Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

my HikackThisLog

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

my HikackThisLog

Unread postby computeruser » December 6th, 2008, 10:43 pm

Hi
Internet explorer rarely loads, just tries to load. Firefox loads readily. I downloaded and installed and ran HiJackThis. The first time, I pressed AnalyzeThis. Will this hurt anything? I did not Fix anything. Here is my log. Thanks so much
Steve


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:06 PM, on 12/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\SxgTkBar.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\hdspmix.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\quickenw\QAGENT.EXE
C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs3.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv3.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\sje\Desktop\donwload\virus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: (no name) - {09628AAA-66AD-4FA2-82E2-698185B66463} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPWU_MPM_Agent] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\mpm.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV3.EXE /Logon
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS3.EXE /logon
O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe
O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QAGENT] C:\quickenw\QAGENT.EXE
O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) Agent] "C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe"
O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) virtual printer agent] "C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe"
O4 - HKLM\..\Run: [T-Mobile Connection Manager] "C:\Program Files\T-Mobile\Connection Manager\TMobileCM.exe" -a
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: CodeMeter Control Center.lnk = C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/d ... gctlcm.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h20364.www2.hp.com/CSMWeb/Custo ... anager.CAB
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://www.schaeffersresearch.com/download/CfxIEAx.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d ... o-eula.cab
O16 - DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} (ChartFX Internet Financial Client 4.0) - http://www.schaeffersresearch.com/Downl ... ancial.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0344612524
O16 - DPF: {9C134253-E8A3-4759-9F98-302B7981922E} (MaxViewer Class) - http://support.scansoft.com/pp/files/np_max.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.1.6.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Tmesbs3 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs3.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv3.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 10916 bytes
computeruser
Regular Member
 
Posts: 29
Joined: December 6th, 2008, 10:38 pm
Advertisement
Register to Remove

Re: my HikackThisLog

Unread postby John B. » December 19th, 2008, 3:40 pm

Hi Steve! :hello2: and welcome to the Malware Removal forums.
My name is John Brouwer - if it helps, you can call me John for short. I'll be glad to help you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happens.

These rules are good for you to know:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me so the topic will not be closed.

These rules are to make my voluntary work more comfortable:
  • Please be patient. The work I do is voluntary and I also have a private life (school, work, friends and hobbies).
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • Please reply to this thread. Do not start a new topic.
  • Also, don't post logs as attachments. Other helpers like to view the logs as well and opening a lot of attachments is irritating. It can also contain malware.

Finally, please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Open The Misc Tool Section button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop and post the contents in a reply to this topic. Also post a new HijackThis log.

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: my HikackThisLog

Unread postby computeruser » December 20th, 2008, 1:52 am

Thanks very much. When I start internet explorer, it try to go someplace but never gets there. Then I hit stop and it says: res://ieframe.dll/navcancl.htm. Firefox still works.

1.

32 Bit HP CIO Components Installer
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Album 2.0
Adobe Reader 9
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
AquaNotes 3.5
Audacity 1.2.6
Batch & Print Pro
Bluetooth Stack for Windows by Toshiba
Canon MP600
CLR Script 1.62
CodeMeter Runtime Kit v3.20c
Compatibility Pack for the 2007 Office system
ContinuumClient
Convert PowerPoint
Customizable Alerts
Directory Printer 3.72
Directory Report
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Dr Watson for Microsoft Windows OneCare Live v0.9.0929.18
Dragon NaturallySpeaking 8
DropBox
Edelweiss A320-214 Flotte
Edelweiss A330-243
ESET NOD32 Antivirus
File Scavenger 3.2
Google Earth
Great Lakes Beech 1900D
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Officejet Pro K550 Series
HP Smart Web Printing
HP Update
ICS Viewer 6.0
Inno Setup version 5.1.8
Intel(R) PRO Ethernet Adapter and Software
IrfanView (remove only)
Java DB 10.4.1.3
Java(TM) 6 Update 10
Java(TM) 6 Update 3
Java(TM) SE Development Kit 6 Update 10
KDEN Denver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ActiveSync 3.8
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Identity Integration Server 2003 Resource Tool Kit
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Small Business
Microsoft Office PowerPoint Viewer 2003
Microsoft SQL Server Desktop Engine (NeatReceipts Professional)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual FoxPro 9.0 Professional - English
MightyFax
Mozilla Firefox (3.0.5)
MS PowerPoint Print Multiple Presentations Software 7.0
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
NeatReceipts Professional v2.7.5
NetZoom
NVIDIA Windows 2000/XP Display Drivers
OpenOffice.org 2.2
OP-EVAL3
Outlook Express Quick Backup
Pagis Viewer 2.0
Quicken 2001 New User Edition
QuickTime
RealPlayer
Replay Screencast 1.21
RME DIGICheck
RME Hammerfall DSP (WDM)
RME HDSP Meter Bridge
Samplitude 10 Download version 10.1.0.0 (US)
ScanSoft PaperPort 11
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Shop for HP Supplies
Short Empire for FSX or FS2004
SIL Shoebox Utilities
Smart PDF Converter Pro 4.2
Speak Clipboard
T-Mobile Connection Manager
TOSHIBA Console
Toshiba Hotkey Utility for Display Devices
TOSHIBA Management Console Version 3.5 (3.5.2)
TOSHIBA Mobile Extension3 V3.19.00
TOSHIBA Power Saver
TOSHIBA Software Modem
Toshiba Tbiosdrv Driver
TOSHIBA Utilities
Trader Workstation 4.0
TTS_Technology
TWC User Controls
Tweak UI
TWS Interoperability Components
Ultimate Traffic
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Viewpoint Media Player
Virtual Frontier (iFDG) Airbus A-319
Virtual FRONTIER iFDG Airbus A-319
Virtual Frontier Jet Express CRJ-700
WD Diagnostics
Windows Defender Signatures
Windows Live installer
Windows Live Sign-in Assistant
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Wireless Hotkey
Xpander
YAMAHA AC-XG WDM
YAMAHA XG SoftSynthesizer S-YXG50

and
2.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:43 PM, on 12/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\SxgTkBar.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
C:\WINDOWS\system32\hdsp32.exe
C:\WINDOWS\system32\hdspmix.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\quickenw\QAGENT.EXE
C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs3.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv3.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\sje\Desktop\donwload\virus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: (no name) - {09628AAA-66AD-4FA2-82E2-698185B66463} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPWU_MPM_Agent] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\mpm.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV3.EXE /Logon
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS3.EXE /logon
O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe
O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QAGENT] C:\quickenw\QAGENT.EXE
O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) Agent] "C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe"
O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) virtual printer agent] "C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe"
O4 - HKLM\..\Run: [T-Mobile Connection Manager] "C:\Program Files\T-Mobile\Connection Manager\TMobileCM.exe" -a
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: CodeMeter Control Center.lnk = C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Tmesbs3 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs3.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv3.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 9276 bytes
computeruser
Regular Member
 
Posts: 29
Joined: December 6th, 2008, 10:38 pm

Re: my HikackThisLog

Unread postby John B. » December 20th, 2008, 2:25 pm

Hi Steve,

Does not look really bad overall. Here is a little note on Viewpoint:
I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.
To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
  1. Click Start, point to Settings, and then click Control Panel.
  2. In Control Panel, double-click Add or Remove Programs.
  3. In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
  4. Do the same for each Viewpoint component.
This is the item to fix in HijackThis.

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe


Let's start the fix now. At some point you will start deleting SpywareBot. This program may seem legit to you, but it is rogue and malicious. To prevent that you infect yourself with this kind of rogue Anti-Virus or Anti-Spyware programs again, I recommend that you bookmark these two pages. Both contain a list of rogue applets (the latter is the database of a program which removes this malware):
http://www.spywarewarrior.com/rogue_anti-spyware.htm
http://www.malwarebytes.org/database.php

You aren't running Firewall Software. Please download and install one of them first!

Use a Firewall - Using a Firewall on your computer can be very important. Without a firewall your computer is susceptible to being hacked and taken over. There are some different situations you can be in where a third-party firewall may or may not be a good addition to your system:
  • If you are not using Windows XP or Vista, but an older version I recommend you to use a firewall.
  • If you are using Windows XP or Vista, but are on dial-up I recommend you to use a firewall.
  • If you are using Windows XP or Vista and are using broadband, but are not experienced in using firewalls and getting the choice to allow or disallow things I recommend you to use Windows Firewall.
  • If you are using Windows XP or Vista, are using broadband and experienced, I recommend you to disable Windows Firewall (as it is not perfect) and get a third-party firewall.

Here are some firewalls which are free for personal use and most used:
Kerio Personal Firewall (Free version after 30 days)
Online Armor Free

Or you could buy their paid version online or in a shop nearby:
Kerio Personal Firewall (Continue paid version after 30 days)
Online Armor or Online Armor AV+ with Anti-Virus included

As you did this, we can begin with the fix.

Step 1: Remove HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    O2 - BHO: (no name) - {09628AAA-66AD-4FA2-82E2-698185B66463} - (no file)

    O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot

    O24 - Desktop Component 0: (no name) - (no file)


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

Step 2: Delete folder
Use Explorer to navigate to and delete the following folder (if present):

C:\Program Files\SpywareBot

Now just exit Explorer.

Step 3: Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Step 4: Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Close the Notepad file.
  • The log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Step 5: Reboot your computer
Just to make sure if any removal has to be finished.

Step 6: Download and Run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

Step 7: Post logs
Please post the following logs in a reply to this topic (use multiple posts if needed):
  • Tell me a little more about your problem(s). When it started, etc.
  • Tell me which versions of Java you are using. I see Runtime Environment, but also Developers Kit and some database.
  • Fresh HijackThis log
  • MalwareBytes' log
  • RSIT logs

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: my HikackThisLog

Unread postby computeruser » December 20th, 2008, 5:21 pm

Wow! Wow! Wow1
Actually Java stopped working in internet explorer (IE) maybe 6 months ago, this despite the fact that I tried to download and install and test that I had installed Java. My machine passes all of the Java tests, so I can't figure this out. I don't know why I have the database or the developers but here's what I have
Java runtume developers kis
Java DB 10.4.1.3
Java 6 update 10 and 3
Java SE developer's kit

which ones should I keep?

Now spybotware: I have tried to get rid of this, contacted the maker, ran their removal software, it still comes back. Is it gone now??

IE still does not go anywhere, until I hit stop, then it goes to res://ieframe.dll/navcancl.htm. But then I can type in a URL and it will go there, just fine.

Thanks soooooo much
Steve

4 logs pasted below:

1. Logfile of random's system information tool 1.05 (written by random/random)
Run by sje at 2008-12-20 13:11:43
Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (31%) free of 57 GB
Total RAM: 1023 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:11:48 PM, on 12/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\SxgTkBar.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\hdsp32.exe
C:\WINDOWS\system32\hdspmix.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\quickenw\QAGENT.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs3.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv3.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\sje\Desktop\RSIT.exe
C:\Documents and Settings\sje\Desktop\donwload\virus\sje.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPWU_MPM_Agent] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\mpm.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV3.EXE /Logon
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS3.EXE /logon
O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe
O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QAGENT] C:\quickenw\QAGENT.EXE
O4 - HKLM\..\Run: [T-Mobile Connection Manager] "C:\Program Files\T-Mobile\Connection Manager\TMobileCM.exe" -a
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Stock Spy Tray] "C:\Program Files\Stock Spy\Stock Spy Tray.lnk"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DropBoxUtility] "C:\Program Files\DropBox\DropBox\DropBox.exe" /s
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Program Files\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SpywareBot Scanning Engine (SpywareBotSrv) - Unknown owner - C:\Program Files\SpywareBot\SpywareBotSrv.srv.exe (file missing)
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Tmesbs3 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs3.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv3.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 8254 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-16 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-16 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-16 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Tpwrtray"=TPWRTRAY.EXE []
"TosHKCW.exe"=C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [2002-01-22 49152]
"TFNF5"=TFNF5.exe []
"SxgTkBar"=SxgTkBar.exe []
"NvCplDaemon"=NvQTwk []
"00THotkey"=C:\WINDOWS\System32\00THotkey.exe [2002-01-30 249856]
"000StTHK"=000StTHK.exe []
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-11-10 188416]
"HPWU_MPM_Agent"=C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\mpm.exe [2005-11-08 106496]
"TMESRV.EXE"=C:\Program Files\TOSHIBA\TME3\TMESRV3.EXE [2002-02-18 126976]
"TMESBS.EXE"=C:\Program Files\TOSHIBA\TME3\TMESBS3.EXE [2001-08-23 61440]
"HPWUTOOLBOX"=C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe [2005-11-08 352256]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-08-09 221184]
"HDSPTray1"=hdsp32.exe []
"HDSPTray2"=hdspmix.exe []
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-29 155648]
"PaperPort PTD"=C:\Program Files\Scansoft\PaperPort\pptd40nt.exe [2006-05-05 36864]
"IndexSearch"=C:\Program Files\Scansoft\PaperPort\IndexSearch.exe [2006-05-05 40960]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-12-11 286720]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-02-20 1443072]
"QAGENT"=C:\quickenw\QAGENT.EXE [2000-09-19 94208]
"T-Mobile Connection Manager"=C:\Program Files\T-Mobile\Connection Manager\TMobileCM.exe [2007-07-23 18968]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-16 136600]
"Stock Spy Tray"=C:\Program Files\Stock Spy\Stock Spy Tray.lnk []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe []
"DropBoxUtility"=C:\Program Files\DropBox\DropBox\DropBox.exe /s []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2005-01-04 405583]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SpywareBot"=C:\Program Files\SpywareBot\SpywareBot.exe -boot []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\sje\Start Menu\Programs\Startup
Check for TWS Updates.lnk - C:\Jts\WiseUpdt.exe
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoBandCustomize"=0
"NoMovingBands"=0
"NoCloseDragDropBands"=0
"NoActiveDesktop"=0
"ExSearchOptions"=170685

