074 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U1L1EE.WAV
2004-08-04 06:00 8099 --a------ C:\WINDOWS\Help\Tours\htmlTour\connected_wizard.htm
2004-08-04 06:00 807002 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U4L1EE.WAV
2004-08-04 06:00 807 --a------ C:\WINDOWS\Help\Tours\mmTour\intro.txt
2004-08-04 06:00 8063 --a------ C:\WINDOWS\Help\Tours\htmlTour\start_ending.htm
2004-08-04 06:00 804 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L13_BA.CBZ
2004-08-04 06:00 79996 --a------ C:\WINDOWS\Help\apps.chm
2004-08-04 06:00 799 --a------ C:\WINDOWS\Help\Tours\mmTour\segment5.txt
2004-08-04 06:00 795994 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U2L2DE.WAV
2004-08-04 06:00 7908 --a------ C:\WINDOWS\Help\Tours\htmlTour\start_files.htm
2004-08-04 06:00 790274 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L4_F.LDZ
2004-08-04 06:00 7895 --a------ C:\WINDOWS\Help\Tours\htmlTour\start_desktop.htm
2004-08-04 06:00 7892 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm9.gif
2004-08-04 06:00 788826 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U2L3EE.WAV
2004-08-04 06:00 788570 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U2L3DE.WAV
2004-08-04 06:00 788219 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L11_D.LDZ
2004-08-04 06:00 78519 --a------ C:\WINDOWS\Help\langbar.chm
2004-08-04 06:00 7806 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\SHAMMI05.HLP
2004-08-04 06:00 780154 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L16_C.LDZ
2004-08-04 06:00 7801 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\SHAMMI15.HLP
2004-08-04 06:00 77938 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U4L2BE.SWF
2004-08-04 06:00 77688 --a------ C:\WINDOWS\Help\Tours\htmlTour\img136.jpg
2004-08-04 06:00 77511 --a------ C:\WINDOWS\Help\filefold.chm
2004-08-04 06:00 77307 --a------ C:\WINDOWS\Help\plyr_err.chm
2004-08-04 06:00 773 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\cnth.gif
2004-08-04 06:00 773 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\cnt.gif
2004-08-04 06:00 772 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\cntd.gif
2004-08-04 06:00 772 --a------ C:\WINDOWS\Help\Tours\mmTour\segment2.txt
2004-08-04 06:00 7719 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\SHAMMI21.HLP
2004-08-04 06:00 7679963 --a------ C:\WINDOWS\Help\Tours\mmTour\segment5.swf
2004-08-04 06:00 7636 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm2.gif
2004-08-04 06:00 761 --a------ C:\WINDOWS\Help\Tours\htmlTour\nav_start_here_down.gif
2004-08-04 06:00 760410 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U2L1BE.WAV
2004-08-04 06:00 760 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\cloapph.gif
2004-08-04 06:00 757717 --a------ C:\WINDOWS\Help\Tours\mmTour\intro.swf
2004-08-04 06:00 7568 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\SHAMMI06.HLP
2004-08-04 06:00 75493 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L2CE.SWF
2004-08-04 06:00 75448 --a------ C:\WINDOWS\Help\sysdm.hlp
2004-08-04 06:00 7526 --a------ C:\WINDOWS\Help\Tours\htmlTour\safe_better.htm
2004-08-04 06:00 74905 --a------ C:\WINDOWS\Help\wab.chm
2004-08-04 06:00 748644 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L1DE.SWF
2004-08-04 06:00 747 --a------ C:\WINDOWS\Help\Tours\mmTour\segment1.txt
2004-08-04 06:00 743 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L10_BA.CBZ
2004-08-04 06:00 740954 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U3L5DE.WAV
2004-08-04 06:00 73882 --a------ C:\WINDOWS\Help\digiras.chm
2004-08-04 06:00 73830 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L5CE.SWF
2004-08-04 06:00 7369 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm4.gif
2004-08-04 06:00 73686 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L1FE.SWF
2004-08-04 06:00 736771 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U1L1BE.SWF
2004-08-04 06:00 732810 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L13_C.LDZ
2004-08-04 06:00 73177 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U5L2CE.SWF
2004-08-04 06:00 730714 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U5L2DE.WAV
2004-08-04 06:00 728421 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L5_F.LDZ
2004-08-04 06:00 727014 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U4L3EE.SWF
2004-08-04 06:00 7270 --a------ C:\WINDOWS\Help\Tours\htmlTour\connected_data.htm
2004-08-04 06:00 72599 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U4L2CE.SWF
2004-08-04 06:00 724314 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U2L5DE.WAV
2004-08-04 06:00 7236 --a------ C:\WINDOWS\Help\Tours\htmlTour\connected_networks.jpg
2004-08-04 06:00 72346 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U3L3FE.SWF
2004-08-04 06:00 72319 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L2EE.SWF
2004-08-04 06:00 721563 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L8_C.LDZ
2004-08-04 06:00 72044 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U3L5DE.SWF
2004-08-04 06:00 7192 --a------ C:\WINDOWS\Help\Tours\htmlTour\connected_multiple.jpg
2004-08-04 06:00 717 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\cloapp.gif
2004-08-04 06:00 717 --a------ C:\WINDOWS\Help\Tours\mmTour\segment3.txt
2004-08-04 06:00 71577 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U1L3BE.SWF
2004-08-04 06:00 71311 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U1L3GE.SWF
2004-08-04 06:00 711770 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U2L4CE.WAV
2004-08-04 06:00 7108 --a------ C:\WINDOWS\Help\Tours\htmlTour\unlock_playing.jpg
2004-08-04 06:00 706650 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U3L1EE.WAV
2004-08-04 06:00 705114 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U1L1HE.WAV
2004-08-04 06:00 703470 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L15_C.LDZ
2004-08-04 06:00 70337 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U3L5CE.SWF
2004-08-04 06:00 699738 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U3L1CE.WAV
2004-08-04 06:00 6993 --a------ C:\WINDOWS\Help\Tours\htmlTour\safe_easier.htm
2004-08-04 06:00 698458 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U2L3BE.WAV
2004-08-04 06:00 6974 --a------ C:\WINDOWS\Help\Tours\htmlTour\unlock_optimized.htm
2004-08-04 06:00 69655 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U1L3CE.SWF
2004-08-04 06:00 695642 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U5L1DE.WAV
2004-08-04 06:00 695 --a------ C:\WINDOWS\Help\progman.cnt
2004-08-04 06:00 6948 --a------ C:\WINDOWS\Help\Tours\htmlTour\unlock_built.htm
2004-08-04 06:00 69162 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L3BE.SWF
2004-08-04 06:00 690641 --a------ C:\WINDOWS\Help\windows.chm
2004-08-04 06:00 69 --a------ C:\WINDOWS\Help\winhlp32.cnt
2004-08-04 06:00 688850 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L9_E.LDZ
2004-08-04 06:00 6878 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Scr\controls.js
2004-08-04 06:00 687450 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U3L5BE.WAV
2004-08-04 06:00 6870 --a------ C:\WINDOWS\Help\Tours\htmlTour\safe_faster.htm
2004-08-04 06:00 685658 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U2L2EE.WAV
2004-08-04 06:00 67964 --a------ C:\WINDOWS\Help\Tours\htmlTour\img103.jpg
2004-08-04 06:00 6782 --a------ C:\WINDOWS\Help\Tours\htmlTour\safe_easy_faster.jpg
2004-08-04 06:00 67797 --a------ C:\WINDOWS\Help\Tours\htmlTour\img033a.jpg
2004-08-04 06:00 6778 --a------ C:\WINDOWS\Help\Tours\htmlTour\connected_wizard.jpg
2004-08-04 06:00 67569 --a------ C:\WINDOWS\Help\mstsc.chm
2004-08-04 06:00 675444 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U1L1CE.SWF
2004-08-04 06:00 67361 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U1L2DE.SWF
2004-08-04 06:00 672451 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L11_C.LDZ
2004-08-04 06:00 67243 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U5L1BE.SWF
2004-08-04 06:00 66896 --a------ C:\WINDOWS\Help\diskmgmt.chm
2004-08-04 06:00 668706 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\FIN_SHOT.SWF
2004-08-04 06:00 66838 --a------ C:\WINDOWS\Help\misc.chm
2004-08-04 06:00 66669 --a------ C:\WINDOWS\Help\cmconcepts.chm
2004-08-04 06:00 66232 --a------ C:\WINDOWS\Help\Tours\htmlTour\img033.jpg
2004-08-04 06:00 660058 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U3L3BE.WAV
2004-08-04 06:00 6566 --a------ C:\WINDOWS\Help\Tours\htmlTour\ul_logo.jpg
2004-08-04 06:00 6514 --a------ C:\WINDOWS\Help\Tours\htmlTour\unlock_built.jpg
2004-08-04 06:00 64777 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U4L1EE.SWF
2004-08-04 06:00 64768 --a------ C:\WINDOWS\Help\evconcepts.chm
2004-08-04 06:00 644 --a------ C:\WINDOWS\Help\Tours\htmlTour\gradient.jpg
2004-08-04 06:00 64307 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U1L3DE.SWF
2004-08-04 06:00 642394 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U4L2BE.WAV
2004-08-04 06:00 6416 --a------ C:\WINDOWS\Help\Tours\htmlTour\safe_easy_better.jpg
2004-08-04 06:00 64 --a------ C:\WINDOWS\Help\windows.cnt
2004-08-04 06:00 63883 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U4L3DE.SWF
2004-08-04 06:00 63798 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L1CE.SWF
2004-08-04 06:00 63440 --a------ C:\WINDOWS\Help\devmgr.hlp
2004-08-04 06:00 63270 --a------ C:\WINDOWS\Help\Tours\htmlTour\img004b.jpg
2004-08-04 06:00 6293 --a------ C:\WINDOWS\Help\Tours\htmlTour\safe_easy_easier.jpg
2004-08-04 06:00 6290 --a------ C:\WINDOWS\Help\Tours\htmlTour\unlock_optimized.jpg
2004-08-04 06:00 6241 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm3.gif
2004-08-04 06:00 624092 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U3L1BE.SWF
2004-08-04 06:00 623962 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U4L2CE.WAV
2004-08-04 06:00 62317 --a------ C:\WINDOWS\Help\update1.chm
2004-08-04 06:00 6222 --a------ C:\WINDOWS\Help\Tours\htmlTour\connected_data.jpg
2004-08-04 06:00 62118 --a------ C:\WINDOWS\Help\sysmon.hlp
2004-08-04 06:00 61751 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L1BE.SWF
2004-08-04 06:00 61697 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U4L3BE.SWF
2004-08-04 06:00 613334 --a------ C:\WINDOWS\Help\wmplayer.chm
2004-08-04 06:00 6060 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm6.gif
2004-08-04 06:00 605 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L2_CA.CBZ
2004-08-04 06:00 5971 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Scr\events.js
2004-08-04 06:00 59638 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U5L2DE.SWF
2004-08-04 06:00 595479 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U4L1DE.SWF
2004-08-04 06:00 594946 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L3_C.LDZ
2004-08-04 06:00 59142 --a------ C:\WINDOWS\Help\wab.hlp
2004-08-04 06:00 591391 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L1EE.SWF
2004-08-04 06:00 590 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L13_DA.CBZ
2004-08-04 06:00 579674 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U2L1CE.WAV
2004-08-04 06:00 579582 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\RECORD_1.SWF
2004-08-04 06:00 5789 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm1.gif
2004-08-04 06:00 574460 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L13_E.LDZ
2004-08-04 06:00 57305 --a------ C:\WINDOWS\Help\connect.hlp
2004-08-04 06:00 572762 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U2L4DE.WAV
2004-08-04 06:00 572557 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\rtuner.wmv
2004-08-04 06:00 5709 --a------ C:\WINDOWS\Help\Tours\htmlTour\unlock_playing_ghost.jpg
2004-08-04 06:00 569434 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U3L5CE.WAV
2004-08-04 06:00 56848 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U1L1HE.SWF
2004-08-04 06:00 5683 --a------ C:\WINDOWS\Help\Tours\htmlTour\connected_multiple_ghost.jpg
2004-08-04 06:00 56768 --a------ C:\WINDOWS\Help\mode.chm
2004-08-04 06:00 566874 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U1L3BE.WAV
2004-08-04 06:00 56661 --a------ C:\WINDOWS\Help\wininstl.chm
2004-08-04 06:00 56352 --a------ C:\WINDOWS\Help\rsmconcepts.chm
2004-08-04 06:00 5628 --a------ C:\WINDOWS\Help\Tours\htmlTour\connected_networks_ghost.jpg
2004-08-04 06:00 559677 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L5BE.SWF
2004-08-04 06:00 55926 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L4BE.SWF
2004-08-04 06:00 555866 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U1L1DE.WAV
2004-08-04 06:00 55274 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L1GE.SWF
