I Still Have A Problem

I am still having a problem with something in my computer

I just finished a Windows LiveCare Scan



I am having Norton run a complete system scan now.

OK Nortons detected nothing

Any other help would be greatly appreciated

 

Have you noticed any odd behavior with your PC?

Note: You must be logged onto an account with administrator privileges to complete the following.
Download Deckard's System Scanner (dss.exe) to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now.

 

The computer appears to be running normal. But lately Nortons keeps blocking something at least twice a week, this is not normal. Normal is at most once or twice a year.

I am paranoid and extremely carefull when it comes to my computer.

Thats why when I see something that says Trojan, I wanna know what it is and how did it get there.

Here is the Log
Deckard's System Scanner v20070611.50
Run by williamrfarrar on 2007-06-23 at 15:05:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
95: 2007-06-23 20:05:40 UTC - RP106 - Deckard's System Scanner Restore Point
94: 2007-06-23 18:00:43 UTC - RP105 - Cleaned registry with Windows Live OneCare safety scanner
93: 2007-06-23 16:32:35 UTC - RP104 - Install AnyDVD
92: 2007-06-23 16:17:21 UTC - RP103 - Restore Operation
91: 2007-06-23 01:45:39 UTC - RP102 - Installed Windows Defender


-- First Restore Point --
1: 2007-03-26 03:37:23 UTC - RP12 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as williamrfarrar.exe) --------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 3:07:06 PM, on 6/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\SimplyCapture\SCapture.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\williamrfarrar\Desktop\dss.exe
C:\Program Files\Norton AntiVirus\NAVW32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\HJT\williamrfarrar.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe "
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe "
O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Windstream Broadband Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://care.alltel.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/WINDSTREAM/static/controls/WebflowActiveXInstaller_2-0-0.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125799138913
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138159222812
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


-- HijackThis Fixed Entries (C:\PROGRA~1\HJT\backups\) -------------------------

backup-20060829-195328-107 O1 - Hosts: 205.238.40.1 c3310.z1302.winmx.com
backup-20060829-195328-108 O1 - Hosts: 205.238.40.1 err.winmx.com
backup-20060829-195328-121 O1 - Hosts: 205.238.40.1 c3524.z1304.winmx.com
backup-20060829-195328-125 O1 - Hosts: 82.195.155.5 c3317.z1301.winmx.com
backup-20060829-195328-140 O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com
backup-20060829-195328-149 O1 - Hosts: 205.238.40.1 c3313.z1305.winmx.com
backup-20060829-195328-175 O1 - Hosts: 82.195.155.5 c3525.z1304.winmx.com
backup-20060829-195328-177 O1 - Hosts: 82.195.155.5 c3315.z1302.winmx.com
backup-20060829-195328-181 O1 - Hosts: 205.238.40.1 c3522.z1302.winmx.com
backup-20060829-195328-184 O1 - Hosts: 205.238.40.1 c3521.z1304.winmx.com
backup-20060829-195328-186 O1 - Hosts: 205.238.40.1 c3311.z1302.winmx.com
backup-20060829-195328-187 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
backup-20060829-195328-202 O1 - Hosts: 205.238.40.1 c3314.z1305.winmx.com
backup-20060829-195328-205 O1 - Hosts: 205.238.40.1 winmx.com
backup-20060829-195328-207 O1 - Hosts: 205.238.40.1 c3520.z1302.winmx.com
backup-20060829-195328-208 O1 - Hosts: 205.238.40.1 c3313.z1303.winmx.com
backup-20060829-195328-218 O1 - Hosts: 82.195.155.5 c3318.z1304.winmx.com
backup-20060829-195328-235 O1 - Hosts: 205.238.40.1 c3314.z1302.winmx.com
backup-20060829-195328-240 O1 - Hosts: 82.195.155.5 c3319.z1302.winmx.com
backup-20060829-195328-250 O1 - Hosts: 82.195.155.5 c3526.z1301.winmx.com
backup-20060829-195328-258 O1 - Hosts: 82.195.155.5 c3318.z1303.winmx.com
backup-20060829-195328-270 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
backup-20060829-195328-278 O1 - Hosts: 205.238.40.1 c3312.z1302.winmx.com
backup-20060829-195328-287 O1 - Hosts: 205.238.40.1 c3522.z1304.winmx.com
backup-20060829-195328-290 O1 - Hosts: 82.195.155.5 c3317.z1306.winmx.com
backup-20060829-195328-302 O1 - Hosts: 205.238.40.1 c3310.z1303.winmx.com
backup-20060829-195328-307 O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com
backup-20060829-195328-315 O1 - Hosts: 205.238.40.1 c3311.z1304.winmx.com
backup-20060829-195328-327 O1 - Hosts: 82.195.155.5 c3528.z1302.winmx.com
backup-20060829-195328-353 O1 - Hosts: 82.195.155.5 c3317.z1304.winmx.com
backup-20060829-195328-357 O1 - Hosts: 82.195.155.5 c3319.z1304.winmx.com
backup-20060829-195328-378 O1 - Hosts: 82.195.155.5 c3319.z1301.winmx.com
backup-20060829-195328-398 O1 - Hosts: 205.238.40.1 c3314.z1303.winmx.com
backup-20060829-195328-399 O1 - Hosts: 82.195.155.5 c3526.z1302.winmx.com
backup-20060829-195328-400 O1 - Hosts: 82.195.155.5 c3318.z1301.winmx.com
backup-20060829-195328-430 O1 - Hosts: 205.238.40.1 c3522.z1303.winmx.com
backup-20060829-195328-434 O1 - Hosts: 82.195.155.5 c3315.z1306.winmx.com
backup-20060829-195328-453 O1 - Hosts: 82.195.155.5 c3315.z1301.winmx.com
backup-20060829-195328-466 O1 - Hosts: 205.238.40.1 c3523.z1303.winmx.com
backup-20060829-195328-476 O1 - Hosts: 205.238.40.1 c3312.z1306.winmx.com
backup-20060829-195328-479 O1 - Hosts: 205.238.40.1 c3524.z1303.winmx.com
backup-20060829-195328-487 O1 - Hosts: 82.195.155.5 c3319.z1305.winmx.com
backup-20060829-195328-489 O1 - Hosts: 82.195.155.5 c3527.z1303.winmx.com
backup-20060829-195328-495 O1 - Hosts: 82.195.155.5 c3526.z1304.winmx.com
backup-20060829-195328-497 O1 - Hosts: 205.238.40.1 c3521.z1301.winmx.com
backup-20060829-195328-508 O1 - Hosts: 82.195.155.5 c3529.z1302.winmx.com
backup-20060829-195328-509 O1 - Hosts: 82.195.155.5 c3317.z1302.winmx.com
backup-20060829-195328-510 O1 - Hosts: 82.195.155.5 c3316.z1303.winmx.com
backup-20060829-195328-518 O1 - Hosts: 205.238.40.1 c3310.z1304.winmx.com
backup-20060829-195328-523 O1 - Hosts: 82.195.155.5 c3315.z1305.winmx.com
backup-20060829-195328-532 O1 - Hosts: 205.238.40.1 c3310.z1306.winmx.com
backup-20060829-195328-535 O1 - Hosts: 82.195.155.5 c3316.z1306.winmx.com
backup-20060829-195328-545 O1 - Hosts: 82.195.155.5 c3315.z1304.winmx.com
backup-20060829-195328-550 O1 - Hosts: 82.195.155.5 c3318.z1306.winmx.com
backup-20060829-195328-564 O1 - Hosts: 205.238.40.1 c3313.z1306.winmx.com
backup-20060829-195328-566 O1 - Hosts: 205.238.40.1 c3313.z1304.winmx.com
backup-20060829-195328-577 O1 - Hosts: 205.238.40.1 c3314.z1304.winmx.com
backup-20060829-195328-586 O1 - Hosts: 205.238.40.1 c3311.z1303.winmx.com
backup-20060829-195328-602 O1 - Hosts: 205.238.40.1 c3523.z1302.winmx.com
backup-20060829-195328-615 O1 - Hosts: 82.195.155.5 c3316.z1302.winmx.com
backup-20060829-195328-622 O1 - Hosts: 82.195.155.5 c3318.z1302.winmx.com
backup-20060829-195328-627 O1 - Hosts: 82.195.155.5 c3319.z1303.winmx.com
backup-20060829-195328-641 O1 - Hosts: 82.195.155.5 c3316.z1304.winmx.com
backup-20060829-195328-642 O1 - Hosts: 82.195.155.5 c3315.z1303.winmx.com
backup-20060829-195328-644 O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
backup-20060829-195328-663 O1 - Hosts: 82.195.155.5 c3528.z1303.winmx.com
backup-20060829-195328-672 O1 - Hosts: 82.195.155.5 c3317.z1305.winmx.com
backup-20060829-195328-673 O1 - Hosts: 205.238.40.1 c3524.z1301.winmx.com
backup-20060829-195328-674 O1 - Hosts: 82.195.155.5 c3529.z1303.winmx.com
backup-20060829-195328-683 O1 - Hosts: 82.195.155.5 c3527.z1302.winmx.com
backup-20060829-195328-724 O1 - Hosts: 205.238.40.1 c3313.z1301.winmx.com
backup-20060829-195328-738 O1 - Hosts: 205.238.40.1 c3520.z1304.winmx.com
backup-20060829-195328-741 O1 - Hosts: 205.238.40.1 c3523.z1304.winmx.com
backup-20060829-195328-743 O1 - Hosts: 205.238.40.1 c3521.z1302.winmx.com
backup-20060829-195328-752 O1 - Hosts: 82.195.155.5 c3525.z1301.winmx.com
backup-20060829-195328-756 O1 - Hosts: 82.195.155.5 c3527.z1301.winmx.com
backup-20060829-195328-768 O1 - Hosts: 205.238.40.1 c3312.z1305.winmx.com
backup-20060829-195328-783 O1 - Hosts: 205.238.40.1 c3311.z1305.winmx.com
backup-20060829-195328-787 O1 - Hosts: 82.195.155.5 c3527.z1304.winmx.com
backup-20060829-195328-809 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
backup-20060829-195328-815 O1 - Hosts: 82.195.155.5 c3316.z1305.winmx.com
backup-20060829-195328-831 O1 - Hosts: 205.238.40.1 c3314.z1306.winmx.com
backup-20060829-195328-835 O1 - Hosts: 82.195.155.5 c3318.z1305.winmx.com
backup-20060829-195328-841 O1 - Hosts: 205.238.40.1 www.winmx.com
backup-20060829-195328-847 O1 - Hosts: 82.195.155.5 c3525.z1302.winmx.com
backup-20060829-195328-855 O1 - Hosts: 82.195.155.5 c3529.z1301.winmx.com
backup-20060829-195328-863 O1 - Hosts: 205.238.40.1 c3521.z1303.winmx.com
backup-20060829-195328-870 O1 - Hosts: 82.195.155.5 c3317.z1303.winmx.com
backup-20060829-195328-881 O1 - Hosts: 82.195.155.5 c3526.z1303.winmx.com
backup-20060829-195328-882 O1 - Hosts: 205.238.40.1 c3313.z1302.winmx.com
backup-20060829-195328-883 O1 - Hosts: 82.195.155.5 c3316.z1301.winmx.com
backup-20060829-195328-922 O1 - Hosts: 205.238.40.1 c3524.z1302.winmx.com
backup-20060829-195328-924 O1 - Hosts: 205.238.40.1 c3312.z1304.winmx.com
backup-20060829-195328-927 O1 - Hosts: 82.195.155.5 c3525.z1303.winmx.com
backup-20060829-195328-928 O1 - Hosts: 205.238.40.1 c3311.z1306.winmx.com
backup-20060829-195328-930 O1 - Hosts: 205.238.40.1 c3314.z1301.winmx.com
backup-20060829-195328-940 O1 - Hosts: 205.238.40.1 c3310.z1305.winmx.com
backup-20060829-195328-944 O1 - Hosts: 205.238.40.1 c3523.z1301.winmx.com
backup-20060829-195328-956 O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com
backup-20060829-195328-964 O1 - Hosts: 205.238.40.1 c3520.z1303.winmx.com
backup-20060829-195328-970 O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com
backup-20060829-195328-972 O1 - Hosts: 82.195.155.5 c3528.z1301.winmx.com
backup-20060829-195328-976 O1 - Hosts: 205.238.40.1 c3311.z1301.winmx.com
backup-20060829-195328-980 O1 - Hosts: 82.195.155.5 c3319.z1306.winmx.com
backup-20060829-195328-999 O1 - Hosts: 205.238.40.1 c3312.z1303.winmx.com
backup-20070612-185257-579 O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 TIEHDUSB - c:\windows\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 mcupdmgr.exe (McAfee SecurityCenter Update Manager) - c:\progra~1\mcafee.com\agent\mcupdmgr.exe (file missing)


