WMI has issues outside of safe mode

OK whole new direction

Start-Run
paste or type
services.msc
click ok or hit enter

find Com+Event System confirm it is running <--- This was running

find Com+System Application probably not running confirm it starts if so leave running <---- This wasn't running but started fine

find Remote procedure call (RPC) confirm started <--- was running

then Remote procedure call (RPC) Locator probably not started, confirm it will start and leave running. <--- was running

Get back with results if problems. <--- same errors as before

Then

Control panel-Add/remove
on the left panel click
Add/Remove Windows Componets

Be ready to insert XP install CD!

in Windows Components
Chose Managementand monitoring tools
if the 2 items here are not checked then do so and install them <---- Management and monitoring tools showed up as 1 checkbox, but I installed that

Restart and recheck for issue! <--- still the same

 

Spidy

OK we have shot this thing with just about every known fix.

But I am not giving up.

Run Dial-A-Fix

If it reports any restrictive policys remove them.

Select every box on the first page. If it reports any error get me the error and file name.

If it does find a problem this will be good and may lead us to a repair. So I am hoping for an error.

Once page 1 completes go to page 2 (HammerHead)

run
Repair Permissions

When complete reboot before checking for the issue.

If and only if the issue still exists
on page 2
select
SFC Purge
when finished
put in XP SP2 CD
then
run
SFC Scan

When finished restart before checking for problem resolution.

Mike

 

I ran the first page, but on the second I had to download an executable and now it is running "Repair Permissions" but it seems to be taking forever on step 1, is this normal?

 

What did you have to download??

I have seen it take a while! But I have seen it not be able to continue. If so close all of Dial-a-Fix and reboot.

Do the SFC procedure and then try the Repair Permmisions in safe mode.

Mike

 

I had to download a particular executable that the repair permissions section runs.

I tried running from safe mode and it still hangs. I ran the commands from the command prompt that dial-a-fix runs itself and the first command gets to 86% and then hangs on a file, but it doesn't say which one. It also says it is creating a log file but the log file is never made in the place it says it is.

Whenever I tried to make another account to run that from last night I got an error of a missing file, but I accidentally clicked through it. When I get home from class I'll make another and see if it pops up again and report which file it was and what it did.

 

Ok I will research WMI some more in the meantime!

How did the SFC Purge then SFC Scan go?

Mike

 

The scan and purge worked as far as I can tell. No errors on either one.

 

The error is that inf/wpie4x86.inf isn't found... is that an Internet Explorer thing or am I missing something important here?

 

Okay, I now have another problem I thought I could fix: my SATA drive that I use to install programs on has been unrecognized by Windows since I did the repair install, but it shows up in BIOS and raid information. Any clue how I can get it back? It doesn't even show up in the device manager.

 

Hello Spider

The wpie4x86.inf actually points to Internet Explorer 4.0 from back in the days of 98 and Windows ME

How is the Sata drive connected, internally or via USB. How is it formated as a Primary or Secondary partition.

Is it a builtin motherboard controller or an added PCI card?

Look in Admin tools-Computer management-Disk management.

Is it seen here?

In device manager is there a even Sata catagory?

If onboard controller have you changed any BIOS settings? Check BIOS for SATA.

Also do you have the drivers that came with the drive?

We now need to take a deeper look at your system.

Go here read and post Deckard and HJT logs.
http://www.windowsbbs.com/announcement.php?f=41

Mike

 

Hello Spider

The wpie4x86.inf actually points to Internet Explorer 4.0 from back in the days of 98 and Windows ME

How is the Sata drive connected, internally or via USB. How is it formated as a Primary or Secondary partition. <---- internally, and I don't remember if I did primary or secondary

Is it a builtin motherboard controller or an added PCI card? <--- motherboard

Look in Admin tools-Computer management-Disk management.

Is it seen here? <--- nope

In device manager is there a even Sata catagory? <--- there is a SATA/Raid controller, but it says there is no driver available (not sure if there is supposed to be one)

If onboard controller have you changed any BIOS settings? Check BIOS for SATA. <--- nope

Also do you have the drivers that came with the drive? <--- the samsung site says there are no drivers for the HD, I tried installing the SATA drivers from the GIGABYTE site but it still says no drivers are installed.

We now need to take a deeper look at your system.

Go here read and post Deckard and HJT logs.
http://www.windowsbbs.com/announcement.php?f=41

Logs in next post....

 

Deckard's System Scanner v20071014.68
Run by Dwayne on 2008-02-15 20:50:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; unknown error code 0x00000001


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 8.08 GiB (less than 15%) free.


-- HijackThis (run as Dwayne.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:05 PM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Dwayne\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dwayne.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Winzy Assistant - {039AF219-4B6F-4AC6-8763-7BF5BBD481B3} - C:\Program Files\Winzy\Winzy IE Toolbar\winzyietoolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: ALOT eMusic Toolbar - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Winzy Toolbar - {5B327C15-C1B7-4d1f-A5B7-A2F5FFDF2881} - C:\Program Files\Winzy\Winzy IE Toolbar\winzyietoolbar.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: ALOT eMusic Toolbar - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe "
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe "
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\RunServices: [] iexplorer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-343818398-1606980848-839522115-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-343818398-1606980848-839522115-1004\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-343818398-1606980848-839522115-1004\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All Files by HiDownload - O:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - O:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dwayne\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - O:\Program Files\HiDownload\hidownload.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/itttechlibrary/support/plugins/ebraryRdr.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://aol.worldwinner.com/games/v46/shared/FunGamesLoader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.0.84.cab
O16 - DPF: {4C563F3F-5621-4F23-BAC8-6B84DCA61AB2} (GoonzuGlobal_downloader Control) - http://cdn.goonzu.com/gscdnSkins/GoonzuGlobal_downloader0713.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v57/bjattack/bja.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139030516237
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://chat1.j2.com/Media/VisitorchatEnu/TLIEFlash.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.custhelp.com/7540-b358h/rnl/java/RntX.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{1A73AA10-2951-451A-B3C2-8769E5FDBCB4}: NameServer = 24.158.96.130,24.158.96.131
O17 - HKLM\System\CS2\Services\Tcpip\..\{1A73AA10-2951-451A-B3C2-8769E5FDBCB4}: NameServer = 24.158.96.130,24.158.96.131
O17 - HKLM\System\CS3\Services\Tcpip\..\{1A73AA10-2951-451A-B3C2-8769E5FDBCB4}: NameServer = 24.158.96.130,24.158.96.131
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: ASWLNDLL - C:\WINDOWS\SYSTEM32\ASWLNDLL.dll
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AWE 5.1.0 Application Manager (AppMgrService) - AppStream Inc. - C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14052 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.js - JSFile - DefaultIcon - "O:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe ",7
.js - JSFile - shell\open\command - "O:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe ", "%1 "
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-01-15 and 2008-02-15 -----------------------------

2008-02-15 20:51:58 0 d-------- C:\Program Files\Trend Micro
2008-02-15 15:52:19 0 d-------- C:\Program Files\obj
2008-02-15 15:52:16 0 d-------- C:\WINDOWS\GBD
2008-02-15 15:33:54 0 d-------- C:\WINDOWS\system32\M5455
2008-02-15 15:31:26 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2008-02-15 14:48:24 0 d-------- C:\Documents and Settings\asdf\Application Data\Identities
2008-02-15 14:48:16 0 d--h----- C:\Documents and Settings\asdf\Templates
2008-02-15 14:48:16 0 dr------- C:\Documents and Settings\asdf\Start Menu
2008-02-15 14:48:16 0 dr-h----- C:\Documents and Settings\asdf\SendTo
2008-02-15 14:48:16 0 dr-h----- C:\Documents and Settings\asdf\Recent
2008-02-15 14:48:16 0 d--h----- C:\Documents and Settings\asdf\PrintHood
2008-02-15 14:48:16 1048576 --ah----- C:\Documents and Settings\asdf\NTUSER.DAT
2008-02-15 14:48:16 0 d--h----- C:\Documents and Settings\asdf\NetHood
2008-02-15 14:48:16 0 dr------- C:\Documents and Settings\asdf\My Documents
2008-02-15 14:48:16 0 d--h----- C:\Documents and Settings\asdf\Local Settings
2008-02-15 14:48:16 0 dr------- C:\Documents and Settings\asdf\Favorites
2008-02-15 14:48:16 0 d-------- C:\Documents and Settings\asdf\Desktop
2008-02-15 14:48:16 0 d--hs---- C:\Documents and Settings\asdf\Cookies
2008-02-15 14:48:16 0 dr-h----- C:\Documents and Settings\asdf\Application Data
2008-02-15 14:48:16 0 d---s---- C:\Documents and Settings\asdf\Application Data\Microsoft
2008-02-14 18:21:01 0 d-------- C:\Dial-a-fix-v0.60.0.24 <DIAL-A~1.24>
2008-02-14 15:33:33 145047 --a------ C:\WINDOWS\system32\secedit.exe
2008-02-14 15:31:01 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-02-13 19:16:59 0 d-------- C:\Program Files\Realtek AC97
2008-02-13 18:39:49 0 d-------- C:\WINDOWS\Prefetch
2008-02-13 18:32:29 0 d-------- C:\Program Files\msn gaming zone
2008-02-13 13:49:28 0 d-------- C:\tempinf
2008-02-13 12:58:19 0 d-------- C:\WINDOWS\NV7361916.TMP
2008-02-13 12:38:32 0 d-------- C:\WINDOWS\NV7361920.TMP
2008-02-12 23:19:02 0 d-------- C:\WINDOWS\NV736252.TMP
2008-02-12 22:26:39 0 d-------- C:\WINDOWS\setup.pss
2008-02-07 18:26:14 642 --a------ C:\FIXWMI.CMD
2008-02-02 19:15:13 0 d-------- C:\WINDOWS\Cache
2008-02-02 19:15:09 0 d-------- C:\Program Files\Coupons
2008-01-31 13:09:28 44544 -ra------ C:\WINDOWS\system32\MSXML4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2008-01-31 13:09:28 626960 -ra------ C:\WINDOWS\system32\hpvaut32.dll <Not Verified; Microsoft Corporation; >
2008-01-31 13:04:45 0 d-------- C:\Program Files\Common Files\HP
2008-01-31 10:32:22 38771 --a------ C:\WINDOWS\hpomdl03.dat
2008-01-31 10:32:22 29364 --a------ C:\WINDOWS\hpoins03.dat
2008-01-30 13:42:11 0 d-------- C:\Program Files\alot
2008-01-30 13:42:11 0 d-------- C:\Documents and Settings\Dwayne\Application Data\alot
2008-01-30 02:11:09 0 d-------- C:\WINDOWS\Registration
2008-01-29 19:20:16 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-01-28 17:16:58 0 --a------ C:\Documents and Settings\Dwayne\net
2008-01-28 17:16:00 0 --a------ C:\Documents and Settings\Dwayne\for
2008-01-27 22:17:01 0 d-------- C:\Program Files\WON
2008-01-26 15:25:24 0 d-------- C:\divx
2008-01-25 00:59:31 0 d-------- C:\Documents and Settings\Dwayne\Application Data\InstallShield
2008-01-20 22:38:19 0 d-------- C:\WINDOWS\Family Feud II
2008-01-20 22:14:52 0 d-------- C:\Program Files\Yahoo! Games
2008-01-17 00:20:54 0 d-------- C:\WINDOWS\Kudos Rock Legend DeLEGiON