2004-08-04 06:00 55239 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U3L1CE.SWF
2004-08-04 06:00 544750 --a------ C:\WINDOWS\Help\windows.chq
2004-08-04 06:00 542718 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U0L1AE.SWF
2004-08-04 06:00 540762 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U5L2CE.WAV
2004-08-04 06:00 54004 --a------ C:\WINDOWS\Help\dskquoui.chm
2004-08-04 06:00 53709 --a------ C:\WINDOWS\Help\devmgr.chm
2004-08-04 06:00 536584 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L9_D.LDZ
2004-08-04 06:00 5330 --a------ C:\WINDOWS\Help\Tours\htmlTour\safe_easy_faster_ghost.jpg
2004-08-04 06:00 531546 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U2L1GE.WAV
2004-08-04 06:00 5314 --a------ C:\WINDOWS\Help\Tours\htmlTour\connected_wizard_ghost.jpg
2004-08-04 06:00 53 --a------ C:\WINDOWS\Help\Tours\htmlTour\bot_bar.gif
2004-08-04 06:00 5290 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\vidsamp.gif
2004-08-04 06:00 528110 --a------ C:\WINDOWS\Help\netcfg.chm
2004-08-04 06:00 525632 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L4_C.LDZ
2004-08-04 06:00 523565 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L16_B.LDZ
2004-08-04 06:00 52319 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L5EE.SWF
2004-08-04 06:00 52055 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U5L1DE.SWF
2004-08-04 06:00 5159 --a------ C:\WINDOWS\Help\Tours\htmlTour\safe_easy_better_ghost.jpg
2004-08-04 06:00 51408 --a------ C:\WINDOWS\Help\display.hlp
2004-08-04 06:00 5135 --a------ C:\WINDOWS\Help\Tours\htmlTour\unlock_optimized_ghost.jpg
2004-08-04 06:00 513114 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U2L2CE.WAV
2004-08-04 06:00 510872 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L2_G.LDZ
2004-08-04 06:00 509850 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L14_C.LDZ
2004-08-04 06:00 5063 --a------ C:\WINDOWS\Help\Tours\htmlTour\unlock_built_ghost.jpg
2004-08-04 06:00 505879 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L8_B.LDZ
2004-08-04 06:00 504384 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L6_E.LDZ
2004-08-04 06:00 5040 --a------ C:\WINDOWS\Help\Tours\htmlTour\safe_easy_easier_ghost.jpg
2004-08-04 06:00 50353 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U1L2CE.SWF
2004-08-04 06:00 50059 --a------ C:\WINDOWS\Help\blutooth.chm
2004-08-04 06:00 499394 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L10_D.LDZ
2004-08-04 06:00 4967 --a------ C:\WINDOWS\Help\Tours\htmlTour\connected_data_ghost.jpg
2004-08-04 06:00 494 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L9_BA.CBZ
2004-08-04 06:00 488794 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U4L3DE.WAV
2004-08-04 06:00 48494 --a------ C:\WINDOWS\Help\file_srv.chm
2004-08-04 06:00 47768 --a------ C:\WINDOWS\Help\comexp.hlp
2004-08-04 06:00 46895 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L12_DA.CBZ
2004-08-04 06:00 468 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L5_EA.CBZ
2004-08-04 06:00 46684 --a------ C:\WINDOWS\Help\regedit.chm
2004-08-04 06:00 466200 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L3_B.LDZ
2004-08-04 06:00 4651 --a------ C:\WINDOWS\Help\Tours\htmlTour\logo.jpg
2004-08-04 06:00 463588 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L2_F.LDZ
2004-08-04 06:00 461658 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U1L3DE.WAV
2004-08-04 06:00 46130 --a------ C:\WINDOWS\Help\wschelp.chm
2004-08-04 06:00 46073 --a------ C:\WINDOWS\Help\display.chm
2004-08-04 06:00 460378 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U1L2DE.WAV
2004-08-04 06:00 457607 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\mdlib.wmv
2004-08-04 06:00 45590 --a------ C:\WINDOWS\Help\mspaint.chm
2004-08-04 06:00 45445 --a------ C:\WINDOWS\Help\clipbrd.hlp
2004-08-04 06:00 4536 --a------ C:\WINDOWS\Help\newfeat5.hlp
2004-08-04 06:00 4536 --a------ C:\WINDOWS\Help\newfeat4.hlp
2004-08-04 06:00 4536 --a------ C:\WINDOWS\Help\newfeat3.hlp
2004-08-04 06:00 4536 --a------ C:\WINDOWS\Help\newfeat2.hlp
2004-08-04 06:00 45068 --a------ C:\WINDOWS\Help\twclient.chm
2004-08-04 06:00 44618 --a------ C:\WINDOWS\Help\Tours\htmlTour\img060.jpg
2004-08-04 06:00 44441 --a------ C:\WINDOWS\Help\wbemtest.chm
2004-08-04 06:00 44271 --a------ C:\WINDOWS\Help\msinfo32.chm
2004-08-04 06:00 44213 --a------ C:\WINDOWS\Help\pwrmn.hlp
2004-08-04 06:00 44082 --a------ C:\WINDOWS\Help\whatsnew.chm
2004-08-04 06:00 4407 --a------ C:\WINDOWS\Help\Tours\htmlTour\control_up.jpg
2004-08-04 06:00 440437 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L5_B.LDZ
2004-08-04 06:00 4399 --a------ C:\WINDOWS\Help\Tours\htmlTour\end_up.jpg
2004-08-04 06:00 43667 --a------ C:\WINDOWS\Help\Tours\htmlTour\img109.jpg
2004-08-04 06:00 4366 --a------ C:\WINDOWS\Help\Tours\htmlTour\window_up.jpg
2004-08-04 06:00 433901 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L11_B.LDZ
2004-08-04 06:00 4337 --a------ C:\WINDOWS\Help\Tours\htmlTour\start_up.jpg
2004-08-04 06:00 43292 --a------ C:\WINDOWS\Help\Tours\htmlTour\img100.jpg
2004-08-04 06:00 4326 --a------ C:\WINDOWS\Help\Tours\htmlTour\folder_up.jpg
2004-08-04 06:00 4322 --a------ C:\WINDOWS\Help\Tours\htmlTour\icon_up.jpg
2004-08-04 06:00 430941 --a------ C:\WINDOWS\Help\ntcmds.chm
2004-08-04 06:00 430668 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L9_C.LDZ
2004-08-04 06:00 43 --a------ C:\WINDOWS\Help\Tours\htmlTour\spacer.gif
2004-08-04 06:00 42999 --a------ C:\WINDOWS\Help\howto.chm
2004-08-04 06:00 428431 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L15_D.LDZ
2004-08-04 06:00 428378 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U1L3CE.WAV
2004-08-04 06:00 42785 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L4_FA.CBZ
2004-08-04 06:00 42687 --a------ C:\WINDOWS\Help\speech.chm
2004-08-04 06:00 424944 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L11_E.LDZ
2004-08-04 06:00 4232 --a------ C:\WINDOWS\Help\Tours\htmlTour\desktop_up.jpg
2004-08-04 06:00 422870 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L14_B.LDZ
2004-08-04 06:00 4222 --a------ C:\WINDOWS\Help\Tours\htmlTour\taskbar_up.jpg
2004-08-04 06:00 42000 --a------ C:\WINDOWS\Help\snmpconcepts.chm
2004-08-04 06:00 420 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\wmploc.js
2004-08-04 06:00 41996 --a------ C:\WINDOWS\Help\Tours\htmlTour\img074.jpg
2004-08-04 06:00 4193 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm8.gif
2004-08-04 06:00 41881 --a------ C:\WINDOWS\Help\sysdm.chm
2004-08-04 06:00 418559 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L7_C.LDZ
2004-08-04 06:00 418509 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L15_B.LDZ
2004-08-04 06:00 415 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L15_EA.CBZ
2004-08-04 06:00 41453 --a------ C:\WINDOWS\Help\Tours\htmlTour\img072.jpg
2004-08-04 06:00 410209 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L5_G.LDZ
2004-08-04 06:00 408368 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L12_B.LDZ
2004-08-04 06:00 407 --a------ C:\WINDOWS\Help\Tours\mmTour\nav.txt
2004-08-04 06:00 401 --a------ C:\WINDOWS\Help\Tours\htmlTour\connected_fr.htm
2004-08-04 06:00 39969 --a------ C:\WINDOWS\Help\dialer.chm
2004-08-04 06:00 399 --a------ C:\WINDOWS\Help\Tours\htmlTour\unlock_fr.htm
2004-08-04 06:00 399 --a------ C:\WINDOWS\Help\Tours\htmlTour\safe_fr.htm
2004-08-04 06:00 39622 --a------ C:\WINDOWS\Help\bootcons.chm
2004-08-04 06:00 396 --a------ C:\WINDOWS\Help\Tours\htmlTour\start_fr.htm
2004-08-04 06:00 39590 --a------ C:\WINDOWS\Help\pinball.chm
2004-08-04 06:00 3922 --a------ C:\WINDOWS\Help\Tours\htmlTour\default.htm
2004-08-04 06:00 390608 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L6_D.LDZ
2004-08-04 06:00 388347 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L7_E.LDZ
2004-08-04 06:00 385349 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L7_D.LDZ
2004-08-04 06:00 38234 --a------ C:\WINDOWS\Help\tcpip.chm
2004-08-04 06:00 38163 --a------ C:\WINDOWS\Help\secauth.hlp
2004-08-04 06:00 381425 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\copycd.wmv
2004-08-04 06:00 379932 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L5_C.LDZ
2004-08-04 06:00 37803 --a------ C:\WINDOWS\Help\taskmgr.chm
2004-08-04 06:00 375519 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\nuskin.wmv
2004-08-04 06:00 37318 --a------ C:\WINDOWS\Help\mstask.chm
2004-08-04 06:00 37298 --a------ C:\WINDOWS\Help\mmc_dlg.hlp
2004-08-04 06:00 37251 --a------ C:\WINDOWS\Help\els.hlp
2004-08-04 06:00 37207 --a------ C:\WINDOWS\Help\Tours\htmlTour\img040.jpg
2004-08-04 06:00 368083 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L6_B.LDZ
2004-08-04 06:00 367833 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L7_B.LDZ
2004-08-04 06:00 364966 --a------ C:\WINDOWS\Help\cpanel.chq
2004-08-04 06:00 361012 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L4_G.LDZ
2004-08-04 06:00 35983 --a------ C:\WINDOWS\Help\hypertrm.chm
2004-08-04 06:00 35919 --a------ C:\WINDOWS\Help\access.chm
2004-08-04 06:00 35774 --a------ C:\WINDOWS\Help\ieshared.chm
2004-08-04 06:00 35699 --a------ C:\WINDOWS\Help\rsm.hlp
2004-08-04 06:00 354977 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U1L1AE.SWF
2004-08-04 06:00 354468 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud1.wav
2004-08-04 06:00 35417 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L14_DA.CBZ
2004-08-04 06:00 35334 --a------ C:\WINDOWS\Help\tapi.chm
2004-08-04 06:00 35240 --a------ C:\WINDOWS\Help\msoeacct.hlp
2004-08-04 06:00 35135 --a------ C:\WINDOWS\Help\bckg.chm
2004-08-04 06:00 349349 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L10_C.LDZ
2004-08-04 06:00 34816 --a------ C:\WINDOWS\Help\sniffpol.dll
2004-08-04 06:00 34703 --a------ C:\WINDOWS\Help\input.chm
2004-08-04 06:00 34381 --a------ C:\WINDOWS\Help\odbcjet.chm
2004-08-04 06:00 343536 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L1AE.SWF
2004-08-04 06:00 343204 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud7.wav
2004-08-04 06:00 343204 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud6.wav
2004-08-04 06:00 34296 --a------ C:\WINDOWS\Help\dkconcepts.chm
2004-08-04 06:00 34041 --a------ C:\WINDOWS\Help\soundrec.chm
2004-08-04 06:00 34032 --a------ C:\WINDOWS\Help\access.hlp
2004-08-04 06:00 33991 --a------ C:\WINDOWS\Help\taskbar.chm
2004-08-04 06:00 339900 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L4_E.LDZ
2004-08-04 06:00 3374640 --a------ C:\WINDOWS\Help\Tours\mmTour\tour.exe
2004-08-04 06:00 33495 --a------ C:\WINDOWS\Help\ddeshare.hlp
2004-08-04 06:00 33360 --a------ C:\WINDOWS\Help\admtools.chm
2004-08-04 06:00 33357 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L9_EA.CBZ
2004-08-04 06:00 333 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L5_DA.CBZ
2004-08-04 06:00 33280 --a------ C:\WINDOWS\Help\sstub.dll
2004-08-04 06:00 33152 --a------ C:\WINDOWS\Help\sysprop.chm
2004-08-04 06:00 33149 --a------ C:\WINDOWS\Help\sysrestore.chm
2004-08-04 06:00 330238 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L4_B.LDZ
2004-08-04 06:00 32925 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L6_DA.CBZ
2004-08-04 06:00 32887 --a------ C:\WINDOWS\Help\wordpad.chm
2004-08-04 06:00 32657 --a------ C:\WINDOWS\Help\fxsshare.chm
2004-08-04 06:00 32564 --a------ C:\WINDOWS\Help\license.chm
2004-08-04 06:00 324572 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L2_H.LDZ
2004-08-04 06:00 32400 --a------ C:\WINDOWS\Help\sys_srv.chm
2004-08-04 06:00 32214 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L13_EA.CBZ
2004-08-04 06:00 32195 --a------ C:\WINDOWS\Help\calc.hlp
2004-08-04 06:00 32171 --a------ C:\WINDOWS\Help\hardware.chm
2004-08-04 06:00 32162 --a------ C:\WINDOWS\Help\shvl.chm
2004-08-04 06:00 32107 --a------ C:\WINDOWS\Help\filemgmt.hlp
2004-08-04 06:00 3187 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Scr\tour.js
2004-08-04 06:00 31663 --a------ C:\WINDOWS\Help\pwrmn.chm
2004-08-04 06:00 31637 --a------ C:\WINDOWS\Help\Tours\htmlTour\img121.jpg
2004-08-04 06:00 315 --a------ C:\WINDOWS\Help\ciadmin.htm
2004-08-04 06:00 31377 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L5_FA.CBZ
2004-08-04 06:00 313676 --a------ C:\WINDOWS\Help\tshoot.chm
2004-08-04 06:00 31178 --a------ C:\WINDOWS\Help\camera.hlp
2004-08-04 06:00 31079 --a------ C:\WINDOWS\Help\Tours\htmlTour\img034.jpg
2004-08-04 06:00 30848 --a------ C:\WINDOWS\Help\conf.hlp
2004-08-04 06:00 307235 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L4_D.LDZ
2004-08-04 06:00 30693 --a------ C:\WINDOWS\Help\dialer.hlp
2004-08-04 06:00 306870 --a------ C:\WINDOWS\Help\ntshared.chm