-- Scheduled Tasks -------------------------------------------------------------

2007-06-23 15:07:00 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-06-23 15:00:00 350 --a------ C:\WINDOWS\Tasks\At16.job
2007-06-23 14:00:00 350 --a------ C:\WINDOWS\Tasks\At15.job
2007-06-23 13:00:00 350 --a------ C:\WINDOWS\Tasks\At14.job
2007-06-23 12:00:00 350 --a------ C:\WINDOWS\Tasks\At13.job
2007-06-23 11:00:30 350 --a------ C:\WINDOWS\Tasks\At12.job
2007-06-23 10:00:30 350 --a------ C:\WINDOWS\Tasks\At11.job
2007-06-23 09:00:30 350 --a------ C:\WINDOWS\Tasks\At10.job
2007-06-23 08:00:30 350 --a------ C:\WINDOWS\Tasks\At9.job
2007-06-23 07:00:30 350 --a------ C:\WINDOWS\Tasks\At8.job
2007-06-22 21:00:30 350 --a------ C:\WINDOWS\Tasks\At22.job
2007-06-22 20:00:30 350 --a------ C:\WINDOWS\Tasks\At21.job
2007-06-22 20:00:00 548 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - williamrfarrar.job
2007-06-22 19:00:30 350 --a------ C:\WINDOWS\Tasks\At20.job
2007-06-22 18:00:30 350 --a------ C:\WINDOWS\Tasks\At19.job
2007-06-21 20:13:57 350 --a------ C:\WINDOWS\Tasks\At24.job
2007-06-21 20:13:57 350 --a------ C:\WINDOWS\Tasks\At23.job
2007-06-21 20:13:56 350 --a------ C:\WINDOWS\Tasks\At7.job
2007-06-21 20:13:56 350 --a------ C:\WINDOWS\Tasks\At6.job
2007-06-21 20:13:56 350 --a------ C:\WINDOWS\Tasks\At5.job
2007-06-21 20:13:56 350 --a------ C:\WINDOWS\Tasks\At4.job
2007-06-21 20:13:56 350 --a------ C:\WINDOWS\Tasks\At3.job
2007-06-21 20:13:56 350 --a------ C:\WINDOWS\Tasks\At2.job
2007-06-21 20:13:56 350 --a------ C:\WINDOWS\Tasks\At18.job
2007-06-21 20:13:56 350 --a------ C:\WINDOWS\Tasks\At17.job
2007-06-21 20:13:56 350 --a------ C:\WINDOWS\Tasks\At1.job
2007-06-10 06:13:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2006-09-26 17:52:19 498 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Norton QuickScan - williamrfarrar.job


-- Files created between 2007-05-23 and 2007-06-23 -----------------------------

2007-06-23 14:03:54 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-06-23 11:35:21 0 d-------- C:\WINDOWS\LastGood
2007-06-23 11:20:41 0 dr-h----- C:\Documents and Settings\williamrfarrar\Recent
2007-06-23 11:20:37 0 d-------- C:\Program Files\bobyte
2007-06-23 11:18:28 0 d-------- C:\Program Files\Elaborate Bytes
2007-06-23 11:18:20 0 d-------- C:\Program Files\Windows Defender
2007-06-23 11:17:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-06-18 19:03:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe(2)
2007-06-12 22:00:27 0 d-------- C:\Program Files\Elaborate Bytes(2)
2007-05-25 20:09:48 0 d-------- C:\Program Files\Microsoft Games(2)


-- Find3M Report ---------------------------------------------------------------

2007-06-23 15:07:01 0 d-------- C:\Program Files\HJT
2007-06-23 14:09:41 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-06-23 14:09:37 0 d-------- C:\Program Files\Lexmark X1100 Series
2007-06-23 14:09:21 0 d-------- C:\Program Files\SimplyCapture
2007-06-23 14:08:57 0 d-------- C:\Program Files\Messenger
2007-06-23 11:40:34 0 d-------- C:\Program Files\Windows Live Safety Center
2007-06-23 11:20:53 0 d-------- C:\Documents and Settings\williamrfarrar\Application Data\uTorrent
2007-06-23 11:20:48 0 d-------- C:\Program Files\Trillian
2007-06-23 11:20:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-23 11:18:47 0 d-------- C:\Program Files\DVD Shrink
2007-06-23 11:18:20 0 d-------- C:\Documents and Settings\williamrfarrar\Application Data\AdobeUM
2007-06-23 11:18:04 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-06-13 23:23:31 0 d-------- C:\Program Files\Blaze Media Pro
2007-05-29 19:37:52 0 d-------- C:\Program Files\The Disc 3.0
2007-05-24 21:04:25 0 d-------- C:\Program Files\FS2004SDK
2007-05-20 21:08:00 0 d-------- C:\Program Files\Microsoft Home Publishing 2000
2007-05-20 20:53:31 1510 --a------ C:\WINDOWS\Sketchpad Preferences.dat
2007-05-19 15:08:25 86016 --a------ C:\WINDOWS\system32\ElbyCDIO.dll <Not Verified; Elaborate Bytes AG; Elaborate Bytes CDRTools>
2007-05-06 21:06:49 0 d-------- C:\Program Files\VRtainment
2007-03-31 22:41:10 8266 --a------ C:\WINDOWS\extend.dat


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\system32\dla\tfswshx.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp "= "\ "C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\" "
"Lexmark X1100 Series "= "\ "C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\" "
"dla "= "C:\\WINDOWS\\system32\\dla\\tfswctrl.exe "
"UpdateManager "= "\ "C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS "= "\ "C:\\Program Files\\Messenger\\msmsgs.exe\" /background "
"AnyDVD "= "\ "C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe\" "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView "=dword:00000001
"AllowUnhashedWebView "=dword:00000001
"NoCDBurning "=dword:00000000

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak EasyShare software.lnk "
"backup "= "C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -hx "
"item "= "Kodak EasyShare software "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
"path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\KODAK Software Updater.lnk "
"backup "= "C:\\WINDOWS\\pss\\KODAK Software Updater.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\Kodak\\KODAKS~1\\7288971\\Program\\KODAKS~1.EXE "
"item "= "KODAK Software Updater "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-06-23 at 15:07:40 ---------

There is one thing in the log that says WinMX.com. WinMX was removed from this computer atleast three years ago.

 

Do you know what these scheduled tasks are?

C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job


The WinMX entries are backups of lines fixed with HijackThis .... nothing to be concerned with

 

No I dont. And I just removed them all.

Do you see anything else wrong?

And while I'm here how do I get rid of "MY Way Search Assistant "
There is no "remove" button.

 

Nothing jumping off the page. Looks like a leftover service.

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)

If so, fix with HijackThis, then scan again (with HijackThis) to see if it's gone. Let me know.

Please post the extra.txt located in C:\Deckard\System Scanner

 

It wont go away

And here is the other log

Deckard's System Scanner v20070611.50
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.40GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.40GHz
Percentage of Memory in Use: 32%
Physical Memory (total/avail): 2046.09 MiB / 1379.88 MiB
Pagefile Memory (total/avail): 3430.84 MiB / 3037.8 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1979.05 MiB

C: is Fixed (NTFS) - 74.47 GiB total, 39.13 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (CDFS)
G: is Fixed (NTFS) - 149.05 GiB total, 93.31 GiB free.


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
AntivirusOverride is set.

