TheTechGuide Forum

General Category => Tech Clinic => Topic started by: resevil83 on February 23, 2010, 04:11:31 AM

Title: Quick Check on Possible Threats
Post by: resevil83 on February 23, 2010, 04:11:31 AM
Back again, I was wondering if you could take a quick check at this hijack. This is my friends laptop. They say it runs slow and it has viruses on it. I have not seen any viruses on it yet and it runs pretty smooth to me. The only thing I did notice was their internet connections were all set up oddly. They had manual assigned IP addresses and they also had a gateway set up. I will find out who their provider is, but I really don't think that they have dial up and I'm almost 100% positive that they have this computer configured just for in home use.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 2:58:10 AM, on 2/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061218
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061218
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [moatehlc] C:\Documents and Settings\Jill Oberheide\Local Settings\Application Data\pifjxa\shbtsftav.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [moatehlc] C:\Documents and Settings\Jill Oberheide\Local Settings\Application Data\pifjxa\shbtsftav.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab (http://\"http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab\")
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (http://\"http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab\")
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MgiSvr - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
O23 - Service: NMSAccessU - Unknown owner - C:\WINDOWS\system32\NMSAccessU.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 9615 bytes
Title: Quick Check on Possible Threats
Post by: resevil83 on February 23, 2010, 02:53:24 PM
I did a scan with AVG and here are the results. I'm not doing anyhting else but that for the moment. Only reason why I did that was because of the fact that this computer is running very smooth and has not shown me any threats so far.

Here are some problems that I have noticed. Upon reboot the adobe acrobat folder opens every time. Also this error message pops up "Runner file name (LogitechDesktopMessenger.exe) lacks a '-' (the app id seperator)"

"Scan ""Scan whole computer"" was finished."
"Infections";"4";"4";"0"
"Warnings";"2";"2";"0"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"Tuesday, February 23, 2010, 3:43:30 AM"
"Scan finished:";"Tuesday, February 23, 2010, 5:22:10 AM (1 hour(s) 38 minute(s) 40 second(s))"
"Total object scanned:";"400255"
"User who launched the scan:";"Jill Oberheide"

"Infections"
"File";"Infection";"Result"
"C:\Documents and Settings\Jill Oberheide\My Documents\Downloaded Program Updates\Install-1ab1432_2031.exe";"Trojan horse Downloader.Generic8.BHSH";"Moved to Virus Vault"
"C:\Documents and Settings\Jill Oberheide\Local Settings\Temp\Install-2bd43d_2031.exe";"Trojan horse Downloader.Generic8.BHSH";"Moved to Virus Vault"
"C:\Documents and Settings\Jill Oberheide\Local Settings\Application Data\pifjxa\shbtsftav.exe";"Trojan horse Generic16.AXQS";"Moved to Virus Vault"
"C:\Documents and Settings\Jill Oberheide\Local Settings\Application Data\pifjxa\shbtsftav.exe";"Trojan horse Generic16.AXQS";"Moved to Virus Vault"

"Warnings"
"File";"Infection";"Result"
"HKU\S-1-5-21-692765556-3919145986-2949275613-1005\Software\Microsoft\Windows\CurrentVersion\Run\\moatehlc";"Found registry key with reference to infected file C:\Documents and Settings\Jill Oberheide\Local Settings\Application Data\pifjxa\shbtsftav.exe";"Moved to Virus Vault"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\moatehlc";"Found registry key with reference to infected file C:\Documents and Settings\Jill Oberheide\Local Settings\Application Data\pifjxa\shbtsftav.exe";"Moved to Virus Vault"
Title: Quick Check on Possible Threats
Post by: guestolo on February 23, 2010, 07:17:55 PM
I see that AVG found a couple entries I spotted in your Hijackthis log

Quote
I did a scan with AVG and here are the results. I'm not doing anyhting else but that for the moment.
I see Symantec's installed, having more than one AV installed can cause system instabilities and slowdowns

Can you do the following please:
Download [color=\"#0000FF\"]TFC[/color] (http://\"http://oldtimer.geekstogo.com/TFC.exe\")[/b] by OldTimer to your desktop.
Close any open windows.
Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean

Afterwards:
download Malwarebytes' Anti-Malware from Here (http://\"http://www.besttechie.net/tools/mbam-setup.exe\") or Here (http://\"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html\")
Save the installer to desktop

Double Click mbam-setup.exe to install the application.Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

In addition:
Download [color=\"#FF0000\"]OTL.exe[/color] (http://\"http://oldtimer.geekstogo.com/OTL.exe\")[/url] by OldTimer to your Desktop.

NOTE: If you have trouble, or an error message trying to post the logs
Can you upload it to a reply box
In a Reply, select "Browse..." on the bottom right and then navigate to the file and select it
Then click "Upload"
Title: Quick Check on Possible Threats
Post by: resevil83 on February 23, 2010, 11:10:43 PM
I apologize about the confusion, I was up late and I don't phrase things very well when I'm tired. I typed that info even before I did the virus scan. At any rate, here is the log.

Malwarebytes' Anti-Malware 1.44
Database version: 3782
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/23/2010 10:02:05 PM
mbam-log-2010-02-23 (22-02-05).txt

Scan type: Quick Scan
Objects scanned: 131185
Time elapsed: 9 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\PC MightyMax 2009 (Rogue.PcMightyMax) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\PC MightyMax 2009\pcmm2009.error.log (Rogue.PcMightyMax) -> Quarantined and deleted successfully.
Title: Quick Check on Possible Threats
Post by: resevil83 on February 23, 2010, 11:18:40 PM
OTL logfile created on: 2/23/2010 10:12:58 PM - Run 1
OTL by OldTimer - Version 3.1.30.1     Folder = C:\Documents and Settings\Jill Oberheide\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,014.00 Mb Total Physical Memory | 520.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.88 Gb Total Space | 60.84 Gb Free Space | 58.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ALL4YESHUA
Current User Name: Jill Oberheide
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/02/23 22:11:08 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jill Oberheide\Desktop\OTL.exe
PRC - [2010/02/23 03:40:23 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/23 03:40:21 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/02/23 03:40:21 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/02/23 03:40:20 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/23 03:40:19 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/02/23 03:40:17 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/02/23 03:40:14 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/12/11 13:00:44 | 013,006,104 | ---- | M] () -- C:\Program Files\RegCure\RegCure.exe
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/28 08:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/10 13:49:24 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2009/04/30 15:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/05/03 11:31:46 | 000,071,096 | ---- | M] () -- C:\WINDOWS\system32\NMSAccessU.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/27 10:36:34 | 000,111,912 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2006/11/13 13:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
PRC - [2003/10/29 02:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2001/09/10 18:08:50 | 000,032,256 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE
 
 
[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/02/23 22:11:08 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jill Oberheide\Desktop\OTL.exe
 
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2010/02/23 03:40:17 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/02/23 03:40:14 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/28 08:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/29 13:57:58 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/06/01 14:32:45 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/04/30 15:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/02/06 23:08:01 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/05/03 11:31:46 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/08/27 10:36:34 | 000,111,912 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/03/12 02:35:02 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\Hp\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2006/11/13 13:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe -- (MgiSvr)
SRV - [2006/11/08 15:35:38 | 000,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 15:35:36 | 000,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001/09/10 18:08:50 | 000,032,256 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE -- (C-DillaSrv)
 