2004-08-04 06:00 306801 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L17_D.LDZ
2004-08-04 06:00 30628 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L2_FA.CBZ
2004-08-04 06:00 305092 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L5AE.SWF
2004-08-04 06:00 304621 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L6_C.LDZ
2004-08-04 06:00 30397 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L11_CA.CBZ
2004-08-04 06:00 30369 --a------ C:\WINDOWS\Help\imgprev.chm
2004-08-04 06:00 303179 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U4L3AE.SWF
2004-08-04 06:00 30260 --a------ C:\WINDOWS\Help\hrtz.chm
2004-08-04 06:00 301960 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L10_E.LDZ
2004-08-04 06:00 30107 --a------ C:\WINDOWS\Help\telnet.chm
2004-08-04 06:00 300969 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\viz.wmv
2004-08-04 06:00 30063 --a------ C:\WINDOWS\Help\diskmgmt.hlp
2004-08-04 06:00 300163 --a------ C:\WINDOWS\Help\windows.hlp
2004-08-04 06:00 299152 --a------ C:\WINDOWS\Help\apps_sp.chm
2004-08-04 06:00 29876 --a------ C:\WINDOWS\Help\icwdial.chm
2004-08-04 06:00 29816 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L11_DA.CBZ
2004-08-04 06:00 29762 --a------ C:\WINDOWS\Help\diagboot.chm
2004-08-04 06:00 29607 --a------ C:\WINDOWS\Help\hschelp.chm
2004-08-04 06:00 29424 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L10_CA.CBZ
2004-08-04 06:00 294 --a------ C:\WINDOWS\Help\ratings.cnt
2004-08-04 06:00 29366 --a------ C:\WINDOWS\Help\dfs.hlp
2004-08-04 06:00 292066 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L3AE.SWF
2004-08-04 06:00 291421 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U4L1AE.SWF
2004-08-04 06:00 29132 --a------ C:\WINDOWS\Help\find.chm
2004-08-04 06:00 28371 --a------ C:\WINDOWS\Help\mstask.hlp
2004-08-04 06:00 28344 --a------ C:\WINDOWS\Help\omc.chm
2004-08-04 06:00 28305 --a------ C:\WINDOWS\Help\oe_msgr.chm
2004-08-04 06:00 282040 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U1L3HE.SWF
2004-08-04 06:00 281595 --a------ C:\WINDOWS\Help\netcfg.hlp
2004-08-04 06:00 279888 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U3L1AE.SWF
2004-08-04 06:00 27978 --a------ C:\WINDOWS\Help\chkr.chm
2004-08-04 06:00 279040 --a------ C:\WINDOWS\Help\tshoot.dll
2004-08-04 06:00 2778 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\mplogoh.gif
2004-08-04 06:00 27765 --a------ C:\WINDOWS\Help\useract.chm
2004-08-04 06:00 27621 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L8_CA.CBZ
2004-08-04 06:00 27611 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L4_EA.CBZ
2004-08-04 06:00 27532 --a------ C:\WINDOWS\Help\ade.hlp
2004-08-04 06:00 27225 --a------ C:\WINDOWS\Help\ratings.hlp
2004-08-04 06:00 271335 --a------ C:\WINDOWS\Help\nusrmgr.chm
2004-08-04 06:00 27091 --a------ C:\WINDOWS\Help\fxsclnt.hlp
2004-08-04 06:00 27066 --a------ C:\WINDOWS\Help\fxscover.chm
2004-08-04 06:00 269916 --a------ C:\WINDOWS\Help\comexp.chm
2004-08-04 06:00 2698341 --a------ C:\WINDOWS\Help\article.chm
2004-08-04 06:00 268569 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U4L2AE.SWF
2004-08-04 06:00 26845 --a------ C:\WINDOWS\Help\objsel.hlp
2004-08-04 06:00 26635 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L15_BA.CBZ
2004-08-04 06:00 26565 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L10_DA.CBZ
2004-08-04 06:00 265297 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L2AE.SWF
2004-08-04 06:00 265288 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U5L2AE.SWF
2004-08-04 06:00 26361 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L2_GA.CBZ
2004-08-04 06:00 26345 --a------ C:\WINDOWS\Help\certmgr.hlp
2004-08-04 06:00 2626 --a------ C:\WINDOWS\Help\Tours\htmlTour\question_icon.jpg
2004-08-04 06:00 261407 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U1L3AE.SWF
2004-08-04 06:00 261080 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L12_C.LDZ
2004-08-04 06:00 26022 --a------ C:\WINDOWS\Help\folderop.chm
2004-08-04 06:00 2595 --a------ C:\WINDOWS\Help\Tours\htmlTour\style.css
2004-08-04 06:00 25877 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L16_CA.CBZ
2004-08-04 06:00 25815 --a------ C:\WINDOWS\Help\rvse.chm
2004-08-04 06:00 2580 --a------ C:\WINDOWS\Help\Tours\htmlTour\pen_icon.jpg
2004-08-04 06:00 25784 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L6_EA.CBZ
2004-08-04 06:00 25771 --a------ C:\WINDOWS\Help\progman.hlp
2004-08-04 06:00 2575 --a------ C:\WINDOWS\Help\migwiz.htm
2004-08-04 06:00 25712 --a------ C:\WINDOWS\Help\wscript.chm
Stefan Witvoet
2008-05-28, 02:31
2004-08-04 06:00 25517 --a------ C:\WINDOWS\Help\newfeat1.chm
2004-08-04 06:00 2545 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\mplogo.gif
2004-08-04 06:00 25420 --a------ C:\WINDOWS\Help\Tours\htmlTour\intro_logo.jpg
2004-08-04 06:00 253201 --a------ C:\WINDOWS\Help\msoe.chm
2004-08-04 06:00 25236 --a------ C:\WINDOWS\Help\notepad.chm
2004-08-04 06:00 25153 --a------ C:\WINDOWS\Help\hypertrm.hlp
2004-08-04 06:00 25153 --a------ C:\WINDOWS\Help\halftone.hlp
2004-08-04 06:00 25129 --a------ C:\WINDOWS\Help\clipbrd.chm
2004-08-04 06:00 25089 --a------ C:\WINDOWS\Help\wpa.chm
2004-08-04 06:00 24859 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L5_GA.CBZ
2004-08-04 06:00 2477 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm5.gif
2004-08-04 06:00 24759 --a------ C:\WINDOWS\Help\dxdiag.chm
2004-08-04 06:00 2469 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\tplay.gif
2004-08-04 06:00 24567 --a------ C:\WINDOWS\Help\regopt.chm
2004-08-04 06:00 24551 --a------ C:\WINDOWS\Help\calc.chm
2004-08-04 06:00 2450 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\tpause.gif
2004-08-04 06:00 24479 --a------ C:\WINDOWS\Help\filefold.hlp
2004-08-04 06:00 24285 --a------ C:\WINDOWS\Help\input.hlp
2004-08-04 06:00 24137 --a------ C:\WINDOWS\Help\Tours\htmlTour\img068.jpg
2004-08-04 06:00 238991 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L16_D.LDZ
2004-08-04 06:00 23829 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\tourbg.gif
2004-08-04 06:00 237567 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U3L3AE.SWF
2004-08-04 06:00 23754 --a------ C:\WINDOWS\Help\eudcedit.chm
2004-08-04 06:00 2375 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\tplayh.gif
2004-08-04 06:00 2371 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\tpauseh.gif
2004-08-04 06:00 23512 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L15_CA.CBZ
2004-08-04 06:00 235061 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L17_C.LDZ
2004-08-04 06:00 23439 --a------ C:\WINDOWS\Help\mfcuix.hlp
2004-08-04 06:00 2323 --a------ C:\WINDOWS\Help\ixqlang.htm
2004-08-04 06:00 23160 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L2_EA.CBZ
2004-08-04 06:00 22988 --a------ C:\WINDOWS\Help\evntwin.hlp
2004-08-04 06:00 22923 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L3_CA.CBZ
2004-08-04 06:00 22893 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L7_EA.CBZ
2004-08-04 06:00 22890 --a------ C:\WINDOWS\Help\Tours\htmlTour\desktop_screen_shot.jpg
2004-08-04 06:00 22853 --a------ C:\WINDOWS\Help\reader.chm
2004-08-04 06:00 228103 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U1L1IE.SWF
2004-08-04 06:00 227 --a------ C:\WINDOWS\Help\mshearts.cnt
2004-08-04 06:00 226247 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U1L2AE.SWF
2004-08-04 06:00 22553 --a------ C:\WINDOWS\Help\nmwhiteb.chm
2004-08-04 06:00 22398 --a------ C:\WINDOWS\Help\pinball.hlp
2004-08-04 06:00 223515 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U3L5AE.SWF
2004-08-04 06:00 222204 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U4L1GE.SWF
2004-08-04 06:00 22219 --a------ C:\WINDOWS\Help\atm.chm
2004-08-04 06:00 21987 --a------ C:\WINDOWS\Help\Tours\htmlTour\img116.jpg
2004-08-04 06:00 21954 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L8_BA.CBZ
2004-08-04 06:00 21924 --a------ C:\WINDOWS\Help\camera.chm
2004-08-04 06:00 21787 --a------ C:\WINDOWS\Help\shell.hlp
2004-08-04 06:00 21754 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L6_BA.CBZ
2004-08-04 06:00 21704 --a------ C:\WINDOWS\Help\charmap.chm
2004-08-04 06:00 216693 --a------ C:\WINDOWS\Help\ipsecconcepts.chm
2004-08-04 06:00 215944 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L4AE.SWF
2004-08-04 06:00 21551 --a------ C:\WINDOWS\Help\iewebhlp.chm
2004-08-04 06:00 215408 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L2_E.LDZ
2004-08-04 06:00 21352 --a------ C:\WINDOWS\Help\ciquery.htm
2004-08-04 06:00 21286 --a------ C:\WINDOWS\Help\win_dos.chm
2004-08-04 06:00 21232 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L4_GA.CBZ
2004-08-04 06:00 21180 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L7_CA.CBZ
2004-08-04 06:00 21111 --a------ C:\WINDOWS\Help\winhlp32.hlp
2004-08-04 06:00 2103945 --a------ C:\WINDOWS\Help\Tours\mmTour\segment1.swf
2004-08-04 06:00 20985 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L4_BA.CBZ
2004-08-04 06:00 20877 --a------ C:\WINDOWS\Help\mouse.chm
2004-08-04 06:00 20762 --a------ C:\WINDOWS\Help\Tours\htmlTour\img123.jpg
2004-08-04 06:00 20704 --a------ C:\WINDOWS\Help\accessib.chm
2004-08-04 06:00 20688 --a------ C:\WINDOWS\Help\tapi.hlp
2004-08-04 06:00 206389 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L4EE.SWF
2004-08-04 06:00 20585 --a------ C:\WINDOWS\Help\lang.chm
2004-08-04 06:00 20549 --a------ C:\WINDOWS\Help\colormgt.chm
2004-08-04 06:00 20544 --a------ C:\WINDOWS\Help\cdmedia.chm
2004-08-04 06:00 20460 --a------ C:\WINDOWS\Help\dijoy.hlp
2004-08-04 06:00 20427 --a------ C:\WINDOWS\Help\nthelp.chm
2004-08-04 06:00 20406 --a------ C:\WINDOWS\Help\drwtsn32.chm
2004-08-04 06:00 20366 --a------ C:\WINDOWS\Help\modem.hlp
2004-08-04 06:00 20337 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L7_BA.CBZ
2004-08-04 06:00 20284 --a------ C:\WINDOWS\Help\acc_dis.chm
2004-08-04 06:00 20257 --a------ C:\WINDOWS\Help\ntchowto.chm
2004-08-04 06:00 20246 --a------ C:\WINDOWS\Help\soundrec.hlp
2004-08-04 06:00 20233 --a------ C:\WINDOWS\Help\spad.chm
2004-08-04 06:00 20220 --a------ C:\WINDOWS\Help\dsclient.hlp
2004-08-04 06:00 20189 --a------ C:\WINDOWS\Help\password.chm
2004-08-04 06:00 20170 --a------ C:\WINDOWS\Help\wuau.chm
2004-08-04 06:00 20163 --a------ C:\WINDOWS\Help\sounds.chm
2004-08-04 06:00 20126 --a------ C:\WINDOWS\Help\remasst.chm
2004-08-04 06:00 20077 --a------ C:\WINDOWS\Help\hs.chm
2004-08-04 06:00 20067 --a------ C:\WINDOWS\Help\packager.chm
2004-08-04 06:00 19921 --a------ C:\WINDOWS\Help\compmgmt.chm
2004-08-04 06:00 19867 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L9_DA.CBZ
2004-08-04 06:00 198131 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U5L1AE.SWF
2004-08-04 06:00 19706 --a------ C:\WINDOWS\Help\wordpad.hlp
2004-08-04 06:00 19691 --a------ C:\WINDOWS\Help\cpanel.chm
2004-08-04 06:00 19677 --a------ C:\WINDOWS\Help\magnify.chm
2004-08-04 06:00 19605 --a------ C:\WINDOWS\Help\osk.chm
2004-08-04 06:00 19598 --a------ C:\WINDOWS\Help\ratings.chm
2004-08-04 06:00 19459 --a------ C:\WINDOWS\Help\timesrv.chm
2004-08-04 06:00 193 --a------ C:\WINDOWS\Help\update.cnt
2004-08-04 06:00 19295 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L16_BA.CBZ
2004-08-04 06:00 19266 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L5_BA.CBZ
2004-08-04 06:00 19181 --a------ C:\WINDOWS\Help\mspaint.hlp
2004-08-04 06:00 19107 --a------ C:\WINDOWS\Help\recycle.chm
2004-08-04 06:00 19060 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L9_CA.CBZ
2004-08-04 06:00 19007 --a------ C:\WINDOWS\Help\blurbs.chm
2004-08-04 06:00 18991 --a------ C:\WINDOWS\Help\brief.chm
2004-08-04 06:00 18988 --a------ C:\WINDOWS\Help\smlogcfg.chm
2004-08-04 06:00 18949 --a------ C:\WINDOWS\Help\joy.chm
2004-08-04 06:00 18931 --a------ C:\WINDOWS\Help\fonts.hlp
2004-08-04 06:00 18920 --a------ C:\WINDOWS\Help\mobsync.chm
2004-08-04 06:00 18855 --a------ C:\WINDOWS\Help\datetime.chm
2004-08-04 06:00 1885 --a------ C:\WINDOWS\Help\mplayer2.cnt
2004-08-04 06:00 18806 --a------ C:\WINDOWS\Help\ipsecsnp.chm
2004-08-04 06:00 18782 --a------ C:\WINDOWS\Help\Tours\htmlTour\img126.jpg
2004-08-04 06:00 18771 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L13_CA.CBZ
2004-08-04 06:00 18641 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L7_DA.CBZ
2004-08-04 06:00 18629 --a------ C:\WINDOWS\Help\ddeshare.chm
2004-08-04 06:00 186237 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L1HE.SWF
2004-08-04 06:00 18612 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L3_BA.CBZ
2004-08-04 06:00 18509 --a------ C:\WINDOWS\Help\eudcedit.hlp