FW: Norton Internet Worm Protection v2006 (Symantec)
AV: Norton AntiVirus 2006 v2005 (Symantec Corporation)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL "
"C:\\Program Files\\America Online 9.0\\waol.exe "= "C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 "

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe "= "C:\\WINDOWS\\system32\\sessmgr.exe:*isabledxpsp2res.dll,-22019 "
"C:\\Program Files\\LimeWire\\LimeWire.exe "= "C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire "
"C:\\Documents and Settings\\williamrfarrar\\My Documents\\Mark's Folder\\Morpheus\\Morpheus.exe "= "C:\\Documents and Settings\\williamrfarrar\\My Documents\\Mark's Folder\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell "
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe "= "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger "
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server "
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe "= "C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe:*:Enabled:Microsoft Flight Simulator "
"C:\\WINDOWS\\SYSTEM32\\dpnsvr.exe "= "C:\\WINDOWS\\SYSTEM32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*isabled:MSN Messenger 7.5 "
"C:\\StubInstaller.exe "= "C:\\StubInstaller.exe:*isabled:LimeWire swarmed installer "
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE "= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*isabled:Internet Explorer "
"C:\\Program Files\\Windows Media Player\\wmplayer.exe "= "C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player "
"C:\\Program Files\\FrostWire\\FrostWire.exe "= "C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire "
"C:\\Program Files\\uTorrent\\utorrent.exe "= "C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent "
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe "= "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*isabled:Kodak Software Updater "
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe "= "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare "
"C:\\Program Files\\Trillian\\trillian.exe "= "C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian "
"C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe "= "C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe:*:Enabled:Anapod Xtreamer "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\williamrfarrar\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DG12LD61
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\williamrfarrar
LOGONSERVER=\\DG12LD61
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Sonic Shared;C:\Program Files\QuickTime\QTSystem\;C:\PROGRA~1\COMMON~1\SONICS~1\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp
USERDOMAIN=DG12LD61
USERNAME=williamrfarrar
USERPROFILE=C:\Documents and Settings\williamrfarrar
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

williamrfarrar (admin)
Guest (new local, guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\ALLTEL~1\bin\CustomUninstall.exe ALLTEL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EDA9289-CCA7-11D7-8466-00D0B726B56E}\Setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe "
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe "
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Anapod Explorer (remove only) --> "C:\Program Files\Red Chair Software\Anapod Explorer\uninst.exe "
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D= "C:\Program Files\SlySoft\AnyDVD "
Apple Software Update --> MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
BassBox 6 Pro --> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\HT Audio\Uninst.isu "
Blaze Media Pro --> "C:\Documents and Settings\All Users\Application Data\{4C2CB1B6-C45E-4307-ACEE-27BE65138599}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
Broadcom Advanced Control Suite 2 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033
Broadcom Gigabit Integrated Controller --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
ccCommon --> MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D= "C:\Program Files\Elaborate Bytes\CloneDVD2 "
Dell DJ Explorer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EDA9289-CCA7-11D7-8466-00D0B726B56E}\Setup.exe" -l0x9 /remove
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Derive 6 --> C:\Program Files\TI Education\Derive 6\unwise.exe C:\PROGRA~1\TIEDUC~1\DERIVE~2\INSTALL.LOG
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivxToDVD 1.99.11 --> "C:\Program Files\vso\DivxToDVD\unins001.exe "
DVD Identifier --> "C:\Program Files\DVD Identifier\Uninst\unins000.exe "
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe "
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
FaxTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
Flight Simulator 2004 BGLComp SDK --> MsiExec.exe /I{12BE408B-65A7-4A5E-90BC-28965F7F08C9}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 1.99.1 --> C:\Program Files\HJT\HijackThis.exe /uninstall
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
Intel Application Accelerator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST
Intel(R) 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem "
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
iPod for Windows 2006-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
IrfanView (remove only) --> C:\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
JAS --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\JAS\ST6UNST.LOG"
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140010_172749b\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Lexmark X1100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series
LimeWire PRO 4.12.3 --> "C:\Program Files\LimeWire\uninstall.exe "
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech Gaming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C1DA723-24FC-48AD-93BA-925695C3EF26}\setup.exe" -l0x9 -removeonly
Microsoft Home Publishing 2000 --> MsiExec.exe /I{9944aa9e-362d-11d3-81ab-00c04fb932ba}
Microsoft Office 97, Professional Edition --> C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Word 2000 --> MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}
Microsoft Works 2000 --> MsiExec.exe /I{56364334-9530-11D2-BFFC-00C04FA329AA}
Microsoft Works 2000 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2000\Setup\Launcher.exe F:\
Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NAVShortcut --> MsiExec.exe /I{F325CF11-27CE-4872-8022-6E9EB27DF24F}
Norton AntiVirus 2006 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2006 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Protection Center --> MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
Norton Spyware Scan provided by Yahoo! --> C:\PROGRA~1\Yahoo!\Common\unynss.exe
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PowerDVD 5.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe "
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe "
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SimplyCapture --> "C:\WINDOWS\SimplyCapture\uninstall.exe" "/U:C:\Program Files\SimplyCapture\irunin.xml "
SimplyCapture --> C:\WINDOWS\iun6002ev.exe "C:\Program Files\SimplyCapture\irunin.ini "
Sketchpad --> C:\PROGRA~1\SKETCH~1\UNWISE.EXE C:\PROGRA~1\SKETCH~1\INSTALL.LOG
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
The Disc 3.0 --> C:\Program Files\The Disc 3.0\uninstall.exe
TI Connect 1.6 --> MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
Virtual Sound Canvas DXi --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E10E7FC-36CD-4C22-AC20-9E15692E8C2F}\setup.exe" UNINSTALL_XXX
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4 "
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll ",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Windstream Broadband Check-up Center --> C:\WINDOWS\Motive\ALLTEL\MCCUninst.exe
WinISD beta --> C:\PROGRA~1\WinISD\\UNWISE.EXE C:\PROGRA~1\WinISD\\INSTALL.LOG
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Word in Works Suite add-in --> MsiExec.exe /I{0DB93918-2A77-11D3-805A-00C04FA329AA}
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- End of Deckard's System Scanner: finished at 2007-06-23 at 15:07:40 ---------

 

Click Start>Run and type or paste the following two commands, one at a time, hitting enter after each.

sc stop mcupdmgr.exe
sc delete mcupdmgr.exe

Let me know what message you receive.

We'll address the MyWay after I see the following log.

Download WinPFind3U.exe by OldTimer to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Close ALL OTHER PROGRAMS.
Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.

• In the Processes group click All
• In the Win32 Services group click Non-Microsoft
• In the Driver Services group click Non-Microsoft
• In the Registry group click Non-Microsoft
• In the Files Created Within group select 60 days Make sure Non-Microsoft only is UNCHECKED
• In the Files Modified Within group select 30 days Make sure Non-Microsoft only is CHECKED
• In the File String Search group select Non-Microsoft

In the Additional scans section to the right, check Non-Microsoft
Scroll down and check the box for;

• Reg-Uninstall List

Now click the Run Scan button on the toolbar.

The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.

When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file and post the results here. It may take more than one post, as there is a max character limit per post on this forum.

 

There were no messages.

I really appreciate you taking the time to look at this. I normally wont bother except for the Windows LiveCare Scan. Nortons found nothing and Ad Aware found nothing.

WinPFind3 logfile created on: 6/23/2007 5:14:50 PM
WinPFind3U by OldTimer - Version 1.0.39 Folder = C:\Documents and Settings\williamrfarrar\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.62% Memory free
3.35 Gb Paging File | 3.01 Gb Available in Paging File | 89.83% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 39.19 Gb Free Space | 52.63% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Unable to calculate disk information.