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010/02/23 03:41:00 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/02/23 03:40:54 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/23 03:40:52 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/28 18:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/04/30 16:56:30 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2009/04/30 15:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/04 15:06:22 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/11/14 02:00:00 | 000,043,840 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/11/13 04:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/11 20:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/09/26 05:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/07/02 14:08:08 | 000,015,616 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ArcSoftVirtualCapture.sys -- (ARCSOFTVIRTUALCAPTURE)
DRV - [2007/03/08 13:20:50 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2007/03/08 13:20:49 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2007/03/08 13:20:48 | 000,049,920 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/12/18 18:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/12/18 11:42:15 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/08/25 07:23:08 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/04/26 23:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/03/24 23:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/08 18:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/13 10:09:34 | 001,364,574 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/12/01 07:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 07:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 07:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/10/05 04:57:08 | 000,012,544 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/14 23:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 22:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/13 00:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/05/31 04:33:00 | 000,100,605 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/05/31 04:33:00 | 000,098,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/05/31 04:33:00 | 000,086,876 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/05/31 04:33:00 | 000,034,845 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/05/31 04:33:00 | 000,025,725 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/05/31 04:33:00 | 000,015,069 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/05/31 04:33:00 | 000,006,365 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/05/31 04:33:00 | 000,004,125 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/05/31 04:33:00 | 000,002,241 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2005/05/13 09:37:28 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2005/05/13 09:37:20 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2005/04/22 02:22:00 | 000,088,352 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2005/04/21 01:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/08/10 05:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/02/13 16:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/09/10 18:09:46 | 000,057,392 | ---- | M] (Macrovision) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CDANT.SYS -- (C-Dilla)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:12:10 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
 
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061218
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie (http://\"http://www.google.com/ie\")
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us (http://\"http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us\")
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061218
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us (http://\"http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us\")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ (http://\"http://www.msn.com/\")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 A8 C3 C7 02 B5 CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie (http://\"http://www.google.com/ie\")
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=\"#E56717\"]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=374563"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: [email protected]:1.11.1
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:2.7.6.0623
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=374563&p="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/02/23 03:40:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/02/23 03:40:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/23 23:06:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/23 23:06:24 | 000,000,000 | ---D | M]
 
[2009/06/07 22:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill Oberheide\Application Data\Mozilla\Extensions
[2010/02/23 22:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill Oberheide\Application Data\Mozilla\Firefox\Profiles\su04jc6v.default\extensions
[2009/08/09 23:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jill Oberheide\Application Data\Mozilla\Firefox\Profiles\su04jc6v.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2009/06/07 22:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill Oberheide\Application Data\Mozilla\Firefox\Profiles\su04jc6v.default\extensions\[email protected]
[2009/08/09 23:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill Oberheide\Application Data\Mozilla\Firefox\Profiles\su04jc6v.default\extensions\[email protected]
[2009/11/22 19:35:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/08 00:14:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
 
O1 HOSTS File: ([2004/08/10 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [DW6]  File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0 [2008/05/17 13:33:56 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (http://\"http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab\") (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (http://\"http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab\") (Facebook Photo Uploader 5 Control)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (http://\"http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab\") (DDRevision Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jill Oberheide\Local Settings\Application Data\Microsoft\Wallpaper3.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jill Oberheide\Local Settings\Application Data\Microsoft\Wallpaper3.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{59dfb384-d943-11de-9cc4-00188ba25571}\Shell - "" = AutoRun
O33 - MountPoints2\{59dfb384-d943-11de-9cc4-00188ba25571}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5f7f5da0-db76-11de-9ccd-00188ba25571}\Shell - "" = AutoRun
O33 - MountPoints2\{5f7f5da0-db76-11de-9ccd-00188ba25571}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a24a13aa-4eb8-11de-9bf6-00188ba25571}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/02/23 22:11:11 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jill Oberheide\Desktop\OTL.exe
[2010/02/23 21:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jill Oberheide\Application Data\Malwarebytes
[2010/02/23 21:50:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/23 21:50:54 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/23 21:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/23 21:50:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/23 21:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jill Oberheide\Local Settings\Application Data\AVG Security Toolbar
[2010/02/23 21:40:04 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jill Oberheide\Desktop\TFC.exe
[2010/02/23 03:41:18 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/02/23 03:41:01 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/23 03:41:00 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/23 03:40:54 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/23 03:40:52 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/23 03:40:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/02/23 03:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/23 03:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/02/23 03:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/23 03:37:20 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/23 03:37:20 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/23 03:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/23 03:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/23 02:57:03 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/02/23 02:49:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jill Oberheide\Desktop\Virus_Removal_Progs
[2010/02/23 02:44:24 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2010/02/04 15:52:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jill Oberheide\Local Settings\Application Data\pifjxa
[2009/06/08 00:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/06/08 00:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/06/08 00:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
[2009/06/08 00:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2009/06/08 00:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/06/08 00:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2009/06/08 00:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2009/02/24 09:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2006/09/14 10:32:20 | 000,028,672 | R--- | C] ( ) -- C:\WINDOWS\System32\DivXGraphBuilderCallback.dll
[50 C:\Documents and Settings\Jill Oberheide\My Documents\*.tmp files -> C:\Documents and Settings\Jill Oberheide\My Documents\*.tmp -> ]
 
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/02/23 22:15:00 | 000,000,410 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{61D33102-FA21-473D-B376-632DBD15D4D9}.job
[2010/02/23 22:14:18 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{38CCB499-20F6-4600-A3CA-A93025851E2B}.job
[2010/02/23 22:11:08 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jill Oberheide\Desktop\OTL.exe
[2010/02/23 22:04:08 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/23 22:04:07 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/02/23 22:04:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/23 22:04:02 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/23 22:04:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/23 22:02:30 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\Jill Oberheide\NTUSER.DAT
[2010/02/23 22:02:30 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jill Oberheide\ntuser.ini
[2010/02/23 21:58:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/23 21:50:59 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/23 21:47:33 | 056,148,788 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/23 21:40:04 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jill Oberheide\Desktop\TFC.exe
[2010/02/23 14:08:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/23 13:34:59 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-692765556-3919145986-2949275613-1005.job
[2010/02/23 03:41:01 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/23 03:41:01 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/23 03:41:00 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/23 03:40:54 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/23 03:40:52 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/23 03:40:52 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/23 03:40:40 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/02/23 03:40:40 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/23 03:40:40 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/23 02:58:00 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Jill Oberheide\Desktop\HiJackThis.lnk
[2010/02/23 02:43:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/04 00:33:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[50 C:\Documents and Settings\Jill Oberheide\My Documents\*.tmp files -> C:\Documents and Settings\Jill Oberheide\My Documents\*.tmp -> ]
 
[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]
 
[2010/02/23 21:50:59 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/23 03:41:01 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/23 03:40:52 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/23 03:40:40 | 056,148,788 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/23 03:40:40 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/02/23 03:40:40 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/23 03:40:40 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/23 02:57:03 | 000,002,459 | ---- | C] () -- C:\Documents and Settings\Jill Oberheide\Desktop\HiJackThis.lnk
[2010/01/29 10:53:29 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/29 10:53:29 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/27 23:06:11 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Jill Oberheide\Local Settings\Application Data\kodakpcd.ini
[2009/09/21 08:26:23 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\SyncBackPro.dll
[2009/08/17 19:41:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/06/06 16:13:46 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/30 01:08:18 | 000,080,090 | ---- | C] () -- C:\Documents and Settings\Jill Oberheide\Application Data\SMBIOSSP.exe
[2009/05/29 07:09:50 | 000,000,346 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/05/28 23:08:36 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Jill Oberheide\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/28 22:57:52 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/05/28 22:57:52 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\06EB958DBC.sys
[2009/05/28 14:47:27 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Jill Oberheide\Application Data\wklnhst.dat
[2009/05/28 09:46:56 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Jill Oberheide\Local Settings\Application Data\fusioncache.dat
[2009/05/08 09:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 15:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/03 08:18:27 | 000,000,100 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2008/12/02 18:07:43 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2008/12/02 18:07:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2008/12/02 18:07:43 | 000,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini
[2008/11/30 08:49:05 | 000,000,191 | ---- | C] () -- C:\WINDOWS\ALBUM.INI
[2008/10/20 14:11:35 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Edmark.ini
[2008/10/20 07:11:16 | 000,025,794 | ---- | C] () -- C:\Documents and Settings\Jill Oberheide\Application Data\NMM-MetaData.db
[2008/10/20 07:05:17 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\Jill Oberheide\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2008/08/24 12:38:56 | 000,000,072 | ---- | C] () -- C:\WINDOWS\pennyhorse.ini
[2008/08/24 07:07:02 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\MimicICM.dll
[2008/07/06 14:58:04 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Jill Oberheide\Application Data\$_hpcst$.hpc
[2008/05/23 14:56:54 | 000,000,153 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/09 05:40:45 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/05/03 06:51:32 | 000,000,398 | ---- | C] () -- C:\WINDOWS\HEALTH.INI
[2008/05/03 06:51:20 | 000,000,115 | ---- | C] () -- C:\WINDOWS\IVIPUB.INI
[2008/04/22 23:10:05 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\F8D1DDFE3E.sys
[2008/04/18 20:49:25 | 000,001,337 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/04/17 17:20:10 | 000,000,741 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/04/04 07:53:50 | 000,000,081 | ---- | C] () -- C:\WINDOWS\WINTOYS.INI
[2008/04/04 07:32:23 | 000,000,541 | ---- | C] () -- C:\WINDOWS\GECKOS.INI
[2008/03/19 15:02:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/02/12 20:55:55 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/02/11 18:10:44 | 000,025,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/02/07 11:30:55 | 000,000,259 | ---- | C] () -- C:\WINDOWS\CHICKA.INI
[2008/02/07 11:30:54 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\SH22W16.DLL
[2008/02/07 11:30:54 | 000,004,512 | ---- | C] () -- C:\WINDOWS\hmew.dll
[2008/02/01 12:05:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/11/17 12:26:54 | 000,000,225 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/11/11 00:20:55 | 000,000,072 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2007/11/11 00:20:55 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2007/11/11 00:20:55 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2007/11/11 00:19:08 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/11/11 00:18:10 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2007/11/11 00:00:21 | 000,012,548 | ---- | C] () -- C:\WINDOWS\EZMediaBox2.ini
[2007/11/06 12:35:25 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2007/10/12 00:11:58 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/03/29 22:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2006/12/18 11:55:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/18 11:45:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/18 11:42:41 | 000,000,362 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/18 11:03:00 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/12/18 11:02:22 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/10/26 22:02:40 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/10/26 22:02:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/15 12:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 12:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/15 12:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2002/03/13 14:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
 