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\PHILLIP 2\Games\Flight Simulator\Flight Simulator 9\fs9.exe"="E:\PHILLIP 2\Games\Flight Simulator\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Microsoft Visual FoxPro 8\vfp8.exe"="C:\Program Files\Microsoft Visual FoxPro 8\vfp8.exe:*:Enabled:Microsoft Visual FoxPro 8.0"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe"="C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\QuoteTracker\stocks.exe"="C:\Program Files\QuoteTracker\stocks.exe:*:Enabled:stocks"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\Microsoft Visual FoxPro 9\vfp9.exe"="C:\Program Files\Microsoft Visual FoxPro 9\vfp9.exe:*:Enabled:Microsoft Visual FoxPro 9.0 SP1"
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"="C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\QuoteLink\0-73-1\Run\winql.exe"="C:\Program Files\QuoteLink\0-73-1\Run\winql.exe:*:Enabled:QuoteLink Tools module"
"C:\Program Files\Microsoft Office\Office\EXCEL.EXE"="C:\Program Files\Microsoft Office\Office\EXCEL.EXE:*:Enabled:Microsoft Excel for Windows"
"C:\Program Files\QuoteLink\0-73-1\Run\qview.exe"="C:\Program Files\QuoteLink\0-73-1\Run\qview.exe:*:Enabled:QuoteLink Tools module"
"C:\Program Files\DTN\IQFeed\iqconnect.exe"="C:\Program Files\DTN\IQFeed\iqconnect.exe:*:Enabled:IQConnect Application"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Prophet\plink.exe"="C:\Prophet\plink.exe:*:Enabled:a5"
"C:\Program Files\CLR Script\CLRScrpt.exe"="C:\Program Files\CLR Script\CLRScrpt.exe:*:Enabled:CLR Script"
"C:\Documents and Settings\sje\Desktop\Phillip\WELCOME PHILLIP!\ALL GAMES\FLIGHT SIMULATOR\squak box\squawkbox.exe"="C:\Documents and Settings\sje\Desktop\Phillip\WELCOME PHILLIP!\ALL GAMES\FLIGHT SIMULATOR\squak box\squawkbox.exe:*:Enabled:squawkbox.exe"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"E:\PHILLIP 2\Games\Flight simulator\fs9.exe"="E:\PHILLIP 2\Games\Flight simulator\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:eBay - Skype"
"C:\Program Files\Stock Spy Demo\jre\bin\javaw.exe"="C:\Program Files\Stock Spy Demo\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\Stock Spy\jre\bin\javaw.exe"="C:\Program Files\Stock Spy\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Documents and Settings\Phillip.SE\Desktop\Phillip Hub\WELCOME PHILLIP!\ALL GAMES\FLIGHT SIMULATOR\squak box\squawkbox.exe"="C:\Documents and Settings\Phillip.SE\Desktop\Phillip Hub\WELCOME PHILLIP!\ALL GAMES\FLIGHT SIMULATOR\squak box\squawkbox.exe:*:Enabled:squawkbox.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"I:\PHILLIP 2\Games\Flight Simulator\fs9.exe"="I:\PHILLIP 2\Games\Flight Simulator\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"E:\LAPNETWIZARD.EXE"="E:\LAPNETWIZARD.EXE:*:Enabled:LapNet Wizard Application"
"D:\LAPNETWIZARD.EXE"="D:\LAPNETWIZARD.EXE:*:Enabled:LapNet Wizard Application"
"C:\Program Files\DropBox\DropBox\DropBox.exe"="C:\Program Files\DropBox\DropBox\DropBox.exe:*:Enabled:DropBox"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32569a55-090d-11dd-a32b-000039f85fb6}]
shell\AutoRun\command - D:\LapNetWizard.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5c41281-b5a3-11dc-a2ff-00022d5d410b}]
shell\AutoRun\command - D:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcb58341-0397-11dd-a324-00022d5d410b}]
shell\AutoRun\command - E:\LapNetWizard.exe


======List of files/folders created in the last 1 months======

2008-12-20 13:11:43 ----D---- C:\rsit
2008-12-20 11:12:30 ----D---- C:\Documents and Settings\sje\Application Data\Malwarebytes
2008-12-20 11:12:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-20 11:12:22 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-11 17:30:21 ----D---- C:\Documents and Settings\sje\Application Data\FileZilla
2008-12-11 14:57:09 ----A---- C:\reregisterie.cmd
2008-12-11 13:37:51 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 13:36:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 13:36:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 13:35:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-05 21:40:40 ----A---- C:\WINDOWS\system32\CNMLM87.DLL
2008-12-03 20:12:01 ----D---- C:\Program Files\Traction Software
2008-12-03 20:01:41 ----D---- C:\Program Files\MS PowerPoint Print Multiple Presentations Software
2008-12-03 09:10:08 ----A---- C:\WINDOWS\SamControlpanel95.INI
2008-11-30 18:39:32 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-11-24 11:45:28 ----D---- C:\Documents and Settings\sje\Application Data\Mozilla
2008-11-24 11:45:16 ----D---- C:\Program Files\Mozilla Firefox
2008-11-23 19:29:48 ----D---- C:\Program Files\WIBU-SYSTEMS
2008-11-23 19:29:47 ----D---- C:\Program Files\CodeMeter
2008-11-23 19:29:08 ----A---- C:\WINDOWS\system32\TTIC32.dll
2008-11-23 19:29:08 ----A---- C:\WINDOWS\system32\MXRestore.exe
2008-11-23 19:29:08 ----A---- C:\WINDOWS\system32\mgxasio2.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\TTI32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\STRING32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\mgxcdr.txt
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLTPO32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLRES32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLRD32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLPTL32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLPRJ32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLPRF32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLPNT32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLMSC32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLIX.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLISO32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLIO32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLIMG32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLDRV32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLDIR32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLDEV32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLCPY32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLCDF32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLCDA32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLAV32.dll
2008-11-23 19:27:53 ----D---- C:\Program Files\MAGIX
2008-11-23 19:27:53 ----A---- C:\WINDOWS\system32\DLLDEV32i.dll
2008-11-21 08:05:46 ----A---- C:\WINDOWS\system32\msvcr80.dll
2008-11-21 08:05:46 ----A---- C:\WINDOWS\system32\msvcp80.dll
2008-11-21 08:05:46 ----A---- C:\WINDOWS\system32\msvcm80.dll
2008-11-21 08:05:46 ----A---- C:\WINDOWS\system32\mfcm80u.dll
2008-11-21 08:05:46 ----A---- C:\WINDOWS\system32\mfcm80.dll
2008-11-21 08:05:46 ----A---- C:\WINDOWS\system32\mfc80u.dll
2008-11-21 08:05:46 ----A---- C:\WINDOWS\system32\mfc80.dll

======List of files/folders modified in the last 1 months======

2008-12-20 13:11:50 ----D---- C:\WINDOWS\Prefetch
2008-12-20 13:11:33 ----D---- C:\WINDOWS\temp
2008-12-20 13:09:33 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem AMR.txt
2008-12-20 13:08:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-20 13:06:35 ----ASH---- C:\boot.ini
2008-12-20 13:06:35 ----A---- C:\WINDOWS\win.ini
2008-12-20 13:06:34 ----A---- C:\WINDOWS\SYSTEM.INI
2008-12-20 13:06:33 ----D---- C:\WINDOWS\pss
2008-12-20 13:06:14 ----D---- C:\WINDOWS
2008-12-20 13:04:47 ----HD---- C:\Config.Msi
2008-12-20 13:04:06 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-20 11:12:28 ----D---- C:\WINDOWS\system32\drivers
2008-12-20 11:12:22 ----RD---- C:\Program Files
2008-12-20 11:04:10 ----D---- C:\WINDOWS\system32
2008-12-20 11:04:10 ----D---- C:\Program Files\AquaNotes
2008-12-20 11:03:29 ----SHD---- C:\WINDOWS\Installer
2008-12-20 11:03:29 ----D---- C:\Program Files\Common Files
2008-12-20 11:03:06 ----D---- C:\Program Files\Adobe
2008-12-20 11:03:05 ----D---- C:\Documents and Settings\sje\Application Data\Adobe
2008-12-20 11:02:26 ----D---- C:\Program Files\Apple Software Update
2008-12-20 11:02:20 ----SD---- C:\WINDOWS\Tasks
2008-12-20 11:02:02 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-20 11:01:36 ----HD---- C:\WINDOWS\inf
2008-12-20 11:01:29 ----D---- C:\WINDOWS\twain_32
2008-12-20 10:57:59 ----D---- C:\Program Files\DropBox
2008-12-20 10:57:36 ----D---- C:\WINDOWS\WinSxS
2008-12-20 10:56:56 ----D---- C:\Program Files\HP
2008-12-20 10:56:44 ----D---- C:\Documents and Settings\All Users\Application Data\PureEdge
2008-12-20 10:56:44 ----AC---- C:\WINDOWS\PureEdgeAPI.ini
2008-12-20 10:56:31 ----D---- C:\Program Files\IrfanView
2008-12-20 10:55:09 ----RSD---- C:\WINDOWS\assembly
2008-12-20 10:55:07 ----D---- C:\Program Files\OpenOffice.org 2.2
2008-12-20 10:49:55 ----D---- C:\Program Files\Replay Screencast
2008-12-20 10:48:14 ----D---- C:\Program Files\Smart PDF Converter Pro
2008-12-20 10:47:03 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-20 10:46:19 ----D---- C:\Documents and Settings\sje\Application Data\Viewpoint
2008-12-20 10:46:19 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-20 10:46:14 ----D---- C:\Program Files\Viewpoint
2008-12-18 19:24:50 ----D---- C:\Jts
2008-12-18 11:00:47 ----D---- C:\WINDOWS\system32\FxsTmp
2008-12-15 07:54:15 ----D---- C:\Program Files\Outlook Express
2008-12-11 16:09:08 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-11 16:08:19 ----D---- C:\Program Files\Common Files\Software FX Shared
2008-12-11 13:37:30 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 13:37:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-11 13:37:07 ----D---- C:\Program Files\Internet Explorer
2008-12-11 13:36:49 ----D---- C:\WINDOWS\ie7updates
2008-12-11 13:36:39 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-09 15:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-08 12:30:12 ----A---- C:\WINDOWS\smartkeydiagnostics.txt
2008-12-05 21:48:03 ----D---- C:\WINDOWS\Media
2008-11-23 19:29:33 ----D---- C:\WINDOWS\system32\MAGIX
2008-11-23 19:27:39 ----A---- C:\WINDOWS\mgxoschk.ini
2008-11-23 13:15:42 ----D---- C:\Program Files\CLR Script
2008-11-23 11:29:53 ----D---- C:\d
2008-11-22 03:21:54 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AntiSpyFilter;AntiSpyFilter; C:\WINDOWS\system32\DRIVERS\antispyfilter.sys [2007-08-10 18672]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-02-20 29704]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 TMEI3E;TMEI3E; C:\WINDOWS\System32\Drivers\TMEI3E.sys [2002-01-08 5802]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
R2 CmosTime;CmosTime; \??\C:\WINDOWS\system32\CmosTime.sys []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-02-20 39944]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys [2000-05-31 34712]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-11-16 119808]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-04-19 911661]
R3 pfc;Padus ASPI Shell; \??\C:\WINDOWS\system32\drivers\pfc.sys []
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-09-11 38425]
R3 SOFTXG;YAMAHA XG WDM SoftSynthesizer; C:\WINDOWS\system32\drivers\sxgxgwdm.sys [2001-07-09 967040]
R3 TOSHIBASoftModem;TOSHIBA Software Modem; C:\WINDOWS\System32\DRIVERS\LTSM.sys [2001-09-26 799816]
R3 tsdhd;TOSHIBA SD Card Host Controller Driver; C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2002-01-07 22928]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WDM_YAMAHAAC97;YAMAHA AC-XG Audio Device; C:\WINDOWS\system32\drivers\yacxg.sys [2002-07-19 1099264]
S1 ewido anti-spyware 4.0 driver;ewido anti-spyware 4.0 driver; \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender9\bdfdll.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 evomouflt;Evoluent Mouse Filter Service; C:\WINDOWS\system32\DRIVERS\evomouflt.sys [2007-12-06 15744]
S3 hdsp;RME Hammerfall Audio Device; C:\WINDOWS\system32\DRIVERS\hdsp.sys [2007-08-16 42624]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]
S3 marsqx5;Digital Blue QX5 V2 Microscope; C:\WINDOWS\system32\DRIVERS\marsqx5.sys [2007-04-02 72576]
S3 MaxtorFrontPanel1;Maxtor 1394 Storage Front Panel Driver; C:\WINDOWS\system32\DRIVERS\mxofwfp.sys [2003-03-13 19712]
S3 MouseCmn;Mouse Driver; C:\WINDOWS\system32\DRIVERS\Ms2KFlt.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 pciSd;pciSd; C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2002-01-07 15111]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCTINDIS5.SYS []
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-07 21760]
S3 sermouse;Serial Mouse Driver; C:\WINDOWS\System32\DRIVERS\sermouse.sys [2001-08-17 17664]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 toslane;Toshiba BT-LANE; C:\WINDOWS\System32\DRIVERS\TOSRFLAN.sys [2002-02-07 25420]
S3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\System32\DRIVERS\tosporte.sys [2001-11-16 39087]
S3 Tosrfbd;Bluetooth RFBUS from Toshiba; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2002-02-07 76920]
S3 Tosrfcom;Bluetooth RFCOMM from Toshiba; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2002-01-24 52341]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2002-01-24 35497]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2004-12-06 104064]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 wlluc48;Wireless LAN PC Card Driver; C:\WINDOWS\System32\DRIVERS\wlluc48.sys [2001-12-19 155136]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-16 152984]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2002-04-19 61440]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Tmesbs;Tmesbs3; C:\Program Files\TOSHIBA\TME3\Tmesbs3.exe [2001-08-23 61440]
R2 Tmesrv;Tmesrv3; C:\Program Files\TOSHIBA\TME3\Tmesrv3.exe [2002-02-18 126976]
S2 ewido anti-spyware 4.0 guard;ewido anti-spyware 4.0 guard; C:\Program Files\ewido anti-spyware 4.0\guard.exe []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 SpywareBotSrv;SpywareBot Scanning Engine; C:\Program Files\SpywareBot\SpywareBotSrv.srv.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-02-20 19200]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MSSQL$NR2005;MSSQL$NR2005; C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 SQLAgent$NR2005;SQLAgent$NR2005; C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlagent.EXE [2002-12-17 311872]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [2007-12-11 382320]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
2. info.txt logfile of random's system information tool 1.05 2008-12-20 13:11:57