-- Find3M Report ---------------------------------------------------------------

2008-02-13 19:21:08 0 d-------- C:\Program Files\Google
2008-02-13 18:30:25 22704 --a----c- C:\WINDOWS\system32\emptyregdb.dat
2008-02-11 22:40:46 4 --a------ C:\WINDOWS\system32\EE724F
2008-02-03 15:59:07 36 --ah----- C:\WINDOWS\system32\f9t.dat
2008-02-02 11:47:26 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-01-31 13:09:26 0 d-------- C:\Program Files\HP
2008-01-31 13:04:45 0 d-------- C:\Program Files\Common Files
2008-01-30 02:10:38 0 d-------- C:\Program Files\Online Services
2008-01-30 02:10:12 0 d-------- C:\Program Files\Windows NT
2008-01-26 15:24:19 0 d-------- C:\Program Files\DivX
2008-01-25 01:00:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-14 22:18:59 3532 --a------ C:\drmHeader.bin
2008-01-13 21:00:50 0 d-------- C:\Program Files\NetBeans 6.0
2008-01-13 20:58:16 0 d-------- C:\Program Files\Sun
2008-01-13 20:58:09 0 d-------- C:\Program Files\Java
2008-01-10 21:11:28 0 d-------- C:\Program Files\PayPal
2008-01-07 22:16:02 36 --a------ C:\WINDOWS\popcinfo.dat
2008-01-07 21:47:20 0 d-------- C:\Program Files\PopCap Games
2008-01-06 14:00:43 0 d-------- C:\Program Files\Winzy
2008-01-06 00:40:53 0 d-------- C:\Program Files\LucasArts
2008-01-04 16:58:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 16:57:22 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-04 16:57:22 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-04 16:57:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 16:57:10 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-04 16:57:10 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 16:57:10 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 16:56:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-01-04 13:18:59 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-01-04 13:18:58 0 d-------- C:\Program Files\AlienGUIse
2008-01-03 23:47:56 0 d-------- C:\Documents and Settings\Dwayne\Application Data\Stamps.com Internet Postage
2008-01-01 11:42:26 0 d-------- C:\Program Files\PokerStars
2007-12-23 02:39:31 0 d-------- C:\Documents and Settings\Dwayne\Application Data\Adobe
2007-12-19 18:37:29 0 d-------- C:\Program Files\Fx Video Converter
2007-12-19 18:22:25 0 d-------- C:\Program Files\Zune
2007-12-13 03:20:04 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-05 01:41:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-12-05 01:41:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-12-05 01:41:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-05 01:41:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-12-05 01:41:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-12-05 01:41:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-12-05 01:41:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-12-05 01:41:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-12-04 14:12:10 7228 --a------ C:\Documents and Settings\Dwayne\Application Data\Replay Music 3 Setup Log.txt
2007-12-04 14:11:49 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8260C2B8-E0D1-448a-B062-33D12D468BF0}]
08/10/2007 04:38 PM 551208 --a------ C:\Program Files\alot\bin\alot.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USRpdA "= "C:\WINDOWS\SYSTEM32\USRmlnkA.exe" [08/04/2004 07:00 AM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [12/14/2007 03:42 AM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [03/30/2006 06:51 PM]
"nwiz "= "nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"NVRTCLK "= "C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe" [12/30/2003 04:44 AM]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"ALi5289 "= "C:\Program Files\ULI5289\ALi5289.exe" [03/10/2005 01:56 AM]
"Zune Launcher "= "C:\Program Files\Zune\ZuneLauncher.exe" [11/15/2007 09:51 PM]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [08/04/2003 05:28 PM]
"HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 08:38 AM]
"DXDllRegExe "= "dxdllreg.exe" []
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"SoundMan "= "SOUNDMAN.EXE" [04/16/2007 03:28 PM C:\WINDOWS\soundman.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [02/13/2008 07:12 PM]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
@=iexplorer.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [9/16/2003 5:19:24 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ASWLNDLL]
ASWLNDLL.dll 05/13/2007 09:45 PM 6656 C:\WINDOWS\system32\ASWLNDLL.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages "= scecli


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1aff355d-93da-11da-a362-806d6172696f}]
AutoRun\command- D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0d1a3ce-f4e6-11da-ba15-001485e6ee9e}]
AutoRun\command- F:\AutoRun.exe




-- End of Deckard's System Scanner: finished at 2008-02-15 20:53:19 ------------

 

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Architecture: X86; Language: English

Percentage of Memory in Use: 39%
Physical Memory (total/avail): 1023.48 MiB / 619.96 MiB
Pagefile Memory (total/avail): 2460.19 MiB / 2106.3 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.43 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 8.08 GiB free.
D: is CDROM (CDFS)
L: is CDROM (No Media)



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.
FirewallOverride is set.

AV: Avira AntiVir PersonalEdition v 7.0.2.148
(Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\\Program Files\\AIM\\aim.exe "= "C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger "

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\GigaByte\\VGA Utility Manager\\G-vga.exe "= "C:\\Program Files\\GigaByte\\VGA Utility Manager\\G-vga.exe:*:Enabled:Menu "
"C:\\Program Files\\BitComet\\BitComet.exe "= "C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client "
"C:\\NeverwinterNights\\NWN\\nwmain.exe "= "C:\\NeverwinterNights\\NWN\\nwmain.exe:*:Enabled:Neverwinter Nights "
"C:\\NeverwinterNights\\NWN\\nwupdate.exe "= "C:\\NeverwinterNights\\NWN\\nwupdate.exe:*:Enabled:NWN Update Program "
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe "= "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 "
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe "= "C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe:*:Enabled:Age of Empires 3 "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 "
"C:\\Program Files\\Diablo II\\game.exe "= "C:\\Program Files\\Diablo II\\game.exe:*:Enablediablo II "
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server "
"C:\\Program Files\\Skype\\Phone\\Skype.exe "= "C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype "
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe "= "C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main "
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe "= "C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD "
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe "= "C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater "
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe "= "C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\\Program Files\\AIM\\aim.exe "= "C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger "
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader "
"C:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe "= "C:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer "
"C:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe "= "C:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe:*:Enabled:AOL Connectivity Service "
"C:\\Program Files\\AOL 9.0\\waol.exe "= "C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL "
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe "= "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed "
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe "= "C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL System Information "
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP1\\RpcSandraSrv.exe "= "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP1\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service "
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP1\\Win32\\RpcDataSrv.exe "= "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP1\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service "
"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe "= "C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine "
"C:\\Program Files\\Common Files\\AOL\\1169684324\\ee\\aolsoftware.exe "= "C:\\Program Files\\Common Files\\AOL\\1169684324\\ee\\aolsoftware.exe:*:Enabled:AOL Services "
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook "
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove "
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote "
"O:\\Steam\\Steam.exe "= "O:\\Steam\\Steam.exe:*:Enabled:Steam Client "
"O:\\Steam\\steamapps\\spiderlocmtgo\\team fortress 2\\hl2.exe "= "O:\\Steam\\steamapps\\spiderlocmtgo\\team fortress 2\\hl2.exe:*:Enabled:hl2 "
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe "= "C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager "
"C:\\Nexon\\KartRider\\NMService.exe "= "C:\\Nexon\\KartRider\\NMService.exe:*:Enabled:Nexon Messenger Core "
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "= "C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour "
"C:\\Documents and Settings\\Dwayne\\Desktop\\tinyweb\\TINY.EXE "= "C:\\Documents and Settings\\Dwayne\\Desktop\\tinyweb\\TINY.EXE:*:Enabled:TINY "
"C:\\Documents and Settings\\Dwayne\\Local Settings\\Temp\\Rar$EX00.891\\Demo\\ExampleDemo.exe "= "C:\\Documents and Settings\\Dwayne\\Local Settings\\Temp\\Rar$EX00.891\\Demo\\ExampleDemo.exe:*:Enabled:ExampleDemo.exe "
"C:\\Documents and Settings\\Dwayne\\Local Settings\\Temp\\Rar$EX06.797\\Demo\\ExampleDemo.exe "= "C:\\Documents and Settings\\Dwayne\\Local Settings\\Temp\\Rar$EX06.797\\Demo\\ExampleDemo.exe:*:Enabled:ExampleDemo.exe "
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe "= "C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe:*:Enabled:LaunchPad "
"O:\\Games\\NWN2\\nwn2main.exe "= "O:\\Games\\NWN2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main "
"O:\\Games\\NWN2\\nwn2main_amdxp.exe "= "O:\\Games\\NWN2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD "
"O:\\Games\\NWN2\\nwupdate.exe "= "O:\\Games\\NWN2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater "
"O:\\Games\\NWN2\\nwn2server.exe "= "O:\\Games\\NWN2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server "
"C:\\Documents and Settings\\Dwayne\\Local Settings\\Temporary Internet Files\\Content.IE5\\HZNXTNFW\\WoW-BurningCrusade-Trial-enUS-Installer-downloader[1].exe "= "C:\\Documents and Settings\\Dwayne\\Local Settings\\Temporary Internet Files\\Content.IE5\\HZNXTNFW\\WoW-BurningCrusade-Trial-enUS-Installer-downloader[1].exe:*:Enabled:Blizzard Downloader "
"C:\\WINDOWS\\system32\\mmc.exe "= "C:\\WINDOWS\\system32\\mmc.exe:*isabled:Microsoft Management Console "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Dwayne\Application Data
CLASSPATH=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JORDAN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Dwayne
INCLUDE=c:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\include\
LIB=c:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\Lib\
LOGONSERVER=\\JORDAN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Dwayne\LOCALS~1\Temp
TMP=C:\DOCUME~1\Dwayne\LOCALS~1\Temp
USERDOMAIN=JORDAN
USERNAME=Dwayne
USERPROFILE=C:\Documents and Settings\Dwayne
VS71COMNTOOLS=C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\Tools\
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Dwayne (admin)
Jordan V (new local, admin)
asdf (new local, admin)
Administrator.HOME-193791D6B8 (admin)