[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Jill Oberheide\Desktop\battery.exe:SummaryInformation
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Jill Oberheide\My Documents\CONSPIRACY:Roxio EMC Stream
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81
< End of report >
Title: Quick Check on Possible Threats
Post by: resevil83 on February 23, 2010, 11:20:38 PM
OTL Extras logfile created on: 2/23/2010 10:12:58 PM - Run 1
OTL by OldTimer - Version 3.1.30.1     Folder = C:\Documents and Settings\Jill Oberheide\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,014.00 Mb Total Physical Memory | 520.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.88 Gb Total Space | 60.84 Gb Free Space | 58.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ALL4YESHUA
Current User Name: Jill Oberheide
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[color=\"#E56717\"]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[color=\"#E56717\"]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
 
[color=\"#E56717\"]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\wEmail Removedexe" = C:\Program Files\America Online 9.0\wEmail Removedexe:*:Enabled:AOL -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Jill Oberheide\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Jill Oberheide\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -- File not found
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:TaskPanl -- (EarthLink, Inc.)
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant -- (SingleClick Systems)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\wEmail Removedexe" = C:\Program Files\America Online 9.0\wEmail Removedexe:*:Enabled:AOL -- File not found
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- File not found
"C:\Documents and Settings\Jill Oberheide\Local Settings\Temp\7zSF.tmp\SymNRT.exe" = C:\Documents and Settings\Jill Oberheide\Local Settings\Temp\7zSF.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
 
 
[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B683082-8791-4D00-8ADE-6C8986FCCC68}" = Roxio CinePlayer
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{2BB67266-D1A3-4CCC-8EB2-16770AB1FB76}" = ArcSoft WebCam Companion 2
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Digital Image Standard 2006 Editor
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Digital Image Standard 2006 Library
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{719842F9-FF69-4BA6-A6FE-52244575E0B3}" = ArcSoft VideoImpression 2
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Driver Software 9.0.A Corporate Edition
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{BC6D5EAF-D314-4f47-8951-42CF14CB7316}" = dj_aio_corporate
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.1
"{D31612BB-C6D7-4142-96AE-16DB062354CF}" = HP Webcam User's Guide
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FAB046D7-C187-4648-A1A9-FC875F7E3FCE}" = ArcSoft Magic-i 3
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"AVG9Uninstall" = AVG Free 9.0
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"GoToAssist" = GoToAssist 8.0.0.514
"ie8" = Windows Internet Explorer 8
"LMS" = C-Dilla Licence Management System
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PictureItPrem_v11" = Microsoft Digital Image Standard 2006
"ProInst" = Intel® PROSet/Wireless Software
"PROR" = Microsoft Office Professional 2007 Trial
"RealPlayer 6.0" = RealPlayer Basic
"RegCure" = RegCure
"SearchAssist" = SearchAssist
"SyncBackPro_is1" = SyncBackPro
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Weather Channel Screensaver" = The Weather Channel Screensaver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
[color=\"#E56717\"]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
 
[color=\"#E56717\"]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 2/23/2010 4:43:34 AM | Computer Name = ALL4YESHUA | Source = Google Update | ID = 20
Description =
 
Error - 2/23/2010 4:53:52 AM | Computer Name = ALL4YESHUA | Source = Google Update | ID = 20
Description =
 
Error - 2/23/2010 4:58:05 AM | Computer Name = ALL4YESHUA | Source = Google Update | ID = 20
Description =
 
Error - 2/23/2010 5:25:55 AM | Computer Name = ALL4YESHUA | Source = Google Update | ID = 20
Description =
 
Error - 2/23/2010 10:58:08 AM | Computer Name = ALL4YESHUA | Source = Google Update | ID = 20
Description =
 
Error - 2/23/2010 11:58:09 AM | Computer Name = ALL4YESHUA | Source = Google Update | ID = 20
Description =
 
Error - 2/23/2010 12:58:06 PM | Computer Name = ALL4YESHUA | Source = Google Update | ID = 20
Description =
 
Error - 2/23/2010 1:58:05 PM | Computer Name = ALL4YESHUA | Source = Google Update | ID = 20
Description =
 
Error - 2/23/2010 2:58:05 PM | Computer Name = ALL4YESHUA | Source = Google Update | ID = 20
Description =
 
Error - 2/23/2010 3:58:05 PM | Computer Name = ALL4YESHUA | Source = Google Update | ID = 20
Description =
 
[ System Events ]
Error - 2/23/2010 11:40:28 PM | Computer Name = ALL4YESHUA | Source = Service Control Manager | ID = 7034
Description = The MgiSvr service terminated unexpectedly.  It has done this 1 time(s).
 
Error - 2/23/2010 11:40:28 PM | Computer Name = ALL4YESHUA | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly.  It has done this
 1 time(s).
 
Error - 2/23/2010 11:40:28 PM | Computer Name = ALL4YESHUA | Source = Service Control Manager | ID = 7034
Description = The Advanced Networking Service service terminated unexpectedly.  
It has done this 1 time(s).
 
Error - 2/23/2010 11:40:28 PM | Computer Name = ALL4YESHUA | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly.  It has done
this 1 time(s).
 
Error - 2/23/2010 11:40:28 PM | Computer Name = ALL4YESHUA | Source = Service Control Manager | ID = 7034
Description = The NMSAccessU service terminated unexpectedly.  It has done this
1 time(s).
 
Error - 2/23/2010 11:40:28 PM | Computer Name = ALL4YESHUA | Source = Service Control Manager | ID = 7031
Description = The AVG Free WatchDog service terminated unexpectedly.  It has done
 this 1 time(s).  The following corrective action will be taken in 0 milliseconds:
 Restart the service.
 
Error - 2/23/2010 11:40:29 PM | Computer Name = ALL4YESHUA | Source = Service Control Manager | ID = 7034
Description = The AVG Free E-mail Scanner service terminated unexpectedly.  It has
 done this 1 time(s).
 
Error - 2/23/2010 11:43:59 PM | Computer Name = ALL4YESHUA | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.106,
since
 the IP address is outside the 192.168.0.0/255.255.255.0 scope  from which addresses
 are being allocated to DHCP clients.  To enable the DHCP allocator on this IP address,
please
 change the scope to include the IP address,  or change the IP address to fall within
 the scope.
 