Computer Name: DG12LD61
Current User Name: williamrfarrar
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.166 | Size = 100032 bytes | Modified Date = 5/15/2006 6:24:34 PM | Attr = ]
anamgr.exe -> %ProgramFiles%\Red Chair Software\Anapod Explorer\anamgr.exe -> Red Chair Software, Inc. [Ver = 8, 9, 6, 0 | Size = 1038848 bytes | Modified Date = 10/8/2006 5:18:42 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 360448 bytes | Modified Date = 3/29/2005 10:57:08 PM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.8.3 | Size = 53408 bytes | Modified Date = 4/12/2006 11:30:06 AM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 104.0.8.3 | Size = 192160 bytes | Modified Date = 4/12/2006 11:30:10 AM | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 104.0.8.3 | Size = 169632 bytes | Modified Date = 4/12/2006 11:30:24 AM | Attr = ]
iaantmon.exe -> %ProgramFiles%\Intel\Intel Application Accelerator\IAANTmon.exe -> Intel Corporation [Ver = 4.5.0.6515 | Size = 73852 bytes | Modified Date = 6/29/2004 11:22:56 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.2.17 | Size = 323584 bytes | Modified Date = 12/21/2005 10:16:24 PM | Attr = ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 8/18/2003 5:37:10 AM | Attr = ]
lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 174592 bytes | Modified Date = 8/18/2003 5:32:56 AM | Attr = ]
lxbkbmgr.exe -> %ProgramFiles%\Lexmark X1100 Series\lxbkbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 8/19/2003 5:43:46 AM | Attr = ]
lxbkbmon.exe -> %ProgramFiles%\Lexmark X1100 Series\lxbkbmon.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 53248 bytes | Modified Date = 8/19/2003 6:00:40 AM | Attr = ]
mpbtn.exe -> %ProgramFiles%\ALLTEL DSL Check-up Center\bin\mpbtn.exe -> [Ver = | Size = 192512 bytes | Modified Date = 3/16/2004 6:49:50 PM | Attr = ]
navapsvc.exe -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.2.0.13 | Size = 139936 bytes | Modified Date = 2/5/2006 1:03:16 AM | Attr = ]
npfmntor.exe -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 12.2.0.13 | Size = 46752 bytes | Modified Date = 2/5/2006 1:03:40 AM | Attr = ]
nscsrvce.exe -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.5.17 | Size = 750768 bytes | Modified Date = 3/15/2006 12:33:08 PM | Attr = ]
osa.exe -> %ProgramFiles%\Microsoft Office\Office\OSA.EXE -> [Ver = | Size = 51984 bytes | Modified Date = 8/26/1997 | Attr = ]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.4.402 | Size = 214720 bytes | Modified Date = 8/7/2006 4:03:02 PM | Attr = ]
spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.1.0.4 | Size = 1160848 bytes | Modified Date = 5/11/2006 3:50:20 PM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.762 | Size = 1119888 bytes | Modified Date = 9/1/2006 7:39:04 PM | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122939 bytes | Modified Date = 8/13/2004 2:05:00 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 6/23/2007 3:15:54 PM | Attr = ]
wkcalrem.exe -> %CommonProgramFiles%\Microsoft Shared\Works Shared\wkcalrem.exe -> Microsoft® Corporation [Ver = 5.00.1928.1 | Size = 53317 bytes | Modified Date = 9/4/1999 5:23:00 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 360448 bytes | Modified Date = 3/29/2005 10:57:08 PM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0023 | Size = 516096 bytes | Modified Date = 3/29/2005 9:05:00 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.166 | Size = 100032 bytes | Modified Date = 5/15/2006 6:24:34 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 104.0.8.3 | Size = 192160 bytes | Modified Date = 4/12/2006 11:30:10 AM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 104.0.8.3 | Size = 169632 bytes | Modified Date = 4/12/2006 11:30:24 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/12/2004 8:18:40 AM | Attr = ]
(IAANTMon) IAA Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Application Accelerator\IAANTmon.exe -> Intel Corporation [Ver = 4.5.0.6515 | Size = 73852 bytes | Modified Date = 6/29/2004 11:22:56 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ]
(iPodService) iPodService [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.2.17 | Size = 323584 bytes | Modified Date = 12/21/2005 10:16:24 PM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 8/18/2003 5:37:10 AM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.166 | Size = 2086592 bytes | Modified Date = 5/15/2006 6:24:34 PM | Attr = ]
(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.2.0.13 | Size = 139936 bytes | Modified Date = 2/5/2006 1:03:16 AM | Attr = ]
(NPFMntor) Norton AntiVirus Firewall Monitor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 12.2.0.13 | Size = 46752 bytes | Modified Date = 2/5/2006 1:03:40 AM | Attr = ]
(NSCService) Norton Protection Center Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.5.17 | Size = 750768 bytes | Modified Date = 3/15/2006 12:33:08 PM | Attr = ]
(SAVScan) Symantec AVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton AntiVirus\SAVScan.exe -> Symantec Corporation [Ver = 9.7.0.10 | Size = 198368 bytes | Modified Date = 8/26/2005 4:22:48 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.4.402 | Size = 214720 bytes | Modified Date = 8/7/2006 4:03:02 PM | Attr = ]
(SPBBCSvc) SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.1.0.4 | Size = 1160848 bytes | Modified Date = 5/11/2006 3:50:20 PM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.762 | Size = 1119888 bytes | Modified Date = 9/1/2006 7:39:04 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Boot | Running] -> %System32%\DRIVERS\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/12/2004 8:17:22 AM | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] -> %System32%\DRIVERS\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/4/2004 12:07:44 AM | Attr = ]
(AnyDVD) AnyDVD [Kernel | On_Demand | Running] -> %System32%\DRIVERS\AnyDVD.sys -> SlySoft, Inc. [Ver = 6.1.6.0 | Size = 96968 bytes | Modified Date = 5/31/2007 10:04:46 PM | Attr = ]
(asc) asc [Kernel | Boot | Running] -> %System32%\DRIVERS\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/12/2004 8:17:24 AM | Attr = ]
(asc3550) asc3550 [Kernel | Boot | Running] -> %System32%\DRIVERS\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/12/2004 8:17:24 AM | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6525 | Size = 1035264 bytes | Modified Date = 3/29/2005 11:03:06 PM | Attr = ]
(b57w2k) Broadcom NetXtreme 57xx Gigabit Controller [Kernel | On_Demand | Running] -> %System32%\DRIVERS\b57xp32.sys -> Broadcom Corporation [Ver = 7.86.0.0 built by: WinDDK | Size = 121472 bytes | Modified Date = 8/23/2004 2:49:30 PM | Attr = ]
(bvrp_pci) bvrp_pci [Kernel | On_Demand | Stopped] -> -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Boot | Running] -> %System32%\DRIVERS\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/12/2004 8:17:46 AM | Attr = ]
(dac2w2k) dac2w2k [Kernel | Boot | Running] -> %System32%\DRIVERS\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/12/2004 8:18:30 AM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/12/2004 8:18:42 AM | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\DRIVERS\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/12/2004 8:18:42 AM | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/12/2004 8:18:42 AM | Attr = ]
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %System32%\DRIVERS\drvmcdb.sys -> Sonic Solutions [Ver = 3.21.94a | Size = 87136 bytes | Modified Date = 8/4/2004 4:21:00 AM | Attr = ]
(drvnddm) drvnddm [File_System | Auto | Running] -> %System32%\DRIVERS\drvnddm.sys -> Sonic Solutions [Ver = 2.56.46a | Size = 40544 bytes | Modified Date = 8/13/2004 3:56:00 AM | Attr = ]
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\E100B325.SYS -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 8/17/2001 1:12:10 PM | Attr = ]
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.2.0.100 | Size = 389432 bytes | Modified Date = 4/4/2007 3:00:00 AM | Attr = ]
(ElbyCDIO) ElbyCDIO Driver [Kernel | System | Running] -> %System32%\DRIVERS\ElbyCDIO.sys -> Elaborate Bytes AG [Ver = 6, 0, 0, 2 | Size = 15440 bytes | Modified Date = 2/28/2007 3:56:08 PM | Attr = ]
(ElbyDelay) ElbyDelay [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ElbyDelay.sys -> Elaborate Bytes AG [Ver = 5, 1, 0, 1 | Size = 11984 bytes | Modified Date = 12/13/2006 6:41:50 PM | Attr = ]
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 107.2.0.100 | Size = 106808 bytes | Modified Date = 4/4/2007 3:00:00 AM | Attr = ]
(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> %System32%\DRIVERS\IASTOR.SYS -> Intel Corporation [Ver = 4.5.0.6515 | Size = 477952 bytes | Modified Date = 6/29/2004 12:17:16 PM | Attr = ]
(IntelC51) IntelC51 [Kernel | On_Demand | Running] -> %System32%\DRIVERS\IntelC51.sys -> Intel Corporation [Ver = 2.15.36.0 | Size = 1233525 bytes | Modified Date = 3/5/2004 11:14:42 PM | Attr = ]
(IntelC52) IntelC52 [Kernel | On_Demand | Running] -> %System32%\DRIVERS\IntelC52.sys -> Intel Corporation [Ver = 4.58.1 | Size = 647929 bytes | Modified Date = 3/5/2004 11:15:34 PM | Attr = ]
(IntelC53) IntelC53 [Kernel | On_Demand | Running] -> %System32%\DRIVERS\IntelC53.sys -> Intel Corporation [Ver = 2.15.36.2 | Size = 61157 bytes | Modified Date = 6/15/2004 11:52:40 PM | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(mohfilt) mohfilt [Kernel | On_Demand | Running] -> %System32%\DRIVERS\mohfilt.sys -> Intel Corporation [Ver = 7.11.0.0 | Size = 37048 bytes | Modified Date = 3/5/2004 11:13:38 PM | Attr = ]
(mraid35x) mraid35x [Kernel | Boot | Running] -> %System32%\DRIVERS\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/12/2004 8:22:32 AM | Attr = ]
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070623.007\NAVENG.SYS -> Symantec Corporation [Ver = 20071.2.0.18 | Size = 77688 bytes | Modified Date = 4/2/2007 3:00:00 AM | Attr = ]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070623.007\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.2.0.18 | Size = 852824 bytes | Modified Date = 4/2/2007 3:00:00 AM | Attr = ]
(nv) nv [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\NV4_MINI.SYS -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/3/2004 11:29:56 PM | Attr = ]
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %System32%\DRIVERS\omci.sys -> Dell Computer Corporation [Ver = 7, 0, 323, 0 | Size = 17217 bytes | Modified Date = 11/8/2002 2:45:06 PM | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(Pcouffin) Low level access layer for CD devices [Kernel | On_Demand | Running] -> %System32%\DRIVERS\Pcouffin.sys -> VSO Software [Ver = 1.28 | Size = 39488 bytes | Modified Date = 5/6/2006 4:29:20 PM | Attr = ]
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/12/2004 8:26:42 AM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\DRIVERS\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.43J | Size = 36624 bytes | Modified Date = 1/30/2007 12:03:36 AM | Attr = ]
(ql1080) ql1080 [Kernel | Boot | Running] -> %System32%\DRIVERS\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/12/2004 8:26:46 AM | Attr = ]
(ql12160) ql12160 [Kernel | Boot | Running] -> %System32%\DRIVERS\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/12/2004 8:26:48 AM | Attr = ]
(ql1280) ql1280 [Kernel | Boot | Running] -> %System32%\DRIVERS\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/12/2004 8:26:48 AM | Attr = ]
(SAVRT) SAVRT [Kernel | On_Demand | Running] -> %ProgramFiles%\Norton AntiVirus\savrt.sys -> Symantec Corporation [Ver = 9.7.0.10 | Size = 334984 bytes | Modified Date = 8/26/2005 4:22:48 PM | Attr = ]
(SAVRTPEL) SAVRTPEL [Kernel | System | Running] -> %ProgramFiles%\Norton AntiVirus\Savrtpel.sys -> Symantec Corporation [Ver = 9.7.0.10 | Size = 53896 bytes | Modified Date = 8/26/2005 4:22:50 PM | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 8/12/2004 8:27:58 AM | Attr = ]
(senfilt) senfilt [Kernel | On_Demand | Running] -> %System32%\DRIVERS\senfilt.sys -> Creative Technology Ltd. [Ver = 5.10.00.3614 | Size = 732928 bytes | Modified Date = 9/17/2004 11:02:54 AM | Attr = ]
(SilverLink) Texas Instruments SilverLink (USB GraphLink) Cable [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\SilvrLnk.sys -> Texas Instruments Incorporated [Ver = 1.20.000 | Size = 21456 bytes | Modified Date = 1/28/2004 3:03:26 PM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> %System32%\DRIVERS\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 12:07:44 AM | Attr = ]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\DRIVERS\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.5243 | Size = 260096 bytes | Modified Date = 10/29/2004 3:14:44 PM | Attr = ]
(Sparrow) Sparrow [Kernel | Boot | Running] -> %System32%\DRIVERS\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/12/2004 8:29:30 AM | Attr = ]
(SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 2.1.0.4 | Size = 389776 bytes | Modified Date = 5/11/2006 3:50:20 PM | Attr = ]
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %System32%\DRIVERS\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 5627 bytes | Modified Date = 7/14/2004 12:29:04 PM | Attr = ]
(ssrtln) ssrtln [File_System | System | Running] -> %System32%\DRIVERS\ssrtln.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 23545 bytes | Modified Date = 7/14/2004 12:28:50 PM | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/12/2004 8:30:26 AM | Attr = ]
(symc8xx) symc8xx [Kernel | Boot | Running] -> %System32%\DRIVERS\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/12/2004 8:30:26 AM | Attr = ]
(SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %System32%\DRIVERS\symdns.sys -> Symantec Corporation [Ver = 6.0.4.402 | Size = 12992 bytes | Modified Date = 8/7/2006 4:01:56 PM | Attr = ]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.0.3.1 | Size = 107696 bytes | Modified Date = 5/16/2006 2:34:38 PM | Attr = ]
(SYMFW) SYMFW [Kernel | On_Demand | Running] -> %System32%\DRIVERS\symfw.sys -> Symantec Corporation [Ver = 6.0.4.402 | Size = 110784 bytes | Modified Date = 8/7/2006 4:02:02 PM | Attr = ]
(SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> %System32%\DRIVERS\symids.sys -> Symantec Corporation [Ver = 6.0.4.402 | Size = 31936 bytes | Modified Date = 8/7/2006 4:02:18 PM | Attr = ]
(SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070426.002\SymIDSCo.sys -> Symantec Corporation [Ver = 7.2.1.1 | Size = 185976 bytes | Modified Date = 1/16/2007 6:01:06 AM | Attr = ]
(symlcbrd) symlcbrd [Kernel | Auto | Running] -> %System32%\DRIVERS\symlcbrd.sys -> Symantec Corporation [Ver = 1.8.54.834 | Size = 10344 bytes | Modified Date = 9/1/2006 7:39:04 PM | Attr = ]
(SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] -> %System32%\DRIVERS\symndis.sys -> Symantec Corporation [Ver = 6.0.4.402 | Size = 28352 bytes | Modified Date = 8/7/2006 4:02:14 PM | Attr = ]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %System32%\DRIVERS\symredrv.sys -> Symantec Corporation [Ver = 6.0.4.402 | Size = 24768 bytes | Modified Date = 8/7/2006 4:02:22 PM | Attr = ]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %System32%\DRIVERS\symtdi.sys -> Symantec Corporation [Ver = 6.0.4.402 | Size = 195776 bytes | Modified Date = 8/7/2006 4:02:26 PM | Attr = ]
(sym_hi) sym_hi [Kernel | Boot | Running] -> %System32%\DRIVERS\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/12/2004 8:30:28 AM | Attr = ]
(sym_u3) sym_u3 [Kernel | Boot | Running] -> %System32%\DRIVERS\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/12/2004 8:30:28 AM | Attr = ]
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %System32%\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 25723 bytes | Modified Date = 8/13/2004 2:05:00 AM | Attr = ]
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %System32%\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 34843 bytes | Modified Date = 8/13/2004 2:05:00 AM | Attr = ]
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %System32%\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 4123 bytes | Modified Date = 8/13/2004 2:05:00 AM | Attr = ]
(tfsndres) tfsndres [File_System | Auto | Running] -> %System32%\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 2239 bytes | Modified Date = 8/13/2004 2:05:00 AM | Attr = ]
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %System32%\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 86202 bytes | Modified Date = 8/13/2004 2:05:00 AM | Attr = ]
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %System32%\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 14715 bytes | Modified Date = 8/13/2004 2:05:00 AM | Attr = ]
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %System32%\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 6363 bytes | Modified Date = 8/13/2004 2:05:00 AM | Attr = ]
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %System32%\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 98714 bytes | Modified Date = 8/13/2004 2:05:00 AM | Attr = ]
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %System32%\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 100603 bytes | Modified Date = 8/13/2004 2:05:00 AM | Attr = ]
(TIEHDUSB) TIEHDUSB [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\tiehdusb.sys -> Texas Instruments Incorporated [Ver = 1.5 | Size = 49536 bytes | Modified Date = 2/4/2004 10:27:56 AM | Attr = ]
(ultra) ultra [Kernel | Boot | Running] -> %System32%\DRIVERS\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/12/2004 8:31:28 AM | Attr = ]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> system32\DRIVERS\wanatw4.sys -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(WmBEnum) Logitech Virtual Bus Enumerator Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\WmBEnum.sys -> Logitech Inc. [Ver = 4.60.345 | Size = 10144 bytes | Modified Date = 4/12/2005 8:21:28 PM | Attr = ]
(WmFilter) Logitech Gaming HID Filter Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\WmFilter.sys -> Logitech Inc. [Ver = 4.60.345 | Size = 22240 bytes | Modified Date = 4/12/2005 8:21:32 PM | Attr = ]
(WmVirHid) Logitech Virtual Hid Device Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\WmVirHid.sys -> Logitech Inc. [Ver = 4.60.345 | Size = 5600 bytes | Modified Date = 4/12/2005 8:21:28 PM | Attr = ]
(WmXlCore) Logitech WingMan Translation Layer Driver [Kernel | On_Demand | Running] -> %Syst