-- End of Deckard's System Scanner: finished at 2008-02-15 20:53:19 ------------

(extra.txt continued in next post)

 

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> MsiExec.exe /X{7B4AB13C-1A5C-4BC5-ABA6-762F8198444C}
--> O:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
@BIOS --> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Gigabyte\BIOS\Uninst.isu "
16 Big Fish Games --> "C:\WINDOWS\16 Big Fish Games\uninstall.exe" "/U:O:\Program Files\16 Big Fish Games\Uninstall\uninstall.xml "
Action Replay Code Manager --> "C:\Program Files\Datel\Action Replay Code Manager\unins000.exe "
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f "C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c "C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll "
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{8BC84ECC-EA87-49C0-93C0-2B5DF62745CD}
Adobe Bridge CS3 --> MsiExec.exe /I{68CF6DD2-8BA3-4A70-81D8-7CC5F24C9BA2}
Adobe Bridge Start Meeting --> MsiExec.exe /I{7F3A2319-79CF-4701-95FB-034E99281808}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{183B7569-90FB-4C56-9761-0EEB002CAB83}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{20B83B31-09C4-4F0E-9774-EF8A12A0A527}
Adobe Dreamweaver CS3 --> C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS3 --> MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{4DF98D0B-637E-42B4-B9D6-EB7693D2FBF8}
Adobe Extension Manager CS3 --> MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Viewer CS3 --> MsiExec.exe /I{733D84D6-AAFD-4368-A1D0-F2734F6B9082}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Setup --> MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{41C3C974-EC5E-494C-AFE6-E31D92E2E6CB}
Advanced Combat Tracker (remove only) --> "C:\Program Files\Advanced Combat Tracker\Uninstall.exe "
Age of Mythology --> "C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
Age of Mythology - The Titans Expansion --> "C:\Program Files\Microsoft Games\Age of Mythology\UNINSTXP.EXE" /runtemp /addremove
AGEIA PhysX v2.6.0 --> MsiExec.exe /X{582876EC-A178-44D4-9823-C10D6C62EAFF}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Aim Plugin for QQ Games --> O:\Games\QQ Games\Plugin\Uninstall.EXE
Alarm 2.0.1 --> "C:\Program Files\Alarm\unins000.exe "
ALOT eMusic Toolbar --> "C:\Program Files\alot\alotUninst.exe "
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AppStream Technology Windows Edition Client --> MsiExec.exe /X{46B26804-569B-4355-9678-0DDF6ADCFB0F}
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
Audacity 1.2.4 --> "C:\Program Files\Audacity\unins000.exe "
Avira AntiVir PersonalEdition Premium --> C:\Program Files\Avira\AntiVir PersonalEdition Premium\SETUP.EXE /REMOVE
BioWare Premium Module: Neverwinter Nights(TM) Kingmaker --> C:\NeverwinterNights\NWN\premium\uninst Neverwinter Nights(TM) Kingmaker.exe
BitComet 0.64 --> C:\Program Files\BitComet\uninst.exe
BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe "
CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe "
CEP v1.52 --> "C:\NeverwinterNights\NWN\unins000.exe "
Combined Community Codec Pack 2007-02-22 --> "C:\Program Files\Combined Community Codec Pack\unins000.exe "
Competition Arena --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://www.topcoder.com/contest/arena/ContestAppletProd.jnlp "
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN V Series (R2) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}\SETUP.EXE" -l0x9 /remove
D-Link VGA Webcam --> C:\WINDOWS\CleanDev.exe C:\WINDOWS\ov519.TXT
dbQwikSite 5 --> O:\PROGRA~1\DBQWIK~1\UNWISE.EXE O:\PROGRA~1\DBQWIK~1\INSTALL.LOG
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DivX Codec --> O:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> O:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
e-texaspoker client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBD12D47-62D6-11D4-9357-00508B5BB444}\Setup.exe" -uninst
EA Link --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F5577101-33CC-4711-8235-3A95BCD49DB0} /l1033
eMusic Download Manager 3.0 --> O:\Program Files\eMusic Download Manager\uninst.exe
EQ2MAP Updater 1.0.15 --> C:\Program Files\EQ2MAP Updater\uninst.exe
EverQuest II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2ED6DAA-31AA-49E4-BFA1-AF3388D90F7D}\Setup.exe" -l0x9 -removeonly
Family Feud (remove only) --> "C:\Program Files\Yahoo! Games\Family Feud\Uninstall.exe "
Family Feud II (remove only) --> "O:\Program Files\iWin.com\Family Feud II\Uninstall.exe "
FATE --> "C:\Program Files\WildGames\FATE\Uninstall.exe "
FATE from WildGames (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E2BABA4F-C37B-4A6C-8F00-0D303441C2D3\Uninstall.exe "
FLV Player 2.0, build 23 --> O:\Program Files\FLV Player\uninst.exe
Freedom Force® vs The 3rd Reich --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{97573806-3C00-4CE0-9D31-3925DD845DCE}
Fwink --> MsiExec.exe /I{531F366E-8426-4592-9463-A745CA6E192D}
Fx Video Converter --> C:\PROGRA~1\FXVIDE~1\UNWISE.EXE C:\PROGRA~1\FXVIDE~1\INSTALL.LOG
GameTap --> C:\Program Files\InstallShield Installation Information\{67E158AF-8856-4337-B483-EA21930786AF}\setup.exe -runfromtemp -l0x0009 -removeonly
GIGABYTE VGA Utility Manager --> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\GigaByte\VGA Utility Manager\Uninst.isu "
GnuWin32: Bzip2 version 1.0.3-1 --> "C:\Program Files\GnuWin32\uninstall\unins000.exe "
Gods - Lands of Infinity --> "O:\Games\Gods - LOI SE\Uninstall Information\unins000.exe "
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll "
GTK+ 2.10.6-1 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe "
Guild Wars --> "O:\Games\Guild Wars\Gw.exe" -uninstall
Haali Media Splitter --> "C:\Program Files\Haali\MatroskaSplitter\uninstall.exe "
Half-Life 2 --> "O:\Steam\steam.exe" steam://uninstall/220
Half-Life 2: Episode One --> "O:\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two --> "O:\Steam\steam.exe" steam://uninstall/420
Hamachi 1.0.0.61 --> C:\Program Files\Hamachi\uninstall.exe
Heavy Weapon Deluxe 1.0 --> C:\Program Files\PopCap Games\Heavy Weapon Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Heavy Weapon Deluxe\Install.log "
Heroes of Might & Magic V: Hammers of Fate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66FF4C48-0083-4E60-8556-B883AB200091}\setup.exe" -l0x9
Heroes of Might and Magic V --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28101984-0BA6-40FD-9ABE-72F62F80C06C}\setup.exe" -l0x9
HiDownload --> "O:\Program Files\HiDownload\unins000.exe "
HP Driver Diagnostics --> MsiExec.exe /I{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}
HP Image Zone 4.2 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Print Diagnostic Utility --> MsiExec.exe /I{5E06C076-E4E7-4239-A886-B3D8AC84C166}
HP PSC & OfficeJet 3.5 --> "C:\Program Files\HP\Digital Imaging\{18E0918E-1060-48f3-925C-56C82E88551B}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP PSC & OfficeJet 4.2 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update --> MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
IGN Download Manager 2.1.1 --> C:\Program Files\IGN\Download Manager\uninst.exe
IsoBuster 2.1 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe "
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java DB 10.3.1.4 --> MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) SE Development Kit 6 Update 4 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160040}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kudos Rock Legend DeLEGiON --> "C:\WINDOWS\Kudos Rock Legend DeLEGiON\uninstall.exe" "/U:O:\Games\Kudos Rock Legend DeLEGiON\Uninstall\uninstall.xml "
Legends of Norrath --> "C:\Program Files\InstallShield Installation Information\{D7A89413-FB45-4ECE-A893-32DC87F45554}\setup.exe" -runfromtemp -l0x0009 -removeonly
LEGO Star Wars II --> C:\Program Files\InstallShield Installation Information\{578FA426-47C0-4A3F-98A4-01ACD26B7556}\setup.exe -runfromtemp -l0x0409
Local Account Manager v2 --> "O:\Program Files\Local Account Manager\unins000.exe "
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Madden NFL 08 --> C:\Program Files\EA Sports\Madden NFL 08\EAUninstall.exe
Magic ISO Maker v5.1 (build 0185) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Magic Online --> O:\MTGO\magic.exe -u
Magic Set Editor 2 - 0.3.3 beta --> "C:\Program Files\Magic Set Editor 2\unins000.exe "
Matroska Pack - Lazy Man's MKV 0.9.8 --> "C:\Program Files\LD-Anime\unins000.exe "
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual J# .NET Redistributable Package 1.1 --> MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Visual Studio .NET Professional 2003 - English --> "C:\Program Files\Microsoft Visual Studio .NET 2003\Setup\Visual Studio .NET Professional 2003 - English\setup.exe" /MaintMode
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Xbox 360 Accessories 1.1 --> MsiExec.exe /X{6F6B46DC-4289-454E-8FFD-80CE597F403B}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
mod --> C:\Program Files\mod\uninstall.exe
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Dwayne\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MySQL Connector/ODBC 3.51 --> MsiExec.exe /I{DA1A4DBF-48A1-4ABE-8890-DD60DF92B498}
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=" "
NetBeans IDE 6.0 --> "C:\Program Files\NetBeans 6.0\uninstall.exe "
Neverwinter Nights --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1583439-B034-4881-819C-D52A0587662B}\setup.exe" -l0x9
Neverwinter Nights 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\SETUP.exe" -l0x9 -removeonly
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
oggcodecs 0.71.0946 --> C:\Program Files\illiminable\oggcodecs\uninst.exe
PayPal Plug-In --> C:\Program Files\InstallShield Installation Information\{73317C31-2B6E-4B88-9865-B97C1331A39D}\setup.exe -runfromtemp -l0x0009 -removeonly
pCrawler 5.06 --> "c:\Program Files\LandofLeisure\pCrawler\unins000.exe "
Peggle Extreme --> "O:\Steam\steam.exe" steam://uninstall/3483
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe "
Portal --> "O:\Steam\steam.exe" steam://uninstall/400
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe "
PRC Pack --> C:\NeverwinterNights\PRCPack\uninstall.exe
Prism --> C:\Program Files\NCH Software\Prism\uninst.exe
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
Real Alternative 1.47 --> "C:\Program Files\Real Alternative\unins000.exe "
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\setup.exe" -l0x9 REMOVE
Replay Music 3.06 --> C:\WINDOWS\iun6002.exe "O:\Program Files\Replay Music 3\irunin.ini "
Rhapsody --> O:\PROGRA~1\Rhapsody\Unwise32.exe /A O:\PROGRA~1\Rhapsody\INSTALL.LOG
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
SiSoftware Sandra Lite XI.SP1 (Win64/32/CE) --> "C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\unins000.exe "
SoulSeekkor's TQ Defiler --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\TQDefiler\ST6UNST.LOG"
SoundCapture --> O:\PROGRA~1\MAGICS~1\SC\UNWISE.EXE O:\PROGRA~1\MAGICS~1\SC\INSTALL.LOG
Stamps.com --> "C:\Documents and Settings\All Users\Application Data\{876C6265-922D-4EF3-A784-71D72FF033C0}\stamps.exe" REMOVE=TRUE MODIFY=FALSE
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Team Fortress 2 --> "O:\Steam\steam.exe" steam://uninstall/440
Tennis Titans --> "O:\Games\Tennis Titans\unins000.exe "
The Core Media Player 4.0 --> "C:\Program Files\CoreCodec\The Core Media Player\uninstall-tcmp4.exe "
The GIMP 2.2.14 --> "C:\Program Files\GIMP-2.0\unins000.exe "
The Print Shop 22 --> MsiExec.exe /I{1D2AB963-7FF4-4446-BF22-822101AA550F}
Titan Quest --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}\setup.exe" -l0x9 -removeonly
Titan Quest Immortal Throne --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}\setup.exe" -l0x9 -removeonly
TQVault 2.11 --> "C:\Program Files\TQVault\unins000.exe "
ULi M5289 SATA Controller Driver --> C:\WINDOWS\system32\unM5289.EXE C:\WINDOWS\IsUninst.exe -y -fC:\WINDOWS\system32\ALiM5289.isu
ULi PCI to AGP Controller Driver --> C:\WINDOWS\system32\UnAGP.EXE C:\WINDOWS\IsUninst.exe -y -fC:\WINDOWS\system32\ALiAGP.isu
UseNeXT --> "C:\Program Files\UseNeXT\unins000.exe "
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Weird 21 --> MsiExec.exe /I{44DAAB9A-85FB-44B9-948B-12814FCFAD10}
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe "
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
winpcap-r 3.1 --> "C:\Program Files\WinPcap\uninstall.exe "
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Winzy Toolbar for Internet Explorer --> C:\Program Files\Winzy\Winzy IE Toolbar\uninstall.exe
WM Recorder + RM Recorder 10.21 --> C:\WINDOWS\iun6002.exe "C:\Program Files\WM Recorder 10.2\irunin.ini "
WMPTagSupportExtender --> MsiExec.exe /I{D5526193-241E-47EB-B358-60DA0820A35A}
Words That Follow --> C:\WINDOWS\system32\javaws.exe -uninstall "http://www.side-quest.com/caption/***.jnlp "
XviD 1.1 final uninstall --> "C:\Program Files\XviD\unins000.exe "
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Mail --> C:\WINDOWS\system32\regsvr32.exe /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
ZENcast Organizer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9 /remove
Zune --> MsiExec.exe /X{FE0256DB-509C-40AC-B888-2543AD4298E6}
Zune Language Pack (ES) --> MsiExec.exe /I{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR) --> MsiExec.exe /I{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}