Error - 2/24/2010 12:04:10 AM | Computer Name = ALL4YESHUA | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
 while processing the file '' on the volume 'HarddiskVolume2'.  It has stopped monitoring
 the volume.
 
Error - 2/24/2010 12:04:54 AM | Computer Name = ALL4YESHUA | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.106,
since
 the IP address is outside the 192.168.0.0/255.255.255.0 scope  from which addresses
 are being allocated to DHCP clients.  To enable the DHCP allocator on this IP address,
please
 change the scope to include the IP address,  or change the IP address to fall within
 the scope.
 
 
< End of report >
Title: Quick Check on Possible Threats
Post by: guestolo on February 23, 2010, 11:58:52 PM
Can you go to Add and Remove Programs
Remove older and insecure version of Adobe Reader
Adobe Reader 7.0.8

Remain in Add/Remove and remove the following, as it's been corrupt or previously uninstalled
The Weather Channel Screensaver

Also, uninstall Viewpoint Media Player

Double  click on OTL.exe and Run it
On startup, Allow OTL to run if prompted

Update Adobe Reader
Go to the following link
http://get.adobe.com/reader/ (http://\"http://get.adobe.com/reader/\")
Untick any option for additonal toolbar or other software, you just need Adobe Reader
Save the installer to desktop then run it
After you have successfully installed the new Adobe Reader
with AR open click on HELP>>Check for Updates
Just to ensure that Adobe Reader is right up to date

Afterwards: Can you come back here and do a fresh Scan and save logfile with Hijackthis and post the new log that opens
Keep me informed how things are running
Title: Quick Check on Possible Threats
Post by: resevil83 on February 24, 2010, 12:19:41 AM
Things are running well. This computer is leaps and bounds faster than the other one I just worked on. It's always difficult how fast a computer should be running when it's not yours. Here's the log file.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:18:01 PM, on 2/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\RegCure\RegCure.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061218
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab (http://\"http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab\")
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (http://\"http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab\")
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MgiSvr - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
O23 - Service: NMSAccessU - Unknown owner - C:\WINDOWS\system32\NMSAccessU.exe

--
End of file - 8943 bytes
Title: Quick Check on Possible Threats
Post by: guestolo on February 24, 2010, 12:37:30 AM
You can disable some entries from running on startup with Hijackthis
This won't remove the programs, just disable on startup

Optionally, Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
esktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Open OTL.exe and click on the Cleanup button
Follow the prompts and let the machine reboot

As with your other computer, I would include SpywareBlaster in your security
Link in your other thread
Title: Quick Check on Possible Threats
Post by: resevil83 on February 24, 2010, 01:09:14 AM
So that's how you properly remove OTL. /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> Done. The only problem that still exists is this... Runner file name (LogitechDesktopMessenger.exe) lacks a '-' (the app id seperator)
I get that upon reboot
Title: Quick Check on Possible Threats
Post by: guestolo on February 24, 2010, 01:19:28 AM
Did you disable this item on startup with Hijackthis?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

If not, try that and reboot
Title: Quick Check on Possible Threats
Post by: resevil83 on February 24, 2010, 01:28:42 AM
I re-checked it, fixed it and I did a restart. The problem is no longer present.
Title: Quick Check on Possible Threats
Post by: resevil83 on February 24, 2010, 02:46:20 PM
[quote name='guestolo' date='Feb 23 2010, 11:37 PM' post='468151']
You can disable some entries from running on startup with Hijackthis
This won't remove the programs, just disable on startup

Did you mean for this computer or the other? /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> Is it ok for me to remove malware bytes and whatevers left?
Title: Quick Check on Possible Threats
Post by: guestolo on February 25, 2010, 12:20:08 AM
Quote
Did you mean for this computer or the other?
Not wise to work on more than one computer in one thread

How is everything running on this one?
I would think alright, but just let me know please
Title: Quick Check on Possible Threats
Post by: resevil83 on February 25, 2010, 02:01:03 AM
You can say that again. I am starting to forget what I did. The computer on restart did something very odd. Command prompt windows started popping up once I was on the desktop. I saw the directory of C:Windows32\system but after 3 or 4 windows popped up they would disappear and that process would repeat itself extremely quick. There would be information in every 3rd or 4th set, but I could not make it out because of how rapid it was going. I restarted it again and it did not happen again.

I will run eset scanner on it, and run scans with all the recommended software.
Title: Quick Check on Possible Threats
Post by: resevil83 on February 25, 2010, 03:05:11 PM
Ok, eset came up with nothing. Malware bytes came up with two things. AVG already ran that initally and that found and erased a couple threats. I ran Spybot and that removed a bunch of stuff. Any other things you reccomend that I run? Also, I was hoping to clean up some things, do you advise CC cleaner? Below I posted the two malware logs that ran and found things. In the next reply I will include my spybot log just in case.






Malwarebytes' Anti-Malware 1.44
Database version: 3782
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/23/2010 10:02:05 PM
mbam-log-2010-02-23 (22-02-05).txt

Scan type: Quick Scan
Objects scanned: 131185
Time elapsed: 9 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\PC MightyMax 2009 (Rogue.PcMightyMax) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\PC MightyMax 2009\pcmm2009.error.log (Rogue.PcMightyMax) -> Quarantined and deleted successfully.










Malwarebytes' Anti-Malware 1.44
Database version: 3782
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/25/2010 1:56:38 PM
mbam-log-2010-02-25 (13-56-38).txt