 

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.8.3 | Size = 53408 bytes | Modified Date = 4/12/2006 11:30:06 AM | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122939 bytes | Modified Date = 8/13/2004 2:05:00 AM | Attr = ]
Lexmark X1100 Series -> %ProgramFiles%\Lexmark X1100 Series\lxbkbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 8/19/2003 5:43:46 AM | Attr = ]
UpdateManager -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.33b | Size = 110592 bytes | Modified Date = 1/7/2004 2:01:00 AM | Attr = ]
< RunOnceEx [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx ->
-> -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AnyDVD -> %ProgramFiles%\SlySoft\AnyDVD\AnyDVD.exe -> SlySoft, Inc. [Ver = 6.1.6.0 | Size = 1379016 bytes | Modified Date = 6/1/2007 7:14:26 AM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 4:44:06 AM | Attr = ]
%AllUsersStartup%\Microsoft Works Calendar Reminders.lnk -> %SystemRoot%\Installer\{9944aa9e-362d-11d3-81ab-00c04fb932ba}\1960F8A9.exe -> [Ver = | Size = 29184 bytes | Modified Date = 9/3/2005 7:46:42 PM | Attr = R ]
%AllUsersStartup%\Office Startup.lnk -> %ProgramFiles%\Microsoft Office\Office\OSA.EXE -> [Ver = | Size = 51984 bytes | Modified Date = 8/26/1997 | Attr = ]
%AllUsersStartup%\Windstream Broadband Check-up Center.lnk -> %ProgramFiles%\ALLTEL DSL Check-up Center\bin\matcli.exe -> Motive Communications, Inc. [Ver = 5.8.1.asst_classic.asst_matcli.20040316_162000 | Size = 217088 bytes | Modified Date = 3/16/2004 6:49:50 PM | Attr = ]
< User Startup > -> C:\Documents and Settings\williamrfarrar\Start Menu\Programs\Startup ->
%UserStartup%\Anapod Manager.lnk -> %ProgramFiles%\Red Chair Software\Anapod Explorer\anamgr.exe -> Red Chair Software, Inc. [Ver = 8, 9, 6, 0 | Size = 1038848 bytes | Modified Date = 10/8/2006 5:18:42 PM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\AllowLegacyWebView -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\AllowUnhashedWebView -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< HOSTS File > (896 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://bfc.myway.com/search/de_srchlft.html ->
HKCU: Search Page -> http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 11:28:40 AM | Attr = ]
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> 127.0.0.1 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
care_alltel.com [http] -> ->
care_alltel.com [https] -> ->
mail_yahoo.com [https] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 11:28:40 AM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 1:56:50 AM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 8/13/2004 2:05:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 12/15/2006 4:23:24 AM | Attr = ]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver = 12.2.0.13 | Size = 140960 bytes | Modified Date = 2/5/2006 1:03:32 AM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 12.2.0.13 | Size = 140960 bytes | Modified Date = 2/5/2006 1:03:32 AM | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 11:28:40 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 12.2.0.13 | Size = 140960 bytes | Modified Date = 2/5/2006 1:03:32 AM | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 11:28:40 AM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{6A95F7A8-BE9E-43CA-BAD9-0847F19695F7} -> (Broadcom NetXtreme 57xx Gigabit Controller) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{01A88BB1-1174-41EC-ACCB-963509EAE56B} -> SysProWmi Class - CodeBase = http://support.dell.com/systemprofiler/SysPro.CAB ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089} -> Microsoft Office Template and Media Control - CodeBase = http://office.microsoft.com/templates/ieawsdc.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
{1F2F4C9E-6F09-47BC-970D-3C54734667FE} -> LSSupCtl Class - CodeBase = https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{31E68DE2-5548-4B23-88F0-C51E6A0F695E} -> Microsoft PID Sniffer - CodeBase = https://support.microsoft.com/OAS/ActiveX/odc.cab ->
{321FB770-1FBE-4BFE-BDC1-6F622D4FA499} -> - CodeBase = https://activation.alltel.com/wizlet/WINDSTREAM/static/controls/WebflowActiveXInstaller_2-0-0.cab ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -> McAfee.com Operating System Class - CodeBase = http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166} -> Windows Live Safety Center Base Module - CodeBase = http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab ->
{5F8469B4-B055-49DD-83F7-62B522420ECC} -> Facebook Photo Uploader Control - CodeBase = http://upload.facebook.com/controls/FacebookPhotoUploader.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125799138913 ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138159222812 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -> DwnldGroupMgr Class - CodeBase = http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab ->
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -> ActiveDataInfo Class - CodeBase = https://www-secure.symantec.com/techsupp/asa/SymAData.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->