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{40EF8CEA-ACC4-4C03-824C-55AF8B8EAAE6}
CLR Script 1.62-->"C:\Program Files\CLR Script\CLRScrpt.exe" /uninstall
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ContinuumClient-->C:\PROGRA~1\Quote.com\CONTIN~1\UNWISE.EXE C:\PROGRA~1\Quote.com\CONTIN~1\INSTALL.LOG
Directory Printer 3.72-->"C:\Program Files\Dirprint\unins000.exe"
Directory Report-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0D9B75C0-3FC9-11D5-8617-00D0B707C2B6}\setup.exe" -l0x9 -removeonly
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dr Watson for Microsoft Windows OneCare Live v0.9.0929.18-->MsiExec.exe /I{C544F99D-39EF-4E6D-95BE-4E41C1D8C4CB}
Dragon NaturallySpeaking 8-->MsiExec.exe /I{DDDD0C4B-57F7-4A85-ACF0-DB3FC8F1DBB4}
Edelweiss A320-214 Flotte-->E:\PHILLIP 2\Games\Flight Simulator\Uninstall_edw_a320.exe
Edelweiss A330-243-->E:\PHILLIP 2\Games\Flight Simulator\Uninstall_edw_a330.exe
ESET NOD32 Antivirus-->MsiExec.exe /I{7D974ACA-4EE5-412C-8E6A-A5B57B305727}
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Great Lakes Beech 1900D-->E:\PHILLIP 2\Games\Flight Simulator\Uninstal.exe
HijackThis 2.0.2-->"C:\Documents and Settings\sje\Desktop\donwload\virus\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Officejet Pro K550 Series-->C:\Program Files\HP\Digital Imaging\{2B01846C-C137-4e40-B1B2-BFA80DF1A632}\setup\hpzscr01.exe -datfile hpwscr03.dat -forcereboot
Inno Setup version 5.1.8-->"C:\Program Files\Inno Setup 5\unins000.exe"
Intel(R) PRO Ethernet Adapter and Software-->Prounstl.exe
Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Development Kit 6 Update 10-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160100}
KDEN Denver-->E:\PHILLIP 2\Games\Flight Simulator\Uninstall KDEN.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft ActiveSync 3.8-->"C:\WINDOWS\ISUNINST.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
Microsoft Flight Simulator 2004 A Century of Flight-->"E:\PHILLIP 2\Games\Flight Simulator\UNINSTAL.EXE" /runtemp /addremove
Microsoft Identity Integration Server 2003 Resource Tool Kit-->MsiExec.exe /I{E27B1348-46D1-4D22-9EFE-C92F45174A02}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Small Business-->MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Desktop Engine (NeatReceipts Professional)-->C:\Program Files\NeatReceipts Professional\UninstallNR2005.exe
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual FoxPro 9.0 Professional - English-->C:\Program Files\Microsoft Visual FoxPro 9\setup\Visual FoxPro 9.0 Professional - English\setup.exe /MaintMode
MightyFax-->C:\PROGRA~1\MIGHTY~1\UnMighty.EXE
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MS PowerPoint Print Multiple Presentations Software 7.0-->"C:\Program Files\MS PowerPoint Print Multiple Presentations Software\unins000.exe"
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NeatReceipts Professional v2.7.5-->C:\Program Files\NeatReceipts Professional\uninstallNR.exe
NetZoom-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61872626-FF50-40FA-B299-349D479E8208}\setup.exe"
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvts.inf
Outlook Express Quick Backup-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Outlook Express Quick Backup\ST6UNST.LOG"
Pagis Viewer 2.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Xerox\Pagis Viewer 2.0\Uninst.isu"
Quicken 2001 New User Edition-->C:\quickenw\WINNT\Intuit\UNWISE.EXE C:\quickenw\WINNT\Intuit\INSTALL.LOG
QuickTime-->MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RME DIGICheck-->"C:\Program Files\RME\Digicheck44\Uninstall.exe" "C:\Program Files\RME\Digicheck44\install.log"
RME Hammerfall DSP (WDM)-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\hdsp.inf
RME HDSP Meter Bridge-->"C:\Program Files\RME\Meterbridge20\Uninstall.exe" "C:\Program Files\RME\Meterbridge20\install.log"
Samplitude 10 Download version 10.1.0.0 (US)-->C:\Program Files\MAGIX\Samplitude_10_Download_version\unwise.exe
ScanSoft PaperPort 11-->MsiExec.exe /I{02E73E50-6513-4802-8600-B5A5BA185BE3}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Short Empire for FSX or FS2004-->MsiExec.exe /X{85CCDC7D-71DA-4671-9FF6-1ABF86439859}
Speak Clipboard-->MsiExec.exe /I{A14B5972-EEFC-48F1-A3EC-A2CD1284C670}
T-Mobile Connection Manager-->MsiExec.exe /X{DFA57DE1-DE72-4EFA-85DE-D1426A9D0996}
TOSHIBA Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -uninst
Toshiba Hotkey Utility for Display Devices-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5
TOSHIBA Management Console Version 3.5 (3.5.2)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TOSHIBA Management Console\Uninst.isu" -c"C:\Program Files\TOSHIBA\TOSHIBA Management Console\ttinst.dll"
TOSHIBA Mobile Extension3 V3.19.00-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TME3\Uninst.isu" -c"C:\Program Files\TOSHIBA\TME3\uninstx.dll"
TOSHIBA Power Saver-->TPWRDEL.EXE
TOSHIBA Software Modem-->Tosmreg -U
Toshiba Tbiosdrv Driver-->C:\PROGRA~1\Toshiba\TOSHIB~2\UNWISE.EXE C:\PROGRA~1\Toshiba\TOSHIB~2\INSTALL.LOG
TOSHIBA Utilities-->tutildel.exe
Trader Workstation 4.0-->C:\Jts\UNWISE.EXE C:\Jts\INSTALL.LOG
TTS_Technology-->MsiExec.exe /I{AC696733-F8C5-4EAD-B165-AC8AB8C2A755}
TWC User Controls-->MsiExec.exe /I{DCC72248-D3D2-4846-8499-A400053A430E}
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
TWS Interoperability Components-->C:\Jts\UNWISE.EXE C:\Jts\INSTALL.LOG
Ultimate Traffic-->C:\WINDOWS\iun6002.exe "E:\PHILLIP 2\Games\Flight Simulator\UT13.ini"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Virtual Frontier (iFDG) Airbus A-319-->E:\PHILLIP 2\Games\Flight Simulator\Uninstal.exe
Virtual FRONTIER iFDG Airbus A-319-->E:\PHILLIP 2\Games\Flight Simulator\Uninstal.exe
Virtual Frontier Jet Express CRJ-700-->E:\PHILLIP 2\Games\Flight Simulator\Uninstal.exe
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Wireless Hotkey-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7862BAD8-A379-4128-8AA1-EFD5A9603C53}\Setup.exe"
Xpander-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll<UNINSTALL_CMD>
YAMAHA AC-XG WDM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3663DDE0-D8AE-11D3-9850-00C04F7AC096}\setup.exe" maintenance
YAMAHA XG SoftSynthesizer S-YXG50-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B713000F-FBE3-11D3-9D91-0050DA5C3DCF}\setup.exe"

=====HijackThis Backups=====

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O24 - Desktop Component 0: (no name) - (no file)
O2 - BHO: (no name) - {09628AAA-66AD-4FA2-82E2-698185B66463} - (no file)
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

======Security center information======

AV: ESET NOD32 Antivirus 3.0

System event log

Computer Name: SE
Event Code: 4202
Message: The system detected that network adapter \DEVICE\TCPIP_{38B3A2F4-EA85-4ED4-940B-DF85C7643357} was disconnected from the network,
and the adapter's network configuration has been released. If the network
adapter was not disconnected, this may indicate that it has malfunctioned.
Please contact your vendor for updated drivers.

Record Number: 611
Source Name: Tcpip
Time Written: 20080531143507.000000-420
Event Type: information
User:

Computer Name: SE
Event Code: 4
Message: Adapter Intel(R) PRO/100 VE Network Connection: Adapter Link Down

Record Number: 610
Source Name: E100B
Time Written: 20080531143501.000000-420
Event Type: error
User:

Computer Name: SE
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 609
Source Name: Tcpip
Time Written: 20080531092932.000000-420
Event Type: warning
User:

Computer Name: SE
Event Code: 1002
Message: The IP address lease 192.168.1.100 for the Network Card with network address 000039F85FB6 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 608
Source Name: Dhcp
Time Written: 20080531081924.000000-420
Event Type: error
User:

Computer Name: SE
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000039F85FB6. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 607
Source Name: Dhcp
Time Written: 20080531081923.000000-420
Event Type: warning
User:

Application event log

Computer Name: SE
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 15653
Source Name: SecurityCenter
Time Written: 20080728042931.000000-420
Event Type: information
User:

Computer Name: SE
Event Code: 1802
Message: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Record Number: 15652
Source Name: SecurityCenter
Time Written: 20080728042931.000000-420
Event Type: error
User:

Computer Name: SE
Event Code: 0
Message:
Record Number: 15651
Source Name: Viewpoint Manager Service
Time Written: 20080728042930.000000-420
Event Type: information
User:

Computer Name: SE
Event Code: 1001
Message: Detection of product '{DDDD0C4B-57F7-4A85-ACF0-DB3FC8F1DBB4}', feature 'NatSpeak' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Record Number: 15650
Source Name: MsiInstaller
Time Written: 20080726020521.000000-420
Event Type: warning
User: SE\sje

Computer Name: SE
Event Code: 1004
Message: Detection of product '{DDDD0C4B-57F7-4A85-ACF0-DB3FC8F1DBB4}', feature 'NatSpeak', component '{5CC2D105-DDDD-4EC4-8B74-750194E57B99}' failed. The resource 'HKEY_CURRENT_USER\Software\InstallShield\UpdateService\' does not exist.

Record Number: 15649
Source Name: MsiInstaller
Time Written: 20080726020521.000000-420
Event Type: warning
User: SE\sje

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\ImageConverter Plus;C:\Program Files\ImageConverter Plus;C:\Program Files\SizeExplorer Pro 3.8.6;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0204
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"VERSION"=3.0.5.001
"SESSIONID"=1130435106148htx605612eb04e:10732fc8acf:-43a5
"COLLECTIONID"=COL8143
"ITEMID"=dj-22741-15
"UPDATEDIR"=C:\DOCUME~1\sje\LOCALS~1\Temp\radDC882.tmp
"TOOLPATH"=/C:\Program%20Files\Hewlett-Packard\HP%20Software%20Update\install.htm
"HMSERVER"=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.18.30716
"OSVER"=winXPP
"LANG"=1033
"TIMEOUT"=0
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------
3.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:16 PM, on 12/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\SxgTkBar.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\hdsp32.exe
C:\WINDOWS\system32\hdspmix.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\quickenw\QAGENT.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs3.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv3.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\sje\Desktop\donwload\virus\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPWU_MPM_Agent] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\mpm.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV3.EXE /Logon
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS3.EXE /logon
O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe
O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QAGENT] C:\quickenw\QAGENT.EXE
O4 - HKLM\..\Run: [T-Mobile Connection Manager] "C:\Program Files\T-Mobile\Connection Manager\TMobileCM.exe" -a
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Stock Spy Tray] "C:\Program Files\Stock Spy\Stock Spy Tray.lnk"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DropBoxUtility] "C:\Program Files\DropBox\DropBox\DropBox.exe" /s
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKUS\S-1-5-21-1850456698-4168273537-3479383672-1004\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" (User '?')
O4 - HKUS\S-1-5-21-1850456698-4168273537-3479383672-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1850456698-4168273537-3479383672-1004\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot (User '?')
O4 - S-1-5-21-1850456698-4168273537-3479383672-1004 Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe (User '?')
O4 - S-1-5-21-1850456698-4168273537-3479383672-1004 Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User '?')
O4 - S-1-5-21-1850456698-4168273537-3479383672-1004 Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe (User '?')
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Program Files\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SpywareBot Scanning Engine (SpywareBotSrv) - Unknown owner - C:\Program Files\SpywareBot\SpywareBotSrv.srv.exe (file missing)
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Tmesbs3 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs3.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv3.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 8950 bytes
4.
Malwarebytes' Anti-Malware 1.31
Database version: 1526
Windows 5.1.2600 Service Pack 3

12/20/2008 1:01:13 PM
mbam-log-2008-12-20 (13-01-13).txt

Scan type: Full Scan (C:\|)
Objects scanned: 194402
Time elapsed: 1 hour(s), 28 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 95

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\setup.player.2k2 (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\sje\Application Data\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Quarantine (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Registry Backups (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Settings (Rogue.SpywareBot) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\DataBaseNew.ref (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\rs.dat (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Aug 01 - 11_05_27 AM_803.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Aug 01 - 12_05_48 PM_619.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Aug 04 - 03_48_07 AM_264.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Aug 04 - 10_50_21 AM_992.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Aug 14 - 09_40_43 AM_553.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Aug 28 - 03_00_01 AM_394.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Aug 28 - 03_00_01 AM_845.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Dec 01 - 03_00_00 AM_617.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Dec 01 - 03_00_00 AM_817.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Dec 02 - 03_00_01 AM_315.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Dec 02 - 03_00_01 AM_595.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Dec 03 - 03_00_01 AM_492.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Dec 03 - 03_00_01 AM_793.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Dec 05 - 09_44_12 PM_580.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Dec 09 - 10_10_49 AM_137.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Dec 10 - 11_53_11 AM_059.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Dec 11 - 01_46_28 PM_529.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Dec 12 - 09_37_08 AM_497.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Dec 18 - 03_00_00 AM_285.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Dec 18 - 03_00_00 AM_526.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jul 08 - 07_42_12 PM_945.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jul 25 - 11_01_10 PM_275.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jul 25 - 11_21_15 AM_746.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jul 26 - 02_05_17 AM_623.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jul 28 - 04_29_45 AM_476.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jul 28 - 11_46_37 AM_582.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jul 29 - 04_27_02 AM_391.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jul 30 - 03_00_04 AM_730.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jul 30 - 03_00_07 AM_965.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jul 30 - 03_00_10 AM_659.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jul 31 - 04_08_44 AM_274.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jun 06 - 03_00_00 AM_283.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jun 06 - 03_00_00 AM_483.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jun 08 - 10_32_07 AM_127.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jun 11 - 07_34_44 PM_238.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jun 11 - 09_05_28 PM_712.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jun 20 - 03_00_00 AM_359.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jun 20 - 03_00_00 AM_609.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jun 23 - 01_55_36 AM_277.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jun 23 - 10_25_27 AM_645.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jun 24 - 03_00_01 AM_010.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jun 24 - 03_00_01 AM_350.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jun 29 - 07_47_24 PM_570.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Nov 03 - 07_42_11 AM_542.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Nov 15 - 10_19_43 PM_385.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Nov 15 - 10_50_32 AM_417.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Nov 16 - 05_50_35 AM_254.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Nov 16 - 10_25_53 AM_875.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Nov 22 - 03_00_00 AM_312.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Nov 22 - 03_00_00 AM_513.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Nov 27 - 06_38_08 PM_664.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 02 - 07_02_15 AM_168.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 06 - 06_23_59 PM_845.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 06 - 11_18_41 AM_185.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 07 - 11_55_38 AM_219.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 08 - 02_31_40 PM_572.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 09 - 10_49_46 AM_524.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 10 - 05_08_47 PM_283.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 10 - 10_49_26 AM_589.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 11 - 01_27_19 PM_147.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 12 - 04_52_14 PM_336.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 15 - 09_24_47 PM_263.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 20 - 09_31_56 PM_121.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 23 - 07_25_22 PM_112.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 24 - 01_54_51 PM_528.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 24 - 01_54_51 PM_959.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 25 - 01_08_14 PM_642.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 25 - 01_49_04 PM_238.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 25 - 02_06_30 PM_198.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 28 - 01_58_52 PM_835.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 28 - 08_48_31 PM_712.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 31 - 08_02_37 PM_191.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 31 - 11_29_33 AM_821.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Sep 05 - 03_00_10 AM_288.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Sep 05 - 03_00_20 AM_393.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Sep 07 - 09_28_10 AM_108.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Sep 07 - 09_28_10 AM_668.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Sep 15 - 03_00_00 AM_643.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Sep 15 - 03_00_00 AM_953.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Sep 24 - 01_59_14 PM_238.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Sep 24 - 01_59_14 PM_658.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Sep 24 - 02_05_33 PM_719.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Sep 27 - 01_26_42 PM_410.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Sep 27 - 09_37_56 AM_537.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Sep 30 - 08_12_30 PM_296.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Sep 30 - 10_11_33 AM_047.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Settings\CustomScan.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Settings\IgnoreList.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Settings\ScanInfo.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Settings\ScanResults.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Settings\SelectedFolders.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Settings\Settings.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
computeruser
Regular Member
 
Posts: 29
Joined: December 6th, 2008, 10:38 pm

Re: my HikackThisLog

Unread postby John B. » December 20th, 2008, 6:29 pm

Are you sure that is the end of the log? It seems like it is cut off.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: my HikackThisLog

Unread postby computeruser » December 21st, 2008, 1:50 am

4 files.