Scan type: Full Scan (C:\|)
Objects scanned: 246651
Time elapsed: 1 hour(s), 49 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Jill Oberheide\My Documents\Downloaded Program Updates\PCMightyMax2009_311.EXE (Rogue.PCMightyMax) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP226\A0044245.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
Title: Quick Check on Possible Threats
Post by: resevil83 on February 25, 2010, 03:06:42 PM
2/24/2010 12:33:33 AM Allowed (based on user decision) value "iTunesHelper" (new data: "") deleted in System Startup global entry!
2/24/2010 12:51:48 AM Allowed (based on user decision) value "iTunesHelper" (new data: ""C:\Program Files\iTunes\iTunesHelper.exe"") added in System Startup global entry!
2/24/2010 1:51:46 AM Allowed (based on user decision) value "SpybotDeletingB4522" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver.dll"") added in System Startup user entry!
2/24/2010 1:51:53 AM Allowed (based on user decision) value "SpybotDeletingD8756" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver.dll"") added in System Startup user entry!
2/24/2010 1:51:53 AM Allowed (based on user decision) value "SpybotDeletingA798" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver.dll"") added in System Startup global entry!
2/24/2010 1:52:00 AM Allowed (based on user decision) value "SpybotDeletingC6445" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver.dll"") added in System Startup global entry!
2/24/2010 1:52:00 AM Allowed (based on user decision) value "SpybotDeletingA4952" (new data: "command.com /c del "C:\WINDOWS\wt\data.wts"") added in System Startup global entry!
2/24/2010 1:52:06 AM Allowed (based on user decision) value "SpybotDeletingC4378" (new data: "cmd.exe /c del "C:\WINDOWS\wt\data.wts"") added in System Startup global entry!
2/24/2010 1:52:06 AM Allowed (based on user decision) value "SpybotDeletingA2649" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"") added in System Startup global entry!
2/24/2010 1:52:13 AM Allowed (based on user decision) value "SpybotDeletingC1139" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"") added in System Startup global entry!
2/24/2010 1:52:13 AM Allowed (based on user decision) value "SpybotDeletingA9902" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"") added in System Startup global entry!
2/24/2010 1:52:19 AM Allowed (based on user decision) value "SpybotDeletingC4515" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"") added in System Startup global entry!
2/24/2010 1:52:19 AM Allowed (based on user decision) value "SpybotDeletingA2015" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"") added in System Startup global entry!
2/24/2010 1:52:25 AM Allowed (based on user decision) value "SpybotDeletingC5841" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"") added in System Startup global entry!
2/24/2010 1:52:25 AM Allowed (based on user decision) value "SpybotDeletingA3074" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"") added in System Startup global entry!
2/24/2010 1:52:32 AM Allowed (based on user decision) value "SpybotDeletingC3026" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"") added in System Startup global entry!
2/24/2010 1:52:32 AM Allowed (based on user decision) value "SpybotDeletingA1347" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll"") added in System Startup global entry!
2/24/2010 1:52:38 AM Allowed (based on user decision) value "SpybotDeletingC1289" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll"") added in System Startup global entry!
2/24/2010 1:52:38 AM Allowed (based on user decision) value "SpybotDeletingA9076" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"") added in System Startup global entry!
2/24/2010 1:52:44 AM Allowed (based on user decision) value "SpybotDeletingC1302" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"") added in System Startup global entry!
2/24/2010 1:52:44 AM Allowed (based on user decision) value "SpybotDeletingA6733" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"") added in System Startup global entry!
2/24/2010 1:52:50 AM Allowed (based on user decision) value "SpybotDeletingC8693" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"") added in System Startup global entry!
2/24/2010 1:52:50 AM Allowed (based on user decision) value "SpybotDeletingA8965" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"") added in System Startup global entry!
2/24/2010 1:52:57 AM Allowed (based on user decision) value "SpybotDeletingC7423" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"") added in System Startup global entry!
2/24/2010 1:52:57 AM Allowed (based on user decision) value "SpybotDeletingA1699" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe"") added in System Startup global entry!
2/24/2010 1:53:03 AM Allowed (based on user decision) value "SpybotDeletingC2183" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe"") added in System Startup global entry!
2/24/2010 1:53:03 AM Allowed (based on user decision) value "SpybotDeletingA4873" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll"") added in System Startup global entry!
2/24/2010 1:53:09 AM Allowed (based on user decision) value "SpybotDeletingC7625" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll"") added in System Startup global entry!
2/24/2010 1:53:09 AM Allowed (based on user decision) value "SpybotDeletingA1116" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll"") added in System Startup global entry!
2/24/2010 1:53:15 AM Allowed (based on user decision) value "SpybotDeletingC521" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll"") added in System Startup global entry!
2/24/2010 1:53:15 AM Allowed (based on user decision) value "SpybotDeletingA2656" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"") added in System Startup global entry!
2/24/2010 1:53:22 AM Allowed (based on user decision) value "SpybotDeletingC4748" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"") added in System Startup global entry!
2/24/2010 1:53:22 AM Allowed (based on user decision) value "SpybotDeletingA3621" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"") added in System Startup global entry!
2/24/2010 1:53:28 AM Allowed (based on user decision) value "SpybotDeletingC928" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"") added in System Startup global entry!
2/24/2010 1:53:28 AM Allowed (based on user decision) value "SpybotDeletingA1881" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"") added in System Startup global entry!
2/24/2010 1:53:34 AM Allowed (based on user decision) value "SpybotDeletingC1620" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"") added in System Startup global entry!
2/24/2010 1:53:34 AM Allowed (based on user decision) value "SpybotDeletingA3443" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"") added in System Startup global entry!
2/24/2010 1:53:40 AM Allowed (based on user decision) value "SpybotDeletingC1299" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"") added in System Startup global entry!
2/24/2010 1:53:40 AM Allowed (based on user decision) value "SpybotDeletingA9147" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"") added in System Startup global entry!
2/24/2010 1:53:47 AM Allowed (based on user decision) value "SpybotDeletingC119" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"") added in System Startup global entry!
2/24/2010 1:53:47 AM Allowed (based on user decision) value "SpybotDeletingA9665" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"") added in System Startup global entry!
2/24/2010 1:53:53 AM Allowed (based on user decision) value "SpybotDeletingC7132" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"") added in System Startup global entry!
2/24/2010 1:53:53 AM Allowed (based on user decision) value "SpybotDeletingA7343" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"") added in System Startup global entry!
2/24/2010 1:53:59 AM Allowed (based on user decision) value "SpybotDeletingC575" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"") added in System Startup global entry!
2/24/2010 1:53:59 AM Allowed (based on user decision) value "SpybotDeletingA1594" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html"") added in System Startup global entry!
2/24/2010 1:54:05 AM Allowed (based on user decision) value "SpybotDeletingC5844" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html"") added in System Startup global entry!
2/24/2010 1:54:06 AM Allowed (based on user decision) value "SpybotDeletingB7105" (new data: "command.com /c del "C:\WINDOWS\wt\data.wts"") added in System Startup user entry!
2/24/2010 1:54:13 AM Allowed (based on user decision) value "SpybotDeletingD3287" (new data: "cmd.exe /c del "C:\WINDOWS\wt\data.wts"") added in System Startup user entry!
2/24/2010 1:54:13 AM Allowed (based on user decision) value "SpybotDeletingB6646" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"") added in System Startup user entry!
2/24/2010 1:54:19 AM Allowed (based on user decision) value "SpybotDeletingD1233" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"") added in System Startup user entry!
2/24/2010 1:54:19 AM Allowed (based on user decision) value "SpybotDeletingB3282" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"") added in System Startup user entry!
2/24/2010 1:54:25 AM Allowed (based on user decision) value "SpybotDeletingD8272" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"") added in System Startup user entry!
2/24/2010 1:54:25 AM Allowed (based on user decision) value "SpybotDeletingB245" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"") added in System Startup user entry!
2/24/2010 1:54:31 AM Allowed (based on user decision) value "SpybotDeletingD5039" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"") added in System Startup user entry!
2/24/2010 1:54:31 AM Allowed (based on user decision) value "SpybotDeletingB6668" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"") added in System Startup user entry!
2/24/2010 1:54:37 AM Allowed (based on user decision) value "SpybotDeletingD3528" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"") added in System Startup user entry!
2/24/2010 1:54:37 AM Allowed (based on user decision) value "SpybotDeletingB9730" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll"") added in System Startup user entry!
2/24/2010 1:54:44 AM Allowed (based on user decision) value "SpybotDeletingD4423" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll"") added in System Startup user entry!
2/24/2010 1:54:44 AM Allowed (based on user decision) value "SpybotDeletingB7187" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"") added in System Startup user entry!
2/24/2010 1:54:50 AM Allowed (based on user decision) value "SpybotDeletingD8929" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"") added in System Startup user entry!