2004-08-04 06:00 18379 --a------ C:\WINDOWS\Help\sendcmsg.chm
2004-08-04 06:00 182482 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L2_D.LDZ
2004-08-04 06:00 18151 --a------ C:\WINDOWS\Help\Tours\htmlTour\safe_easy_faster_big.jpg
2004-08-04 06:00 18137 --a------ C:\WINDOWS\Help\Tours\htmlTour\connected_networks_big.jpg
2004-08-04 06:00 18134 --a------ C:\WINDOWS\Help\compstui.hlp
2004-08-04 06:00 180335 --a------ C:\WINDOWS\Help\iexplore.hlp
2004-08-04 06:00 18029 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L11_BA.CBZ
2004-08-04 06:00 17822 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L11_EA.CBZ
2004-08-04 06:00 17784 --a------ C:\WINDOWS\Help\sysmon.chm
2004-08-04 06:00 17782 --a------ C:\WINDOWS\Help\winchat.chm
2004-08-04 06:00 17762 --a------ C:\WINDOWS\Help\keyshort.chm
2004-08-04 06:00 1771 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Css\wmptour.css
2004-08-04 06:00 176900 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\SHOT01_1.SWF
2004-08-04 06:00 175759 --a------ C:\WINDOWS\Help\Tours\mmTour\nav.swf
2004-08-04 06:00 17489 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\videobg.gif
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L9_FA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L9_AA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L8_EA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L8_AA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L7_FA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L7_AA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L6_FA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L6_AA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L5_HA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L5_AA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L4_HA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L4_AA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L3_EA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L3_AA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L2_IA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L2_AA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L17_EA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L17_AA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L16_EA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L16_AA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L15_FA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L15_AA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L14_EA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L14_AA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L13_FA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L13_AA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L12_EA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L12_AA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L11_FA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L11_AA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L10_FA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L10_AA.CBZ
2004-08-04 06:00 174 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L1_AA.CBZ
2004-08-04 06:00 17396 --a------ C:\WINDOWS\Help\dskquoui.hlp
2004-08-04 06:00 17336 --a------ C:\WINDOWS\Help\supp_ed.chm
2004-08-04 06:00 173 --a------ C:\WINDOWS\Help\msnauth.cnt
2004-08-04 06:00 17290 --a------ C:\WINDOWS\Help\sr_ui.chm
2004-08-04 06:00 17269 --a------ C:\WINDOWS\Help\phowto.chm
2004-08-04 06:00 17250 --a------ C:\WINDOWS\Help\fonts.chm
2004-08-04 06:00 17240 --a------ C:\WINDOWS\Help\msconfig.chm
2004-08-04 06:00 172196 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud9.wav
2004-08-04 06:00 172196 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud8.wav
2004-08-04 06:00 172196 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud3.wav
2004-08-04 06:00 17214 --a------ C:\WINDOWS\Help\Tours\htmlTour\connected_wizard_big.jpg
2004-08-04 06:00 17180 --a------ C:\WINDOWS\Help\Tours\htmlTour\unlock_playing_big.jpg
2004-08-04 06:00 17135 --a------ C:\WINDOWS\Help\mls_trb.chm
2004-08-04 06:00 17081 --a------ C:\WINDOWS\Help\common.chm
2004-08-04 06:00 17080 --a------ C:\WINDOWS\Help\compfldr.chm
2004-08-04 06:00 1707866 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U3L5EE.WAV
2004-08-04 06:00 17059 --a------ C:\WINDOWS\Help\Tours\htmlTour\connected_multiple_big.jpg
2004-08-04 06:00 16962 --a------ C:\WINDOWS\Help\sol.chm
2004-08-04 06:00 16669 --a------ C:\WINDOWS\Help\aclui.hlp
2004-08-04 06:00 16660 --a------ C:\WINDOWS\Help\utilmgr.chm
2004-08-04 06:00 16645 --a------ C:\WINDOWS\Help\sndvol32.chm
2004-08-04 06:00 16643 --a------ C:\WINDOWS\Help\webpub.chm
2004-08-04 06:00 166 --a------ C:\WINDOWS\Help\Tours\htmlTour\bluearrow.gif
2004-08-04 06:00 16572 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L12_BA.CBZ
2004-08-04 06:00 16494 --a------ C:\WINDOWS\Help\keyb.chm
2004-08-04 06:00 1644 --a------ C:\WINDOWS\Help\migwiz2.htm
2004-08-04 06:00 1637375 --a------ C:\WINDOWS\Help\Tours\mmTour\segment2.swf
2004-08-04 06:00 1635503 --a------ C:\WINDOWS\Help\Tours\mmTour\segment3.swf
2004-08-04 06:00 16257 --a------ C:\WINDOWS\Help\Tours\htmlTour\img110.jpg
2004-08-04 06:00 16162 --a------ C:\WINDOWS\Help\newfeat1.hlp
2004-08-04 06:00 16149 --a------ C:\WINDOWS\Help\mobsync.hlp
2004-08-04 06:00 161429 --a------ C:\WINDOWS\Help\mpconcepts.chm
2004-08-04 06:00 16119 --a------ C:\WINDOWS\Help\odbcinst.chm
2004-08-04 06:00 16062 --a------ C:\WINDOWS\Help\ixhelp.hlp
2004-08-04 06:00 16043 --a------ C:\WINDOWS\Help\snmpsnap.hlp
2004-08-04 06:00 15998 --a------ C:\WINDOWS\Help\mouse.hlp
2004-08-04 06:00 15961 --a------ C:\WINDOWS\Help\spider.chm
2004-08-04 06:00 15957 --a------ C:\WINDOWS\Help\sfmmgr.hlp
2004-08-04 06:00 15803 --a------ C:\WINDOWS\Help\freecell.chm
2004-08-04 06:00 15723 --a------ C:\WINDOWS\Help\msdasc.chm
2004-08-04 06:00 15707 --a------ C:\WINDOWS\Help\Tours\htmlTour\safe_easy_easier_big.jpg
2004-08-04 06:00 155615 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U5L1EE.SWF
2004-08-04 06:00 155606 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U1L2EE.SWF
2004-08-04 06:00 15481 --a------ C:\WINDOWS\Help\addremov.chm
2004-08-04 06:00 15432 --a------ C:\WINDOWS\Help\is.chm
2004-08-04 06:00 15423 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L15_DA.CBZ
2004-08-04 06:00 154065 --a------ C:\WINDOWS\Help\Ipv6.chm
2004-08-04 06:00 1535 --a------ C:\WINDOWS\Help\Tours\htmlTour\read_icon.jpg
2004-08-04 06:00 15313 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L17_CA.CBZ
2004-08-04 06:00 152576 --a------ C:\WINDOWS\Help\bnts.dll
2004-08-04 06:00 15256 --a------ C:\WINDOWS\Help\nwdoc.chm
2004-08-04 06:00 15245 --a------ C:\WINDOWS\Help\msorcl32.chm
2004-08-04 06:00 151662 --a------ C:\WINDOWS\Help\mmc.chm
2004-08-04 06:00 15071 --a------ C:\WINDOWS\Help\winmine.chm
2004-08-04 06:00 15071 --a------ C:\WINDOWS\Help\hardware.hlp
2004-08-04 06:00 15051 --a------ C:\WINDOWS\Help\mshearts.chm
2004-08-04 06:00 1496 --a------ C:\WINDOWS\Help\Tours\htmlTour\nav_gray.gif
2004-08-04 06:00 14951 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L2_HA.CBZ
2004-08-04 06:00 1491 --a------ C:\WINDOWS\Help\Tours\htmlTour\footer.htm
2004-08-04 06:00 14805 --a------ C:\WINDOWS\Help\els.chm
2004-08-04 06:00 14770 --a------ C:\WINDOWS\Help\Tours\htmlTour\unlock_built_big.jpg
2004-08-04 06:00 147699 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L3FE.SWF
2004-08-04 06:00 14698 --a------ C:\WINDOWS\Help\telnet.hlp
2004-08-04 06:00 14685 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L10_EA.CBZ
2004-08-04 06:00 14678 --a------ C:\WINDOWS\Help\rsm.chm
2004-08-04 06:00 145815 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L2FE.SWF
2004-08-04 06:00 14521 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L17_DA.CBZ
2004-08-04 06:00 14504 --a------ C:\WINDOWS\Help\cscui.hlp
2004-08-04 06:00 144416 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L5FE.SWF
2004-08-04 06:00 14433 --a------ C:\WINDOWS\Help\Tours\htmlTour\connected_data_big.jpg
2004-08-04 06:00 14384 --a------ C:\WINDOWS\Help\verifier.hlp
2004-08-04 06:00 1429115 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L14_D.LDZ
2004-08-04 06:00 14161 --a------ C:\WINDOWS\Help\drwtsn32.hlp
2004-08-04 06:00 14103 --a------ C:\WINDOWS\Help\certmgr.chm
2004-08-04 06:00 14093 --a------ C:\WINDOWS\Help\Tours\htmlTour\unlock_optimized_big.jpg
2004-08-04 06:00 1398 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\taon.gif
2004-08-04 06:00 13955 --a------ C:\WINDOWS\Help\scarddlg.hlp
2004-08-04 06:00 13943 --a------ C:\WINDOWS\Help\infrared.hlp
2004-08-04 06:00 139118 --a------ C:\WINDOWS\Help\fxsclnt.chm
2004-08-04 06:00 1380 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\taonh.gif
2004-08-04 06:00 1380 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\taoff.gif
2004-08-04 06:00 137859 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U3L3CE.SWF
2004-08-04 06:00 1367 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\taoffh.gif
2004-08-04 06:00 136501 --a------ C:\WINDOWS\Help\Glossary.chm
2004-08-04 06:00 135763 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U3L3GE.SWF
2004-08-04 06:00 13517 --a------ C:\WINDOWS\Help\sol.hlp
2004-08-04 06:00 1350234 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U4L2DE.WAV
2004-08-04 06:00 13409 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L14_BA.CBZ
2004-08-04 06:00 133960 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U3L1FE.SWF
2004-08-04 06:00 13378 --a------ C:\WINDOWS\Help\Tours\htmlTour\safe_easy_better_big.jpg
2004-08-04 06:00 13307 --a------ C:\WINDOWS\Help\wshconcepts.chm
2004-08-04 06:00 132897 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U4L3FE.SWF
2004-08-04 06:00 1325 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L17_BA.CBZ
2004-08-04 06:00 13244 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L6_CA.CBZ
2004-08-04 06:00 13228 --a------ C:\WINDOWS\Help\taskmgr.hlp
2004-08-04 06:00 130893 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U1L3FE.SWF
2004-08-04 06:00 13041 --a------ C:\WINDOWS\Help\defrag.chm
2004-08-04 06:00 13006 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\SHAMMI20.HLP
2004-08-04 06:00 12982 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L4_CA.CBZ
2004-08-04 06:00 12961 --a------ C:\WINDOWS\Help\charmap.hlp
2004-08-04 06:00 129385 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L2DE.SWF
2004-08-04 06:00 1290842 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U4L1FE.WAV
2004-08-04 06:00 129 --a------ C:\WINDOWS\Help\connect.cnt
2004-08-04 06:00 12886 --a------ C:\WINDOWS\Help\regedit.hlp
2004-08-04 06:00 128528 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U3L1DE.SWF
2004-08-04 06:00 12817 --a------ C:\WINDOWS\Help\drvvfp.chm
2004-08-04 06:00 12760 --a------ C:\WINDOWS\Help\ntshrui.hlp
2004-08-04 06:00 12752 --a------ C:\WINDOWS\Help\qosconcepts.chm
2004-08-04 06:00 12701 --a------ C:\WINDOWS\Help\ident.hlp
2004-08-04 06:00 12693 --a------ C:\WINDOWS\Help\tcpmon.hlp
2004-08-04 06:00 12550 --a------ C:\WINDOWS\Help\defrag.hlp
2004-08-04 06:00 12548 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L16_DA.CBZ
2004-08-04 06:00 12525 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L5_CA.CBZ
2004-08-04 06:00 12521 --a------ C:\WINDOWS\Help\notepad.hlp
2004-08-04 06:00 125102 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L3CE.SWF
2004-08-04 06:00 12492 --a------ C:\WINDOWS\Help\splash.chm
2004-08-04 06:00 12488 --a------ C:\WINDOWS\Help\twclient.hlp
2004-08-04 06:00 12476 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L14_CA.CBZ
2004-08-04 06:00 12457 --a------ C:\WINDOWS\Help\freecell.hlp
2004-08-04 06:00 12387 --a------ C:\WINDOWS\Help\osk.hlp
2004-08-04 06:00 12377 --a------ C:\WINDOWS\Help\wscript.hlp
2004-08-04 06:00 12377 --a------ C:\WINDOWS\Help\winchat.hlp
2004-08-04 06:00 1237 --a------ C:\WINDOWS\Help\Tours\htmlTour\nav_unlock.gif
2004-08-04 06:00 1237 --a------ C:\WINDOWS\Help\Tours\htmlTour\nav_safe_easy.gif
2004-08-04 06:00 12249 --a------ C:\WINDOWS\Help\sigverif.hlp
2004-08-04 06:00 12244 --a------ C:\WINDOWS\Help\utilmgr.hlp
2004-08-04 06:00 1221 --a------ C:\WINDOWS\Help\Tours\htmlTour\nav_best.gif
2004-08-04 06:00 1215489 --a------ C:\WINDOWS\Help\ntart.chm
2004-08-04 06:00 121327 --a------ C:\WINDOWS\Help\mail.chm
2004-08-04 06:00 12115 --a------ C:\WINDOWS\Help\magnify.hlp
2004-08-04 06:00 1211 --a------ C:\WINDOWS\Help\Tours\htmlTour\nav_connected.gif
2004-08-04 06:00 1205850 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U3L3DE.WAV
2004-08-04 06:00 12013 --a------ C:\WINDOWS\Help\ieos.chm
2004-08-04 06:00 119933 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L3_D.LDZ