11111111111111
1. Logfile of random's system information tool 1.05 (written by random/random)
Run by sje at 2008-12-20 21:41:47
Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (31%) free of 57 GB
Total RAM: 1023 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:55 PM, on 12/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\SxgTkBar.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\hdsp32.exe
C:\WINDOWS\system32\hdspmix.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\quickenw\QAGENT.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs3.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv3.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\sje\Desktop\RSIT.exe
C:\Documents and Settings\sje\Desktop\donwload\virus\sje.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPWU_MPM_Agent] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\mpm.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV3.EXE /Logon
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS3.EXE /logon
O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe
O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QAGENT] C:\quickenw\QAGENT.EXE
O4 - HKLM\..\Run: [T-Mobile Connection Manager] "C:\Program Files\T-Mobile\Connection Manager\TMobileCM.exe" -a
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Stock Spy Tray] "C:\Program Files\Stock Spy\Stock Spy Tray.lnk"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DropBoxUtility] "C:\Program Files\DropBox\DropBox\DropBox.exe" /s
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Program Files\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SpywareBot Scanning Engine (SpywareBotSrv) - Unknown owner - C:\Program Files\SpywareBot\SpywareBotSrv.srv.exe (file missing)
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Tmesbs3 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs3.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv3.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 8143 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-16 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-16 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-16 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Tpwrtray"=TPWRTRAY.EXE []
"TosHKCW.exe"=C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [2002-01-22 49152]
"TFNF5"=TFNF5.exe []
"SxgTkBar"=SxgTkBar.exe []
"NvCplDaemon"=NvQTwk []
"00THotkey"=C:\WINDOWS\System32\00THotkey.exe [2002-01-30 249856]
"000StTHK"=000StTHK.exe []
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-11-10 188416]
"HPWU_MPM_Agent"=C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\mpm.exe [2005-11-08 106496]
"TMESRV.EXE"=C:\Program Files\TOSHIBA\TME3\TMESRV3.EXE [2002-02-18 126976]
"TMESBS.EXE"=C:\Program Files\TOSHIBA\TME3\TMESBS3.EXE [2001-08-23 61440]
"HPWUTOOLBOX"=C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe [2005-11-08 352256]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-08-09 221184]
"HDSPTray1"=hdsp32.exe []
"HDSPTray2"=hdspmix.exe []
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-29 155648]
"PaperPort PTD"=C:\Program Files\Scansoft\PaperPort\pptd40nt.exe [2006-05-05 36864]
"IndexSearch"=C:\Program Files\Scansoft\PaperPort\IndexSearch.exe [2006-05-05 40960]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-12-11 286720]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-02-20 1443072]
"QAGENT"=C:\quickenw\QAGENT.EXE [2000-09-19 94208]
"T-Mobile Connection Manager"=C:\Program Files\T-Mobile\Connection Manager\TMobileCM.exe [2007-07-23 18968]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-16 136600]
"Stock Spy Tray"=C:\Program Files\Stock Spy\Stock Spy Tray.lnk []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe []
"DropBoxUtility"=C:\Program Files\DropBox\DropBox\DropBox.exe /s []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2005-01-04 405583]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SpywareBot"=C:\Program Files\SpywareBot\SpywareBot.exe -boot []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\sje\Start Menu\Programs\Startup
Check for TWS Updates.lnk - C:\Jts\WiseUpdt.exe
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoBandCustomize"=0
"NoMovingBands"=0
"NoCloseDragDropBands"=0
"NoActiveDesktop"=0
"ExSearchOptions"=170685

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\PHILLIP 2\Games\Flight Simulator\Flight Simulator 9\fs9.exe"="E:\PHILLIP 2\Games\Flight Simulator\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Microsoft Visual FoxPro 8\vfp8.exe"="C:\Program Files\Microsoft Visual FoxPro 8\vfp8.exe:*:Enabled:Microsoft Visual FoxPro 8.0"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe"="C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\QuoteTracker\stocks.exe"="C:\Program Files\QuoteTracker\stocks.exe:*:Enabled:stocks"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\Microsoft Visual FoxPro 9\vfp9.exe"="C:\Program Files\Microsoft Visual FoxPro 9\vfp9.exe:*:Enabled:Microsoft Visual FoxPro 9.0 SP1"
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"="C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\QuoteLink\0-73-1\Run\winql.exe"="C:\Program Files\QuoteLink\0-73-1\Run\winql.exe:*:Enabled:QuoteLink Tools module"
"C:\Program Files\Microsoft Office\Office\EXCEL.EXE"="C:\Program Files\Microsoft Office\Office\EXCEL.EXE:*:Enabled:Microsoft Excel for Windows"
"C:\Program Files\QuoteLink\0-73-1\Run\qview.exe"="C:\Program Files\QuoteLink\0-73-1\Run\qview.exe:*:Enabled:QuoteLink Tools module"
"C:\Program Files\DTN\IQFeed\iqconnect.exe"="C:\Program Files\DTN\IQFeed\iqconnect.exe:*:Enabled:IQConnect Application"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Prophet\plink.exe"="C:\Prophet\plink.exe:*:Enabled:a5"
"C:\Program Files\CLR Script\CLRScrpt.exe"="C:\Program Files\CLR Script\CLRScrpt.exe:*:Enabled:CLR Script"
"C:\Documents and Settings\sje\Desktop\Phillip\WELCOME PHILLIP!\ALL GAMES\FLIGHT SIMULATOR\squak box\squawkbox.exe"="C:\Documents and Settings\sje\Desktop\Phillip\WELCOME PHILLIP!\ALL GAMES\FLIGHT SIMULATOR\squak box\squawkbox.exe:*:Enabled:squawkbox.exe"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"E:\PHILLIP 2\Games\Flight simulator\fs9.exe"="E:\PHILLIP 2\Games\Flight simulator\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:eBay - Skype"
"C:\Program Files\Stock Spy Demo\jre\bin\javaw.exe"="C:\Program Files\Stock Spy Demo\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\Stock Spy\jre\bin\javaw.exe"="C:\Program Files\Stock Spy\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Documents and Settings\Phillip.SE\Desktop\Phillip Hub\WELCOME PHILLIP!\ALL GAMES\FLIGHT SIMULATOR\squak box\squawkbox.exe"="C:\Documents and Settings\Phillip.SE\Desktop\Phillip Hub\WELCOME PHILLIP!\ALL GAMES\FLIGHT SIMULATOR\squak box\squawkbox.exe:*:Enabled:squawkbox.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"I:\PHILLIP 2\Games\Flight Simulator\fs9.exe"="I:\PHILLIP 2\Games\Flight Simulator\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"E:\LAPNETWIZARD.EXE"="E:\LAPNETWIZARD.EXE:*:Enabled:LapNet Wizard Application"
"D:\LAPNETWIZARD.EXE"="D:\LAPNETWIZARD.EXE:*:Enabled:LapNet Wizard Application"
"C:\Program Files\DropBox\DropBox\DropBox.exe"="C:\Program Files\DropBox\DropBox\DropBox.exe:*:Enabled:DropBox"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32569a55-090d-11dd-a32b-000039f85fb6}]
shell\AutoRun\command - D:\LapNetWizard.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5c41281-b5a3-11dc-a2ff-00022d5d410b}]
shell\AutoRun\command - D:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcb58341-0397-11dd-a324-00022d5d410b}]
shell\AutoRun\command - E:\LapNetWizard.exe


======List of files/folders created in the last 1 months======

2008-12-20 13:11:43 ----D---- C:\rsit
2008-12-20 11:12:30 ----D---- C:\Documents and Settings\sje\Application Data\Malwarebytes
2008-12-20 11:12:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-20 11:12:22 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-11 17:30:21 ----D---- C:\Documents and Settings\sje\Application Data\FileZilla
2008-12-11 14:57:09 ----A---- C:\reregisterie.cmd
2008-12-11 13:37:51 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 13:36:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 13:36:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 13:35:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-05 21:40:40 ----A---- C:\WINDOWS\system32\CNMLM87.DLL
2008-12-03 20:12:01 ----D---- C:\Program Files\Traction Software
2008-12-03 20:01:41 ----D---- C:\Program Files\MS PowerPoint Print Multiple Presentations Software
2008-12-03 09:10:08 ----A---- C:\WINDOWS\SamControlpanel95.INI
2008-11-30 18:39:32 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-11-24 11:45:28 ----D---- C:\Documents and Settings\sje\Application Data\Mozilla
2008-11-24 11:45:16 ----D---- C:\Program Files\Mozilla Firefox
2008-11-23 19:29:48 ----D---- C:\Program Files\WIBU-SYSTEMS
2008-11-23 19:29:47 ----D---- C:\Program Files\CodeMeter
2008-11-23 19:29:08 ----A---- C:\WINDOWS\system32\TTIC32.dll
2008-11-23 19:29:08 ----A---- C:\WINDOWS\system32\MXRestore.exe
2008-11-23 19:29:08 ----A---- C:\WINDOWS\system32\mgxasio2.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\TTI32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\STRING32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\mgxcdr.txt
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLTPO32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLRES32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLRD32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLPTL32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLPRJ32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLPRF32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLPNT32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLMSC32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLIX.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLISO32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLIO32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLIMG32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLDRV32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLDIR32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLDEV32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLCPY32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLCDF32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLCDA32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLAV32.dll
2008-11-23 19:27:53 ----D---- C:\Program Files\MAGIX
2008-11-23 19:27:53 ----A---- C:\WINDOWS\system32\DLLDEV32i.dll
2008-11-21 08:05:46 ----A---- C:\WINDOWS\system32\msvcr80.dll
2008-11-21 08:05:46 ----A---- C:\WINDOWS\system32\msvcp80.dll
2008-11-21 08:05:46 ----A---- C:\WINDOWS\system32\msvcm80.dll
2008-11-21 08:05:46 ----A---- C:\WINDOWS\system32\mfcm80u.dll
2008-11-21 08:05:46 ----A---- C:\WINDOWS\system32\mfcm80.dll
2008-11-21 08:05:46 ----A---- C:\WINDOWS\system32\mfc80u.dll
2008-11-21 08:05:46 ----A---- C:\WINDOWS\system32\mfc80.dll