2/24/2010 1:54:50 AM Allowed (based on user decision) value "SpybotDeletingB942" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"") added in System Startup user entry!
2/24/2010 1:54:56 AM Allowed (based on user decision) value "SpybotDeletingD238" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"") added in System Startup user entry!
2/24/2010 1:54:56 AM Allowed (based on user decision) value "SpybotDeletingB4832" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Uninstall.cdas"") added in System Startup user entry!
2/24/2010 1:55:02 AM Allowed (based on user decision) value "SpybotDeletingD6023" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"") added in System Startup user entry!
2/24/2010 1:55:02 AM Allowed (based on user decision) value "SpybotDeletingB8298" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe"") added in System Startup user entry!
2/24/2010 1:55:08 AM Allowed (based on user decision) value "SpybotDeletingD6689" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe"") added in System Startup user entry!
2/24/2010 1:55:09 AM Allowed (based on user decision) value "SpybotDeletingB2345" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll"") added in System Startup user entry!
2/24/2010 1:55:15 AM Allowed (based on user decision) value "SpybotDeletingD4083" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll"") added in System Startup user entry!
2/24/2010 1:55:15 AM Allowed (based on user decision) value "SpybotDeletingB1562" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll"") added in System Startup user entry!
2/24/2010 1:55:21 AM Allowed (based on user decision) value "SpybotDeletingD9048" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll"") added in System Startup user entry!
2/24/2010 1:55:21 AM Allowed (based on user decision) value "SpybotDeletingB3525" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"") added in System Startup user entry!
2/24/2010 1:55:27 AM Allowed (based on user decision) value "SpybotDeletingD7776" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"") added in System Startup user entry!
2/24/2010 1:55:27 AM Allowed (based on user decision) value "SpybotDeletingB6407" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"") added in System Startup user entry!
2/24/2010 1:55:33 AM Allowed (based on user decision) value "SpybotDeletingD9928" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"") added in System Startup user entry!
2/24/2010 1:55:33 AM Allowed (based on user decision) value "SpybotDeletingB9069" (new data: "command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"") added in System Startup user entry!
2/24/2010 1:55:39 AM Allowed (based on user decision) value "SpybotDeletingD3224" (new data: "cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"") added in System Startup user entry!
2/24/2010 1:55:40 AM Allowed (based on user decision) value "SpybotDeletingB336" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"") added in System Startup user entry!
2/24/2010 1:55:46 AM Allowed (based on user decision) value "SpybotDeletingD6095" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"") added in System Startup user entry!
2/24/2010 1:55:46 AM Allowed (based on user decision) value "SpybotDeletingB4258" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"") added in System Startup user entry!
2/24/2010 1:55:52 AM Allowed (based on user decision) value "SpybotDeletingD4762" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"") added in System Startup user entry!
2/24/2010 1:55:52 AM Allowed (based on user decision) value "SpybotDeletingB3458" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"") added in System Startup user entry!
2/24/2010 1:55:58 AM Allowed (based on user decision) value "SpybotDeletingD2139" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"") added in System Startup user entry!
2/24/2010 1:55:58 AM Allowed (based on user decision) value "SpybotDeletingB8553" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"") added in System Startup user entry!
2/24/2010 1:56:04 AM Allowed (based on user decision) value "SpybotDeletingD3964" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"") added in System Startup user entry!
2/24/2010 1:56:04 AM Allowed (based on user decision) value "SpybotDeletingB3303" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html"") added in System Startup user entry!
2/24/2010 1:56:11 AM Allowed (based on user decision) value "SpybotDeletingD597" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html"") added in System Startup user entry!
2/24/2010 1:56:11 AM Allowed (based on user decision) value "SpybotDeletingB41" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"") added in System Startup user entry!
2/24/2010 1:56:17 AM Allowed (based on user decision) value "SpybotDeletingD4803" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"") added in System Startup user entry!
2/24/2010 1:56:17 AM Allowed (based on user decision) value "SpybotDeletingB3906" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"") added in System Startup user entry!
2/24/2010 1:56:23 AM Allowed (based on user decision) value "SpybotDeletingD8578" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"") added in System Startup user entry!
2/24/2010 1:56:23 AM Allowed (based on user decision) value "SpybotDeletingB1996" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobject.dll"") added in System Startup user entry!
2/24/2010 1:56:29 AM Allowed (based on user decision) value "SpybotDeletingD7847" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobject.dll"") added in System Startup user entry!
2/24/2010 1:56:29 AM Allowed (based on user decision) value "SpybotDeletingB363" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.dll"") added in System Startup user entry!
2/24/2010 1:56:35 AM Allowed (based on user decision) value "SpybotDeletingD3104" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.dll"") added in System Startup user entry!
2/24/2010 1:56:36 AM Allowed (based on user decision) value "SpybotDeletingB271" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.dll"") added in System Startup user entry!
2/24/2010 1:56:42 AM Allowed (based on user decision) value "SpybotDeletingD3414" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.dll"") added in System Startup user entry!
2/24/2010 1:56:42 AM Allowed (based on user decision) value "SpybotDeletingB5053" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver.dll"") added in System Startup user entry!
2/24/2010 1:56:48 AM Allowed (based on user decision) value "SpybotDeletingD6585" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver.dll"") added in System Startup user entry!
2/24/2010 1:56:48 AM Allowed (based on user decision) value "SpybotDeletingB1989" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost.dll"") added in System Startup user entry!
2/24/2010 1:56:54 AM Allowed (based on user decision) value "SpybotDeletingD3091" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost.dll"") added in System Startup user entry!
2/24/2010 1:56:54 AM Allowed (based on user decision) value "SpybotDeletingB2795" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt"") added in System Startup user entry!
2/24/2010 1:57:00 AM Allowed (based on user decision) value "SpybotDeletingD4760" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt"") added in System Startup user entry!
2/24/2010 1:57:01 AM Allowed (based on user decision) value "SpybotDeletingB1039" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll"") added in System Startup user entry!
2/24/2010 1:57:07 AM Allowed (based on user decision) value "SpybotDeletingD3583" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll"") added in System Startup user entry!
2/24/2010 1:57:07 AM Allowed (based on user decision) value "SpybotDeletingB7843" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver.dll"") added in System Startup user entry!
2/24/2010 1:57:13 AM Allowed (based on user decision) value "SpybotDeletingD7787" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver.dll"") added in System Startup user entry!
2/24/2010 1:57:13 AM Allowed (based on user decision) value "SpybotDeletingB1151" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dll"") added in System Startup user entry!
2/24/2010 1:57:19 AM Allowed (based on user decision) value "SpybotDeletingD114" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dll"") added in System Startup user entry!
2/24/2010 1:57:19 AM Allowed (based on user decision) value "SpybotDeletingB5953" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.ded"") added in System Startup user entry!
2/24/2010 1:57:25 AM Allowed (based on user decision) value "SpybotDeletingD8630" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.ded"") added in System Startup user entry!
2/24/2010 1:57:26 AM Allowed (based on user decision) value "SpybotDeletingB2275" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine.dll"") added in System Startup user entry!
2/24/2010 1:57:32 AM Allowed (based on user decision) value "SpybotDeletingD2258" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine.dll"") added in System Startup user entry!
2/24/2010 1:57:32 AM Allowed (based on user decision) value "SpybotDeletingB5357" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo"") added in System Startup user entry!
2/24/2010 1:57:38 AM Allowed (based on user decision) value "SpybotDeletingD1575" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo"") added in System Startup user entry!
2/24/2010 1:57:38 AM Allowed (based on user decision) value "SpybotDeletingB5656" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas"") added in System Startup user entry!
2/24/2010 1:57:45 AM Allowed (based on user decision) value "SpybotDeletingD1119" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas"") added in System Startup user entry!
2/24/2010 1:57:45 AM Allowed (based on user decision) value "SpybotDeletingB9999" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas"") added in System Startup user entry!
2/24/2010 1:57:51 AM Allowed (based on user decision) value "SpybotDeletingD1765" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas"") added in System Startup user entry!
2/24/2010 1:57:51 AM Allowed (based on user decision) value "SpybotDeletingB9649" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdriver.dll"") added in System Startup user entry!
2/24/2010 1:57:57 AM Allowed (based on user decision) value "SpybotDeletingD2023" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdriver.dll"") added in System Startup user entry!
2/24/2010 1:57:57 AM Allowed (based on user decision) value "SpybotDeletingB3805" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtangent.jar"") added in System Startup user entry!
2/24/2010 1:58:03 AM Allowed (based on user decision) value "SpybotDeletingD4393" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtangent.jar"") added in System Startup user entry!
2/24/2010 1:58:03 AM Allowed (based on user decision) value "SpybotDeletingB8810" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini"") added in System Startup user entry!