2004-08-04 06:00 11953 --a------ C:\WINDOWS\Help\reader.hlp
2004-08-04 06:00 11941 --a------ C:\WINDOWS\Help\sendcmsg.hlp
2004-08-04 06:00 119340 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L3EE.SWF
2004-08-04 06:00 11814 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\SHAMMI19.HLP
2004-08-04 06:00 1181074 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L12_D.LDZ
2004-08-04 06:00 11797 --a------ C:\WINDOWS\Help\chnscsvr.hlp
2004-08-04 06:00 1179 --a------ C:\WINDOWS\Help\Tours\htmlTour\nav_connected_down.gif
2004-08-04 06:00 11769 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L4_DA.CBZ
2004-08-04 06:00 117682 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U3L3BE.SWF
2004-08-04 06:00 1176 --a------ C:\WINDOWS\Help\Tours\htmlTour\nav_safe_easy_down.gif
2004-08-04 06:00 117189 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U4L2EE.SWF
2004-08-04 06:00 117006 --a------ C:\WINDOWS\Help\msoe.hlp
2004-08-04 06:00 116775 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U5L2EE.SWF
2004-08-04 06:00 11627 --a------ C:\WINDOWS\Help\cdmedia.hlp
2004-08-04 06:00 1161 --a------ C:\WINDOWS\Help\Tours\htmlTour\nav_best_down.gif
2004-08-04 06:00 11603 --a------ C:\WINDOWS\Help\sysrestore.hlp
2004-08-04 06:00 11594 --a------ C:\WINDOWS\Help\spider.hlp
2004-08-04 06:00 11563 --a------ C:\WINDOWS\Help\nmchat.chm
2004-08-04 06:00 11562 --a------ C:\WINDOWS\Help\nofts.chm
2004-08-04 06:00 115088 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U3L1EE.SWF
2004-08-04 06:00 1148 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\snd.htm
2004-08-04 06:00 11476 --a------ C:\WINDOWS\Help\winmine.hlp
2004-08-04 06:00 11445 --a------ C:\WINDOWS\Help\audiocdc.hlp
2004-08-04 06:00 1135 --a------ C:\WINDOWS\Help\Tours\htmlTour\scripts.js
2004-08-04 06:00 1131 --a------ C:\WINDOWS\Help\Tours\htmlTour\nav_unlock_down.gif
2004-08-04 06:00 1130 --a------ C:\WINDOWS\Help\Tours\htmlTour\nav_start_here.gif
2004-08-04 06:00 11290 --a------ C:\WINDOWS\Help\sndvol32.hlp
2004-08-04 06:00 11288 --a------ C:\WINDOWS\Help\chooser.hlp
2004-08-04 06:00 11211 --a------ C:\WINDOWS\Help\mshearts.hlp
2004-08-04 06:00 11187 --a------ C:\WINDOWS\Help\mpnetwrk.hlp
2004-08-04 06:00 11138 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\L2_DA.CBZ
2004-08-04 06:00 11047 --a------ C:\WINDOWS\Help\newfeat5.chm
2004-08-04 06:00 11047 --a------ C:\WINDOWS\Help\newfeat4.chm
2004-08-04 06:00 11047 --a------ C:\WINDOWS\Help\newfeat3.chm
2004-08-04 06:00 11047 --a------ C:\WINDOWS\Help\newfeat2.chm
2004-08-04 06:00 109258 --a------ C:\WINDOWS\Help\isconcepts.chm
2004-08-04 06:00 1087578 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U3L3CE.WAV
2004-08-04 06:00 1084762 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U2L5CE.WAV
2004-08-04 06:00 108111 --a------ C:\WINDOWS\Help\Tours\htmlTour\img046.jpg
2004-08-04 06:00 107806 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\L8_D.LDZ
2004-08-04 06:00 1074778 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U1L3EE.WAV
2004-08-04 06:00 10743 --a------ C:\WINDOWS\Help\cyzcoins.chm
2004-08-04 06:00 1063770 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U5L1CE.WAV
2004-08-04 06:00 1060698 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U2L2BE.WAV
2004-08-04 06:00 106 --a------ C:\WINDOWS\Help\conf.cnt
2004-08-04 06:00 105608 --a------ C:\WINDOWS\Help\adprop.hlp
2004-08-04 06:00 10556 --a------ C:\WINDOWS\Help\msnauth.hlp
2004-08-04 06:00 10483 --a------ C:\WINDOWS\Help\cyycoins.chm
2004-08-04 06:00 104801 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U1L1FE.SWF
2004-08-04 06:00 10457 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\wmptour.hta
2004-08-04 06:00 1043802 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U1L3FE.WAV
2004-08-04 06:00 103623 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U1L3EE.SWF
2004-08-04 06:00 102531 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\U2L4CE.SWF
2004-08-04 06:00 1015130 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\U2L3CE.WAV
2004-08-04 06:00 101275 --a------ C:\WINDOWS\Help\network.chm
2004-08-04 06:00 10111 --a------ C:\WINDOWS\Help\sapicpl.hlp
2004-08-04 06:00 100686 --a------ C:\WINDOWS\Help\Tours\htmlTour\img149.jpg
2004-08-04 06:00 1005 --a------ C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\bktr.gif
2003-12-22 03:28 66670 --a------ C:\WINDOWS\Help\MALSHF.HLP
2003-12-22 03:28 6509 --a------ C:\WINDOWS\Help\PEG.CNT
2003-12-22 03:28 278528 --a------ C:\WINDOWS\Help\PEG.HLP
2003-12-22 03:28 169511 --a------ C:\WINDOWS\Help\MBLLNK.HLP
2003-12-22 03:28 1112 --a------ C:\WINDOWS\Help\MALSHF.CNT
2001-12-10 15:12 7491 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\Readme.txt
2001-11-07 13:28 49152 --a------ C:\WINDOWS\Help\SBSI\Training\usersid.exe
2001-07-26 10:03 740 --a------ C:\WINDOWS\Help\SBSI\Training\Database\Groups.dbf
2001-07-26 08:48 10953 --a------ C:\WINDOWS\Help\SBSI\Training\Database\WXPPera.toc
2001-06-26 12:33 53256 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\WXPPer.key
2001-06-26 12:33 32718 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\WXPPera.cbt
2001-06-26 11:12 72891 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\XPGLOSPE.HLP
2001-06-26 11:12 4093 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\XPGLOSPE.cnt
2001-06-26 10:48 6144 --a------ C:\WINDOWS\Help\SBSI\Training\Database\Usergrp.cdx
2001-06-26 10:48 6144 --a------ C:\WINDOWS\Help\SBSI\Training\Database\Grpsyll.cdx
2001-06-26 10:48 371 --a------ C:\WINDOWS\Help\SBSI\Training\Database\Grpsyll.dbf
2001-06-26 10:48 3487 --a------ C:\WINDOWS\Help\SBSI\Training\Database\Syllabi2.dbf
2001-06-26 10:48 3072 --a------ C:\WINDOWS\Help\SBSI\Training\Database\Syllabi2.cdx
2001-06-21 13:42 55178 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\CBO\WXPPerA.cab
2001-06-21 13:23 13912 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\CBO\wxpper.chm
2001-06-20 15:44 55946 --a------ C:\WINDOWS\Help\SBSI\Training\LSINGLE.HLP
2001-06-12 14:22 518 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\CBO\hsc_add.vbs
2001-06-12 13:16 373 --a------ C:\WINDOWS\Help\SBSI\Training\WXPPer\CBO\hsc_del.vbs
2001-06-12 09:36 1909 --a------ C:\WINDOWS\Help\SBSI\Training\lsingle.cnt
2001-06-11 18:19 233472 --a------ C:\WINDOWS\Help\SBSI\Training\ounins32_s.exe
2001-05-22 16:39 71 --a------ C:\WINDOWS\Help\SBSI\Training\Database\Settings.dbf
2001-05-22 16:39 322 --a------ C:\WINDOWS\Help\SBSI\Training\Database\Syllabus.dbf
2001-04-10 10:13 6144 --a------ C:\WINDOWS\Help\SBSI\Training\Database\Prgrss2.cdx
2001-04-10 10:13 23759 --a------ C:\WINDOWS\Help\SBSI\Training\Database\Prgrss2.dbf
2001-02-22 11:14 67 --a------ C:\WINDOWS\Help\SBSI\Training\startmenu.cbo
2001-01-18 15:55 3072 --a------ C:\WINDOWS\Help\SBSI\Training\Database\Groups.cdx
1999-07-28 10:16 940 --a------ C:\WINDOWS\Help\SBSI\Training\Database\Users.dbf
1999-07-28 10:16 548 --a------ C:\WINDOWS\Help\SBSI\Training\Database\Usergrp.dbf
1999-07-28 10:16 3072 --a------ C:\WINDOWS\Help\SBSI\Training\Database\Users.cdx
1999-06-09 11:53 779 --a------ C:\WINDOWS\Help\SBSI\Training\engine.ini
1999-02-09 16:46 6144 --a------ C:\WINDOWS\Help\SBSI\Training\Database\Progress.cdx
1999-02-09 16:46 4608 --a------ C:\WINDOWS\Help\SBSI\Training\Database\bookmrk.CDX
1999-02-09 16:46 386 --a------ C:\WINDOWS\Help\SBSI\Training\Database\Progress.dbf
1999-02-09 16:46 3072 --a------ C:\WINDOWS\Help\SBSI\Training\Database\Syllabus.cdx
1999-02-09 16:46 130 --a------ C:\WINDOWS\Help\SBSI\Training\Database\bookmrk.dbf
1998-10-25 08:04 13528 --a------ C:\WINDOWS\Help\WZCNFLCT.CHM
1998-09-25 12:19 394752 --a------ C:\WINDOWS\Help\SBSI\Training\LEARN32.DLL
1998-09-25 12:19 140288 --a------ C:\WINDOWS\Help\SBSI\Training\PCTREE32.DLL
1998-09-03 13:20 75776 --a------ C:\WINDOWS\Help\SBSI\Training\COMPLINC.DLL
((((((((((((((((((((((((((((( snapshot@2008-05-27_15.41.11.64 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-27 13:17:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-27 23:02:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-05-24 10:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 13:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 13:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-05-27 23:04:34 16,384 --sha-w C:\WINDOWS\TEMP\Cookies\index.dat
+ 2008-05-27 23:04:34 16,384 --sha-w C:\WINDOWS\TEMP\History\History.IE5\index.dat
- 2008-05-27 13:21:47 16,384 --sha-w C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-27 23:04:34 32,768 --sha-w C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{129FA2A1-408C-4824-83A4-5001581FD01E}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F1DF333-96F7-4BC5-A98D-0A720517E9D3}]
C:\WINDOWS\system32\khfEUkKC.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEA8B0F5-11A6-4083-802D-46C1C983719B}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dc9106d5-6e61-4fcc-b71d-20871f5c13c2}]
2008-05-28 00:32 133632 --a------ C:\WINDOWS\system32\onvnrafk.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-07-16 22:29 389120]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 07:42 401491]
"VoipBuster"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" [2008-02-13 21:31 8811824]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 23:36 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"\\WERKPC\EPSON Stylus DX9400F Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFE.exe" [2007-03-23 08:00 182272]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 00:30 282624 C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 19:48 761947]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-06-29 13:13 1032192]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 16:08 1347584]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02 86016]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-21 09:13 579584]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 01:00 385024]
"DigidesignMMERefresh"="C:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2006-05-10 02:31 61440]
"M-Audio Taskbar Icon"="C:\WINDOWS\System32\M-AudioTaskBarIcon.exe" [2005-11-09 16:32 91136]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 15:49 1121280]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33 122941]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06 2027792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"MMClient"="C:\Program Files\MediaMelon\bin\MMClient.exe" [2008-05-28 03:14 107513]
"0cc6096e"="C:\WINDOWS\system32\jbyhdlrs.dll" [2008-05-28 00:38 116224]
"BM0ff53af2"="C:\WINDOWS\system32\kpdrvygc.dll" [2008-05-28 00:27 126976]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 08:16 219136]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-14 02:04 5562368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Common Files\logishrd\WUApp32.exe" [2007-07-19 02:45 439568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"Midi1"= evolusbn.dll
"midi6"= evolusbn.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-12-09 21:29 49152 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2006-09-21 10:08 169984 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
C:\Program Files\Logitech\Video\InstallHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
--a------ 2004-11-11 06:15 111816 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\3dsmax6\\3dsmax.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Voipwise.com\\Voipwise\\Voipwise.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MediaMelon\\bin\\MMClient.exe"=
"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"C:\\Program Files\\LimeWire Plus\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
R0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFilt.sys [2006-05-10 02:29]
R0 sojubus;sojubus;C:\WINDOWS\system32\DRIVERS\sojubus.sys [2003-10-05 11:41]
R0 sojuscsi;sojuscsi;C:\WINDOWS\system32\DRIVERS\sojuscsi.sys [2003-09-28 11:57]
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 21:27]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys [2006-01-12 23:27]
R2 MobilePreInstallerService;MobilePre Installer;C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe [2005-06-15 15:00]
R2 UnoInstallerService;Uno Installer;C:\Program Files\M-Audio Uno\UnoInst.exe [2004-12-04 02:06]
R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys [2006-01-12 23:29]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
S3 EVOLUSB;%EVOL_USB_SvcDesc%;C:\WINDOWS\system32\drivers\evolusb.sys [2004-10-20 17:50]
S3 iLokDrvr;iLok;C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys [2006-10-05 18:06]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
S3 ma763004;M-Audio MobilePre USB;C:\WINDOWS\system32\drivers\MA763004.sys [2005-11-09 18:00]
.