-- Application Event Log -------------------------------------------------------

Event Record #/Type188 / Warning
Event Submitted/Written: 02/15/2008 08:44:11 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type187 / Warning
Event Submitted/Written: 02/15/2008 08:44:11 PM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type180 / Warning
Event Submitted/Written: 02/15/2008 04:05:31 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type179 / Warning
Event Submitted/Written: 02/15/2008 04:05:31 PM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type172 / Warning
Event Submitted/Written: 02/15/2008 03:35:57 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1094 / Error
Event Submitted/Written: 02/15/2008 08:44:39 PM
Event ID/Source: 14325 / WMPNetworkSvc
Event Description:
Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80004002'. In Windows Media Player, turn off media sharing, and then turn it back on.

Event Record #/Type1076 / Error
Event Submitted/Written: 02/15/2008 08:44:11 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The X4HSX32 service failed to start due to the following error:
%%3

Event Record #/Type1075 / Warning
Event Submitted/Written: 02/15/2008 08:44:11 PM
Event ID/Source: 1102 / SNMP
Event Description:
The SNMP Service is ignoring extension agent dll C:\WINDOWS\System32\iasperf.dll because it is missing or misconfigured.

Event Record #/Type1074 / Error
Event Submitted/Written: 02/15/2008 08:44:11 PM
Event ID/Source: 14325 / WMPNetworkSvc
Event Description:
Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80004002'. In Windows Media Player, turn off media sharing, and then turn it back on.

Event Record #/Type1068 / Error
Event Submitted/Written: 02/15/2008 08:43:26 PM / 02/15/2008 08:43:56 PM
Event ID/Source: 4 / sptd
Event Description:
Driver detected an internal error in its data structures for .


(the end. feel free to inform me if I need to remove this from public viewing.)

 

As Jed Clampet used to say "Wheee doggie "

Now I see why you would do almost anything to keep from doing a clean install. To get all of this back would be a bear of a job!

Get me a little clearer picture of what is running d/l the below run and paste the log file. It may take a while to run.
http://www.tombraiderhub.com/download/ardiag.exe

You have signs of active malware and some to be remenants.

So now you have some work to do.

First go thru Add/Remove and uninstall all old useless or non working programs if any. What ever it is ask youself if you really need it want it or will ever use it. Especially the games.
And especially the below.

Adaware SE (old software)

winzyietoolbar is suspected as malware bu not yet rared so. Get rid of it!

HiDownload

alot EMusic Toolbar

iexplorer.exe (not to be confused with legit iexplore) this one may be active if there is no Add/Remove for this the leave it alone we will handle it below.

Uninstall anything that says Sun Java, Java JRE, except leave (keep) the Java TM 6 Update 3

Viewpoint

------------------------------------------------
Use HJT Scan only to remove the below
O2 - BHO: Winzy Assistant - {039AF219-4B6F-4AC6-8763-7BF5BBD481B3} - C:\Program Files\Winzy\Winzy IE Toolbar\winzyietoolbar.dll
O2 - BHO: ALOT eMusic Toolbar - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: Winzy Toolbar - {5B327C15-C1B7-4d1f-A5B7-A2F5FFDF2881} - C:\Program Files\Winzy\Winzy IE Toolbar\winzyietoolbar.dll
O3 - Toolbar: ALOT eMusic Toolbar - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - C:\Program Files\alot\bin\alot.dll
O4 - HKLM\..\RunServices: [] iexplorer.exe
O8 - Extra context menu item: Download All Files by HiDownload - O:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - O:\Program Files\HiDownload\HDGet.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dwayne\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - O:\Program Files\HiDownload\hidownload.exe (file missing)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/itttechli.../ebraryRdr.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://aol.worldwinner.com/games/v46...amesLoader.cab

After all above cleaned


Spyware cleaners
Xclean

http://www.xblock.com/download/xclean_micro.exe
Run it delete all it finds, deline to reboot after each find, but do so after it finishes

and rerun untill it comes up clean. Even better if second run is in Safe mode.

SpyBot http://projects.securitywonks.net/pr...ils.php?file=2
Install and update go to top and select Advanced mode, but don't run

to run paste the following to the cmd prompt this runs Spybot in max mode that most people do not use and it automaticlly downloads updates

"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autoupdate /autocheck /autofix /autoimmunize

D/L install update and run Adaware 2007 Free http://www.lavasoftusa.com/

--------------------------------------------------------------------------

Stand alone Virus cleaners just to keep Antivir honest
download update and run

http://info.prevx.com/download.asp?grab=prevxcsi
http://www.freedrweb.com/cureit/

Your System Restore seems to have a problem. We will handle that later.
So backup Registry D/l install and run Erunt http://www.larshederer.homepage.t-online.de/erunt/ try todo a System Restore point also let me know what it says.

Copy the following 2 lines for pasting

attrib -h -s -r c:\iexplorer.exe /d /s
del /f /s /q c:\iexplorer.exe

Now open cmd prompt and paste to run hit enter twice to complete

Run these reboot send fresh HJT and DSS logs. Let me know what was found. An I know we will need to clean more but hopefully this will narrow it down.

Mike

 

The first thing on the list, then I will proceed to the others:

Copy the following text and paste it to your report AS IS!!!

---------------------------------------------------------------
AutoRuns Diagnostics for TRF v 0.5 Developed by EscondeR
---------------------------------------------------------------

Code:

 
Program: 
 "Offers permanent protection against viruses and malware for email clients with the AntiVir search engine. "
Publisher: 
 "(Not verified) Avira GmbH "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
AntiVirMailService
Program path & name: 
 "c:\program files\avira\antivir personaledition premium\avmailc.exe "
Enabled: [V]
 
 
Program: 
 "Service to schedule AntiVir jobs and updates. "
Publisher: 
 "(Not verified) Avira GmbH "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
AntiVirScheduler
Program path & name: 
 "c:\program files\avira\antivir personaledition premium\sched.exe "
Enabled: [V]
 
 
Program: 
 "Offers permanent protection against viruses and malware with the AntiVir search engine. "
Publisher: 
 "(Not verified) Avira GmbH "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
AntiVirService
Program path & name: 
 "c:\program files\avira\antivir personaledition premium\avguard.exe "
Enabled: [V]
 
 
Program: 
 "Helper service for the AntiVir MailGuard. "
Publisher: 
 "(Not verified) Avira GmbH "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
AVEService
Program path & name: 
 "c:\program files\avira\antivir personaledition premium\avesvc.exe "
Enabled: [V]
 
 
Program: 
 "Creative Service for CDROM Access "
Publisher: 
 "(Not verified) Creative Technology Ltd "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
Creative Service for CDROM Access
Program path & name: 
 "c:\windows\system32\ctsvccda.exe "
Enabled: [V]
 
 
Program: 
 "Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped
Publisher: 
 the debuggers will not function properly. "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
MDM
Program path & name: 
 "(Not verified) Microsoft Corporation" "c:\program files\common files\microsoft shared\vs7debug\mdm.exe "
Enabled: [V]
 
 
Program: 
 "PunkBuster Service Component [v1009] http://www.evenbalance.com "
Publisher: 
 "(Verified) Even Balance Inc. "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
PnkBstrA
Program path & name: 
 "c:\windows\system32\pnkbstra.exe "
Enabled: [V]
 
 
Program: 
 "Ensures Viewpoint 3D and Rich Media Technologies are up to date "
Publisher: 
 "(Not verified) Viewpoint Corporation "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
Viewpoint Manager Service
Program path & name: 
 "c:\program files\viewpoint\common\viewpointservice.exe "
Enabled: [V]
 