[Registry - Additional Scans - Non-Microsoft Only]
< Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2} -> Notifier ->
{00170409-78E1-11D2-B60F-006097C998E7} -> Microsoft Word 2000 ->
{03EDED24-8375-407D-A721-4643D9768BE1} -> kgchlwn ->
{073F22CE-9A5B-4A40-A604-C7270AC6BF34} -> ESSSONIC ->
{09DA4F91-2A09-4232-AB8C-6BC740096DE3} -> Sonic Update Manager ->
{0BEDBD4E-2D34-47B5-9973-57E62B29307C} -> ATI Control Panel ->
{0DB93918-2A77-11D3-805A-00C04FA329AA} -> Word in Works Suite add-in ->
{11F3F858-4131-4FFA-A560-3FE282933B6E} -> kgchday ->
{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -> Sonic DLA ->
{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB} -> ccCommon ->
{12BE408B-65A7-4A5E-90BC-28965F7F08C9} -> Flight Simulator 2004 BGLComp SDK ->
{14D4ED84-6A9A-45A0-96F6-1753768C3CB5} -> ESSPCD ->
{154508C0-07C5-4659-A7A0-E49968750D21} -> HLPPDOCK ->
{18D10072035C4515918F7E37EAFAACFC} -> AutoUpdate ->
{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} -> iPod for Windows 2006-03-23 ->
{21657574-BD54-48A2-9450-EB03B2C7FC29} -> Sonic MyDVD ->
{228F6876-A313-40A3-91C0-C3CBE6997D09} -> Symantec ->
{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4} -> Internet Worm Protection ->
{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F} -> essvatgt ->
{2E086814-7392-4E0F-ADB8-54A81E47406C} -> Broadcom Advanced Control Suite 2 ->
{3248F0A8-6813-11D6-A77B-00B0D0150110} -> J2SE Runtime Environment 5.0 Update 11 ->
{33BB4982-DC52-4886-A03B-F4C5C80BEE89} -> Windows Media Player 10 ->
{34EEB1F5-E939-40A1-A6BA-957282A4B2C8} -> Norton AntiVirus Help ->
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP ->
{35BDEFF1-A610-4956-A00D-15453C116395} -> Internet Explorer Default Page ->
{36E6F27D-4A29-46AB-B658-D6485AD1EC1F} -> SymNet ->
{37477865-A3F1-4772-AD43-AAFC6BCFF99F} -> MSXML 4.0 SP2 (KB927978) ->
{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353} -> OTtBPSDK ->
{3F92ABBB-6BBF-11D5-B229-002078017FBF} -> Modem On Hold ->
{487E76B4-8A45-4C2E-B20A-218D33A8EA7D}_is1 -> DivxToDVD 1.99.11 ->
{4E10E7FC-36CD-4C22-AC20-9E15692E8C2F} -> Virtual Sound Canvas DXi ->
{55FA89BD-21D3-42F7-9249-C94C0094A83C} -> Apple Software Update ->
{56364334-9530-11D2-BFFC-00C04FA329AA} -> Microsoft Works 2000 ->
{5905F42D-3F5F-4916-ADA6-94A3646AEE76} -> Dell Driver Reset Tool ->
{5C1DA723-24FC-48AD-93BA-925695C3EF26} -> Logitech Gaming Software ->
{605A4E39-613C-4A12-B56F-DEFBE6757237} -> SHASTA ->
{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} -> Windows Genuine Advantage v1.3.0254.0 ->
{643EAE81-920C-4931-9F0B-4B343B225CA6} -> ESSBrwr ->
{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} -> PowerDVD 5.3 ->
{68D60342-7686-45C9-B8EB-40EF843D0460} -> Dell Networking Guide ->
{693C08A7-9E76-43FF-B11E-9A58175474C4} -> kgckids ->
{7148F0A8-6813-11D6-A77B-00B0D0142030} -> Java 2 Runtime Environment, SE v1.4.2_03 ->
{716E0306-8318-4364-8B8F-0CC4E9376BAC} -> MSXML 4.0 SP2 Parser and SDK ->
{77772678-817F-4401-9301-ED1D01A8DA56} -> SPBBC ->
{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68} -> Modem Event Monitor ->
{7B63B2922B174135AFC0E1377DD81EC2} -> DivX Codec ->
{7F142D56-3326-11D5-B229-002078017FBF} -> Modem Helper ->
{82A5BF38-8461-4A5C-B2C9-24F5256D92A6} -> Norton Protection Center ->
{87843A41-7808-4F2E-B13F-25C1E67CF2FD} -> ESShelp ->
{8943CE61-53BD-475E-90E1-A580869E98A2} -> staticcr ->
{8A502E38-29C9-49FA-BCFA-D727CA062589} -> ESSTOOLS ->
{8A8664E1-84C8-4936-891C-BC1F07797549} -> kgcvday ->
{8ADFC4160D694100B5B8A22DE9DCABD9} -> DivX Player ->
{8E92D746-CD9F-4B90-9668-42B74C14F765} -> ESSini ->
{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E} -> Intel Application Accelerator ->
{91517631-A9F3-4B7C-B482-43E0068FD55A} -> ESSgui ->
{9541FED0-327F-4DF0-8B96-EF57EF622F19} -> Sonic RecordNow! ->
{9944aa9e-362d-11d3-81ab-00c04fb932ba} -> Microsoft Home Publishing 2000 ->
{999D43F4-9709-4887-9B1A-83EBB15A8370} -> VPRINTOL ->
{9BD54685-1496-46A5-AB62-357CD140ED8B} -> kgcinvt ->
{9D8FEE90-0377-49A9-AEFB-525BDE549BA4} -> ESScore ->
{A06275F4-324B-4E85-95E6-87B2CD729401} -> Windows Defender ->
{A1588373-1D86-4D44-86C9-78ABD190F9CC} -> kgcmove ->
{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C} -> Windows Defender Signatures ->
{A8B94669-8654-4126-BD28-D0D2412CDED6} -> TI Connect 1.6 ->
{A9CF9052-F4A0-475D-A00F-A8388C62DD63} -> MSXML 4.0 SP2 (KB925672) ->
{AAE10BE5-F398-41C1-9AAF-A59EBF17DFDE} -> Norton Spyware Scan ->
{AC76BA86-7AD7-1033-7B44-A70000000000} -> Adobe Reader 7.0 ->
{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD} -> ESSCDBK ->
{B162D0A6-9A1D-4B7C-91A5-88FB48113C45} -> OfotoXMI ->
{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992} -> CCScore ->
{B997C2A0-4383-41BF-B76E-9B8B7ECFB267} -> KSU ->
{BE6890C7-31EF-478C-812E-1E2899ABFCA9} -> Broadcom Gigabit Integrated Controller ->
{C6F5B6CF-609C-428E-876F-CA83176C021B} -> Norton AntiVirus 2006 ->
{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA} -> Blaze Media Pro ->
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1 ->
{D1696920-9794-4BBC-8A30-7A88763DE5A2} -> ABBYY FineReader 5.0 Sprint ->
{D1973749-F5E7-40EB-B528-F2B78685B9FF} -> essvcpt ->
{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8} -> Norton AntiVirus SYMLT MSI ->
{D32470A1-B10C-4059-BA53-CF0486F68EBC} -> Kodak EasyShare software ->
{DB02F716-6275-42E9-B8D2-83BA2BF5100B} -> SFR ->
{E18B549C-5D15-45DA-8D8F-8FD2BD946344} -> kgcbaby ->
{E5EE9939-259F-4DE2-8023-5C49E16A4F43} -> Norton AntiVirus Parent MSI ->
{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8} -> QuickTime ->
{F22C222C-3CE2-4A4B-A83F-AF4681371ABE} -> kgcbase ->
{F325CF11-27CE-4872-8022-6E9EB27DF24F} -> NAVShortcut ->
{F45298E5-0083-426F-A668-1A2C5F04B8A0} -> FaxTools ->
{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F} -> SKINXSDK ->
{F64306A5-4C32-41bb-B153-53986527FAB4} -> Norton WMI Update ->
{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C} -> OTtBP ->
{F9593CFB-D836-49BC-BFF1-0E669A411D9F} -> WIRELESS ->
{FCDB1C92-03C6-4C76-8625-371224256091} -> ESSPDock ->
{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} -> HighMAT Extension to Microsoft Windows XP CD Writing Wizard ->
{FDF9943A-3D5C-46B3-9679-586BD237DDEE} -> SKIN0001 ->
7-Zip -> 7-Zip 4.42 ->
Ad-Aware SE Personal -> Ad-Aware SE Personal ->
All ATI Software -> ATI - Software Uninstall Utility ->
ALLTEL.MCCInstall -> Windstream Broadband Check-up Center ->
Anapod Explorer -> Anapod Explorer (remove only) ->
AnyDVD -> AnyDVD ->
ATI Display Driver -> ATI Display Driver ->
BassBox 6 Pro -> BassBox 6 Pro ->
Blaze Media Pro -> Blaze Media Pro ->
CloneDVD2 -> CloneDVD2 ->
Dell File Manager -> Dell DJ Explorer ->
Derive 6 -> Derive 6 ->
DVD Identifier_is1 -> DVD Identifier ->
DVD Shrink_is1 -> DVD Shrink 3.2 ->
HijackThis -> HijackThis 1.99.1 ->
InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} -> iPod for Windows 2006-03-23 ->
InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C} -> Broadcom Advanced Control Suite 2 ->
InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9} -> Broadcom Gigabit Integrated Controller ->
Intel(R) 537EP V9x DF PCI Modem -> Intel(R) 537EP V9x DF PCI Modem ->
IrfanView -> IrfanView (remove only) ->
KB898458 -> Security Update for Step By Step Interactive Training (KB898458) ->
KB906569 -> Hotfix for Windows XP (KB906569) ->
KB923723 -> Security Update for Step By Step Interactive Training (KB923723) ->
Lexmark X1100 Series -> Lexmark X1100 Series ->
LimeWire -> LimeWire PRO 4.12.3 ->
LiveReg -> LiveReg (Symantec Corporation) ->
LiveUpdate -> LiveUpdate 3.0 (Symantec Corporation) ->
M886903 -> Microsoft .NET Framework 1.1 Hotfix (KB886903) ->
Microsoft .NET Framework 1.1 (1033) -> Microsoft .NET Framework 1.1 ->
Norton Spyware Scan provided by Yahoo! -> Norton Spyware Scan provided by Yahoo! ->
Office8.0 -> Microsoft Office 97, Professional Edition ->
ShockwaveFlash -> Adobe Flash Player 9 ActiveX ->
SimplyCapture1.1 -> SimplyCapture ->
SimplyCapture1.2 -> SimplyCapture ->
Sketchpad -> Sketchpad ->
ST6UNST #1 -> JAS ->
SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B} -> Norton AntiVirus 2006 (Symantec Corporation) ->
The Disc 3.0 -> The Disc 3.0 ->
Trillian -> Trillian ->
uTorrent -> µTorrent ->
WebCyberCoach_wtrb -> WebCyberCoach 3.2 Dell ->
WGA -> Windows Genuine Advantage Validation Tool ->
WgaNotify -> Windows Genuine Advantage Notifications (KB905474) ->
Windows Live OneCare safety scanner -> Windows Live OneCare safety scanner ->
Windows Media Format Runtime -> Windows Media Format Runtime ->
Windows Media Player -> Windows Media Player 10 ->
WinISD beta -> WinISD beta ->
WMFDist11 -> Windows Media Format 11 runtime ->
Works2kSetup -> Microsoft Works 2000 Setup Launcher ->
Yahoo! Companion -> Yahoo! Toolbar ->
Yahoo! Toolbar -> Yahoo! Toolbar ->