Contents of the 'Scheduled Tasks' folder
"2008-05-21 16:38:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-27 22:52:04 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-27 21:22:12 C:\WINDOWS\Tasks\User_Feed_Synchronization-{56D53F11-D5DC-47A5-B45E-9602887E5261}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 01:04:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\\\WERKPC\\EPSON Stylus DX9400F Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATICFE.EXE /FU \"C:\\DOCUME~1\\Lieveke\\LOCALS~1\\Temp\\E_S2B.tmp\" /EF \"HKCU\""
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2008-05-28 1:26:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-27 23:24:57
ComboFix2.txt 2008-05-27 22:38:03
ComboFix3.txt 2008-05-27 13:43:29
Pre-Run: 38,008,770,560 bytes free
Post-Run: 37,994,151,936 bytes free
1212 --- E O F --- 2008-05-17 10:02:56
Rorschach112
2008-05-28, 02:46
Hello
Please download Malwarebytes' Anti-Malware from Here (http://www.besttechie.net/tools/mbam-setup.exe) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
1. Close any open browsers.
2. Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\WINDOWS\system32\jbyhdlrs.dll
C:\WINDOWS\system32\milvtmem.ini
C:\WINDOWS\system32\onvnrafk.dll
C:\WINDOWS\system32\kpdrvygc.dll
Folder::
Registry::
Driver::
Save this as CFScript.txt, in the same location as ComboFix.exe
http://i266.photobucket.com/albums/ii277/sUBs_/Combo-Do.gif
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Also post a new HijackThis log
Stefan Witvoet
2008-05-28, 09:25
Malwarebytes' Anti-Malware 1.12
Database version: 793
Scan type: Quick Scan
Objects scanned: 39059
Time elapsed: 4 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\jbyhdlrs.dll (Trojan.Vundo) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0cc6096e (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM0ff53af2 (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\jbyhdlrs.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\srldhybj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kpdrvygc.dll (Trojan.Agent) -> Delete on reboot.
Stefan Witvoet
2008-05-28, 12:21
Hi there... by the way thanks for your fast assistance! I really appreciate it.
There are a few things I shoudl mention... spybot keeps asking me to make changes in the registry which I usually allow, but reckon it may be best to not do as it may confuse the process of healing the system now.
I saved the .txt file as above and after the 41st procedure ComboFix started to delete an .xml file, that took about 2.5 hours! Which resulted in me rebooting the computer as I reckon it stalled.
The Error I now get on startup is:
RUNDLL
Error loading C:\WINDOWS\system32\kpdrvygc.dll
The specified module could not be found.
After this I proceeded to shutdown to including updates and received message as follows:
Access violation at address 0044B6BE9 in module 'TeaTimer.exe'. Read of address 00000010
Any idea what is going on here??
I will keep rebooting and attempting to get the log files once I'm so far.
Many thanks once again.
Rorschach112
2008-05-28, 19:02
Do this
Please download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) and save it to your Desktop.
Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Stefan Witvoet
2008-05-29, 00:27
Hey Roscharch....
Hope you're doing great in Ireland - had my nails done so can hardly type now!! :D but will do my best without errors...
Deckard's System Scanner v20071014.68
Run by Lieveke on 2008-05-28 23:20:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
101: 2008-05-28 21:20:57 UTC - RP666 - Deckard's System Scanner Restore Point
100: 2008-05-28 15:47:40 UTC - RP665 - ComboFix created restore point
99: 2008-05-28 11:37:15 UTC - RP664 - ComboFix created restore point
98: 2008-05-28 09:54:58 UTC - RP663 - Software Distribution Service 3.0
97: 2008-05-28 09:40:05 UTC - RP662 - Software Distribution Service 3.0
-- First Restore Point --
1: 2008-05-27 22:24:56 UTC - RP566 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Lieveke.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:23, on 2008-05-28
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Lieveke\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Lieveke.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forums.spybot.info/forumdisplay.php?f=22
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=en&client=dell-row&channel=nl&ibd=0060921
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/ig/dell?hl=en&client=dell-row&channel=nl&ibd=0060921
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6F1DF333-96F7-4BC5-A98D-0A720517E9D3} - C:\WINDOWS\system32\khfEUkKC.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {dc9106d5-6e61-4fcc-b71d-20871f5c13c2} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMClient] C:\Program Files\MediaMelon\bin\MMClient.exe
O4 - HKLM\..\Run: [BM0ff53af2] Rundll32.exe "C:\WINDOWS\system32\kpdrvygc.dll",s
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [\WERKPC\EPSON Stylus DX9400F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE /FU "C:\DOCUME~1\Lieveke\LOCALS~1\Temp\E_S2B.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.1.0.2016 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.1.0.2016 (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: USB Phone Driver Startup.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?f22add4f84fa4a1eb75d46185c489c21
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?f22add4f84fa4a1eb75d46185c489c21
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: bw+0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MobilePre Installer (MobilePreInstallerService) - M-Audio - C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: (no name) - http://www.wunderground.com/data/wximagenew/p/PushingTin/2.jpg
--
End of file - 27108 bytes
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.js - JSFile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - JSFile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 DigiFilter - c:\windows\system32\drivers\digifilt.sys <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Pro Tools®>
R0 sojubus - c:\windows\system32\drivers\sojubus.sys
R0 sojuscsi - c:\windows\system32\drivers\sojuscsi.sys
R0 TPkd - c:\windows\system32\drivers\tpkd.sys <Not Verified; PACE Anti-Piracy, Inc.; InterLok(R)>
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 Asapi - c:\windows\system32\drivers\asapi.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.2609>
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R2 hnmwrlspkt (HomeNet Manager Wireless Protocol) - c:\windows\system32\drivers\hnm_wrls_pkt.sys <Not Verified; SingleClick Systems; Wireless Protocol Driver>
R2 Packet (Auto Internet Protocol) - c:\windows\system32\drivers\packet.sys <Not Verified; SingleClick Systems; Auto IP Protocol Driver>
R2 wsppkt (Wireless Security Protocol) - c:\windows\system32\drivers\wsp_pkt.sys <Not Verified; SingleClick Systems; Wireless Security Protocol Driver>
R3 CLEDX (Team H2O CLEDX service) - c:\windows\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX>
S3 btwhid - c:\windows\system32\drivers\btwhid.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.2609>
S3 btwmodem (Bluetooth Modem) - c:\windows\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.2609>
S3 catchme - c:\combofix\catchme.sys (file missing)
S3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt>
S3 EVOLUSB (%EVOL_USB_SvcDesc%) - c:\windows\system32\drivers\evolusb.sys <Not Verified; Evolution Electronics Ltd.; Evolution USB MIDI Keyboard Interface>
S3 GT680x (Grand Tech GT680x NT) - c:\windows\system32\drivers\gt680x.sys <Not Verified; ; USB Scanner Driver>
S3 iLokDrvr (iLok) - c:\windows\system32\drivers\ilokdrvr.sys <Not Verified; PACE Anti-Piracy, Inc.; iLok(R)>
S3 LVPrcMon (Logitech LVPrcMon Driver) - c:\windows\system32\drivers\lvprcmon.sys
S3 ma763004 (M-Audio MobilePre USB) - c:\windows\system32\drivers\ma763004.sys <Not Verified; M-Audio; M-Audio MobilePre Driver>
S3 SDDMI2 - c:\windows\system32\ddmi2.sys <Not Verified; Gteko Ltd.; DDMI>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; Macrovision; SafeCast Windows NT>
R2 DigiRefresh (Digidesign MME Refresh Service) - c:\program files\digidesign\drivers\mmerefresh.exe -s <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Digidesign MME Binder>
R2 MobilePreInstallerService (MobilePre Installer) - c:\program files\m-audio\mobilepre\install\mpinst.exe <Not Verified; M-Audio; MobilePre Installer Service>
R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 UnoInstallerService (Uno Installer) - c:\program files\m-audio uno\unoinst.exe
S3 digiSPTIService - "c:\program files\digidesign\pro tools\digisptiservice.exe" <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Pro Tools CD Ripping Service>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth Audio
Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTAUDIO\1&30EE4AD&0&1000000030000
Manufacturer: Broadcom
Name: Bluetooth Audio
PNP Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTAUDIO\1&30EE4AD&0&1000000030000
Service: btaudio
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth High Quality Audio
Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWAUDIO\1&30EE4AD&0&1000000030001
Manufacturer: Broadcom
Name: Bluetooth High Quality Audio
PNP Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWAUDIO\1&30EE4AD&0&1000000030001
Service: btaudio
-- Scheduled Tasks -------------------------------------------------------------
2008-05-28 23:07:55 258 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-05-28 19:09:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-27 23:22:12 426 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{56D53F11-D5DC-47A5-B45E-9602887E5261}.job
-- Files created between 2008-04-28 and 2008-05-28 -----------------------------
2008-05-28 12:47:48 0 d-------- C:\WINDOWS\Prefetch
2008-05-28 12:07:31 0 d-------- C:\WINDOWS\system32\scripting
2008-05-28 12:07:31 0 d-------- C:\WINDOWS\l2schemas
2008-05-28 12:07:30 0 d-------- C:\WINDOWS\system32\en
2008-05-28 12:07:30 0 d-------- C:\WINDOWS\system32\bits
2008-05-28 12:05:37 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-28 11:58:13 0 d-------- C:\WINDOWS\EHome
2008-05-28 08:17:03 0 d-------- C:\Documents and Settings\Lieveke\Application Data\Malwarebytes
2008-05-28 08:16:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-28 08:16:55 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-27 22:53:34 0 d-------- C:\Program Files\Trend Micro
2008-05-27 20:02:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-27 16:32:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-27 16:32:02 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-27 14:32:55 0 d-------- C:\cmdcons
2008-05-27 13:45:42 68096 --a------ C:\WINDOWS\zip.exe
2008-05-27 13:45:42 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-27 13:45:42 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-27 13:45:42 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-27 13:45:42 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-27 13:45:42 98816 --a------ C:\WINDOWS\sed.exe
2008-05-27 13:45:42 80412 --a------ C:\WINDOWS\grep.exe
2008-05-27 13:45:42 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-27 09:34:15 0 d-------- C:\Program Files\Enigma Software Group
2008-05-27 08:47:44 0 d-------- C:\Program Files\PCCheckupOnline
2008-05-26 23:36:39 0 dr-h----- C:\Documents and Settings\Lieveke\Recent
-- Find3M Report ---------------------------------------------------------------
2008-05-28 23:17:58 0 d-------- C:\Documents and Settings\Lieveke\Application Data\skypePM
2008-05-28 23:17:47 0 d-------- C:\Documents and Settings\Lieveke\Application Data\Skype
2008-05-28 12:07:51 0 d-------- C:\Program Files\Messenger
2008-05-28 12:07:29 0 d-------- C:\Program Files\Movie Maker
2008-05-28 12:05:22 0 d-------- C:\Program Files\Windows NT
2008-05-27 11:44:41 0 d-------- C:\Documents and Settings\Lieveke\Application Data\AVG7
2008-05-27 08:49:11 0 d-------- C:\Program Files\Dell
2008-05-25 23:44:38 0 d-------- C:\Documents and Settings\Lieveke\Application Data\LimeWirePlus
2008-05-22 10:27:48 0 d-------- C:\Program Files\MediaMelon
2008-04-22 10:08:19 0 d-------- C:\Program Files\LimeWire Plus
2008-04-22 10:07:57 0 d-------- C:\Program Files\LimewirePlus
2008-04-04 20:44:31 0 d-------- C:\Program Files\Skype
2008-04-04 20:44:29 0 d-------- C:\Program Files\Common Files\Skype
2008-04-04 20:44:28 0 d-------- C:\Program Files\Common Files
2008-03-29 12:26:38 0 d-------- C:\Program Files\Java
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F1DF333-96F7-4BC5-A98D-0A720517E9D3}]
C:\WINDOWS\system32\khfEUkKC.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dc9106d5-6e61-4fcc-b71d-20871f5c13c2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 00:30 C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 19:48]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-06-29 13:13]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 16:08]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-21 09:13]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 01:00]
"DigidesignMMERefresh"="C:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2006-05-10 02:31]
"M-Audio Taskbar Icon"="C:\WINDOWS\System32\M-AudioTaskBarIcon.exe" [2005-11-09 16:32]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 15:49]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"MMClient"="C:\Program Files\MediaMelon\bin\MMClient.exe" [2008-05-28 03:14]
"BM0ff53af2"="C:\WINDOWS\system32\kpdrvygc.dll" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-07-16 22:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:12]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 07:42]
"VoipBuster"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" [2008-02-13 21:31]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 23:36]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43]
"\WERKPC\EPSON Stylus DX9400F Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFE.exe" [2007-03-23 08:00]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"WUAppSetup"=C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.1.0.2016
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
"C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
-- End of Deckard's System Scanner: finished at 2008-05-28 23:25:10 ------------
Stefan Witvoet
2008-05-29, 00:28
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 2046.37 MiB / 1483.02 MiB
Pagefile Memory (total/avail): 4041.84 MiB / 3497.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1871.97 MiB
C: is Fixed (NTFS) - 80.62 GiB total, 33.54 GiB free.