======List of files/folders modified in the last 1 months======

2008-12-20 21:41:35 ----D---- C:\WINDOWS\temp
2008-12-20 21:39:52 ----D---- C:\WINDOWS\Prefetch
2008-12-20 13:09:33 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem AMR.txt
2008-12-20 13:08:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-20 13:06:35 ----ASH---- C:\boot.ini
2008-12-20 13:06:35 ----A---- C:\WINDOWS\win.ini
2008-12-20 13:06:34 ----A---- C:\WINDOWS\SYSTEM.INI
2008-12-20 13:06:33 ----D---- C:\WINDOWS\pss
2008-12-20 13:06:14 ----D---- C:\WINDOWS
2008-12-20 13:04:47 ----HD---- C:\Config.Msi
2008-12-20 13:04:06 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-20 11:12:28 ----D---- C:\WINDOWS\system32\drivers
2008-12-20 11:12:22 ----RD---- C:\Program Files
2008-12-20 11:04:10 ----D---- C:\WINDOWS\system32
2008-12-20 11:04:10 ----D---- C:\Program Files\AquaNotes
2008-12-20 11:03:29 ----SHD---- C:\WINDOWS\Installer
2008-12-20 11:03:29 ----D---- C:\Program Files\Common Files
2008-12-20 11:03:06 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-20 11:03:06 ----D---- C:\Program Files\Adobe
2008-12-20 11:03:05 ----D---- C:\Documents and Settings\sje\Application Data\Adobe
2008-12-20 11:02:26 ----D---- C:\Program Files\Apple Software Update
2008-12-20 11:02:20 ----SD---- C:\WINDOWS\Tasks
2008-12-20 11:01:36 ----HD---- C:\WINDOWS\inf
2008-12-20 11:01:29 ----D---- C:\WINDOWS\twain_32
2008-12-20 10:57:59 ----D---- C:\Program Files\DropBox
2008-12-20 10:57:36 ----D---- C:\WINDOWS\WinSxS
2008-12-20 10:56:56 ----D---- C:\Program Files\HP
2008-12-20 10:56:44 ----D---- C:\Documents and Settings\All Users\Application Data\PureEdge
2008-12-20 10:56:44 ----AC---- C:\WINDOWS\PureEdgeAPI.ini
2008-12-20 10:56:31 ----D---- C:\Program Files\IrfanView
2008-12-20 10:55:09 ----RSD---- C:\WINDOWS\assembly
2008-12-20 10:55:07 ----D---- C:\Program Files\OpenOffice.org 2.2
2008-12-20 10:49:55 ----D---- C:\Program Files\Replay Screencast
2008-12-20 10:48:14 ----D---- C:\Program Files\Smart PDF Converter Pro
2008-12-20 10:47:03 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-20 10:46:19 ----D---- C:\Documents and Settings\sje\Application Data\Viewpoint
2008-12-20 10:46:19 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-20 10:46:14 ----D---- C:\Program Files\Viewpoint
2008-12-18 19:24:50 ----D---- C:\Jts
2008-12-18 11:00:47 ----D---- C:\WINDOWS\system32\FxsTmp
2008-12-15 07:54:15 ----D---- C:\Program Files\Outlook Express
2008-12-11 16:09:08 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-11 16:08:19 ----D---- C:\Program Files\Common Files\Software FX Shared
2008-12-11 13:37:30 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 13:37:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-11 13:37:07 ----D---- C:\Program Files\Internet Explorer
2008-12-11 13:36:49 ----D---- C:\WINDOWS\ie7updates
2008-12-11 13:36:39 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-09 15:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-08 12:30:12 ----A---- C:\WINDOWS\smartkeydiagnostics.txt
2008-12-05 21:48:03 ----D---- C:\WINDOWS\Media
2008-11-23 19:29:33 ----D---- C:\WINDOWS\system32\MAGIX
2008-11-23 19:27:39 ----A---- C:\WINDOWS\mgxoschk.ini
2008-11-23 13:15:42 ----D---- C:\Program Files\CLR Script
2008-11-23 11:29:53 ----D---- C:\d
2008-11-22 03:21:54 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AntiSpyFilter;AntiSpyFilter; C:\WINDOWS\system32\DRIVERS\antispyfilter.sys [2007-08-10 18672]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-02-20 29704]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 TMEI3E;TMEI3E; C:\WINDOWS\System32\Drivers\TMEI3E.sys [2002-01-08 5802]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
R2 CmosTime;CmosTime; \??\C:\WINDOWS\system32\CmosTime.sys []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-02-20 39944]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys [2000-05-31 34712]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-11-16 119808]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-04-19 911661]
R3 pfc;Padus ASPI Shell; \??\C:\WINDOWS\system32\drivers\pfc.sys []
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-09-11 38425]
R3 SOFTXG;YAMAHA XG WDM SoftSynthesizer; C:\WINDOWS\system32\drivers\sxgxgwdm.sys [2001-07-09 967040]
R3 TOSHIBASoftModem;TOSHIBA Software Modem; C:\WINDOWS\System32\DRIVERS\LTSM.sys [2001-09-26 799816]
R3 tsdhd;TOSHIBA SD Card Host Controller Driver; C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2002-01-07 22928]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WDM_YAMAHAAC97;YAMAHA AC-XG Audio Device; C:\WINDOWS\system32\drivers\yacxg.sys [2002-07-19 1099264]
S1 ewido anti-spyware 4.0 driver;ewido anti-spyware 4.0 driver; \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender9\bdfdll.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 evomouflt;Evoluent Mouse Filter Service; C:\WINDOWS\system32\DRIVERS\evomouflt.sys [2007-12-06 15744]
S3 hdsp;RME Hammerfall Audio Device; C:\WINDOWS\system32\DRIVERS\hdsp.sys [2007-08-16 42624]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]
S3 marsqx5;Digital Blue QX5 V2 Microscope; C:\WINDOWS\system32\DRIVERS\marsqx5.sys [2007-04-02 72576]
S3 MaxtorFrontPanel1;Maxtor 1394 Storage Front Panel Driver; C:\WINDOWS\system32\DRIVERS\mxofwfp.sys [2003-03-13 19712]
S3 MouseCmn;Mouse Driver; C:\WINDOWS\system32\DRIVERS\Ms2KFlt.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 pciSd;pciSd; C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2002-01-07 15111]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCTINDIS5.SYS []
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-07 21760]
S3 sermouse;Serial Mouse Driver; C:\WINDOWS\System32\DRIVERS\sermouse.sys [2001-08-17 17664]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 toslane;Toshiba BT-LANE; C:\WINDOWS\System32\DRIVERS\TOSRFLAN.sys [2002-02-07 25420]
S3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\System32\DRIVERS\tosporte.sys [2001-11-16 39087]
S3 Tosrfbd;Bluetooth RFBUS from Toshiba; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2002-02-07 76920]
S3 Tosrfcom;Bluetooth RFCOMM from Toshiba; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2002-01-24 52341]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2002-01-24 35497]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2004-12-06 104064]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 wlluc48;Wireless LAN PC Card Driver; C:\WINDOWS\System32\DRIVERS\wlluc48.sys [2001-12-19 155136]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-16 152984]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2002-04-19 61440]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Tmesbs;Tmesbs3; C:\Program Files\TOSHIBA\TME3\Tmesbs3.exe [2001-08-23 61440]
R2 Tmesrv;Tmesrv3; C:\Program Files\TOSHIBA\TME3\Tmesrv3.exe [2002-02-18 126976]
S2 ewido anti-spyware 4.0 guard;ewido anti-spyware 4.0 guard; C:\Program Files\ewido anti-spyware 4.0\guard.exe []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 SpywareBotSrv;SpywareBot Scanning Engine; C:\Program Files\SpywareBot\SpywareBotSrv.srv.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-02-20 19200]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MSSQL$NR2005;MSSQL$NR2005; C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 SQLAgent$NR2005;SQLAgent$NR2005; C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlagent.EXE [2002-12-17 311872]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [2007-12-11 382320]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
end of 1111111

2.
22222222222222222222222
info.txt logfile of random's system information tool 1.05 2008-12-20 13:11:57

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{40EF8CEA-ACC4-4C03-824C-55AF8B8EAAE6}
CLR Script 1.62-->"C:\Program Files\CLR Script\CLRScrpt.exe" /uninstall
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ContinuumClient-->C:\PROGRA~1\Quote.com\CONTIN~1\UNWISE.EXE C:\PROGRA~1\Quote.com\CONTIN~1\INSTALL.LOG
Directory Printer 3.72-->"C:\Program Files\Dirprint\unins000.exe"
Directory Report-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0D9B75C0-3FC9-11D5-8617-00D0B707C2B6}\setup.exe" -l0x9 -removeonly
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dr Watson for Microsoft Windows OneCare Live v0.9.0929.18-->MsiExec.exe /I{C544F99D-39EF-4E6D-95BE-4E41C1D8C4CB}
Dragon NaturallySpeaking 8-->MsiExec.exe /I{DDDD0C4B-57F7-4A85-ACF0-DB3FC8F1DBB4}
Edelweiss A320-214 Flotte-->E:\PHILLIP 2\Games\Flight Simulator\Uninstall_edw_a320.exe
Edelweiss A330-243-->E:\PHILLIP 2\Games\Flight Simulator\Uninstall_edw_a330.exe
ESET NOD32 Antivirus-->MsiExec.exe /I{7D974ACA-4EE5-412C-8E6A-A5B57B305727}
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Great Lakes Beech 1900D-->E:\PHILLIP 2\Games\Flight Simulator\Uninstal.exe
HijackThis 2.0.2-->"C:\Documents and Settings\sje\Desktop\donwload\virus\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Officejet Pro K550 Series-->C:\Program Files\HP\Digital Imaging\{2B01846C-C137-4e40-B1B2-BFA80DF1A632}\setup\hpzscr01.exe -datfile hpwscr03.dat -forcereboot
Inno Setup version 5.1.8-->"C:\Program Files\Inno Setup 5\unins000.exe"
Intel(R) PRO Ethernet Adapter and Software-->Prounstl.exe
Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Development Kit 6 Update 10-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160100}
KDEN Denver-->E:\PHILLIP 2\Games\Flight Simulator\Uninstall KDEN.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft ActiveSync 3.8-->"C:\WINDOWS\ISUNINST.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
Microsoft Flight Simulator 2004 A Century of Flight-->"E:\PHILLIP 2\Games\Flight Simulator\UNINSTAL.EXE" /runtemp /addremove
Microsoft Identity Integration Server 2003 Resource Tool Kit-->MsiExec.exe /I{E27B1348-46D1-4D22-9EFE-C92F45174A02}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Small Business-->MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Desktop Engine (NeatReceipts Professional)-->C:\Program Files\NeatReceipts Professional\UninstallNR2005.exe
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual FoxPro 9.0 Professional - English-->C:\Program Files\Microsoft Visual FoxPro 9\setup\Visual FoxPro 9.0 Professional - English\setup.exe /MaintMode
MightyFax-->C:\PROGRA~1\MIGHTY~1\UnMighty.EXE
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MS PowerPoint Print Multiple Presentations Software 7.0-->"C:\Program Files\MS PowerPoint Print Multiple Presentations Software\unins000.exe"
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NeatReceipts Professional v2.7.5-->C:\Program Files\NeatReceipts Professional\uninstallNR.exe
NetZoom-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61872626-FF50-40FA-B299-349D479E8208}\setup.exe"
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvts.inf
Outlook Express Quick Backup-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Outlook Express Quick Backup\ST6UNST.LOG"
Pagis Viewer 2.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Xerox\Pagis Viewer 2.0\Uninst.isu"
Quicken 2001 New User Edition-->C:\quickenw\WINNT\Intuit\UNWISE.EXE C:\quickenw\WINNT\Intuit\INSTALL.LOG
QuickTime-->MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RME DIGICheck-->"C:\Program Files\RME\Digicheck44\Uninstall.exe" "C:\Program Files\RME\Digicheck44\install.log"
RME Hammerfall DSP (WDM)-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\hdsp.inf
RME HDSP Meter Bridge-->"C:\Program Files\RME\Meterbridge20\Uninstall.exe" "C:\Program Files\RME\Meterbridge20\install.log"
Samplitude 10 Download version 10.1.0.0 (US)-->C:\Program Files\MAGIX\Samplitude_10_Download_version\unwise.exe
ScanSoft PaperPort 11-->MsiExec.exe /I{02E73E50-6513-4802-8600-B5A5BA185BE3}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Short Empire for FSX or FS2004-->MsiExec.exe /X{85CCDC7D-71DA-4671-9FF6-1ABF86439859}
Speak Clipboard-->MsiExec.exe /I{A14B5972-EEFC-48F1-A3EC-A2CD1284C670}
T-Mobile Connection Manager-->MsiExec.exe /X{DFA57DE1-DE72-4EFA-85DE-D1426A9D0996}
TOSHIBA Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -uninst
Toshiba Hotkey Utility for Display Devices-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5
TOSHIBA Management Console Version 3.5 (3.5.2)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TOSHIBA Management Console\Uninst.isu" -c"C:\Program Files\TOSHIBA\TOSHIBA Management Console\ttinst.dll"
TOSHIBA Mobile Extension3 V3.19.00-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TME3\Uninst.isu" -c"C:\Program Files\TOSHIBA\TME3\uninstx.dll"
TOSHIBA Power Saver-->TPWRDEL.EXE
TOSHIBA Software Modem-->Tosmreg -U
Toshiba Tbiosdrv Driver-->C:\PROGRA~1\Toshiba\TOSHIB~2\UNWISE.EXE C:\PROGRA~1\Toshiba\TOSHIB~2\INSTALL.LOG
TOSHIBA Utilities-->tutildel.exe
Trader Workstation 4.0-->C:\Jts\UNWISE.EXE C:\Jts\INSTALL.LOG
TTS_Technology-->MsiExec.exe /I{AC696733-F8C5-4EAD-B165-AC8AB8C2A755}
TWC User Controls-->MsiExec.exe /I{DCC72248-D3D2-4846-8499-A400053A430E}
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
TWS Interoperability Components-->C:\Jts\UNWISE.EXE C:\Jts\INSTALL.LOG
Ultimate Traffic-->C:\WINDOWS\iun6002.exe "E:\PHILLIP 2\Games\Flight Simulator\UT13.ini"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Virtual Frontier (iFDG) Airbus A-319-->E:\PHILLIP 2\Games\Flight Simulator\Uninstal.exe
Virtual FRONTIER iFDG Airbus A-319-->E:\PHILLIP 2\Games\Flight Simulator\Uninstal.exe
Virtual Frontier Jet Express CRJ-700-->E:\PHILLIP 2\Games\Flight Simulator\Uninstal.exe
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Wireless Hotkey-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7862BAD8-A379-4128-8AA1-EFD5A9603C53}\Setup.exe"
Xpander-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll<UNINSTALL_CMD>
YAMAHA AC-XG WDM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3663DDE0-D8AE-11D3-9850-00C04F7AC096}\setup.exe" maintenance
YAMAHA XG SoftSynthesizer S-YXG50-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B713000F-FBE3-11D3-9D91-0050DA5C3DCF}\setup.exe"

=====HijackThis Backups=====

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O24 - Desktop Component 0: (no name) - (no file)
O2 - BHO: (no name) - {09628AAA-66AD-4FA2-82E2-698185B66463} - (no file)
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

======Security center information======

AV: ESET NOD32 Antivirus 3.0

System event log

Computer Name: SE
Event Code: 4202
Message: The system detected that network adapter \DEVICE\TCPIP_{38B3A2F4-EA85-4ED4-940B-DF85C7643357} was disconnected from the network,
and the adapter's network configuration has been released. If the network
adapter was not disconnected, this may indicate that it has malfunctioned.
Please contact your vendor for updated drivers.

Record Number: 611
Source Name: Tcpip
Time Written: 20080531143507.000000-420
Event Type: information
User:

Computer Name: SE
Event Code: 4
Message: Adapter Intel(R) PRO/100 VE Network Connection: Adapter Link Down

Record Number: 610
Source Name: E100B
Time Written: 20080531143501.000000-420
Event Type: error
User:

Computer Name: SE
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 609
Source Name: Tcpip
Time Written: 20080531092932.000000-420
Event Type: warning
User:

Computer Name: SE
Event Code: 1002
Message: The IP address lease 192.168.1.100 for the Network Card with network address 000039F85FB6 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 608
Source Name: Dhcp
Time Written: 20080531081924.000000-420
Event Type: error
User:

Computer Name: SE
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000039F85FB6. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 607
Source Name: Dhcp
Time Written: 20080531081923.000000-420
Event Type: warning
User:

Application event log

Computer Name: SE
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 15653
Source Name: SecurityCenter
Time Written: 20080728042931.000000-420
Event Type: information
User:

Computer Name: SE
Event Code: 1802
Message: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Record Number: 15652
Source Name: SecurityCenter
Time Written: 20080728042931.000000-420
Event Type: error
User:

Computer Name: SE
Event Code: 0
Message:
Record Number: 15651
Source Name: Viewpoint Manager Service
Time Written: 20080728042930.000000-420
Event Type: information
User:

Computer Name: SE
Event Code: 1001
Message: Detection of product '{DDDD0C4B-57F7-4A85-ACF0-DB3FC8F1DBB4}', feature 'NatSpeak' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Record Number: 15650
Source Name: MsiInstaller
Time Written: 20080726020521.000000-420
Event Type: warning
User: SE\sje

Computer Name: SE
Event Code: 1004
Message: Detection of product '{DDDD0C4B-57F7-4A85-ACF0-DB3FC8F1DBB4}', feature 'NatSpeak', component '{5CC2D105-DDDD-4EC4-8B74-750194E57B99}' failed. The resource 'HKEY_CURRENT_USER\Software\InstallShield\UpdateService\' does not exist.