 

And finally the rest of it

[Files/Folders - Created Within 60 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 6/23/2007 10:17:49 AM | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 6/23/2007 2:05:17 PM | Attr = ]
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ -> [Folder | Created Date = 6/23/2007 10:18:16 AM | Attr = H ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 6/23/2007 2:05:41 PM | Attr = ]
LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 6/23/2007 10:35:21 AM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 6/23/2007 10:09:11 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 6/23/2007 10:09:11 AM | Attr = H ]
systemex.c20 -> %SystemRoot%\systemex.c20 -> [Ver = | Size = 256 bytes | Created Date = 5/6/2007 7:41:22 PM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 6/23/2007 1:04:23 PM | Attr = ]
ElbyCDIO.dll -> %System32%\ElbyCDIO.dll -> Elaborate Bytes AG [Ver = 6, 0, 5, 8 | Size = 86016 bytes | Created Date = 5/19/2007 2:08:25 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 6/23/2007 1:03:57 PM | Attr = ]
LDR18.tmp -> %System32%\LDR18.tmp -> [Ver = | Size = 23070 bytes | Created Date = 6/9/2007 8:09:03 AM | Attr = ]
LDR1C.tmp -> %System32%\LDR1C.tmp -> Microsoft® Windows® [Ver = 1.00 | Size = 8734 bytes | Created Date = 6/9/2007 8:12:19 AM | Attr = ]
MSINET.oca -> %System32%\MSINET.oca -> [Ver = | Size = 29184 bytes | Created Date = 4/25/2007 11:30:14 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 6/23/2007 1:03:57 PM | Attr = ]
AnyDVD.sys -> %System32%\drivers\AnyDVD.sys -> SlySoft, Inc. [Ver = 6.1.6.0 | Size = 96968 bytes | Created Date = 5/31/2007 9:04:45 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 6/23/2007 11:18:22 AM | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 6/23/2007 3:05:18 PM | Attr = ]
found.000 -> %SystemDrive%\found.000 -> [Folder | Modified Date = 6/10/2007 10:10:00 AM | Attr = HS]
i_view32.ini -> %SystemDrive%\i_view32.ini -> [Ver = | Size = 2585 bytes | Modified Date = 6/23/2007 4:30:14 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/23/2007 11:20:42 AM | Attr = R ]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 6/10/2007 8:34:42 AM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/23/2007 3:05:42 PM | Attr = ]
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ -> [Folder | Modified Date = 6/23/2007 11:18:22 AM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 6/23/2007 2:10:00 PM | Attr = ]
BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 6/23/2007 11:28:22 AM | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 6/22/2007 8:35:06 PM | Attr = ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 6/23/2007 11:18:00 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 6/23/2007 4:27:30 PM | Attr = S]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 6/23/2007 3:05:42 PM | Attr = ]
INF -> %SystemRoot%\INF -> [Folder | Modified Date = 6/23/2007 2:04:30 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/23/2007 11:20:14 AM | Attr = HS]
LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 6/23/2007 11:35:22 AM | Attr = ]
lexstat.ini -> %SystemRoot%\lexstat.ini -> [Ver = | Size = 434 bytes | Modified Date = 6/23/2007 5:12:10 PM | Attr = ]
outlook.pst -> %SystemRoot%\outlook.pst -> [Ver = | Size = 49152 bytes | Modified Date = 6/9/2007 6:03:50 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/23/2007 5:13:38 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 6/23/2007 11:09:12 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 6/23/2007 11:09:12 AM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 6/23/2007 11:27:28 AM | Attr = ]
SECURITY -> %SystemRoot%\SECURITY -> [Folder | Modified Date = 6/11/2007 7:14:24 AM | Attr = ]
SYSTEM32 -> %System32% -> [Folder | Modified Date = 6/23/2007 4:27:30 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 6/23/2007 4:20:00 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 6/23/2007 5:12:10 PM | Attr = ]
WIN.INI -> %SystemRoot%\WIN.INI -> [Ver = | Size = 948 bytes | Modified Date = 6/23/2007 2:08:24 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 6/17/2007 8:22:32 PM | Attr = ]
Norton AntiVirus - Run Full System Scan - williamrfarrar.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - williamrfarrar.job -> [Ver = | Size = 548 bytes | Modified Date = 6/22/2007 8:00:02 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/23/2007 11:28:36 AM | Attr = H ]
Symantec NetDetect.job -> %SystemRoot%\tasks\Symantec NetDetect.job -> [Ver = | Size = 366 bytes | Modified Date = 6/23/2007 5:12:02 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 6/23/2007 11:35:40 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 6/23/2007 11:35:40 AM | Attr = ]
CONFIG -> %System32%\CONFIG -> [Folder | Modified Date = 6/23/2007 11:27:42 AM | Attr = ]
DirectX -> %System32%\DirectX -> [Folder | Modified Date = 6/23/2007 11:20:10 AM | Attr = ]
dla -> %System32%\dla -> [Folder | Modified Date = 6/23/2007 2:09:28 PM | Attr = ]
DLLCACHE -> %System32%\DLLCACHE -> [Folder | Modified Date = 6/23/2007 11:20:32 AM | Attr = RHS]
DRIVERS -> %System32%\DRIVERS -> [Folder | Modified Date = 6/23/2007 11:18:30 AM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 256656 bytes | Modified Date = 6/23/2007 11:28:16 AM | Attr = ]
FxsTmp -> %System32%\FxsTmp -> [Folder | Modified Date = 6/21/2007 8:05:10 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 6/23/2007 2:03:58 PM | Attr = ]
LDR18.tmp -> %System32%\LDR18.tmp -> [Ver = | Size = 23070 bytes | Modified Date = 6/9/2007 9:09:04 AM | Attr = ]
LDR1C.tmp -> %System32%\LDR1C.tmp -> Microsoft® Windows® [Ver = 1.00 | Size = 8734 bytes | Modified Date = 6/9/2007 9:12:20 AM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 6/23/2007 2:03:58 PM | Attr = ]
WBEM -> %System32%\WBEM -> [Folder | Modified Date = 6/23/2007 2:10:02 PM | Attr = ]
WPA.DBL -> %System32%\WPA.DBL -> [Ver = | Size = 13762 bytes | Modified Date = 6/23/2007 11:28:58 AM | Attr = ]
AnyDVD.sys -> %System32%\drivers\AnyDVD.sys -> SlySoft, Inc. [Ver = 6.1.6.0 | Size = 96968 bytes | Modified Date = 5/31/2007 10:04:46 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
aspack , -> %SystemDrive%\iv_uninstall.exe -> [Ver = | Size = 32256 bytes | Modified Date = 9/3/2005 10:03:22 PM | Attr = ]
aspack , -> %SystemDrive%\i_view32.exe -> Irfan Skiljan [Ver = 3.97 | Size = 434176 bytes | Modified Date = 9/3/2005 10:03:22 PM | Attr = ]
File scan skipped for file %SystemRoot%\MEMORY.DMP -> File size too big (1071845376 bytes) ->
PEC2 , PECompact2 , -> %System32%\ASkin.ocx -> RanaInside [Ver = 2.00 | Size = 302092 bytes | Modified Date = 3/26/2005 8:13:10 AM | Attr = ]
MZKERNEL32.DLL , -> %System32%\ddccy.exe -> [Ver = | Size = 27238 bytes | Modified Date = 3/16/2007 7:01:02 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/12/2004 8:18:34 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Modified Date = 1/31/2007 11:56:06 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\GaugeSound.dll:Zone.Identifier ->
PEC2 , PECompact2 , -> %System32%\HTTPConnect.dll -> RanaInside [Ver = 1.09 | Size = 93184 bytes | Modified Date = 7/23/2004 12:05:40 PM | Attr = ]
PEC2 , Win32 only! , -> %System32%\LDR18.tmp -> [Ver = | Size = 23070 bytes | Modified Date = 6/9/2007 9:09:04 AM | Attr = ]
PEC2 , -> %System32%\LDR1C.tmp -> Microsoft® Windows® [Ver = 1.00 | Size = 8734 bytes | Modified Date = 6/9/2007 9:12:20 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/12/2004 8:32:46 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/12/2004 8:20:52 AM | Attr = ]

< End of report >

 

Looks like the McAfee service is gone.

Please upload each of the following files to Jotti for analysis.

http://virusscan.jotti.org/

C:\WINDOWS\System32\ddccy.exe
C:\WINDOWS\System32\LDR18.tmp
C:\WINDOWS\System32\LDR1C.tmp

Copy the results of each scan and save to a text file, then post the results.

Download RegSearch.zip and extract the contents of the zip file to it's own folder.
Open and double-click the icon for RegSearch.exe to launch the program.
Enter My Way in the top window and click OK. After completion Notepad will be opened with all the found instances. Please post that log.

 

I think we found something



C:\WINDOWS\System32\ddccy.exe

A-Squared Found nothing
AntiVir Found HEUR/Crypted
ArcaVir Found Heur.Win32
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found MemScan:Trojan.Duntek.A
ClamAV Found nothing
Dr.Web Found Trojan.Packed.49
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found probably a variant of Win32/TrojanDownloader.ConHook.AA (probable variant)
Norman Virus Control Found W32/Suspicious_U.gen
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found Packed/Upack
VBA32 Found OScope.Worm.GVEA.Nuwar


C:\WINDOWS|System32\LDR1C.tmp

Scan taken on 24 Jun 2007 02:50:11 (GMT)
A-Squared Found nothing
AntiVir Found HEUR/Crypted
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan-Spy.Win32.Webmoner.cb
Fortinet Found nothing
Kaspersky Anti-Virus Found Trojan-Spy.Win32.Webmoner.cb
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

C:\WINDOWS\System32\LDR18.tmp

Scan taken on 24 Jun 2007 02:54:55 (GMT)
A-Squared Found nothing
AntiVir Found TR/Crypt.XPACK.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan-PSW.Win32.LdPinch.bia
Fortinet Found nothing
Kaspersky Anti-Virus Found Trojan-PSW.Win32.LdPinch.bia
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

I'll try the regsearch.zip later, the link wasnt working for a few minutes ago

 

On second thought its working

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 6/23/2007 10:06:49 PM for strings:
; 'my way'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7D449D87B79A4004BAA05BDA60389904]
"ProductName "= "My Way Search Assistant "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7D449D87B79A4004BAA05BDA60389904\InstallProperties]
"DisplayName "= "My Way Search Assistant "

; End Of The Log...

Again, I thank you for taking the time to help. It is truely appreciated

 

Highlight and copy the following command (including the quotes). Click Start>Run and paste, then hit enter.

regedit /e c:\myway.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7D449D87B79A4004BAA05BDA60389904 "


Download Combofix, saving it to your desktop. Don't use it yet.


Download the Killbox from here and save it to the desktop.
Copy the bolded blue list below by highlighting and pressing Ctrl+C

C:\WINDOWS\System32\ddccy.exe
C:\WINDOWS\System32\LDR1C.tmp
C:\WINDOWS\System32\LDR18.tmp


Double-click the KillBox icon on your desktop to open it
Select the box Delete on Reboot
Then click the All Files button.
Click File and choose Paste from Clipboard.
Click the red x [Delete File] button.
Click Yes at the Delete on Reboot prompt. Click No at the Pending Operations prompt.

If the computer does not reboot on it's own, restart it yourself.


After restarting, double click combofix.exe Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post the contents of that log in your next reply. Please do NOT post the ComboFix-quarantined-files.txt unless I ask you to.

Post the contents of C:\myway.txt

 

Sorry it took so long, I'm nearly 50 and it was getting past my bedtime

Anyway here is the Combofix log

ComboFix 07-06-18.2 - C:\Documents and Settings\williamrfarrar\Desktop\ComboFix.exe
"williamrfarrar" - 2007-06-24 8:51:33 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\packet.dll


((((((((((((((((((((((((( Files Created from 2007-05-24 to 2007-06-24 )))))))))))))))))))))))))))))))


2007-06-24 08:51 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-24 08:46 <DIR> d-------- C:\!KillBox
2007-06-23 15:05 <DIR> d-------- C:\Deckard
2007-06-23 11:20 <DIR> d-------- C:\Program Files\bobyte
2007-06-23 11:18 <DIR> d-------- C:\Program Files\Windows Defender
2007-06-23 11:18 <DIR> d-------- C:\Program Files\Elaborate Bytes
2007-06-18 19:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe(2)
2007-06-17 20:32 884,736 --a------ C:\WINDOWS\SYSTEM32\msimsg.dll
2007-06-17 20:32 77,312 --a------ C:\WINDOWS\SYSTEM32\msiexec.exe
2007-06-17 20:32 44,032 --a------ C:\WINDOWS\SYSTEM32\msisip.dll
2007-06-17 20:32 331,264 --a------ C:\WINDOWS\SYSTEM32\msihnd.dll
2007-06-17 20:32 2,804,224 --a------ C:\WINDOWS\SYSTEM32\msi.dll
2007-06-12 22:00 <DIR> d-------- C:\Program Files\Elaborate Bytes(2)
2007-06-10 08:34 <DIR> d-------- C:\Temp\x2b
2007-05-31 22:04 96,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AnyDVD.sys
2007-05-25 20:09 <DIR> d-------- C:\Program Files\Microsoft Games(2)


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-24 03:10:03 -------- d-----w C:\DOCUME~1\WILLIA~1\APPLIC~1\uTorrent
2007-06-23 21:50:30 -------- d-----w C:\Program Files\HJT
2007-06-23 19:09:41 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-23 19:09:37 -------- d-----w C:\Program Files\Lexmark X1100 Series
2007-06-23 19:09:21 -------- d-----w C:\Program Files\SimplyCapture
2007-06-23 19:08:57 -------- d-----w C:\Program Files\Messenger
2007-06-23 16:40:34 -------- d-----w C:\Program Files\Windows Live Safety Center
2007-06-23 16:20:48 -------- d-----w C:\Program Files\Trillian
2007-06-23 16:20:08 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-23 16:18:47 -------- d-----w C:\Program Files\DVD Shrink
2007-06-23 16:18:20 -------- d-----w C:\DOCUME~1\WILLIA~1\APPLIC~1\AdobeUM
2007-06-23 16:18:04 -------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-06-14 04:23:31 -------- d-----w C:\Program Files\Blaze Media Pro
2007-05-30 00:37:52 -------- d-----w C:\Program Files\The Disc 3.0
2007-05-25 02:04:25 -------- d-----w C:\Program Files\FS2004SDK
2007-05-21 02:08:00 -------- d-----w C:\Program Files\Microsoft Home Publishing 2000
2007-05-21 01:53:31 1,510 ----a-w C:\WINDOWS\Sketchpad Preferences.dat
2007-05-19 20:08:25 86,016 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2007-05-07 02:06:49 -------- d-----w C:\Program Files\VRtainment
2007-04-01 03:41:10 8,266 ----a-w C:\WINDOWS\extend.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2006-10-26 11:28]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-13 02:05]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 04:23]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2006-02-05 01:03]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-04-12 11:30]
"Lexmark X1100 Series "= "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 05:43]
"UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"AnyDVD "= "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-06-01 07:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView "=1 (0x1)
"AllowUnhashedWebView "=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup


Contents of the 'Scheduled Tasks' folder
2007-06-23 01:00:00 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - williamrfarrar.job
2006-09-26 22:52:19 C:\WINDOWS\tasks\Norton AntiVirus - Run Norton QuickScan - williamrfarrar.job
2007-06-24 13:52:00 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-24 08:53:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-24 8:54:23
C:\ComboFix-quarantined-files.txt ... 2007-06-24 08:54

--- E O F ---

 

Not a problem.....I went to bed too.

Two things in that log that I would address.

C:\Temp\x2b
C:\WINDOWS\extend.dat

Anything in the C:\Temp folder 'should be' temporary files, and can generally be deleted.

extend.dat is a file generally associated with Outlook, and normally resides in a completely different location. I would suggest you investigate that file. See if there's any information in it's properties that would help to identify it or associate it with a particular program, submit it to jotti, etc.

Download ATF Cleaner by Atribune and save it to your Desktop.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
Recycle bin


The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Post the contents of C:\myway.txt, please.

 

I saw you ask for that in the last post, I forgot. Here it is

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7D449D87B79A4004BAA05BDA60389904]
"ProductName "= "My Way Search Assistant "
"PackageCode "= "4556C8F2579D1DD449A64AA725C5D79D "
"Language "=dword:00000000
"Version "=dword:01000100
"Assignment "=dword:00000001
"AdvertiseFlags "=dword:00000184
"InstanceType "=dword:00000000
"AuthorizedLUAApp "=dword:00000000
"Clients "=hex(7):3a,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7D449D87B79A4004BAA05BDA60389904\SourceList]
"PackageName "= "MYWYDESA.MSI "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7D449D87B79A4004BAA05BDA60389904\SourceList\Media]
"1 "= "; "

 

Don't see what I was looking for in that export. Try this one, then post C:\myway2.txt

regedit /e c:\myway2.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7D449D87B79A4004BAA05BDA60389904 "

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7D449D87B79A4004BAA05BDA60389904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7D449D87B79A4004BAA05BDA60389904\Features]
"DellSearchAssistantFeature "= "RD&qJcfmY@=nED)`wSi7 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7D449D87B79A4004BAA05BDA60389904\InstallProperties]
"RegOwner "=" "
"RegCompany "=" "
"ProductID "= "none "
"LocalPackage "= "C:\\WINDOWS\\Installer\\5e13.msi "
"AuthorizedCDFPrefix "=" "
"Comments "=" "
"Contact "=" "
"DisplayVersion "= "1.0.256 "
"HelpLink "=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,64,00,65,00,6c,00,\
6c,00,2e,00,6d,00,79,00,77,00,61,00,79,00,2e,00,63,00,6f,00,6d,00,2f,00,00,\
00
"HelpTelephone "=" "
"InstallDate "= "20050903 "
"InstallLocation "=" "
"NoModify "=dword:00000001
"NoRemove "=dword:00000001
"NoRepair "=dword:00000001
"Publisher "= "MyWay.com "
"Readme "=" "
"Size "=" "
"SystemComponent "=dword:00000001
"URLInfoAbout "=" "
"URLUpdateInfo "=" "
"VersionMajor "=dword:00000001
"VersionMinor "=dword:00000000
"WindowsInstaller "=dword:00000001
"Version "=dword:01000100
"Language "=dword:00000000
"DisplayName "= "My Way Search Assistant "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7D449D87B79A4004BAA05BDA60389904\Patches]
"AllPatches "=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7D449D87B79A4004BAA05BDA60389904\Usage]

Here is the other log.

I have not been able to get on Jotti. Its been busy. As soon as I can I'll have it scan extend.dat