D: is Fixed (NTFS) - 26.52 GiB total, 3.61 GiB free.
E: is CDROM (CDFS)
G: is Removable (FAT)
\\.\PHYSICALDRIVE0 - SAMSUNG HM120JI - 110.39 GiB - 4 partitions
\PARTITION0 - Unknown - 86.26 MiB
\PARTITION1 (bootable) - Installable File System - 80.62 GiB - C:
\PARTITION2 - Installable File System - 26.52 GiB - D:
\PARTITION3 - Unknown - 3.15 GiB
\\.\PHYSICALDRIVE1 - USB2.0 FlashDisk USB Device - 486.34 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 487.51 MiB - G:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Lieveke\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=STUDIO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Lieveke
LOGONSERVER=\\STUDIO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\Common Files\Autodesk Shared;C:\Program Files\backburner 2;C:\Program Files\QuickTime\QTSystem;C:\Program Files\iTunes\Plug-InsC:\Program Files\iTunes\Plug-Ins\Qloud
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Lieveke\LOCALS~1\Temp
TMP=C:\DOCUME~1\Lieveke\LOCALS~1\Temp
USERDOMAIN=STUDIO
USERNAME=Lieveke
USERPROFILE=C:\Documents and Settings\Lieveke
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Lieveke (admin)
Administrator (new local, admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ds max 6 --> MsiExec.exe /I{69E6A869-8B59-4619-A9E9-58DDFA7C05B8}
3ds max 6 Architectural Materials --> MsiExec.exe /I{DD8C1183-6548-4A43-B9E5-CD0E970751E4}
3ds max 6 Reference Files --> MsiExec.exe /I{BC14A1F6-0511-4360-8351-FB7964979317}
3ds max 6 Sample Files --> MsiExec.exe /I{EC63CD9C-676B-4384-A280-378842B99DCA}
3ds max 6 Sdk --> MsiExec.exe /I{C71CF39A-D4C2-43F5-BB72-F3ABEEC875D0}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> C:\Program Files\Common Files\Adobe\Installers\7328fdfcb73660ec8b11d5a3d5c6232\Setup.exe
Adobe Dreamweaver CS3 --> MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3 --> C:\Program Files\Common Files\Adobe\Installers\bbef028176efa5abf0233d3e1747be8\Setup.exe
Adobe Fireworks CS3 --> MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash CS3 Professional --> C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Setup --> MsiExec.exe /I{0650BB10-BCF4-400A-85EE-04097E3046C6}
Adobe Setup --> MsiExec.exe /I{2274624C-5B38-41AD-AD27-CEC0924EB628}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{C92A5A89-B218-46F7-8898-77C52113FFE0}
Adobe Setup --> MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
Adobe Setup --> MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> C:\Program Files\Common Files\Adobe\Installers\cbb2ea61da9c780bd7e47a5230a9ed7\Setup.exe
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Alcohol 120% --> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
Antares Autotune DX v4.3.1 --> C:\PROGRA~1\ANTARE~1\AUTO-T~1\Tutorial\UNWISE.EXE C:\PROGRA~1\ANTARE~1\AUTO-T~1\Tutorial\INSTALL.LOG
Antares Avox 1.06 --> C:\PROGRA~1\ANTARE~1\AVOXBU~1\INSTAL~1\UNWISE.EXE C:\PROGRA~1\ANTARE~1\AVOXBU~1\INSTAL~1\INSTALL.LOG
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ASAPI Update --> C:\WINDOWS\system32\IWUNIN~1.EXE -uninstall C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu
ATI Catalyst Control Center --> MsiExec.exe /I{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Atmosphere --> "C:\Program Files\Spectrasonics\Atmosphere\unins000.exe"
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Broadcom Management Programs --> MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
character studio 4.2 --> MsiExec.exe /I{3191ADFC-5BA3-474D-BCBA-1B5615ABFFC1}
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Corel Painter Essentials 3 --> MsiExec.exe /I{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}
CSR --> C:\Program Files\InstallShield Installation Information\{648C1BFD-6A70-46D8-B855-F84D95C2DC34}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Network Assistant --> MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716}
Dell Support 3.2 --> MsiExec.exe /X{3846E811-639D-4DE1-844B-30491C0A6C0C}
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digidesign Pro Tools M-Powered Academic 7.1.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{901FCD2B-672F-4664-98E7-CE1B143A4371}\setup.exe" -l0x9 -removeonly
Digidesign Shared Plug-Ins 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92B43A6F-E328-495A-ACFA-FC47C1B7215D}\Setup.exe" -l0x9 FromUninstall -removeonly
Digimax Master --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x9 -removeonly
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Free Bomb Factory Plug-Ins 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E17AF7A0-B0A8-4B55-A4B4-1D8D4E171BA2}\Setup.exe" -l0x9 FromUninstall -removeonly
FreeUndelete --> C:\Program Files\FreeUndelete\GLF94.exe /handle:fru
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google SketchUp --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1423608-F529-40A1-93CA-C7F396F30DF0}\setup.exe" -l0x9
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
InterLok Driver Kit --> MsiExec.exe /X{A15B3CF2-7FB7-4102-BBC9-9680B7F0825F}
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LimeWire Plus 1.7 --> C:\Program Files\LimeWire Plus\uninstall.exe
LimewirePlus Toolbar --> C:\PROGRA~1\LIMEWI~2\UNWISE.EXE C:\PROGRA~1\LIMEWI~2\INSTALL.LOG
Live 6.0.1 --> C:\PROGRA~1\Ableton\LIVE60~1.1\Install\UNWISE.EXE C:\PROGRA~1\Ableton\LIVE60~1.1\Install\INSTALL.LOG
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech QuickCam --> MsiExec.exe /X{364EC092-93CF-4DDC-9D7A-7278452028E0}
Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera Driver --> "C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Magix Samplitude FX Suite VST v1.0 --> "C:\Program Files\Steinberg\VstPlugins\SamplitudeFX\Uninstall\unins000.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
MediaMelon Client --> C:\Program Files\MediaMelon\uninstall.exe
Microsoft ActiveSync 3.7 --> "C:\WINDOWS\ISUNINST.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Expression Blend --> MsiExec.exe /I{AF338F58-8328-463C-B7DF-913B939E2DF6}
Microsoft Expression Design --> MsiExec.exe /I{49E0E556-BE66-4202-9E90-C244AAF5647F}
Microsoft Expression Web --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WEBDESIGNER /dll ESETUP.DLL
Microsoft Expression Web --> MsiExec.exe /X{90120000-0026-0000-0000-0000000FF1CE}
Microsoft Expression Web MUI (English) --> MsiExec.exe /X{90120000-0026-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MobilePre --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{36C33FBC-58EA-4D4C-A89A-A3BB9357EFD7}\setup.exe" -l0x9 -removeonly
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Mustek 1200 UB PLUS v1.2 --> C:\WINDOWS\TWAIN_32\S6U12BX\UNINST.EXE
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NomadFactory Blue Tubes Analog TrackBox VST RTAS v1.2 --> "C:\Program Files\Steinberg\VstPlugins\Nomad Factory\Uninstall\unins000.exe"
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Picasa 2 --> "D:\Picasa2\Uninstall.exe"
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}
PowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PrimoPDF --> "C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
Qloud Plug-in for iTunes --> C:\Program Files\iTunes\Plug-Ins\Qloud\iTunesQLoudSetup.exe /uninstall
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Reason 3.0 --> "C:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe"
reFX Vanguard VSTi v1.6.3 --> "C:\Program Files\Steinberg\VstPlugins\Vanguard\Uninstall\unins000.exe"
Rob Papen Albino 3 --> C:\Program Files\Steinberg\vstplugins\UninstalAlbino3.exe
SafeCast Shared Components --> C:\Program Files\Common Files\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall
Samsung USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86D6A20D-3910-4441-A3E5-EB6977251C86}\Setup.exe" anything
SearchAssist --> C:\DELL\SearchAssist\UninstSA.bat
SecondLife (remove only) --> "C:\Program Files\SecondLife\uninst.exe" /P="SecondLife"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SmartFTP Client 2.0 --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP Client 2.0 Setup Files (remove only) --> "C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
Sonalksis Plug-Ins for Windows 2.00 --> "C:\WINDOWS\unins000.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sonik Synth 2 --> C:\PROGRA~1\SONIKS~1\UNWISE.EXE C:\PROGRA~1\SONIKS~1\INSTALL.LOG
Sony Sound Forge 7.0 --> MsiExec.exe /I{4B0A96C1-2C2D-4C84-81B0-B87EB2522837}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starplugs-Cyclone-Delay 1.01 --> C:\WINDOWS\uninstall\Starplugs-Cyclone-Delay\setup.exe
Starplugs-SiXciter 1.0 --> C:\WINDOWS\uninstall\Starplugs-SiXciter\setup.exe
Starplugs-Xciter 1.0 --> C:\WINDOWS\uninstall\Starplugs-Xciter\setup.exe
Steinberg Cubase SX v3.1.1.944 --> C:\PROGRA~1\STEINB~1\CUBASE~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\INSTALL.LOG
Steinberg WaveLab 5.01b --> C:\PROGRA~1\STEINB~1\WaveLab\UNWISE.EXE C:\PROGRA~1\STEINB~1\WaveLab\INSTALL.LOG
SWiSHmax --> C:\WINDOWS\unvise32.exe C:\Program Files\SWiSHmax\uninstal.log
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Syncrosoft's License Control --> C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
SyncroSoft Emu (Remove only) --> C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{47FBF7F9-FBD3-43EF-823B-7684D56C1962}
Uno --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8E28912-A7B8-488C-B259-33F9014B9D09}\setup.exe" -l0x9
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
USB Phone Driver --> MsiExec.exe /I{F8ECE699-0654-4DE3-95C0-0E54C56C9338}
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VoipBuster --> "C:\Program Files\VoipBuster.com\VoipBuster\unins000.exe"
Voipwise --> "C:\Program Files\Voipwise.com\Voipwise\unins000.exe"
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WIDCOMM Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
winLAME prerelease4 --> MsiExec.exe /I{062BFFA1-0CCC-400B-B840-F162328D8C00}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
-- Application Event Log -------------------------------------------------------
Event Record #/Type20637 / Success
Event Submitted/Written: 05/28/2008 01:24:38 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type20631 / Success
Event Submitted/Written: 05/28/2008 01:03:48 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type20617 / Warning
Event Submitted/Written: 05/28/2008 00:08:24 PM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Event Record #/Type20615 / Warning
Event Submitted/Written: 05/28/2008 11:37:21 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{364EC092-93CF-4DDC-9D7A-7278452028E0}', feature 'QuickCam' failed during request for component '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'
Event Record #/Type20614 / Warning
Event Submitted/Written: 05/28/2008 11:37:21 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{364EC092-93CF-4DDC-9D7A-7278452028E0}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\QuickCam10\DesktopShortcutKey' does not exist.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type30784 / Warning
Event Submitted/Written: 05/28/2008 11:14:44 PM
Event ID/Source: 20192 / RemoteAccess
Event Description:
A certificate could not be found. Connections that use the L2TP protocol over IPSec
require the installation of a machine certificate, also known as a computer
certificate. No L2TP calls will be accepted.
Event Record #/Type30783 / Error
Event Submitted/Written: 05/28/2008 11:14:44 PM
Event ID/Source: 20106 / RemoteAccess
Event Description:
Unable to add the interface {62E3E102-8333-401D-9A08-E01352B9AD2A} with the Router Manager for the IP protocol. The
following error occurred: Cannot complete this function.
Event Record #/Type30782 / Warning
Event Submitted/Written: 05/28/2008 11:14:44 PM
Event ID/Source: 20169 / RemoteAccess
Event Description:
Unable to contact a DHCP server. The Automatic Private IP Address 169.254.209.158 will be
assigned to dial-in clients. Clients may be unable to access resources on
the network.
Event Record #/Type30781 / Warning
Event Submitted/Written: 05/28/2008 11:14:44 PM
Event ID/Source: 20169 / RemoteAccess
Event Description:
Unable to contact a DHCP server. The Automatic Private IP Address 169.254.100.244 will be
assigned to dial-in clients. Clients may be unable to access resources on
the network.
Event Record #/Type30762 / Error
Event Submitted/Written: 05/28/2008 07:29:52 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {16D99191-6280-4B33-A2F5-04805A0FC582} did not register with DCOM within the required timeout.
-- End of Deckard's System Scanner: finished at 2008-05-28 23:25:10 ------------
Rorschach112
2008-05-29, 00:33
Cold here :)
1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):
R3 - URLSearchHook: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file)
O2 - BHO: (no name) - {6F1DF333-96F7-4BC5-A98D-0A720517E9D3} - C:\WINDOWS\system32\khfEUkKC.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {dc9106d5-6e61-4fcc-b71d-20871f5c13c2} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file)
O4 - HKLM\..\Run: [BM0ff53af2] Rundll32.exe "C:\WINDOWS\system32\kpdrvygc.dll",s
2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
Reboot and post a new DSS log and tell me how your PC is running
Stefan Witvoet
2008-05-29, 00:49
quite a nice night here :)
.....the same rundll error appears after a reboot I'm afraid...
Deckard's System Scanner v20071014.68
Run by Lieveke on 2008-05-28 23:43:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Lieveke.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:44, on 2008-05-28
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Lieveke\Desktop\dss.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Lieveke.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forums.spybot.info/forumdisplay.php?f=22
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=en&client=dell-row&channel=nl&ibd=0060921
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/ig/dell?hl=en&client=dell-row&channel=nl&ibd=0060921
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6F1DF333-96F7-4BC5-A98D-0A720517E9D3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {dc9106d5-6e61-4fcc-b71d-20871f5c13c2} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMClient] C:\Program Files\MediaMelon\bin\MMClient.exe
O4 - HKLM\..\Run: [BM0ff53af2] Rundll32.exe "C:\WINDOWS\system32\kpdrvygc.dll",s
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [\WERKPC\EPSON Stylus DX9400F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE /FU "C:\DOCUME~1\Lieveke\LOCALS~1\Temp\E_S2B.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.1.0.2016 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.1.0.2016 (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: USB Phone Driver Startup.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?f22add4f84fa4a1eb75d46185c489c21
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?f22add4f84fa4a1eb75d46185c489c21
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: bw+0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MobilePre Installer (MobilePreInstallerService) - M-Audio - C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: (no name) - http://www.wunderground.com/data/wximagenew/p/PushingTin/2.jpg
--
End of file - 27186 bytes
-- Files created between 2008-04-28 and 2008-05-28 -----------------------------
2008-05-28 12:47:48 0 d-------- C:\WINDOWS\Prefetch
2008-05-28 12:07:31 0 d-------- C:\WINDOWS\system32\scripting
2008-05-28 12:07:31 0 d-------- C:\WINDOWS\l2schemas
2008-05-28 12:07:30 0 d-------- C:\WINDOWS\system32\en
2008-05-28 12:07:30 0 d-------- C:\WINDOWS\system32\bits
2008-05-28 12:05:37 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-28 11:58:13 0 d-------- C:\WINDOWS\EHome
2008-05-28 08:17:03 0 d-------- C:\Documents and Settings\Lieveke\Application Data\Malwarebytes
2008-05-28 08:16:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-28 08:16:55 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-27 22:53:34 0 d-------- C:\Program Files\Trend Micro
2008-05-27 20:02:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-27 16:32:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-27 16:32:02 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-27 14:32:55 0 d-------- C:\cmdcons
2008-05-27 13:45:42 68096 --a------ C:\WINDOWS\zip.exe
2008-05-27 13:45:42 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-27 13:45:42 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-27 13:45:42 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-27 13:45:42 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-27 13:45:42 98816 --a------ C:\WINDOWS\sed.exe
2008-05-27 13:45:42 80412 --a------ C:\WINDOWS\grep.exe
2008-05-27 13:45:42 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-27 09:34:15 0 d-------- C:\Program Files\Enigma Software Group
2008-05-27 08:47:44 0 d-------- C:\Program Files\PCCheckupOnline
2008-05-26 23:36:39 0 dr-h----- C:\Documents and Settings\Lieveke\Recent
-- Find3M Report ---------------------------------------------------------------
2008-05-28 23:44:00 0 d-------- C:\Documents and Settings\Lieveke\Application Data\Skype
2008-05-28 23:17:58 0 d-------- C:\Documents and Settings\Lieveke\Application Data\skypePM
2008-05-28 12:07:51 0 d-------- C:\Program Files\Messenger
2008-05-28 12:07:29 0 d-------- C:\Program Files\Movie Maker
2008-05-28 12:05:22 0 d-------- C:\Program Files\Windows NT
2008-05-27 11:44:41 0 d-------- C:\Documents and Settings\Lieveke\Application Data\AVG7
2008-05-27 08:49:11 0 d-------- C:\Program Files\Dell
2008-05-25 23:44:38 0 d-------- C:\Documents and Settings\Lieveke\Application Data\LimeWirePlus
2008-05-22 10:27:48 0 d-------- C:\Program Files\MediaMelon
2008-04-22 10:08:19 0 d-------- C:\Program Files\LimeWire Plus
2008-04-22 10:07:57 0 d-------- C:\Program Files\LimewirePlus
2008-04-04 20:44:31 0 d-------- C:\Program Files\Skype
2008-04-04 20:44:29 0 d-------- C:\Program Files\Common Files\Skype
2008-04-04 20:44:28 0 d-------- C:\Program Files\Common Files
2008-03-29 12:26:38 0 d-------- C:\Program Files\Java
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F1DF333-96F7-4BC5-A98D-0A720517E9D3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dc9106d5-6e61-4fcc-b71d-20871f5c13c2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 00:30 C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 19:48]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-06-29 13:13]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 16:08]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-21 09:13]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 01:00]
"DigidesignMMERefresh"="C:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2006-05-10 02:31]
"M-Audio Taskbar Icon"="C:\WINDOWS\System32\M-AudioTaskBarIcon.exe" [2005-11-09 16:32]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 15:49]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"MMClient"="C:\Program Files\MediaMelon\bin\MMClient.exe" [2008-05-28 03:14]
"BM0ff53af2"="C:\WINDOWS\system32\kpdrvygc.dll" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-07-16 22:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:12]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 07:42]
"VoipBuster"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" [2008-02-13 21:31]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 23:36]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43]
"\WERKPC\EPSON Stylus DX9400F Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFE.exe" [2007-03-23 08:00]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"WUAppSetup"=C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.1.0.2016
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
"C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
-- End of Deckard's System Scanner: finished at 2008-05-28 23:46:44 ------------
Stefan Witvoet
2008-05-29, 01:11
I may have anticipated the fix to have completed before it actually did, so have redone the check - found most of the previous errors stilll present except for one, so will wait patiently for a log file and resend log file!
sorry.....
Rorschach112
2008-05-29, 01:25
Hello
While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.
1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):
R3 - URLSearchHook: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file)
O2 - BHO: (no name) - {6F1DF333-96F7-4BC5-A98D-0A720517E9D3} - (no file)
O2 - BHO: (no name) - {dc9106d5-6e61-4fcc-b71d-20871f5c13c2} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file)
O4 - HKLM\..\Run: [BM0ff53af2] Rundll32.exe "C:\WINDOWS\system32\kpdrvygc.dll",s
2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
Reboot and post a new DSS log
Stefan Witvoet
2008-05-29, 01:51
Deckard's System Scanner v20071014.68
Run by Lieveke on 2008-05-29 00:48:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Lieveke.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:48, on 2008-05-29
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Lieveke\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Lieveke.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forums.spybot.info/forumdisplay.php?f=22
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=en&client=dell-row&channel=nl&ibd=0060921
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/ig/dell?hl=en&client=dell-row&channel=nl&ibd=0060921
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMClient] C:\Program Files\MediaMelon\bin\MMClient.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [\WERKPC\EPSON Stylus DX9400F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE /FU "C:\DOCUME~1\Lieveke\LOCALS~1\Temp\E_S2B.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.1.0.2016 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.1.0.2016 (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: USB Phone Driver Startup.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?f22add4f84fa4a1eb75d46185c489c21
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?f22add4f84fa4a1eb75d46185c489c21
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: bw+0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C26214A5-AB23-4D4C-A7E2-D76905F7A182} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MobilePre Installer (MobilePreInstallerService) - M-Audio - C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: (no name) - http://www.wunderground.com/data/wximagenew/p/PushingTin/2.jpg
--
End of file - 26564 bytes
-- Files created between 2008-04-29 and 2008-05-29 -----------------------------
2008-05-28 12:47:48 0 d-------- C:\WINDOWS\Prefetch
2008-05-28 12:07:31 0 d-------- C:\WINDOWS\system32\scripting
2008-05-28 12:07:31 0 d-------- C:\WINDOWS\l2schemas
2008-05-28 12:07:30 0 d-------- C:\WINDOWS\system32\en
2008-05-28 12:07:30 0 d-------- C:\WINDOWS\system32\bits
2008-05-28 12:05:37 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-28 11:58:13 0 d-------- C:\WINDOWS\EHome
2008-05-28 08:17:03 0 d-------- C:\Documents and Settings\Lieveke\Application Data\Malwarebytes
2008-05-28 08:16:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-28 08:16:55 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-27 22:53:34 0 d-------- C:\Program Files\Trend Micro
2008-05-27 20:02:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-27 16:32:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-27 16:32:02 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-27 14:32:55 0 d-------- C:\cmdcons
2008-05-27 13:45:42 68096 --a------ C:\WINDOWS\zip.exe
2008-05-27 13:45:42 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-27 13:45:42 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-27 13:45:42 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-27 13:45:42 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-27 13:45:42 98816 --a------ C:\WINDOWS\sed.exe
2008-05-27 13:45:42 80412 --a------ C:\WINDOWS\grep.exe
2008-05-27 13:45:42 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-27 09:34:15 0 d-------- C:\Program Files\Enigma Software Group
2008-05-27 08:47:44 0 d-------- C:\Program Files\PCCheckupOnline
2008-05-26 23:36:39 0 dr-h----- C:\Documents and Settings\Lieveke\Recent
-- Find3M Report ---------------------------------------------------------------
2008-05-29 00:47:40 0 d-------- C:\Documents and Settings\Lieveke\Application Data\Skype
2008-05-28 23:17:58 0 d-------- C:\Documents and Settings\Lieveke\Application Data\skypePM
2008-05-28 12:07:51 0 d-------- C:\Program Files\Messenger
2008-05-28 12:07:29 0 d-------- C:\Program Files\Movie Maker
2008-05-28 12:05:22 0 d-------- C:\Program Files\Windows NT
2008-05-27 11:44:41 0 d-------- C:\Documents and Settings\Lieveke\Application Data\AVG7
2008-05-27 08:49:11 0 d-------- C:\Program Files\Dell
2008-05-25 23:44:38 0 d-------- C:\Documents and Settings\Lieveke\Application Data\LimeWirePlus
2008-05-22 10:27:48 0 d-------- C:\Program Files\MediaMelon
2008-04-22 10:08:19 0 d-------- C:\Program Files\LimeWire Plus
2008-04-22 10:07:57 0 d-------- C:\Program Files\LimewirePlus
2008-04-04 20:44:31 0 d-------- C:\Program Files\Skype
2008-04-04 20:44:29 0 d-------- C:\Program Files\Common Files\Skype
2008-04-04 20:44:28 0 d-------- C:\Program Files\Common Files
2008-03-29 12:26:38 0 d-------- C:\Program Files\Java
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 00:30 C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 19:48]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-06-29 13:13]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 16:08]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-21 09:13]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 01:00]
"DigidesignMMERefresh"="C:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2006-05-10 02:31]
"M-Audio Taskbar Icon"="C:\WINDOWS\System32\M-AudioTaskBarIcon.exe" [2005-11-09 16:32]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 15:49]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"MMClient"="C:\Program Files\MediaMelon\bin\MMClient.exe" [2008-05-28 03:14]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-07-16 22:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:12]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 07:42]
"VoipBuster"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" [2008-02-13 21:31]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 23:36]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22]
"\WERKPC\EPSON Stylus DX9400F Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFE.exe" [2007-03-23 08:00]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"WUAppSetup"=C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.1.0.2016
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
"C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
-- End of Deckard's System Scanner: finished at 2008-05-29 00:50:21 ------------
Rorschach112
2008-05-29, 02:42
Your logs are clean
Follow these steps to uninstall Combofix and tools used in the removal of malware
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
Make sure you have an Internet Connection.
Double-click OTMoveIt2.exe to run it.
Click on the CleanUp! button
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
Click Yes to beging the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
You now need to update your Java and remove your older versions.
Please follow these steps to remove older version Java components.
* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.
Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here (http://java.sun.com/javase/downloads/index.jsp)
Below I have included a number of recommendations for how to protect your computer against malware infections.
* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster (http://www.javacoolsoftware.com/sbdownload.html) protects against bad ActiveX
IE-SPYAD (http://www.spywarewarrior.com/uiuc/res/ie-spyad.exe) puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here (http://www.bleepingcomputer.com/tutorials/tutorial53.html)
* SpywareGuard (http://www.javacoolsoftware.com/sgdownload.html) offers realtime protection from spyware installation attempts. Make sure you are only running one real-time protection program or there will be a conflict.
Make Internet Explorer more secure
Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.
* MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here (http://www.mozilla.org/products/firefox/)
* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here (http://forums.spywareinfo.com/index.php?showtopic=60955)
Thank you for your patience, and performing all of the procedures requested.
Stefan Witvoet
2008-05-29, 23:46
I'm quite awestruck by how unbelievably excellent this forum is and the help I've received. My laptop is running smoothly again.
My patience is appreciated... but I feel like you should be knighted by the Queen for the excellent service, given freely as well.
I'll definitely recommend this site and refer back always.
Thanks again Rorschach - you ROCK!!!!!
Rorschach112
2008-05-30, 03:11
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.