 
Program: 
 "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
WMPNetworkSvc
Program path & name: 
 "c:\program files\windows media player\wmpnetwk.exe "
Enabled: [V]
 
 
Program: 
 "AMD Processor Driver "
Publisher: 
 "(Not verified) Advanced Micro Devices "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
AmdK8
Program path & name: 
 "c:\windows\system32\drivers\amdk8.sys "
Enabled: [V]
 
 
Program: 
 "Avira AntiVir Support for Minifilter "
Publisher: 
 "(Verified) Avira GmbH "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
avgio
Program path & name: 
 "c:\program files\avira\antivir personaledition premium\avgio.sys "
Enabled: [V]
 
 
Program: 
 "Avira's Driver for RootKit Detection "
Publisher: 
 "(Verified) Avira GmbH "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
avipbb
Program path & name: 
 "c:\windows\system32\drivers\avipbb.sys "
Enabled: [V]
 
 
Program: 
 "Macrovision SECURITY Driver "
Publisher: 
 "(Not verified) Macrovision Europe Ltd "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
CdaD10BA
Program path & name: 
 "c:\windows\system32\drivers\cdad10ba.sys "
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
cusbohcn
Program path & name: 
File not found: C:\DOCUME~1\Dwayne\LOCALS~1\Temp\cusbohcn.sys "
Enabled: [V]
 
 
Program: 
 "SCSI miniport "
Publisher: 
 "(Verified) DAEMON Tools Code Signing Services "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
dtscsi
Program path & name: 
 "c:\windows\system32\drivers\dtscsi.sys "
Enabled: [V]
 
 
Program: 
 "GIGABYTE Tools "
Publisher: 
 "(Verified) GIGA-BYTE TECHNOLOGY CO. LTD "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
gdrv
Program path & name: 
 "c:\windows\gdrv.sys "
Enabled: [V]
 
 
Program: 
 "Hamachi Virtual Network Interface Driver "
Publisher: 
 "(Not verified) Applied Networking Inc. "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
hamachi
Program path & name: 
 "c:\windows\system32\drivers\hamachi.sys "
Enabled: [V]
 
 
Program: 
 "ULi SATA RAID Controller Driver "
Publisher: 
 "(Not verified) ULi Electronics Inc. "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
m5289
Program path & name: 
 "c:\windows\system32\drivers\m5289.sys "
Enabled: [V]
 
 
Program: 
 "Dual Mode USB Camera 519 Stream Class Mini Driver "
Publisher: 
 "(Not verified) OmniVision Technologies Inc. "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
ovt519
Program path & name: 
 "c:\windows\system32\drivers\ov519vid.sys "
Enabled: [V]
 
 
Program: 
 "Appstream System Services "
Publisher: 
 "(Not verified) Appstream Inc. "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
REGHOOK
Program path & name: 
 "c:\windows\system32\drivers\reghook.sys "
Enabled: [V]
 
 
Program: 
 "Realtek 10/100/1000 NDIS 5.1 Driver                          "
Publisher: 
 "(Not verified) Realtek Semiconductor Corporation                            "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
RTL8023xp
Program path & name: 
 "c:\windows\system32\drivers\rtlnicxp.sys "
Enabled: [V]
 
 
Program: 
 "SCSI Pass Through Direct Host "
Publisher: 
 "(Not verified) Duplex Secure Ltd. "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
sptd
Program path & name: 
 "c:\windows\system32\drivers\sptd.sys "
Enabled: [V]
 
 
Program: 
 "Avira Snapshot Driver "
Publisher: 
 "(Verified) Avira GmbH "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
ssmdrv
Program path & name: 
 "c:\windows\system32\drivers\ssmdrv.sys "
Enabled: [V]
 
 
Program: 
 "TVicHW32 Driver for Windows NT/2000/XP "
Publisher: 
 "(Not verified) EnTech Taiwan "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
TVICHW32
Program path & name: 
 "c:\windows\system32\drivers\tvichw32.sys "
Enabled: [V]
 
 
Program: 
 "USBIO Driver "
Publisher: 
 "(Not verified) Thesycon GmbH Germany "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
USBIO
Program path & name: 
 "c:\windows\system32\drivers\usbio.sys "
Enabled: [V]
 
 
Program: 
 "SCSI miniport "
Publisher: 
 "(Verified) DAEMON Tools Code Signing Services "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
vaxscsi
Program path & name: 
 "c:\windows\system32\drivers\vaxscsi.sys "
Enabled: [V]
 
 
Program: 
 "Appstream communication driver "
Publisher: 
 "(Not verified) Appstream Inc. "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
VSPD
Program path & name: 
 "c:\windows\system32\drivers\vspd.sys "
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
X4HSX32
Program path & name: 
File not found: O:\Program Files\GameTap\bin\Release\X4HSX32.Sys "
Enabled: [V]
 
 
Program: 
 "AppStream Winlogon Notification DLL "
Publisher: 
 "(Not verified) Appstream Inc. "
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name: 
ASWLNDLL
Program path & name: 
 "c:\windows\system32\aswlndll.dll "
Enabled: [V]
 
 
Program: 
 "AntiVir layered service provider "
Publisher: 
 "(Not verified) Avira GmbH "
Entry path: 
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
Entry name: 
AVSDA over [MSAFD Tcpip [TCP/IP]]
Program path & name: 
 "c:\windows\system32\avsda.dll "
Enabled: [V]
 
 
Program: 
 "AntiVir layered service provider "
Publisher: 
 "(Not verified) Avira GmbH "
Entry path: 
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
Entry name: 
AVSDA over [MSAFD Tcpip [UDP/IP]]
Program path & name: 
 "c:\windows\system32\avsda.dll "
Enabled: [V]
 
 
Program: 
 "AntiVir layered service provider "
Publisher: 
 "(Not verified) Avira GmbH "
Entry path: 
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
Entry name: 
AVSDA
Program path & name: 
 "c:\windows\system32\avsda.dll "
Enabled: [V]
 
 
Program: 
 "Java(TM) Platform SE binary "
Publisher: 
 "(Verified) Sun Microsystems Inc. "
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name: 
SunJavaUpdateSched
Program path & name: 
 "c:\program files\java\jre1.6.0_04\bin\jusched.exe "
Enabled: [V]
 
 
Program: 
 "QuickTime Task "
Publisher: 
 "(Not verified) Apple Computer Inc. "
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name: 
QuickTime Task
Program path & name: 
 "c:\program files\quicktime\qttask.exe "
Enabled: [V]
 
 
Program: 
 "NVIDIA nView Wizard
Publisher: 
 Version 111.32  "
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name: 
nwiz
Program path & name: 
 "(Not verified) NVIDIA Corporation" "c:\windows\system32\nwiz.exe "
Enabled: [V]
 
 
Program: 
 "rtclk MFC Application "
Publisher: 
N/A
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name: 
NVRTCLK
Program path & name: 
c:\windows\system32\nvrtclk\nvrtclk.exe "
Enabled: [V]
 
 
Program: 
 "ALiRAID Application "
Publisher: 
 "(Not verified) ALi Corporation "
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name: 
ALi5289
Program path & name: 
 "c:\program files\uli5289\ali5289.exe "
Enabled: [V]
 
 
Program: 
 "hpwuSchd "
Publisher: 
 "(Not verified) Hewlett-Packard "
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name: 
HP Software Update
Program path & name: 
 "c:\program files\hp\hp software update\hpwuschd.exe "
Enabled: [V]
 
 
Program: 
 "HP Framework Component Manager Service "
Publisher: 
 "(Not verified) Hewlett-Packard Company "
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name: 
HP Component Manager
Program path & name: 
 "c:\program files\hp\hpcoretech\hpcmpmgr.exe "
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name: 
DXDllRegExe
Program path & name: 
File not found: dxdllreg.exe "
Enabled: [V]
 
 
Program: 
 "Microsoft .NET Runtime Execution Engine "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name: 
application/octet-stream
Program path & name: 
 "c:\windows\system32\mscoree.dll "
Enabled: [V]
 
 
Program: 
 "Microsoft .NET Runtime Execution Engine "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name: 
application/x-complus
Program path & name: 
 "c:\windows\system32\mscoree.dll "
Enabled: [V]
 
 
Program: 
 "Microsoft .NET Runtime Execution Engine "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name: 
application/x-msdownload
Program path & name: 
 "c:\windows\system32\mscoree.dll "
Enabled: [V]
 
 
Program: 
 "HPCETIUI Protocol Handler Module "
Publisher: 
 "(Not verified) Hewlett-Packard Company "
Entry path: 
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name: 
cetihpz
Program path & name: 
 "c:\program files\hp\hpcoretech\comp\hpuiprot.dll "
Enabled: [V]
 
 
Program: 
 "Microsoft® InfoTech Storage System Library "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name: 
ms-itss
Program path & name: 
 "c:\program files\common files\microsoft shared\information retrieval\msitss.dll "
Enabled: [V]
 
 
Program: 
 "MSN Messenger Protocol Handler "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name: 
msnim
Program path & name: 
 "c:\program files\msn messenger\msgrapp.dll "
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
Entry name: 
0
Program path & name: 
File not found: About:Home "
Enabled: [V]
 
 
Program: 
 "Microsoft .NET IE SECURITY REGISTRATION "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name: 
n/a
Program path & name: 
 "c:\windows\system32\mscories.dll "
Enabled: [V]
 
 
Program: 
 "HP Digital Imaging Monitor (CUE) "
Publisher: 
 "(Not verified) Hewlett-Packard Co. "
Entry path: 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entry name: 
HP Digital Imaging Monitor.lnk
Program path & name: 
 "c:\program files\hp\digital imaging\bin\hpqtra08.exe "
Enabled: [V]
 
 
Program: 
 "Windows Portable Device Shell Service Object "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Entry name: 
WPDShServiceObj
Program path & name: 
 "c:\windows\system32\wpdshserviceobj.dll "
Enabled: [V]
 
 
Program: 
 "GoogleToolbarNotifier "
Publisher: 
 "(Verified) Google Inc "
Entry path: 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name: 
swg
Program path & name: 
 "c:\program files\google\googletoolbarnotifier\1.2.1128.5462\googletoolbarnotifier.exe "
Enabled: [V]
 
 
Program: 
 "Windows Media Player Network Sharing Service Configuration Application "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name: 
WMPNSCFG
Program path & name: 
 "c:\program files\windows media player\wmpnscfg.exe "
Enabled: [V]
 
 
Program: 
 "Yahoo! Toolbar "
Publisher: 
 "(Verified) Yahoo! Inc. "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Entry name: 
Yahoo! Toolbar Helper
Program path & name: 
 "c:\program files\yahoo!\companion\installs\cpn\yt.dll "
Enabled: [V]
 