Record Number: 15649
Source Name: MsiInstaller
Time Written: 20080726020521.000000-420
Event Type: warning
User: SE\sje

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\ImageConverter Plus;C:\Program Files\ImageConverter Plus;C:\Program Files\SizeExplorer Pro 3.8.6;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0204
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"VERSION"=3.0.5.001
"SESSIONID"=1130435106148htx605612eb04e:10732fc8acf:-43a5
"COLLECTIONID"=COL8143
"ITEMID"=dj-22741-15
"UPDATEDIR"=C:\DOCUME~1\sje\LOCALS~1\Temp\radDC882.tmp
"TOOLPATH"=/C:\Program%20Files\Hewlett-Packard\HP%20Software%20Update\install.htm
"HMSERVER"=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.18.30716
"OSVER"=winXPP
"LANG"=1033
"TIMEOUT"=0
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------
end of 22222222222

3.
3333333333333333333
Malwarebytes' Anti-Malware 1.31
Database version: 1526
Windows 5.1.2600 Service Pack 3

12/20/2008 1:01:13 PM
mbam-log-2008-12-20 (13-01-13).txt

Scan type: Full Scan (C:\|)
Objects scanned: 194402
Time elapsed: 1 hour(s), 28 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 95

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\setup.player.2k2 (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\sje\Application Data\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Quarantine (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Registry Backups (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Settings (Rogue.SpywareBot) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\DataBaseNew.ref (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\rs.dat (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Aug 01 - 11_05_27 AM_803.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Aug 01 - 12_05_48 PM_619.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Aug 04 - 03_48_07 AM_264.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Aug 04 - 10_50_21 AM_992.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Aug 14 - 09_40_43 AM_553.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Aug 28 - 03_00_01 AM_394.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Aug 28 - 03_00_01 AM_845.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Dec 01 - 03_00_00 AM_617.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Dec 01 - 03_00_00 AM_817.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Dec 02 - 03_00_01 AM_315.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Dec 02 - 03_00_01 AM_595.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Dec 03 - 03_00_01 AM_492.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Dec 03 - 03_00_01 AM_793.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Dec 05 - 09_44_12 PM_580.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Dec 09 - 10_10_49 AM_137.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Dec 10 - 11_53_11 AM_059.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Dec 11 - 01_46_28 PM_529.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Dec 12 - 09_37_08 AM_497.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Dec 18 - 03_00_00 AM_285.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Dec 18 - 03_00_00 AM_526.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jul 08 - 07_42_12 PM_945.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jul 25 - 11_01_10 PM_275.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jul 25 - 11_21_15 AM_746.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jul 26 - 02_05_17 AM_623.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jul 28 - 04_29_45 AM_476.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jul 28 - 11_46_37 AM_582.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jul 29 - 04_27_02 AM_391.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jul 30 - 03_00_04 AM_730.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jul 30 - 03_00_07 AM_965.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jul 30 - 03_00_10 AM_659.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jul 31 - 04_08_44 AM_274.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jun 06 - 03_00_00 AM_283.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jun 06 - 03_00_00 AM_483.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jun 08 - 10_32_07 AM_127.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jun 11 - 07_34_44 PM_238.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jun 11 - 09_05_28 PM_712.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jun 20 - 03_00_00 AM_359.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jun 20 - 03_00_00 AM_609.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jun 23 - 01_55_36 AM_277.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jun 23 - 10_25_27 AM_645.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jun 24 - 03_00_01 AM_010.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jun 24 - 03_00_01 AM_350.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Jun 29 - 07_47_24 PM_570.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Nov 03 - 07_42_11 AM_542.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Nov 15 - 10_19_43 PM_385.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Nov 15 - 10_50_32 AM_417.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Nov 16 - 05_50_35 AM_254.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Nov 16 - 10_25_53 AM_875.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Nov 22 - 03_00_00 AM_312.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Nov 22 - 03_00_00 AM_513.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Nov 27 - 06_38_08 PM_664.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 02 - 07_02_15 AM_168.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 06 - 06_23_59 PM_845.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 06 - 11_18_41 AM_185.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 07 - 11_55_38 AM_219.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 08 - 02_31_40 PM_572.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 09 - 10_49_46 AM_524.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 10 - 05_08_47 PM_283.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 10 - 10_49_26 AM_589.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 11 - 01_27_19 PM_147.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 12 - 04_52_14 PM_336.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 15 - 09_24_47 PM_263.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 20 - 09_31_56 PM_121.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 23 - 07_25_22 PM_112.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 24 - 01_54_51 PM_528.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 24 - 01_54_51 PM_959.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 25 - 01_08_14 PM_642.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 25 - 01_49_04 PM_238.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 25 - 02_06_30 PM_198.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 28 - 01_58_52 PM_835.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 28 - 08_48_31 PM_712.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 31 - 08_02_37 PM_191.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Oct 31 - 11_29_33 AM_821.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Sep 05 - 03_00_10 AM_288.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Sep 05 - 03_00_20 AM_393.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Sep 07 - 09_28_10 AM_108.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Sep 07 - 09_28_10 AM_668.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Sep 15 - 03_00_00 AM_643.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Sep 15 - 03_00_00 AM_953.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Sep 24 - 01_59_14 PM_238.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Sep 24 - 01_59_14 PM_658.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Sep 24 - 02_05_33 PM_719.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Sep 27 - 01_26_42 PM_410.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Sep 27 - 09_37_56 AM_537.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Sep 30 - 08_12_30 PM_296.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Log\2008 Sep 30 - 10_11_33 AM_047.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Settings\CustomScan.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Settings\IgnoreList.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Settings\ScanInfo.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Settings\ScanResults.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Settings\SelectedFolders.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\sje\Application Data\SpywareBot\Settings\Settings.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
end of 33333333333

4.
44444444444444444
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:54 PM, on 12/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\SxgTkBar.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\hdsp32.exe
C:\WINDOWS\system32\hdspmix.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\quickenw\QAGENT.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs3.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv3.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\sje\Desktop\donwload\virus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPWU_MPM_Agent] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\mpm.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV3.EXE /Logon
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS3.EXE /logon
O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe
O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QAGENT] C:\quickenw\QAGENT.EXE
O4 - HKLM\..\Run: [T-Mobile Connection Manager] "C:\Program Files\T-Mobile\Connection Manager\TMobileCM.exe" -a
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Stock Spy Tray] "C:\Program Files\Stock Spy\Stock Spy Tray.lnk"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DropBoxUtility] "C:\Program Files\DropBox\DropBox\DropBox.exe" /s
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Program Files\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SpywareBot Scanning Engine (SpywareBotSrv) - Unknown owner - C:\Program Files\SpywareBot\SpywareBotSrv.srv.exe (file missing)
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Tmesbs3 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs3.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv3.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 8102 bytes
end of 4. 44444444444444444
computeruser
Regular Member
 
Posts: 29
Joined: December 6th, 2008, 10:38 pm

Re: my HikackThisLog

Unread postby John B. » December 21st, 2008, 8:45 am

Hi Steve,

Seems like SpywareBot has come back. We will first remove it and then target the Java and Internet Explorer problems.

Step 1: Remove HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot

    O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Program Files\ewido anti-spyware 4.0\guard.exe (file missing)

    O23 - Service: SpywareBot Scanning Engine (SpywareBotSrv) - Unknown owner - C:\Program Files\SpywareBot\SpywareBotSrv.srv.exe (file missing)

    O24 - Desktop Component 0: (no name) - (no file)


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

Step 2: Download and Run OTMoveIt3
Download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double-click on OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below.
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: Select all
    :processes
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\SpywareBot\SpywareBotSrv.srv.exe
    antispyfilter
    
    :services
    "ewido anti-spyware 4.0 driver"
    "ewido anti-spyware 4.0 guard"
    SpywareBotSrv
    AntiSpyFilter
    
    :files
    C:\Program Files\ewido anti-spyware 4.0
    C:\Program Files\SpywareBot
    C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
    C:\WINDOWS\system32\DRIVERS\antispyfilter.sys
  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • If you are not asked to reboot close OTMoveIt3 and reboot manually.
  • A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).

Step 3: Post logs
Please post the following logs in a reply to this topic:
  • New HijackThis log
  • OTMoveIt log

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: my HikackThisLog

Unread postby computeruser » December 21st, 2008, 1:27 pm

John
Thanks so much. I did try ewido once, thought I had removed it, but here it is!
Steve


1. from moveit
1111111111111111111
========== PROCESSES ==========
Unable to kill process: C:\Program Files\ewido anti-spyware 4.0\guard.exe
Unable to kill process: C:\Program Files\SpywareBot\SpywareBotSrv.srv.exe
Unable to kill process: antispyfilter
========== SERVICES/DRIVERS ==========
Unable to stop service "ewido anti-spyware 4.0 driver" .
Unable to stop service "ewido anti-spyware 4.0 guard" .
Unable to stop service SpywareBotSrv .
Unable to stop service AntiSpyFilter .
========== FILES ==========
File/Folder C:\Program Files\ewido anti-spyware 4.0 not found.
File/Folder C:\Program Files\SpywareBot not found.
C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job moved successfully.
C:\WINDOWS\system32\DRIVERS\antispyfilter.sys moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12212008_091447
end of 111111111

2.
22222222222222222222222222
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:48 AM, on 12/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\SxgTkBar.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\hdsp32.exe
C:\WINDOWS\system32\hdspmix.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\quickenw\QAGENT.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs3.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv3.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\sje\Desktop\donwload\virus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPWU_MPM_Agent] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\mpm.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV3.EXE /Logon
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS3.EXE /logon
O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe
O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QAGENT] C:\quickenw\QAGENT.EXE
O4 - HKLM\..\Run: [T-Mobile Connection Manager] "C:\Program Files\T-Mobile\Connection Manager\TMobileCM.exe" -a
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Stock Spy Tray] "C:\Program Files\Stock Spy\Stock Spy Tray.lnk"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DropBoxUtility] "C:\Program Files\DropBox\DropBox\DropBox.exe" /s
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Tmesbs3 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs3.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv3.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 7707 bytes
end of 22222222222222222222
computeruser
Regular Member
 
Posts: 29
Joined: December 6th, 2008, 10:38 pm

Re: my HikackThisLog

Unread postby John B. » December 21st, 2008, 2:43 pm

Hi Steve,

I did try ewido once, thought I had removed it, but here it is!

Yes, it suddenly appeared but went as easy as it came, so no problem..

The O24 line keeps coming back, but I found something that may make it go away:
Go to Start > Control Panel > Display Properties > Desktop > Customize Desktop... > Web tab
Uncheck and Delete everything you find in there. (Except for "My Current Home Page.")


Seems like we got rid of SpywareBot. Now let's focus on Java.

Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
First remove the older versions:
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for each version of Java that is present
  • Download JavaRa and unzip it to your desktop.
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.
Now let's download and install the newest version:
  • Download Java SE Runtime Environment (JRE) 6 Update 11 from here: http://java.sun.com/javase/downloads/index.jsp
  • As Platform select your operating system, agree to the License Agreement and click Continue.
  • Now click on the link under Windows Offline Installation and download the installer to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on the download to install the newest version.
  • Reboot your computer.

Post the JavaRa log, a new uninstall log and a new HijackThis log and tell me about any problems with Java or other problems we still have to work on.

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: my HikackThisLog

Unread postby computeruser » December 21st, 2008, 4:40 pm

John
I wasn't quite sure which the uninstal log was, so I hope these cover it.

Internet Explorer still will not go to a page, unless I stop it, then type in a URL. But it will run Java now!

Thanks
Steve

111111111111111
JavaRa 1.12 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Sun Dec 21 11:57:24 2008

Found and removed: Software\JavaSoft\Java2D\1.5.0_03Found and removed: Software\JavaSoft\Java2D\1.5.0_04Found and removed: Software\JavaSoft\Java2D\1.5.0_05Found and removed: Software\JavaSoft\Java2D\1.5.0_06Found and removed: Software\JavaSoft\Java2D\1.5.0_09Found and removed: Software\JavaSoft\Java2D\1.5.0_10Found and removed: Software\JavaSoft\Java2D\1.5.0_11Found and removed: SOFTWARE\Classes\JavaPlugin.150_03Found and removed: SOFTWARE\Classes\JavaPlugin.150_05Found and removed: SOFTWARE\Classes\JavaPlugin.150_06Found and removed: SOFTWARE\Classes\JavaPlugin.150_09Found and removed: SOFTWARE\Classes\JavaPlugin.150_10Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510003Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510005Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006Found and removed: Software\Classes\JavaPlugin.160_03Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_09\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\------------------------------------Finished reporting.
end of 1111111

22222222222222222222
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:35 PM, on 12/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\SxgTkBar.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\hdsp32.exe
C:\WINDOWS\system32\hdspmix.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\quickenw\QAGENT.EXE
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs3.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv3.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\sje\Desktop\donwload\virus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPWU_MPM_Agent] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\mpm.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV3.EXE /Logon
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS3.EXE /logon
O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe
O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QAGENT] C:\quickenw\QAGENT.EXE
O4 - HKLM\..\Run: [T-Mobile Connection Manager] "C:\Program Files\T-Mobile\Connection Manager\TMobileCM.exe" -a
O4 - HKLM\..\Run: [Stock Spy Tray] "C:\Program Files\Stock Spy\Stock Spy Tray.lnk"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DropBoxUtility] "C:\Program Files\DropBox\DropBox\DropBox.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Tmesbs3 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs3.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv3.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 7708 bytes
end of 222222222

333333333333333333
Logfile of random's system information tool 1.05 (written by random/random)
Run by sje at 2008-12-21 12:38:04
Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (32%) free of 57 GB
Total RAM: 1023 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:08 PM, on 12/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\SxgTkBar.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\hdsp32.exe
C:\WINDOWS\system32\hdspmix.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\quickenw\QAGENT.EXE
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs3.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv3.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\sje\Desktop\donwload\virus\HijackThis.exe
C:\Documents and Settings\sje\Desktop\donwload\virus\malware\RSIT(2).exe
C:\Documents and Settings\sje\Desktop\donwload\virus\sje.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPWU_MPM_Agent] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\mpm.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV3.EXE /Logon
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS3.EXE /logon
O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe
O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QAGENT] C:\quickenw\QAGENT.EXE
O4 - HKLM\..\Run: [T-Mobile Connection Manager] "C:\Program Files\T-Mobile\Connection Manager\TMobileCM.exe" -a
O4 - HKLM\..\Run: [Stock Spy Tray] "C:\Program Files\Stock Spy\Stock Spy Tray.lnk"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DropBoxUtility] "C:\Program Files\DropBox\DropBox\DropBox.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Tmesbs3 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs3.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv3.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 7844 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-21 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-21 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-21 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Tpwrtray"=TPWRTRAY.EXE []
"TosHKCW.exe"=C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [2002-01-22 49152]
"TFNF5"=TFNF5.exe []
"SxgTkBar"=SxgTkBar.exe []
"NvCplDaemon"=NvQTwk []
"00THotkey"=C:\WINDOWS\System32\00THotkey.exe [2002-01-30 249856]
"000StTHK"=000StTHK.exe []
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-11-10 188416]
"HPWU_MPM_Agent"=C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\mpm.exe [2005-11-08 106496]
"TMESRV.EXE"=C:\Program Files\TOSHIBA\TME3\TMESRV3.EXE [2002-02-18 126976]
"TMESBS.EXE"=C:\Program Files\TOSHIBA\TME3\TMESBS3.EXE [2001-08-23 61440]
"HPWUTOOLBOX"=C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe [2005-11-08 352256]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-08-09 221184]
"HDSPTray1"=hdsp32.exe []
"HDSPTray2"=hdspmix.exe []
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-29 155648]
"PaperPort PTD"=C:\Program Files\Scansoft\PaperPort\pptd40nt.exe [2006-05-05 36864]
"IndexSearch"=C:\Program Files\Scansoft\PaperPort\IndexSearch.exe [2006-05-05 40960]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-12-11 286720]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-02-20 1443072]
"QAGENT"=C:\quickenw\QAGENT.EXE [2000-09-19 94208]
"T-Mobile Connection Manager"=C:\Program Files\T-Mobile\Connection Manager\TMobileCM.exe [2007-07-23 18968]
"Stock Spy Tray"=C:\Program Files\Stock Spy\Stock Spy Tray.lnk []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe []
"DropBoxUtility"=C:\Program Files\DropBox\DropBox\DropBox.exe /s []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-21 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2005-01-04 405583]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\sje\Start Menu\Programs\Startup
Check for TWS Updates.lnk - C:\Jts\WiseUpdt.exe
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoBandCustomize"=0
"NoMovingBands"=0
"NoCloseDragDropBands"=0
"NoActiveDesktop"=0
"ExSearchOptions"=170685