2/24/2010 1:58:09 AM Allowed (based on user decision) value "SpybotDeletingD2055" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini"") added in System Startup user entry!
2/24/2010 1:58:10 AM Allowed (based on user decision) value "SpybotDeletingB543" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHost.exe"") added in System Startup user entry!
2/24/2010 1:58:16 AM Allowed (based on user decision) value "SpybotDeletingD1944" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHost.exe"") added in System Startup user entry!
2/24/2010 1:58:16 AM Allowed (based on user decision) value "SpybotDeletingB472" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll"") added in System Startup user entry!
2/24/2010 1:58:22 AM Allowed (based on user decision) value "SpybotDeletingD1330" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll"") added in System Startup user entry!
2/24/2010 1:58:22 AM Allowed (based on user decision) value "SpybotDeletingB6154" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.dll"") added in System Startup user entry!
2/24/2010 1:58:28 AM Allowed (based on user decision) value "SpybotDeletingD9116" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.dll"") added in System Startup user entry!
2/24/2010 1:58:28 AM Allowed (based on user decision) value "SpybotDeletingB6600" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.jar"") added in System Startup user entry!
2/24/2010 1:58:34 AM Allowed (based on user decision) value "SpybotDeletingD866" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.jar"") added in System Startup user entry!
2/24/2010 1:58:34 AM Allowed (based on user decision) value "SpybotDeletingB4612" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll"") added in System Startup user entry!
2/24/2010 1:58:41 AM Allowed (based on user decision) value "SpybotDeletingD9136" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll"") added in System Startup user entry!
2/24/2010 1:58:41 AM Allowed (based on user decision) value "SpybotDeletingB2716" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax"") added in System Startup user entry!
2/24/2010 1:58:47 AM Allowed (based on user decision) value "SpybotDeletingD2479" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax"") added in System Startup user entry!
2/24/2010 1:58:47 AM Allowed (based on user decision) value "SpybotDeletingB8642" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini"") added in System Startup user entry!
2/24/2010 1:58:53 AM Allowed (based on user decision) value "SpybotDeletingD6823" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini"") added in System Startup user entry!
2/24/2010 1:58:53 AM Allowed (based on user decision) value "SpybotDeletingB9746" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html"") added in System Startup user entry!
2/24/2010 1:58:59 AM Allowed (based on user decision) value "SpybotDeletingD7199" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html"") added in System Startup user entry!
2/24/2010 1:58:59 AM Allowed (based on user decision) value "SpybotDeletingB7259" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\data.wts"") added in System Startup user entry!
2/24/2010 1:59:05 AM Allowed (based on user decision) value "SpybotDeletingD8066" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\data.wts"") added in System Startup user entry!
2/24/2010 1:59:05 AM Allowed (based on user decision) value "SpybotDeletingB1552" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll"") added in System Startup user entry!
2/24/2010 1:59:12 AM Allowed (based on user decision) value "SpybotDeletingD9967" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll"") added in System Startup user entry!
2/24/2010 1:59:12 AM Allowed (based on user decision) value "SpybotDeletingB6065" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll"") added in System Startup user entry!
2/24/2010 1:59:18 AM Allowed (based on user decision) value "SpybotDeletingD918" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll"") added in System Startup user entry!
2/24/2010 1:59:18 AM Allowed (based on user decision) value "SpybotDeletingB5849" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info\data.wts"") added in System Startup user entry!
2/24/2010 1:59:24 AM Allowed (based on user decision) value "SpybotDeletingD6617" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info\data.wts"") added in System Startup user entry!
2/24/2010 1:59:24 AM Allowed (based on user decision) value "SpybotDeletingB7399" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo"") added in System Startup user entry!
2/24/2010 1:59:30 AM Allowed (based on user decision) value "SpybotDeletingD9245" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo"") added in System Startup user entry!
2/24/2010 1:59:30 AM Allowed (based on user decision) value "SpybotDeletingB9013" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"") added in System Startup user entry!
2/24/2010 1:59:36 AM Allowed (based on user decision) value "SpybotDeletingD1797" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"") added in System Startup user entry!
2/24/2010 1:59:36 AM Allowed (based on user decision) value "SpybotDeletingB3971" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll"") added in System Startup user entry!
2/24/2010 1:59:42 AM Allowed (based on user decision) value "SpybotDeletingD8205" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll"") added in System Startup user entry!
2/24/2010 1:59:43 AM Allowed (based on user decision) value "SpybotDeletingB1759" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdanfo"") added in System Startup user entry!
2/24/2010 1:59:49 AM Allowed (based on user decision) value "SpybotDeletingD5061" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdanfo"") added in System Startup user entry!
2/24/2010 1:59:55 AM Allowed (based on user decision) value "SpybotDeletingD8050" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Uninstall.cdas"") added in System Startup user entry!
2/24/2010 1:59:55 AM Allowed (based on user decision) value "SpybotDeletingB8361" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts"") added in System Startup user entry!
2/24/2010 2:00:01 AM Allowed (based on user decision) value "SpybotDeletingD8846" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts"") added in System Startup user entry!
2/24/2010 2:00:01 AM Allowed (based on user decision) value "SpybotDeletingB2027" (new data: "command.com /c del "C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE"") added in System Startup user entry!
2/24/2010 2:00:07 AM Allowed (based on user decision) value "SpybotDeletingD4997" (new data: "cmd.exe /c del "C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE"") added in System Startup user entry!
2/24/2010 2:00:07 AM Allowed (based on user decision) value "SpybotDeletingB9479" (new data: "command.com /c del "C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR"") added in System Startup user entry!
2/24/2010 2:00:13 AM Allowed (based on user decision) value "SpybotDeletingD8220" (new data: "cmd.exe /c del "C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR"") added in System Startup user entry!
2/24/2010 2:00:13 AM Allowed (based on user decision) value "SpybotDeletingB1476" (new data: "command.com /c del "C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR"") added in System Startup user entry!
2/24/2010 2:00:19 AM Allowed (based on user decision) value "SpybotDeletingD9251" (new data: "cmd.exe /c del "C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR"") added in System Startup user entry!
2/24/2010 2:00:19 AM Allowed (based on user decision) value "SpybotDeletingB3038" (new data: "command.com /c del "C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST"") added in System Startup user entry!
2/24/2010 2:00:26 AM Allowed (based on user decision) value "SpybotDeletingD3071" (new data: "cmd.exe /c del "C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST"") added in System Startup user entry!
2/24/2010 2:00:26 AM Allowed (based on user decision) value "SpybotDeletingB1050" (new data: "command.com /c del "C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST"") added in System Startup user entry!
2/24/2010 2:00:32 AM Allowed (based on user decision) value "SpybotDeletingD4417" (new data: "cmd.exe /c del "C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST"") added in System Startup user entry!
2/24/2010 2:00:32 AM Allowed (based on user decision) value "SpybotDeletingB4933" (new data: "command.com /c del "C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL"") added in System Startup user entry!
2/24/2010 2:00:38 AM Allowed (based on user decision) value "SpybotDeletingD2393" (new data: "cmd.exe /c del "C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL"") added in System Startup user entry!
2/24/2010 2:00:38 AM Allowed (based on user decision) value "SpybotDeletingB6933" (new data: "command.com /c del "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL"") added in System Startup user entry!
2/24/2010 2:00:44 AM Allowed (based on user decision) value "SpybotDeletingD8020" (new data: "cmd.exe /c del "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL"") added in System Startup user entry!
2/24/2010 2:00:44 AM Allowed (based on user decision) value "SpybotDeletingB5113" (new data: "command.com /c del "C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL"") added in System Startup user entry!
2/24/2010 2:00:50 AM Allowed (based on user decision) value "SpybotDeletingD2298" (new data: "cmd.exe /c del "C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL"") added in System Startup user entry!
2/24/2010 2:00:50 AM Allowed (based on user decision) value "SpybotDeletingA4445" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"") added in System Startup global entry!
2/24/2010 2:00:57 AM Allowed (based on user decision) value "SpybotDeletingC890" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"") added in System Startup global entry!
2/24/2010 2:00:57 AM Allowed (based on user decision) value "SpybotDeletingA4026" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"") added in System Startup global entry!
2/24/2010 2:01:03 AM Allowed (based on user decision) value "SpybotDeletingC8123" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"") added in System Startup global entry!
2/24/2010 2:01:03 AM Allowed (based on user decision) value "SpybotDeletingA9145" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobject.dll"") added in System Startup global entry!
2/24/2010 2:01:09 AM Allowed (based on user decision) value "SpybotDeletingC5869" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobject.dll"") added in System Startup global entry!
2/24/2010 2:01:09 AM Allowed (based on user decision) value "SpybotDeletingA3779" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.dll"") added in System Startup global entry!