 
Program: 
 "AcroIEHelper Module "
Publisher: 
 "(Verified) Adobe Systems Incorporated "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Entry name: 
AcroIEHlprObj Class
Program path & name: 
 "c:\program files\adobe\acrobat 5.0\reader\activex\acroiehelper.ocx "
Enabled: [V]
 
 
Program: 
 "Yahoo! IE Services "
Publisher: 
 "(Verified) Yahoo! Inc. "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Entry name: 
Yahoo! IE Services Button
Program path & name: 
 "c:\program files\yahoo!\common\yiesrvc.dll "
Enabled: [V]
 
 
Program: 
 "Java(TM) Platform SE binary "
Publisher: 
 "(Verified) Sun Microsystems Inc. "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Entry name: 
SSVHelper Class
Program path & name: 
 "c:\program files\java\jre1.6.0_04\bin\ssv.dll "
Enabled: [V]
 
 
Program: 
 "Google IE Client Toolbar "
Publisher: 
 "(Verified) Google Inc "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Entry name: 
Google Toolbar Helper
Program path & name: 
 "c:\program files\google\googletoolbar2.dll "
Enabled: [V]
 
 
Program: 
 "PayPalHelper Module "
Publisher: 
N/A
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Entry name: 
OToolbarHelper Class
Program path & name: 
c:\program files\paypal\paypal plug-in\paypalhelper.dll "
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
Display Panning CPL Extension
Program path & name: 
File not found: deskpan.dll "
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
HyperTerminal Icon Ext
Program path & name: 
File not found: C:\WINDOWS\system32\hticons.dll "
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
WinRAR shell extension
Program path & name: 
c:\program files\winrar\rarext.dll "
Enabled: [V]
 
 
Program: 
 "Microsoft .NET Runtime Execution Engine "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
Fusion Cache
Program path & name: 
 "c:\windows\system32\mscoree.dll "
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
The Core Media Player Shell Extension
Program path & name: 
c:\program files\corecodec\the core media player\system\coreshellagent.cll "
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
Haali Column Provider
Program path & name: 
c:\program files\haali\matroskasplitter\mmfinfo.dll "
Enabled: [V]
 
 
Program: 
 "Application Deployment Support Library "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
ShellLink for Application References
Program path & name: 
 "c:\windows\system32\dfshim.dll "
Enabled: [V]
 
 
Program: 
 "Application Deployment Support Library "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
Shell Icon Handler for Application References
Program path & name: 
 "c:\windows\system32\dfshim.dll "
Enabled: [V]
 
 
Program: 
 "AXShlEx.dll "
Publisher: 
 "(Verified) Alcohol Soft Code Signing Services "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
AlcoholShellEx
Program path & name: 
 "c:\program files\alcohol soft\alcohol 120\axshlex.dll "
Enabled: [V]
 
 
Program: 
 "NVIDIA Desktop Explorer
Publisher: 
 Version 111.32  "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
Desktop Explorer
Program path & name: 
 "(Not verified) NVIDIA Corporation" "c:\windows\system32\nvshell.dll "
Enabled: [V]
 
 
Program: 
 "NVIDIA Desktop Explorer
Publisher: 
 Version 111.32  "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
Desktop Explorer Menu
Program path & name: 
 "(Not verified) NVIDIA Corporation" "c:\windows\system32\nvshell.dll "
Enabled: [V]
 
 
Program: 
 "NVIDIA Desktop Explorer
Publisher: 
 Version 111.32  "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
nView Desktop Context Menu
Program path & name: 
 "(Not verified) NVIDIA Corporation" "c:\windows\system32\nvshell.dll "
Enabled: [V]
 
 
Program: 
 "Portable Devices Shell Extension "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
Portable Devices
Program path & name: 
 "c:\windows\system32\wpdshext.dll "
Enabled: [V]
 
 
Program: 
 "Portable Devices Shell Extension "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
Portable Devices Menu
Program path & name: 
 "c:\windows\system32\wpdshext.dll "
Enabled: [V]
 
 
Program: 
 "YMMAPI Module "
Publisher: 
 "(Verified) Yahoo! Inc. "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
Yahoo! Mail
Program path & name: 
 "c:\program files\yahoo!\common\ymmapi.dll "
Enabled: [V]
 
 
Program: 
 "Creative Shell Extension "
Publisher: 
 "(Not verified) Creative Technology Ltd "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
ZEN V Series Media Explorer
Program path & name: 
 "c:\program files\creative\creative zen v series (r2)\zen v series media explorer\shctmtp.dll "
Enabled: [V]
 
 
Program: 
 "ShlExt.dll "
Publisher: 
 "(Not verified) Avira GmbH "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
Shell Extension for Malware scanning
Program path & name: 
 "c:\program files\avira\antivir personaledition premium\shlext.dll "
Enabled: [V]
 
 
Program: 
 "PowerISOShell DLL "
Publisher: 
 "(Not verified) PowerISO Computing Inc. "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
PowerISO
Program path & name: 
 "c:\program files\poweriso\pwrisosh.dll "
Enabled: [V]
 
 
Program: 
 "Microsoft .NET Runtime Execution Engine "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
Fusion Cache
Program path & name: 
 "c:\windows\system32\mscoree.dll "
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
Entry name: 
Haali Column Provider
Program path & name: 
c:\program files\haali\matroskasplitter\mmfinfo.dll "
Enabled: [V]
 
 
Program: 
 "Yahoo! Toolbar "
Publisher: 
 "(Verified) Yahoo! Inc. "
Entry path: 
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
Entry name: 
yt.dll
Program path & name: 
 "c:\program files\yahoo!\companion\installs\cpn\yt.dll "
Enabled: [V]
 
 
Program: 
 "Yahoo! Toolbar "
Publisher: 
 "(Verified) Yahoo! Inc. "
Entry path: 
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name: 
yt.dll
Program path & name: 
 "c:\program files\yahoo!\companion\installs\cpn\yt.dll "
Enabled: [V]
 
 
Program: 
 "PayPal2 Control Module "
Publisher: 
N/A
Entry path: 
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name: 
otoolbar.dll
Program path & name: 
c:\program files\paypal\paypal plug-in\otoolbar.dll "
Enabled: [V]
 
 
Program: 
 "Google IE Client Toolbar "
Publisher: 
 "(Verified) Google Inc "
Entry path: 
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name: 
googletoolbar2.dll
Program path & name: 
 "c:\program files\google\googletoolbar2.dll "
Enabled: [V]
 
 
Program: 
 "AOL Instant Messenger "
Publisher: 
 "(Verified) America Online Inc. "
Entry path: 
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name: 
AIM
Program path & name: 
 "c:\program files\aim\aim.exe "
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name: 
Run IMVU
Program path & name: 
File not found: C:\Documents and Settings\Dwayne\Start Menu\Programs\IMVU\Run IMVU.lnk "
Enabled: [V]
 
 
Program: 
enabled
Publisher: 
 "Network Diagnostic for Windows XP "
Entry path: 
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name: 
@xpsp3res.dll
Program path & name: 
 "(Not verified) Microsoft Corporation" "c:\windows\network diagnostic\xpnetdiag.exe "
Enabled: [ ]
 
 
Program: 
 "Yahoo! Messenger "
Publisher: 
 "(Verified) Yahoo! Inc. "
Entry path: 
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name: 
Yahoo! Messenger
Program path & name: 
 "c:\program files\yahoo!\messenger\yahoomessenger.exe "
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name: 
HiDownload
Program path & name: 
File not found: O:\Program Files\HiDownload\hidownload.exe "
Enabled: [V]
 
 
Program: 
 "Windows Messenger "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name: 
Windows Messenger
Program path & name: 
 "c:\program files\messenger\msmsgs.exe "
Enabled: [V]
 

 

I removed a bunch of old software and all the stuff you told me to delete, downloaded/ran the software I was told to download and they picked up a couple things here and there that I told them to delete.

When I go to the iexplorer.exe part it hangs on the first command and eventually says "file not found." I searched my C: for "iexplorer.exe" and it wasn't found.

Erunt had no problem making a backup.

 

Lets see what is left.

Post a Hijackthis log and a fresh Deckard!

Mike

 

Fresh HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:35:36 PM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe "
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe "
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe "
O4 - HKLM\..\RunOnce: [SpybotDeletingA8212] command /c del "C:\WINDOWS\wt\webdriver.dll "
O4 - HKLM\..\RunOnce: [SpybotDeletingC7300] cmd /c del "C:\WINDOWS\wt\webdriver.dll "
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [X-Cleaner Deluxe] "C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe" -turbo -autostart -NOREBOOT
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5262] command /c del "C:\WINDOWS\wt\webdriver.dll "
O4 - HKCU\..\RunOnce: [SpybotDeletingD2837] cmd /c del "C:\WINDOWS\wt\webdriver.dll "
O4 - HKUS\S-1-5-21-343818398-1606980848-839522115-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-343818398-1606980848-839522115-1004\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-343818398-1606980848-839522115-1004\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-343818398-1606980848-839522115-1004\..\Run: [X-Cleaner Deluxe] "C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe" -turbo -autostart -NOREBOOT (User '?')
O4 - HKUS\S-1-5-21-343818398-1606980848-839522115-1004\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-343818398-1606980848-839522115-1004\..\RunOnce: [SpybotDeletingB5262] command /c del "C:\WINDOWS\wt\webdriver.dll" (User '?')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.0.84.cab
O16 - DPF: {4C563F3F-5621-4F23-BAC8-6B84DCA61AB2} (GoonzuGlobal_downloader Control) - http://cdn.goonzu.com/gscdnSkins/GoonzuGlobal_downloader0713.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v57/bjattack/bja.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139030516237
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://chat1.j2.com/Media/VisitorchatEnu/TLIEFlash.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.custhelp.com/7540-b358h/rnl/java/RntX.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{1A73AA10-2951-451A-B3C2-8769E5FDBCB4}: NameServer = 24.158.96.130,24.158.96.131
O17 - HKLM\System\CS2\Services\Tcpip\..\{1A73AA10-2951-451A-B3C2-8769E5FDBCB4}: NameServer = 24.158.96.130,24.158.96.131
O17 - HKLM\System\CS3\Services\Tcpip\..\{1A73AA10-2951-451A-B3C2-8769E5FDBCB4}: NameServer = 24.158.96.130,24.158.96.131
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: ASWLNDLL - C:\WINDOWS\SYSTEM32\ASWLNDLL.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AWE 5.1.0 Application Manager (AppMgrService) - AppStream Inc. - C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 14288 bytes

 

Assuming this is deckard...

Copy the following text and paste it to your report AS IS!!!

---------------------------------------------------------------
AutoRuns Diagnostics for TRF v 0.5 Developed by EscondeR
---------------------------------------------------------------

Code:

 
Program: 
N/A
Publisher: 
 "(Verified) Lavasoft AB "
Entry path: 
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
Entry name: 
lsdelete
Program path & name: 
 "c:\windows\system32\lsdelete.exe "
Enabled: [V]
 
 
Program: 
 "Protects your computer from spyware "
Publisher: 
 "(Verified) Lavasoft AB "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
aawservice
Program path & name: 
 "c:\program files\lavasoft\ad-aware 2007\aawservice.exe "
Enabled: [V]
 
 
Program: 
 "Offers permanent protection against viruses and malware for email clients with the AntiVir search engine. "
Publisher: 
 "(Not verified) Avira GmbH "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
AntiVirMailService
Program path & name: 
 "c:\program files\avira\antivir personaledition premium\avmailc.exe "
Enabled: [V]
 
 
Program: 
 "Service to schedule AntiVir jobs and updates. "
Publisher: 
 "(Not verified) Avira GmbH "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
AntiVirScheduler
Program path & name: 
 "c:\program files\avira\antivir personaledition premium\sched.exe "
Enabled: [V]
 
 
Program: 
 "Offers permanent protection against viruses and malware with the AntiVir search engine. "
Publisher: 
 "(Not verified) Avira GmbH "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
AntiVirService
Program path & name: 
 "c:\program files\avira\antivir personaledition premium\avguard.exe "
Enabled: [V]
 
 
Program: 
 "Helper service for the AntiVir MailGuard. "
Publisher: 
 "(Not verified) Avira GmbH "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
AVEService
Program path & name: 
 "c:\program files\avira\antivir personaledition premium\avesvc.exe "
Enabled: [V]
 
 
Program: 
 "Creative Service for CDROM Access "
Publisher: 
 "(Not verified) Creative Technology Ltd "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
Creative Service for CDROM Access
Program path & name: 
 "c:\windows\system32\ctsvccda.exe "
Enabled: [V]
 
 
Program: 
 "Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped
Publisher: 
 the debuggers will not function properly. "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
MDM
Program path & name: 
 "(Not verified) Microsoft Corporation" "c:\program files\common files\microsoft shared\vs7debug\mdm.exe "
Enabled: [V]
 
 
Program: 
 "PunkBuster Service Component [v1009] http://www.evenbalance.com "
Publisher: 
 "(Verified) Even Balance Inc. "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
PnkBstrA
Program path & name: 
 "c:\windows\system32\pnkbstra.exe "
Enabled: [V]
 
 
Program: 
 "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
WMPNetworkSvc
Program path & name: 
 "c:\program files\windows media player\wmpnetwk.exe "
Enabled: [V]
 
 
Program: 
 "AMD Processor Driver "
Publisher: 
 "(Not verified) Advanced Micro Devices "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
AmdK8
Program path & name: 
 "c:\windows\system32\drivers\amdk8.sys "
Enabled: [V]
 
 
Program: 
 "Avira AntiVir Support for Minifilter "
Publisher: 
 "(Verified) Avira GmbH "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
avgio
Program path & name: 
 "c:\program files\avira\antivir personaledition premium\avgio.sys "
Enabled: [V]
 
 
Program: 
 "Avira's Driver for RootKit Detection "
Publisher: 
 "(Verified) Avira GmbH "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
avipbb
Program path & name: 
 "c:\windows\system32\drivers\avipbb.sys "
Enabled: [V]
 
 
Program: 
 "Macrovision SECURITY Driver "
Publisher: 
 "(Not verified) Macrovision Europe Ltd "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
CdaD10BA
Program path & name: 
 "c:\windows\system32\drivers\cdad10ba.sys "
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
cusbohcn
Program path & name: 
File not found: C:\DOCUME~1\Dwayne\LOCALS~1\Temp\cusbohcn.sys "
Enabled: [V]
 
 
Program: 
 "SCSI miniport "
Publisher: 
 "(Verified) DAEMON Tools Code Signing Services "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
dtscsi
Program path & name: 
 "c:\windows\system32\drivers\dtscsi.sys "
Enabled: [V]
 
 
Program: 
 "GIGABYTE Tools "
Publisher: 
 "(Verified) GIGA-BYTE TECHNOLOGY CO. LTD "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
gdrv
Program path & name: 
 "c:\windows\gdrv.sys "
Enabled: [V]
 
 
Program: 
 "Hamachi Virtual Network Interface Driver "
Publisher: 
 "(Not verified) Applied Networking Inc. "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
hamachi
Program path & name: 
 "c:\windows\system32\drivers\hamachi.sys "
Enabled: [V]
 
 
Program: 
 "ULi SATA RAID Controller Driver "
Publisher: 
 "(Not verified) ULi Electronics Inc. "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
m5289
Program path & name: 
 "c:\windows\system32\drivers\m5289.sys "
Enabled: [V]
 
 
Program: 
 "Dual Mode USB Camera 519 Stream Class Mini Driver "
Publisher: 
 "(Not verified) OmniVision Technologies Inc. "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
ovt519
Program path & name: 
 "c:\windows\system32\drivers\ov519vid.sys "
Enabled: [V]
 
 
Program: 
 "Appstream System Services "
Publisher: 
 "(Not verified) Appstream Inc. "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
REGHOOK
Program path & name: 
 "c:\windows\system32\drivers\reghook.sys "
Enabled: [V]
 
 
Program: 
 "Realtek 10/100/1000 NDIS 5.1 Driver                          "
Publisher: 
 "(Not verified) Realtek Semiconductor Corporation                            "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
RTL8023xp
Program path & name: 
 "c:\windows\system32\drivers\rtlnicxp.sys "
Enabled: [V]
 
 
Program: 
 "SCSI Pass Through Direct Host "
Publisher: 
 "(Not verified) Duplex Secure Ltd. "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
sptd
Program path & name: 
 "c:\windows\system32\drivers\sptd.sys "
Enabled: [V]
 
 
Program: 
 "Avira Snapshot Driver "
Publisher: 
 "(Verified) Avira GmbH "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
ssmdrv
Program path & name: 
 "c:\windows\system32\drivers\ssmdrv.sys "
Enabled: [V]
 
 
Program: 
 "TVicHW32 Driver for Windows NT/2000/XP "
Publisher: 
 "(Not verified) EnTech Taiwan "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
TVICHW32
Program path & name: 
 "c:\windows\system32\drivers\tvichw32.sys "
Enabled: [V]
 
 
Program: 
 "USBIO Driver "
Publisher: 
 "(Not verified) Thesycon GmbH Germany "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
USBIO
Program path & name: 
 "c:\windows\system32\drivers\usbio.sys "
Enabled: [V]
 
 
Program: 
 "SCSI miniport "
Publisher: 
 "(Verified) DAEMON Tools Code Signing Services "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
vaxscsi
Program path & name: 
 "c:\windows\system32\drivers\vaxscsi.sys "
Enabled: [V]
 
 
Program: 
 "Appstream communication driver "
Publisher: 
 "(Not verified) Appstream Inc. "
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
VSPD
Program path & name: 
 "c:\windows\system32\drivers\vspd.sys "
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\System\CurrentControlSet\Services
Entry name: 
X4HSX32
Program path & name: 
File not found: O:\Program Files\GameTap\bin\Release\X4HSX32.Sys "
Enabled: [V]
 
 
Program: 
 "AppStream Winlogon Notification DLL "
Publisher: 
 "(Not verified) Appstream Inc. "
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name: 
ASWLNDLL
Program path & name: 
 "c:\windows\system32\aswlndll.dll "
Enabled: [V]
 
 
Program: 
 "QuickTime Task "
Publisher: 
 "(Not verified) Apple Computer Inc. "
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name: 
QuickTime Task
Program path & name: 
 "c:\program files\quicktime\qttask.exe "
Enabled: [V]
 
 
Program: 
 "NVIDIA nView Wizard
Publisher: 
 Version 111.32  "
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name: 
nwiz
Program path & name: 
 "(Not verified) NVIDIA Corporation" "c:\windows\system32\nwiz.exe "
Enabled: [V]
 
 
Program: 
 "rtclk MFC Application "
Publisher: 
N/A
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name: 
NVRTCLK
Program path & name: 
c:\windows\system32\nvrtclk\nvrtclk.exe "
Enabled: [V]
 
 
Program: 
 "ALiRAID Application "
Publisher: 
 "(Not verified) ALi Corporation "
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name: 
ALi5289
Program path & name: 
 "c:\program files\uli5289\ali5289.exe "
Enabled: [V]
 
 
Program: 
 "hpwuSchd "
Publisher: 
 "(Not verified) Hewlett-Packard "
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name: 
HP Software Update
Program path & name: 
 "c:\program files\hp\hp software update\hpwuschd.exe "
Enabled: [V]
 
 
Program: 
 "HP Framework Component Manager Service "
Publisher: 
 "(Not verified) Hewlett-Packard Company "
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name: 
HP Component Manager
Program path & name: 
 "c:\program files\hp\hpcoretech\hpcmpmgr.exe "
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name: 
DXDllRegExe
Program path & name: 
File not found: dxdllreg.exe "
Enabled: [V]
 
 
Program: 
 "Java(TM) Platform SE binary "
Publisher: 
 "(Verified) Sun Microsystems Inc. "
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name: 
SunJavaUpdateSched
Program path & name: 
 "c:\program files\java\jre1.6.0_04\bin\jusched.exe "
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Entry name: 
SpybotDeletingA8212
Program path & name: 
File not found: command "
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Entry name: 
SpybotDeletingC7300
Program path & name: 
File not found: del "
Enabled: [V]
 
 
Program: 
 "Spybot - Search & Destroy "
Publisher: 
 "(Verified) Safer Networking Ltd. "
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Entry name: 
SpybotSnD
Program path & name: 
 "c:\program files\spybot - search & destroy\spybotsd.exe "
Enabled: [V]
 
 
Program: 
 "Microsoft .NET Runtime Execution Engine "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name: 
application/octet-stream
Program path & name: 
 "c:\windows\system32\mscoree.dll "
Enabled: [V]
 
 
Program: 
 "Microsoft .NET Runtime Execution Engine "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name: 
application/x-complus
Program path & name: 
 "c:\windows\system32\mscoree.dll "
Enabled: [V]
 
 
Program: 
 "Microsoft .NET Runtime Execution Engine "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name: 
application/x-msdownload
Program path & name: 
 "c:\windows\system32\mscoree.dll "
Enabled: [V]
 
 
Program: 
 "HPCETIUI Protocol Handler Module "
Publisher: 
 "(Not verified) Hewlett-Packard Company "
Entry path: 
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name: 
cetihpz
Program path & name: 
 "c:\program files\hp\hpcoretech\comp\hpuiprot.dll "
Enabled: [V]
 