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\PHILLIP 2\Games\Flight Simulator\Flight Simulator 9\fs9.exe"="E:\PHILLIP 2\Games\Flight Simulator\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Microsoft Visual FoxPro 8\vfp8.exe"="C:\Program Files\Microsoft Visual FoxPro 8\vfp8.exe:*:Enabled:Microsoft Visual FoxPro 8.0"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe"="C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\QuoteTracker\stocks.exe"="C:\Program Files\QuoteTracker\stocks.exe:*:Enabled:stocks"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\Microsoft Visual FoxPro 9\vfp9.exe"="C:\Program Files\Microsoft Visual FoxPro 9\vfp9.exe:*:Enabled:Microsoft Visual FoxPro 9.0 SP1"
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"="C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\QuoteLink\0-73-1\Run\winql.exe"="C:\Program Files\QuoteLink\0-73-1\Run\winql.exe:*:Enabled:QuoteLink Tools module"
"C:\Program Files\Microsoft Office\Office\EXCEL.EXE"="C:\Program Files\Microsoft Office\Office\EXCEL.EXE:*:Enabled:Microsoft Excel for Windows"
"C:\Program Files\QuoteLink\0-73-1\Run\qview.exe"="C:\Program Files\QuoteLink\0-73-1\Run\qview.exe:*:Enabled:QuoteLink Tools module"
"C:\Program Files\DTN\IQFeed\iqconnect.exe"="C:\Program Files\DTN\IQFeed\iqconnect.exe:*:Enabled:IQConnect Application"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Prophet\plink.exe"="C:\Prophet\plink.exe:*:Enabled:a5"
"C:\Program Files\CLR Script\CLRScrpt.exe"="C:\Program Files\CLR Script\CLRScrpt.exe:*:Enabled:CLR Script"
"C:\Documents and Settings\sje\Desktop\Phillip\WELCOME PHILLIP!\ALL GAMES\FLIGHT SIMULATOR\squak box\squawkbox.exe"="C:\Documents and Settings\sje\Desktop\Phillip\WELCOME PHILLIP!\ALL GAMES\FLIGHT SIMULATOR\squak box\squawkbox.exe:*:Enabled:squawkbox.exe"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"E:\PHILLIP 2\Games\Flight simulator\fs9.exe"="E:\PHILLIP 2\Games\Flight simulator\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:eBay - Skype"
"C:\Program Files\Stock Spy Demo\jre\bin\javaw.exe"="C:\Program Files\Stock Spy Demo\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\Stock Spy\jre\bin\javaw.exe"="C:\Program Files\Stock Spy\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Documents and Settings\Phillip.SE\Desktop\Phillip Hub\WELCOME PHILLIP!\ALL GAMES\FLIGHT SIMULATOR\squak box\squawkbox.exe"="C:\Documents and Settings\Phillip.SE\Desktop\Phillip Hub\WELCOME PHILLIP!\ALL GAMES\FLIGHT SIMULATOR\squak box\squawkbox.exe:*:Enabled:squawkbox.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"I:\PHILLIP 2\Games\Flight Simulator\fs9.exe"="I:\PHILLIP 2\Games\Flight Simulator\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"E:\LAPNETWIZARD.EXE"="E:\LAPNETWIZARD.EXE:*:Enabled:LapNet Wizard Application"
"D:\LAPNETWIZARD.EXE"="D:\LAPNETWIZARD.EXE:*:Enabled:LapNet Wizard Application"
"C:\Program Files\DropBox\DropBox\DropBox.exe"="C:\Program Files\DropBox\DropBox\DropBox.exe:*:Enabled:DropBox"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32569a55-090d-11dd-a32b-000039f85fb6}]
shell\AutoRun\command - D:\LapNetWizard.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5c41281-b5a3-11dc-a2ff-00022d5d410b}]
shell\AutoRun\command - D:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcb58341-0397-11dd-a324-00022d5d410b}]
shell\AutoRun\command - E:\LapNetWizard.exe


======List of files/folders created in the last 1 months======

2008-12-21 12:11:10 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-21 12:11:10 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-21 12:11:10 ----A---- C:\WINDOWS\system32\java.exe
2008-12-21 09:10:38 ----D---- C:\_OTMoveIt
2008-12-20 13:11:43 ----D---- C:\rsit
2008-12-20 11:12:30 ----D---- C:\Documents and Settings\sje\Application Data\Malwarebytes
2008-12-20 11:12:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-20 11:12:22 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-11 17:30:21 ----D---- C:\Documents and Settings\sje\Application Data\FileZilla
2008-12-11 14:57:09 ----A---- C:\reregisterie.cmd
2008-12-11 13:37:51 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 13:36:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 13:36:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 13:35:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-05 21:40:40 ----A---- C:\WINDOWS\system32\CNMLM87.DLL
2008-12-03 20:12:01 ----D---- C:\Program Files\Traction Software
2008-12-03 20:01:41 ----D---- C:\Program Files\MS PowerPoint Print Multiple Presentations Software
2008-12-03 09:10:08 ----A---- C:\WINDOWS\SamControlpanel95.INI
2008-11-30 18:39:32 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-11-24 11:45:28 ----D---- C:\Documents and Settings\sje\Application Data\Mozilla
2008-11-24 11:45:16 ----D---- C:\Program Files\Mozilla Firefox
2008-11-23 19:29:48 ----D---- C:\Program Files\WIBU-SYSTEMS
2008-11-23 19:29:47 ----D---- C:\Program Files\CodeMeter
2008-11-23 19:29:08 ----A---- C:\WINDOWS\system32\TTIC32.dll
2008-11-23 19:29:08 ----A---- C:\WINDOWS\system32\MXRestore.exe
2008-11-23 19:29:08 ----A---- C:\WINDOWS\system32\mgxasio2.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\TTI32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\STRING32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\mgxcdr.txt
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLTPO32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLRES32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLRD32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLPTL32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLPRJ32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLPRF32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLPNT32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLMSC32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLIX.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLISO32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLIO32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLIMG32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLDRV32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLDIR32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLDEV32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLCPY32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLCDF32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLCDA32.dll
2008-11-23 19:29:07 ----A---- C:\WINDOWS\system32\DLLAV32.dll
2008-11-23 19:27:53 ----D---- C:\Program Files\MAGIX
2008-11-23 19:27:53 ----A---- C:\WINDOWS\system32\DLLDEV32i.dll

======List of files/folders modified in the last 1 months======

2008-12-21 12:36:22 ----D---- C:\WINDOWS\temp
2008-12-21 12:20:16 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem AMR.txt
2008-12-21 12:19:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-21 12:15:58 ----D---- C:\WINDOWS\Prefetch
2008-12-21 12:11:15 ----HD---- C:\Config.Msi
2008-12-21 12:11:11 ----D---- C:\WINDOWS\system32
2008-12-21 12:10:51 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-21 12:10:50 ----SHD---- C:\WINDOWS\Installer
2008-12-21 12:10:47 ----D---- C:\Program Files\Java
2008-12-21 11:49:46 ----D---- C:\Program Files\Common Files
2008-12-21 11:47:14 ----RD---- C:\Program Files
2008-12-21 09:14:47 ----SD---- C:\WINDOWS\Tasks
2008-12-21 09:14:47 ----D---- C:\WINDOWS\system32\drivers
2008-12-20 13:06:35 ----ASH---- C:\boot.ini
2008-12-20 13:06:35 ----A---- C:\WINDOWS\win.ini
2008-12-20 13:06:34 ----A---- C:\WINDOWS\SYSTEM.INI
2008-12-20 13:06:33 ----D---- C:\WINDOWS\pss
2008-12-20 13:06:14 ----D---- C:\WINDOWS
2008-12-20 13:04:06 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-20 11:04:10 ----D---- C:\Program Files\AquaNotes
2008-12-20 11:03:06 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-20 11:03:06 ----D---- C:\Program Files\Adobe
2008-12-20 11:03:05 ----D---- C:\Documents and Settings\sje\Application Data\Adobe
2008-12-20 11:02:26 ----D---- C:\Program Files\Apple Software Update
2008-12-20 11:01:36 ----HD---- C:\WINDOWS\inf
2008-12-20 11:01:29 ----D---- C:\WINDOWS\twain_32
2008-12-20 10:57:59 ----D---- C:\Program Files\DropBox
2008-12-20 10:57:36 ----D---- C:\WINDOWS\WinSxS
2008-12-20 10:56:56 ----D---- C:\Program Files\HP
2008-12-20 10:56:44 ----D---- C:\Documents and Settings\All Users\Application Data\PureEdge
2008-12-20 10:56:44 ----AC---- C:\WINDOWS\PureEdgeAPI.ini
2008-12-20 10:56:31 ----D---- C:\Program Files\IrfanView
2008-12-20 10:55:09 ----RSD---- C:\WINDOWS\assembly
2008-12-20 10:55:07 ----D---- C:\Program Files\OpenOffice.org 2.2
2008-12-20 10:49:55 ----D---- C:\Program Files\Replay Screencast
2008-12-20 10:48:14 ----D---- C:\Program Files\Smart PDF Converter Pro
2008-12-20 10:47:03 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-20 10:46:19 ----D---- C:\Documents and Settings\sje\Application Data\Viewpoint
2008-12-20 10:46:19 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-20 10:46:14 ----D---- C:\Program Files\Viewpoint
2008-12-18 19:24:50 ----D---- C:\Jts
2008-12-18 11:00:47 ----D---- C:\WINDOWS\system32\FxsTmp
2008-12-15 07:54:15 ----D---- C:\Program Files\Outlook Express
2008-12-11 16:09:08 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-11 16:08:19 ----D---- C:\Program Files\Common Files\Software FX Shared
2008-12-11 13:37:30 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 13:37:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-11 13:37:07 ----D---- C:\Program Files\Internet Explorer
2008-12-11 13:36:49 ----D---- C:\WINDOWS\ie7updates
2008-12-11 13:36:39 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-09 15:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-08 12:30:12 ----A---- C:\WINDOWS\smartkeydiagnostics.txt
2008-12-05 21:48:03 ----D---- C:\WINDOWS\Media
2008-11-23 19:29:33 ----D---- C:\WINDOWS\system32\MAGIX
2008-11-23 19:27:39 ----A---- C:\WINDOWS\mgxoschk.ini
2008-11-23 13:15:42 ----D---- C:\Program Files\CLR Script
2008-11-23 11:29:53 ----D---- C:\d
2008-11-22 03:21:54 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-02-20 29704]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 TMEI3E;TMEI3E; C:\WINDOWS\System32\Drivers\TMEI3E.sys [2002-01-08 5802]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
R2 CmosTime;CmosTime; \??\C:\WINDOWS\system32\CmosTime.sys []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-02-20 39944]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys [2000-05-31 34712]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-11-16 119808]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-04-19 911661]
R3 pfc;Padus ASPI Shell; \??\C:\WINDOWS\system32\drivers\pfc.sys []
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-09-11 38425]
R3 SOFTXG;YAMAHA XG WDM SoftSynthesizer; C:\WINDOWS\system32\drivers\sxgxgwdm.sys [2001-07-09 967040]
R3 TOSHIBASoftModem;TOSHIBA Software Modem; C:\WINDOWS\System32\DRIVERS\LTSM.sys [2001-09-26 799816]
R3 tsdhd;TOSHIBA SD Card Host Controller Driver; C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2002-01-07 22928]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WDM_YAMAHAAC97;YAMAHA AC-XG Audio Device; C:\WINDOWS\system32\drivers\yacxg.sys [2002-07-19 1099264]
S1 AntiSpyFilter;AntiSpyFilter; C:\WINDOWS\system32\DRIVERS\antispyfilter.sys []
S1 ewido anti-spyware 4.0 driver;ewido anti-spyware 4.0 driver; \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender9\bdfdll.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 evomouflt;Evoluent Mouse Filter Service; C:\WINDOWS\system32\DRIVERS\evomouflt.sys [2007-12-06 15744]
S3 hdsp;RME Hammerfall Audio Device; C:\WINDOWS\system32\DRIVERS\hdsp.sys [2007-08-16 42624]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]
S3 marsqx5;Digital Blue QX5 V2 Microscope; C:\WINDOWS\system32\DRIVERS\marsqx5.sys [2007-04-02 72576]
S3 MaxtorFrontPanel1;Maxtor 1394 Storage Front Panel Driver; C:\WINDOWS\system32\DRIVERS\mxofwfp.sys [2003-03-13 19712]
S3 MouseCmn;Mouse Driver; C:\WINDOWS\system32\DRIVERS\Ms2KFlt.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 pciSd;pciSd; C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2002-01-07 15111]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCTINDIS5.SYS []
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-07 21760]
S3 sermouse;Serial Mouse Driver; C:\WINDOWS\System32\DRIVERS\sermouse.sys [2001-08-17 17664]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 toslane;Toshiba BT-LANE; C:\WINDOWS\System32\DRIVERS\TOSRFLAN.sys [2002-02-07 25420]
S3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\System32\DRIVERS\tosporte.sys [2001-11-16 39087]
S3 Tosrfbd;Bluetooth RFBUS from Toshiba; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2002-02-07 76920]
S3 Tosrfcom;Bluetooth RFCOMM from Toshiba; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2002-01-24 52341]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2002-01-24 35497]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2004-12-06 104064]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 wlluc48;Wireless LAN PC Card Driver; C:\WINDOWS\System32\DRIVERS\wlluc48.sys [2001-12-19 155136]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-21 152984]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2002-04-19 61440]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Tmesbs;Tmesbs3; C:\Program Files\TOSHIBA\TME3\Tmesbs3.exe [2001-08-23 61440]
R2 Tmesrv;Tmesrv3; C:\Program Files\TOSHIBA\TME3\Tmesrv3.exe [2002-02-18 126976]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-02-20 19200]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MSSQL$NR2005;MSSQL$NR2005; C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 SQLAgent$NR2005;SQLAgent$NR2005; C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlagent.EXE [2002-12-17 311872]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [2007-12-11 382320]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 ewido anti-spyware 4.0 guard;ewido anti-spyware 4.0 guard; C:\Program Files\ewido anti-spyware 4.0\guard.exe []