2/24/2010 2:01:15 AM Allowed (based on user decision) value "SpybotDeletingC9097" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.dll"") added in System Startup global entry!
2/24/2010 2:01:15 AM Allowed (based on user decision) value "SpybotDeletingA1561" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.dll"") added in System Startup global entry!
2/24/2010 2:01:21 AM Allowed (based on user decision) value "SpybotDeletingC4480" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.dll"") added in System Startup global entry!
2/24/2010 2:01:21 AM Allowed (based on user decision) value "SpybotDeletingA8550" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver.dll"") added in System Startup global entry!
2/24/2010 2:01:28 AM Allowed (based on user decision) value "SpybotDeletingC7362" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver.dll"") added in System Startup global entry!
2/24/2010 2:01:28 AM Allowed (based on user decision) value "SpybotDeletingA2418" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost.dll"") added in System Startup global entry!
2/24/2010 2:01:34 AM Allowed (based on user decision) value "SpybotDeletingC4069" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost.dll"") added in System Startup global entry!
2/24/2010 2:01:34 AM Allowed (based on user decision) value "SpybotDeletingA1103" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt"") added in System Startup global entry!
2/24/2010 2:01:40 AM Allowed (based on user decision) value "SpybotDeletingC2674" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt"") added in System Startup global entry!
2/24/2010 2:01:40 AM Allowed (based on user decision) value "SpybotDeletingA6246" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll"") added in System Startup global entry!
2/24/2010 2:01:46 AM Allowed (based on user decision) value "SpybotDeletingC954" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll"") added in System Startup global entry!
2/24/2010 2:01:46 AM Allowed (based on user decision) value "SpybotDeletingA9987" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver.dll"") added in System Startup global entry!
2/24/2010 2:01:52 AM Allowed (based on user decision) value "SpybotDeletingC5246" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver.dll"") added in System Startup global entry!
2/24/2010 2:01:52 AM Allowed (based on user decision) value "SpybotDeletingA7926" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dll"") added in System Startup global entry!
2/24/2010 2:01:58 AM Allowed (based on user decision) value "SpybotDeletingC9789" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dll"") added in System Startup global entry!
2/24/2010 2:01:59 AM Allowed (based on user decision) value "SpybotDeletingA9952" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.ded"") added in System Startup global entry!
2/24/2010 2:02:05 AM Allowed (based on user decision) value "SpybotDeletingC146" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.ded"") added in System Startup global entry!
2/24/2010 2:02:05 AM Allowed (based on user decision) value "SpybotDeletingA3761" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine.dll"") added in System Startup global entry!
2/24/2010 2:02:11 AM Allowed (based on user decision) value "SpybotDeletingC9585" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine.dll"") added in System Startup global entry!
2/24/2010 2:02:11 AM Allowed (based on user decision) value "SpybotDeletingA1659" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo"") added in System Startup global entry!
2/24/2010 2:02:17 AM Allowed (based on user decision) value "SpybotDeletingC1304" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo"") added in System Startup global entry!
2/24/2010 2:02:17 AM Allowed (based on user decision) value "SpybotDeletingA8909" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas"") added in System Startup global entry!
2/24/2010 2:02:23 AM Allowed (based on user decision) value "SpybotDeletingC2353" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas"") added in System Startup global entry!
2/24/2010 2:02:23 AM Allowed (based on user decision) value "SpybotDeletingA1864" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas"") added in System Startup global entry!
2/24/2010 2:02:29 AM Allowed (based on user decision) value "SpybotDeletingC3647" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas"") added in System Startup global entry!
2/24/2010 2:02:29 AM Allowed (based on user decision) value "SpybotDeletingA217" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdriver.dll"") added in System Startup global entry!
2/24/2010 2:02:36 AM Allowed (based on user decision) value "SpybotDeletingC4814" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdriver.dll"") added in System Startup global entry!
2/24/2010 2:02:36 AM Allowed (based on user decision) value "SpybotDeletingA5592" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtangent.jar"") added in System Startup global entry!
2/24/2010 2:02:42 AM Allowed (based on user decision) value "SpybotDeletingC6786" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtangent.jar"") added in System Startup global entry!
2/24/2010 2:02:42 AM Allowed (based on user decision) value "SpybotDeletingA7440" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini"") added in System Startup global entry!
2/24/2010 2:02:48 AM Allowed (based on user decision) value "SpybotDeletingC1092" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini"") added in System Startup global entry!
2/24/2010 2:02:48 AM Allowed (based on user decision) value "SpybotDeletingA5225" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHost.exe"") added in System Startup global entry!
2/24/2010 2:02:54 AM Allowed (based on user decision) value "SpybotDeletingC6045" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHost.exe"") added in System Startup global entry!
2/24/2010 2:02:54 AM Allowed (based on user decision) value "SpybotDeletingA5339" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll"") added in System Startup global entry!
2/24/2010 2:03:00 AM Allowed (based on user decision) value "SpybotDeletingC4192" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll"") added in System Startup global entry!
2/24/2010 2:03:01 AM Allowed (based on user decision) value "SpybotDeletingA9008" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.dll"") added in System Startup global entry!
2/24/2010 2:03:07 AM Allowed (based on user decision) value "SpybotDeletingC4543" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.dll"") added in System Startup global entry!
2/24/2010 2:03:07 AM Allowed (based on user decision) value "SpybotDeletingA828" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.jar"") added in System Startup global entry!
2/24/2010 2:03:13 AM Allowed (based on user decision) value "SpybotDeletingC61" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.jar"") added in System Startup global entry!
2/24/2010 2:03:13 AM Allowed (based on user decision) value "SpybotDeletingA8917" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll"") added in System Startup global entry!
2/24/2010 2:03:19 AM Allowed (based on user decision) value "SpybotDeletingC8936" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll"") added in System Startup global entry!
2/24/2010 2:03:19 AM Allowed (based on user decision) value "SpybotDeletingA4763" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax"") added in System Startup global entry!
2/24/2010 2:03:25 AM Allowed (based on user decision) value "SpybotDeletingC2287" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax"") added in System Startup global entry!
2/24/2010 2:03:25 AM Allowed (based on user decision) value "SpybotDeletingA1813" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini"") added in System Startup global entry!
2/24/2010 2:03:31 AM Allowed (based on user decision) value "SpybotDeletingC2792" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini"") added in System Startup global entry!
2/24/2010 2:03:31 AM Allowed (based on user decision) value "SpybotDeletingA1243" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html"") added in System Startup global entry!
2/24/2010 2:03:37 AM Allowed (based on user decision) value "SpybotDeletingC4919" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html"") added in System Startup global entry!
2/24/2010 2:03:38 AM Allowed (based on user decision) value "SpybotDeletingA9544" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\data.wts"") added in System Startup global entry!
2/24/2010 2:03:44 AM Allowed (based on user decision) value "SpybotDeletingC2869" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\data.wts"") added in System Startup global entry!
2/24/2010 2:03:44 AM Allowed (based on user decision) value "SpybotDeletingA6971" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll"") added in System Startup global entry!
2/24/2010 2:03:50 AM Allowed (based on user decision) value "SpybotDeletingC572" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll"") added in System Startup global entry!
2/24/2010 2:03:50 AM Allowed (based on user decision) value "SpybotDeletingA8662" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll"") added in System Startup global entry!
2/24/2010 2:03:56 AM Allowed (based on user decision) value "SpybotDeletingC4279" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll"") added in System Startup global entry!
2/24/2010 2:03:56 AM Allowed (based on user decision) value "SpybotDeletingA9388" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info\data.wts"") added in System Startup global entry!
2/24/2010 2:04:02 AM Allowed (based on user decision) value "SpybotDeletingC9358" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info\data.wts"") added in System Startup global entry!
2/24/2010 2:04:02 AM Allowed (based on user decision) value "SpybotDeletingA4683" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo"") added in System Startup global entry!
2/24/2010 2:04:08 AM Allowed (based on user decision) value "SpybotDeletingC827" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo"") added in System Startup global entry!
2/24/2010 2:04:08 AM Allowed (based on user decision) value "SpybotDeletingA2838" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"") added in System Startup global entry!
2/24/2010 2:04:15 AM Allowed (based on user decision) value "SpybotDeletingC3777" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"") added in System Startup global entry!
2/24/2010 2:04:15 AM Allowed (based on user decision) value "SpybotDeletingA8880" (new data: "command.com /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll"") added in System Startup global entry!
2/24/2010 2:04:21 AM Allowed (based on user decision) value "SpybotDeletingC7806" (new data: "cmd.exe /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll"") added in System Startup global e