 
Program: 
 "Microsoft® InfoTech Storage System Library "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name: 
ms-itss
Program path & name: 
 "c:\program files\common files\microsoft shared\information retrieval\msitss.dll "
Enabled: [V]
 
 
Program: 
 "MSN Messenger Protocol Handler "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name: 
msnim
Program path & name: 
 "c:\program files\msn messenger\msgrapp.dll "
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
Entry name: 
0
Program path & name: 
File not found: About:Home "
Enabled: [V]
 
 
Program: 
 "Microsoft .NET IE SECURITY REGISTRATION "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name: 
n/a
Program path & name: 
 "c:\windows\system32\mscories.dll "
Enabled: [V]
 
 
Program: 
 "HP Digital Imaging Monitor (CUE) "
Publisher: 
 "(Not verified) Hewlett-Packard Co. "
Entry path: 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entry name: 
HP Digital Imaging Monitor.lnk
Program path & name: 
 "c:\program files\hp\digital imaging\bin\hpqtra08.exe "
Enabled: [V]
 
 
Program: 
 "Windows Portable Device Shell Service Object "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Entry name: 
WPDShServiceObj
Program path & name: 
 "c:\windows\system32\wpdshserviceobj.dll "
Enabled: [V]
 
 
Program: 
 "GoogleToolbarNotifier "
Publisher: 
 "(Verified) Google Inc "
Entry path: 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name: 
swg
Program path & name: 
 "c:\program files\google\googletoolbarnotifier\1.2.1128.5462\googletoolbarnotifier.exe "
Enabled: [V]
 
 
Program: 
 "Windows Media Player Network Sharing Service Configuration Application "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name: 
WMPNSCFG
Program path & name: 
 "c:\program files\windows media player\wmpnscfg.exe "
Enabled: [V]
 
 
Program: 
 "Privacy Solution "
Publisher: 
 "(Verified) FaceTime Communications "
Entry path: 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name: 
X-Cleaner Deluxe
Program path & name: 
 "c:\program files\x-cleaner\xcleaner_full.exe "
Enabled: [V]
 
 
Program: 
 "System settings protector "
Publisher: 
 "(Verified) Safer Networking Ltd. "
Entry path: 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name: 
SpybotSD TeaTimer
Program path & name: 
 "c:\program files\spybot - search & destroy\teatimer.exe "
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Entry name: 
SpybotDeletingB5262
Program path & name: 
File not found: command "
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Entry name: 
SpybotDeletingD2837
Program path & name: 
File not found: del "
Enabled: [V]
 
 
Program: 
 "Yahoo! Toolbar "
Publisher: 
 "(Verified) Yahoo! Inc. "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Entry name: 
Yahoo! Toolbar Helper
Program path & name: 
 "c:\program files\yahoo!\companion\installs\cpn\yt.dll "
Enabled: [V]
 
 
Program: 
 "AcroIEHelper Module "
Publisher: 
 "(Verified) Adobe Systems Incorporated "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Entry name: 
AcroIEHlprObj Class
Program path & name: 
 "c:\program files\adobe\acrobat 5.0\reader\activex\acroiehelper.ocx "
Enabled: [V]
 
 
Program: 
 "SBSD IE Protection "
Publisher: 
 "(Verified) Safer Networking Ltd. "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Entry name: 
Spybot-S&D IE Protection
Program path & name: 
 "c:\program files\spybot - search & destroy\sdhelper.dll "
Enabled: [V]
 
 
Program: 
 "Yahoo! IE Services "
Publisher: 
 "(Verified) Yahoo! Inc. "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Entry name: 
Yahoo! IE Services Button
Program path & name: 
 "c:\program files\yahoo!\common\yiesrvc.dll "
Enabled: [V]
 
 
Program: 
 "Java(TM) Platform SE binary "
Publisher: 
 "(Verified) Sun Microsystems Inc. "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Entry name: 
SSVHelper Class
Program path & name: 
 "c:\program files\java\jre1.6.0_04\bin\ssv.dll "
Enabled: [V]
 
 
Program: 
 "Google IE Client Toolbar "
Publisher: 
 "(Verified) Google Inc "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Entry name: 
Google Toolbar Helper
Program path & name: 
 "c:\program files\google\googletoolbar2.dll "
Enabled: [V]
 
 
Program: 
 "PayPalHelper Module "
Publisher: 
N/A
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Entry name: 
OToolbarHelper Class
Program path & name: 
c:\program files\paypal\paypal plug-in\paypalhelper.dll "
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
Display Panning CPL Extension
Program path & name: 
File not found: deskpan.dll "
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
HyperTerminal Icon Ext
Program path & name: 
File not found: C:\WINDOWS\system32\hticons.dll "
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
WinRAR shell extension
Program path & name: 
c:\program files\winrar\rarext.dll "
Enabled: [V]
 
 
Program: 
 "Microsoft .NET Runtime Execution Engine "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
Fusion Cache
Program path & name: 
 "c:\windows\system32\mscoree.dll "
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
The Core Media Player Shell Extension
Program path & name: 
c:\program files\corecodec\the core media player\system\coreshellagent.cll "
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
Haali Column Provider
Program path & name: 
c:\program files\haali\matroskasplitter\mmfinfo.dll "
Enabled: [V]
 
 
Program: 
 "Application Deployment Support Library "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
ShellLink for Application References
Program path & name: 
 "c:\windows\system32\dfshim.dll "
Enabled: [V]
 
 
Program: 
 "Application Deployment Support Library "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
Shell Icon Handler for Application References
Program path & name: 
 "c:\windows\system32\dfshim.dll "
Enabled: [V]
 
 
Program: 
 "AXShlEx.dll "
Publisher: 
 "(Verified) Alcohol Soft Code Signing Services "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
AlcoholShellEx
Program path & name: 
 "c:\program files\alcohol soft\alcohol 120\axshlex.dll "
Enabled: [V]
 
 
Program: 
 "NVIDIA Desktop Explorer
Publisher: 
 Version 111.32  "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
Desktop Explorer
Program path & name: 
 "(Not verified) NVIDIA Corporation" "c:\windows\system32\nvshell.dll "
Enabled: [V]
 
 
Program: 
 "NVIDIA Desktop Explorer
Publisher: 
 Version 111.32  "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
Desktop Explorer Menu
Program path & name: 
 "(Not verified) NVIDIA Corporation" "c:\windows\system32\nvshell.dll "
Enabled: [V]
 
 
Program: 
 "NVIDIA Desktop Explorer
Publisher: 
 Version 111.32  "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
nView Desktop Context Menu
Program path & name: 
 "(Not verified) NVIDIA Corporation" "c:\windows\system32\nvshell.dll "
Enabled: [V]
 
 
Program: 
 "Portable Devices Shell Extension "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
Portable Devices
Program path & name: 
 "c:\windows\system32\wpdshext.dll "
Enabled: [V]
 
 
Program: 
 "Portable Devices Shell Extension "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
Portable Devices Menu
Program path & name: 
 "c:\windows\system32\wpdshext.dll "
Enabled: [V]
 
 
Program: 
 "YMMAPI Module "
Publisher: 
 "(Verified) Yahoo! Inc. "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
Yahoo! Mail
Program path & name: 
 "c:\program files\yahoo!\common\ymmapi.dll "
Enabled: [V]
 
 
Program: 
 "Creative Shell Extension "
Publisher: 
 "(Not verified) Creative Technology Ltd "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
ZEN V Series Media Explorer
Program path & name: 
 "c:\program files\creative\creative zen v series (r2)\zen v series media explorer\shctmtp.dll "
Enabled: [V]
 
 
Program: 
 "ShlExt.dll "
Publisher: 
 "(Not verified) Avira GmbH "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
Shell Extension for Malware scanning
Program path & name: 
 "c:\program files\avira\antivir personaledition premium\shlext.dll "
Enabled: [V]
 
 
Program: 
 "PowerISOShell DLL "
Publisher: 
 "(Not verified) PowerISO Computing Inc. "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
PowerISO
Program path & name: 
 "c:\program files\poweriso\pwrisosh.dll "
Enabled: [V]
 
 
Program: 
 "Microsoft .NET Runtime Execution Engine "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name: 
Fusion Cache
Program path & name: 
 "c:\windows\system32\mscoree.dll "
Enabled: [V]
 
 
Program: 
N/A
Publisher: 
N/A
Entry path: 
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
Entry name: 
Haali Column Provider
Program path & name: 
c:\program files\haali\matroskasplitter\mmfinfo.dll "
Enabled: [V]
 
 
Program: 
 "Yahoo! Toolbar "
Publisher: 
 "(Verified) Yahoo! Inc. "
Entry path: 
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
Entry name: 
yt.dll
Program path & name: 
 "c:\program files\yahoo!\companion\installs\cpn\yt.dll "
Enabled: [V]
 
 
Program: 
 "Yahoo! Toolbar "
Publisher: 
 "(Verified) Yahoo! Inc. "
Entry path: 
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name: 
yt.dll
Program path & name: 
 "c:\program files\yahoo!\companion\installs\cpn\yt.dll "
Enabled: [V]
 
 
Program: 
 "PayPal2 Control Module "
Publisher: 
N/A
Entry path: 
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name: 
otoolbar.dll
Program path & name: 
c:\program files\paypal\paypal plug-in\otoolbar.dll "
Enabled: [V]
 
 
Program: 
 "Google IE Client Toolbar "
Publisher: 
 "(Verified) Google Inc "
Entry path: 
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name: 
googletoolbar2.dll
Program path & name: 
 "c:\program files\google\googletoolbar2.dll "
Enabled: [V]
 
 
Program: 
 "AOL Instant Messenger "
Publisher: 
 "(Verified) America Online Inc. "
Entry path: 
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name: 
AIM
Program path & name: 
 "c:\program files\aim\aim.exe "
Enabled: [V]
 
 
Program: 
enabled
Publisher: 
 "Network Diagnostic for Windows XP "
Entry path: 
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name: 
@xpsp3res.dll
Program path & name: 
 "(Not verified) Microsoft Corporation" "c:\windows\network diagnostic\xpnetdiag.exe "
Enabled: [ ]
 
 
Program: 
 "Yahoo! Messenger "
Publisher: 
 "(Verified) Yahoo! Inc. "
Entry path: 
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name: 
Yahoo! Messenger
Program path & name: 
 "c:\program files\yahoo!\messenger\yahoomessenger.exe "
Enabled: [V]
 
 
Program: 
 "Windows Messenger "
Publisher: 
 "(Not verified) Microsoft Corporation "
Entry path: 
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name: 
Windows Messenger
Program path & name: 
 "c:\program files\messenger\msmsgs.exe "
Enabled: [V]