-----------------EOF-----------------
end of 33333333333333333333

444444444444
info.txt logfile of random's system information tool 1.05 2008-12-20 13:11:57

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{40EF8CEA-ACC4-4C03-824C-55AF8B8EAAE6}
CLR Script 1.62-->"C:\Program Files\CLR Script\CLRScrpt.exe" /uninstall
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ContinuumClient-->C:\PROGRA~1\Quote.com\CONTIN~1\UNWISE.EXE C:\PROGRA~1\Quote.com\CONTIN~1\INSTALL.LOG
Directory Printer 3.72-->"C:\Program Files\Dirprint\unins000.exe"
Directory Report-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0D9B75C0-3FC9-11D5-8617-00D0B707C2B6}\setup.exe" -l0x9 -removeonly
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dr Watson for Microsoft Windows OneCare Live v0.9.0929.18-->MsiExec.exe /I{C544F99D-39EF-4E6D-95BE-4E41C1D8C4CB}
Dragon NaturallySpeaking 8-->MsiExec.exe /I{DDDD0C4B-57F7-4A85-ACF0-DB3FC8F1DBB4}
Edelweiss A320-214 Flotte-->E:\PHILLIP 2\Games\Flight Simulator\Uninstall_edw_a320.exe
Edelweiss A330-243-->E:\PHILLIP 2\Games\Flight Simulator\Uninstall_edw_a330.exe
ESET NOD32 Antivirus-->MsiExec.exe /I{7D974ACA-4EE5-412C-8E6A-A5B57B305727}
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Great Lakes Beech 1900D-->E:\PHILLIP 2\Games\Flight Simulator\Uninstal.exe
HijackThis 2.0.2-->"C:\Documents and Settings\sje\Desktop\donwload\virus\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Officejet Pro K550 Series-->C:\Program Files\HP\Digital Imaging\{2B01846C-C137-4e40-B1B2-BFA80DF1A632}\setup\hpzscr01.exe -datfile hpwscr03.dat -forcereboot
Inno Setup version 5.1.8-->"C:\Program Files\Inno Setup 5\unins000.exe"
Intel(R) PRO Ethernet Adapter and Software-->Prounstl.exe
Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Development Kit 6 Update 10-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160100}
KDEN Denver-->E:\PHILLIP 2\Games\Flight Simulator\Uninstall KDEN.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft ActiveSync 3.8-->"C:\WINDOWS\ISUNINST.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
Microsoft Flight Simulator 2004 A Century of Flight-->"E:\PHILLIP 2\Games\Flight Simulator\UNINSTAL.EXE" /runtemp /addremove
Microsoft Identity Integration Server 2003 Resource Tool Kit-->MsiExec.exe /I{E27B1348-46D1-4D22-9EFE-C92F45174A02}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Small Business-->MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Desktop Engine (NeatReceipts Professional)-->C:\Program Files\NeatReceipts Professional\UninstallNR2005.exe
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual FoxPro 9.0 Professional - English-->C:\Program Files\Microsoft Visual FoxPro 9\setup\Visual FoxPro 9.0 Professional - English\setup.exe /MaintMode
MightyFax-->C:\PROGRA~1\MIGHTY~1\UnMighty.EXE
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MS PowerPoint Print Multiple Presentations Software 7.0-->"C:\Program Files\MS PowerPoint Print Multiple Presentations Software\unins000.exe"
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NeatReceipts Professional v2.7.5-->C:\Program Files\NeatReceipts Professional\uninstallNR.exe
NetZoom-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61872626-FF50-40FA-B299-349D479E8208}\setup.exe"
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvts.inf
Outlook Express Quick Backup-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Outlook Express Quick Backup\ST6UNST.LOG"
Pagis Viewer 2.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Xerox\Pagis Viewer 2.0\Uninst.isu"
Quicken 2001 New User Edition-->C:\quickenw\WINNT\Intuit\UNWISE.EXE C:\quickenw\WINNT\Intuit\INSTALL.LOG
QuickTime-->MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RME DIGICheck-->"C:\Program Files\RME\Digicheck44\Uninstall.exe" "C:\Program Files\RME\Digicheck44\install.log"
RME Hammerfall DSP (WDM)-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\hdsp.inf
RME HDSP Meter Bridge-->"C:\Program Files\RME\Meterbridge20\Uninstall.exe" "C:\Program Files\RME\Meterbridge20\install.log"
Samplitude 10 Download version 10.1.0.0 (US)-->C:\Program Files\MAGIX\Samplitude_10_Download_version\unwise.exe
ScanSoft PaperPort 11-->MsiExec.exe /I{02E73E50-6513-4802-8600-B5A5BA185BE3}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Short Empire for FSX or FS2004-->MsiExec.exe /X{85CCDC7D-71DA-4671-9FF6-1ABF86439859}
Speak Clipboard-->MsiExec.exe /I{A14B5972-EEFC-48F1-A3EC-A2CD1284C670}
T-Mobile Connection Manager-->MsiExec.exe /X{DFA57DE1-DE72-4EFA-85DE-D1426A9D0996}
TOSHIBA Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -uninst
Toshiba Hotkey Utility for Display Devices-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5
TOSHIBA Management Console Version 3.5 (3.5.2)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TOSHIBA Management Console\Uninst.isu" -c"C:\Program Files\TOSHIBA\TOSHIBA Management Console\ttinst.dll"
TOSHIBA Mobile Extension3 V3.19.00-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TME3\Uninst.isu" -c"C:\Program Files\TOSHIBA\TME3\uninstx.dll"
TOSHIBA Power Saver-->TPWRDEL.EXE
TOSHIBA Software Modem-->Tosmreg -U
Toshiba Tbiosdrv Driver-->C:\PROGRA~1\Toshiba\TOSHIB~2\UNWISE.EXE C:\PROGRA~1\Toshiba\TOSHIB~2\INSTALL.LOG
TOSHIBA Utilities-->tutildel.exe
Trader Workstation 4.0-->C:\Jts\UNWISE.EXE C:\Jts\INSTALL.LOG
TTS_Technology-->MsiExec.exe /I{AC696733-F8C5-4EAD-B165-AC8AB8C2A755}
TWC User Controls-->MsiExec.exe /I{DCC72248-D3D2-4846-8499-A400053A430E}
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
TWS Interoperability Components-->C:\Jts\UNWISE.EXE C:\Jts\INSTALL.LOG
Ultimate Traffic-->C:\WINDOWS\iun6002.exe "E:\PHILLIP 2\Games\Flight Simulator\UT13.ini"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Virtual Frontier (iFDG) Airbus A-319-->E:\PHILLIP 2\Games\Flight Simulator\Uninstal.exe
Virtual FRONTIER iFDG Airbus A-319-->E:\PHILLIP 2\Games\Flight Simulator\Uninstal.exe
Virtual Frontier Jet Express CRJ-700-->E:\PHILLIP 2\Games\Flight Simulator\Uninstal.exe
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Wireless Hotkey-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7862BAD8-A379-4128-8AA1-EFD5A9603C53}\Setup.exe"
Xpander-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll<UNINSTALL_CMD>
YAMAHA AC-XG WDM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3663DDE0-D8AE-11D3-9850-00C04F7AC096}\setup.exe" maintenance
YAMAHA XG SoftSynthesizer S-YXG50-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B713000F-FBE3-11D3-9D91-0050DA5C3DCF}\setup.exe"

=====HijackThis Backups=====

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O24 - Desktop Component 0: (no name) - (no file)
O2 - BHO: (no name) - {09628AAA-66AD-4FA2-82E2-698185B66463} - (no file)
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

======Security center information======

AV: ESET NOD32 Antivirus 3.0

System event log

Computer Name: SE
Event Code: 4202
Message: The system detected that network adapter \DEVICE\TCPIP_{38B3A2F4-EA85-4ED4-940B-DF85C7643357} was disconnected from the network,
and the adapter's network configuration has been released. If the network
adapter was not disconnected, this may indicate that it has malfunctioned.
Please contact your vendor for updated drivers.

Record Number: 611
Source Name: Tcpip
Time Written: 20080531143507.000000-420
Event Type: information
User:

Computer Name: SE
Event Code: 4
Message: Adapter Intel(R) PRO/100 VE Network Connection: Adapter Link Down

Record Number: 610
Source Name: E100B
Time Written: 20080531143501.000000-420
Event Type: error
User:

Computer Name: SE
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 609
Source Name: Tcpip
Time Written: 20080531092932.000000-420
Event Type: warning
User:

Computer Name: SE
Event Code: 1002
Message: The IP address lease 192.168.1.100 for the Network Card with network address 000039F85FB6 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 608
Source Name: Dhcp
Time Written: 20080531081924.000000-420
Event Type: error
User:

Computer Name: SE
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000039F85FB6. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 607
Source Name: Dhcp
Time Written: 20080531081923.000000-420
Event Type: warning
User:

Application event log

Computer Name: SE
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 15653
Source Name: SecurityCenter
Time Written: 20080728042931.000000-420
Event Type: information
User:

Computer Name: SE
Event Code: 1802
Message: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Record Number: 15652
Source Name: SecurityCenter
Time Written: 20080728042931.000000-420
Event Type: error
User:

Computer Name: SE
Event Code: 0
Message:
Record Number: 15651
Source Name: Viewpoint Manager Service
Time Written: 20080728042930.000000-420
Event Type: information
User:

Computer Name: SE
Event Code: 1001
Message: Detection of product '{DDDD0C4B-57F7-4A85-ACF0-DB3FC8F1DBB4}', feature 'NatSpeak' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Record Number: 15650
Source Name: MsiInstaller
Time Written: 20080726020521.000000-420
Event Type: warning
User: SE\sje

Computer Name: SE
Event Code: 1004
Message: Detection of product '{DDDD0C4B-57F7-4A85-ACF0-DB3FC8F1DBB4}', feature 'NatSpeak', component '{5CC2D105-DDDD-4EC4-8B74-750194E57B99}' failed. The resource 'HKEY_CURRENT_USER\Software\InstallShield\UpdateService\' does not exist.

Record Number: 15649
Source Name: MsiInstaller
Time Written: 20080726020521.000000-420
Event Type: warning
User: SE\sje

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\ImageConverter Plus;C:\Program Files\ImageConverter Plus;C:\Program Files\SizeExplorer Pro 3.8.6;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0204
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"VERSION"=3.0.5.001
"SESSIONID"=1130435106148htx605612eb04e:10732fc8acf:-43a5
"COLLECTIONID"=COL8143
"ITEMID"=dj-22741-15
"UPDATEDIR"=C:\DOCUME~1\sje\LOCALS~1\Temp\radDC882.tmp
"TOOLPATH"=/C:\Program%20Files\Hewlett-Packard\HP%20Software%20Update\install.htm
"HMSERVER"=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.18.30716
"OSVER"=winXPP
"LANG"=1033
"TIMEOUT"=0
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------
end of 444444444444
computeruser
Regular Member
 
Posts: 29
Joined: December 6th, 2008, 10:38 pm

Re: my HikackThisLog

Unread postby John B. » December 21st, 2008, 5:08 pm

Hi Steve,

That is not really an uninstall log. I told you in my initial post how to make one:
viewtopic.php?p=383541#p383541
Please post a new one.

Also, did you try this:
John B. wrote:Go to Start > Control Panel > Display Properties > Desktop > Customize Desktop... > Web tab
Uncheck and Delete everything you find in there. (Except for "My Current Home Page.")

Did you have to change anything?

When did you start having problems with Internet Explorer? After installing anything new?

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: my HikackThisLog

Unread postby computeruser » December 21st, 2008, 5:20 pm

I tried the display, remove web. There was a single entry there but with no name, other than "web." I removed it. It did not come back.

I think the problems with IE started after I upgraded adobe to 9, a few months ago.

Thanks
Steve

11111111111
32 Bit HP CIO Components Installer
Acrobat.com
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Adobe Shockwave Player
Apple Mobile Device Support
Audacity 1.2.6
Bluetooth Stack for Windows by Toshiba
CLR Script 1.62
Compatibility Pack for the 2007 Office system
ContinuumClient
Directory Printer 3.72
Directory Report
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Dr Watson for Microsoft Windows OneCare Live v0.9.0929.18
Dragon NaturallySpeaking 8
Edelweiss A320-214 Flotte
Edelweiss A330-243
ESET NOD32 Antivirus
Google Earth
Great Lakes Beech 1900D
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Officejet Pro K550 Series
Inno Setup version 5.1.8
Intel(R) PRO Ethernet Adapter and Software
Java(TM) 6 Update 11
KDEN Denver
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ActiveSync 3.8
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Identity Integration Server 2003 Resource Tool Kit
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Small Business
Microsoft Office PowerPoint Viewer 2003
Microsoft SQL Server Desktop Engine (NeatReceipts Professional)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual FoxPro 9.0 Professional - English
MightyFax
Mozilla Firefox (3.0.5)
MS PowerPoint Print Multiple Presentations Software 7.0
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
NeatReceipts Professional v2.7.5
NetZoom
NVIDIA Windows 2000/XP Display Drivers
Outlook Express Quick Backup
Pagis Viewer 2.0
Quicken 2001 New User Edition
QuickTime
RealPlayer
RME DIGICheck
RME Hammerfall DSP (WDM)
RME HDSP Meter Bridge
Samplitude 10 Download version 10.1.0.0 (US)
ScanSoft PaperPort 11
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Short Empire for FSX or FS2004
Speak Clipboard
T-Mobile Connection Manager
TOSHIBA Console
Toshiba Hotkey Utility for Display Devices
TOSHIBA Management Console Version 3.5 (3.5.2)
TOSHIBA Mobile Extension3 V3.19.00
TOSHIBA Power Saver
TOSHIBA Software Modem
Toshiba Tbiosdrv Driver
TOSHIBA Utilities
Trader Workstation 4.0
TTS_Technology
TWC User Controls
Tweak UI
TWS Interoperability Components
Ultimate Traffic
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Virtual Frontier (iFDG) Airbus A-319
Virtual FRONTIER iFDG Airbus A-319
Virtual Frontier Jet Express CRJ-700
Windows Defender Signatures
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Wireless Hotkey
Xpander
YAMAHA AC-XG WDM
YAMAHA XG SoftSynthesizer S-YXG50
end of 1
computeruser
Regular Member
 
Posts: 29
Joined: December 6th, 2008, 10:38 pm

Re: my HikackThisLog

Unread postby John B. » December 22nd, 2008, 10:00 am

Hi Steve,

What happens when you just let it go. Do you eventually get a message that the page could not be displayed? When answering please post a NEW HijackThis log as well (the one you posted in your initial post).

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: my HikackThisLog

Unread postby John B. » December 25th, 2008, 6:58 am

If you do not answer within 48 hours I will close this topic.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 61 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware