Tech Support Forum - View Single Post - Random audio ads/music/scenes, routing.exe, macidwe.exe, perfs.exe, tdxdowkc.exe

tppiii · 08-07-2008, 11:52 PM

Ok, i noticed this today as i was watching a dvd on my laptop. Out of no where, I hear random audio.. some of it was ads (like you hear on the radio), some of it are random sound clips (like a lion roaring) and some of it are random lines (thinking from a movie, but not from the dvd I was watching)... well at first I thought it was AIM/AOL and the buddy sounds, but I did disable that. I ended up closing all instant messenger programs so I continue to watch my dvd. but the problem still persist, I still hear these sounds, do I decided to do a full virus (symantec), spyware/adaware (adware and spybot) scan. Nothing really came up.

So i ended up doing hijakthis this and found i have the routing.exe, macidwe.exe, perfs.exe, tdxdowkc.exe files. (I googled all the files on the HJ list that seem outside of the norms and see if it was spyware this is what i found). So i ended up disabling it in the task manager and manually deting the files out of system32. so the next day, the same thing happen again, I hear these random audio clips. I have nothing open that makes sounds, so I do not know what else to do. So I am here asking for help and input. If anyone can help, that would be great.

The following is my scanned log after i ran spyware/adware/virus scanning programs again and rebooted (I also attached the Hijackthis log from before the reboot):

Deckard's System Scanner v20071014.68
Run by Tan Pham on 2008-08-08 01:15:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

-- Last 5 Restore Point(s) --
9: 2008-08-08 05:02:08 UTC - RP88 - Deckard's System Scanner Restore Point
8: 2008-08-08 04:47:27 UTC - RP87 - Uniblue RegistryBooster
7: 2008-08-07 22:44:29 UTC - RP86 - Installed Unreal Tournament 3
6: 2008-08-07 06:35:07 UTC - RP85 - System Checkpoint
5: 2008-08-06 05:15:18 UTC - RP84 - Installed VAIO Update 3

-- First Restore Point --
1: 2008-08-06 00:20:54 UTC - RP80 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Tan Pham.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:12 AM, on 8/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\DynDNS Updater\DynTray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Documents and Settings\Tan Pham\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Tan Pham.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {246D8DEE-5F51-4351-B33C-009E3F33D131} - C:\WINDOWS\system32\uRLDvwwV.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {BE961036-940B-42C8-9180-FF943717739b} - C:\WINDOWS\system32\esqeobds.dll (file missing)
O2 - BHO: {41ef0147-e70a-f35a-2614-9fab5b80954c} - {c45908b5-baf9-4162-a53f-a07e7410fe14} - C:\WINDOWS\system32\vmjmwi.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Virtual Account Numbers - {DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} - C:\PROGRA~1\VIRTUA~1\CitiVAN.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} (VivatyCtrl Class) - http://apps.vivaty.com/downloads/player/install.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Program Files\DynDNS Updater\DynUpSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe (file missing)

--
End of file - 16086 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080808-003524-291 O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe
backup-20080808-003832-230 O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing)
backup-20080808-004432-130 O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing)
backup-20080808-004432-316 O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINDOWS\system32\perfs.exe
backup-20080808-004432-748 O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe (file missing)
backup-20080808-004432-921 O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe
backup-20080808-004432-947 O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe
backup-20080808-004432-953 O23 - Service: sobicyt - Unknown owner - C:\WINDOWS\system32\sobicyt.exe

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ISODrive (ISO DVD/CD-ROM Device Driver) - c:\program files\ultraiso\drivers\isodrive.sys <Not Verified; EZB Systems, Inc.; ISODrive>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.10.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.10.0>
R2 FdRedir - c:\program files\common files\protector suite ql\drivers\fdredir.sys <Not Verified; UPEK Inc.; Protector Suite QL>
R2 FileDisk2 (FileDisk Protector Kernel Driver) - c:\program files\common files\protector suite ql\drivers\filedisk.sys <Not Verified; UPEK Inc.; Protector Suite QL>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>

S3 mqdmbus (Motorola DM Composite Driver (WDM)) - c:\windows\system32\drivers\mqdmbus.sys <Not Verified; MCCI; Motorola DM Composite Driver>
S3 mqdmmdfl (Motorola USB Modem (Filter)) - c:\windows\system32\drivers\mqdmmdfl.sys <Not Verified; MCCI; Motorola USB Modem Filter>
S3 mqdmmdm (Motorola USB Modem) - c:\windows\system32\drivers\mqdmmdm.sys <Not Verified; MCCI; Motorola USB Modem>
S3 mqdmserd (Motorola USB Diag) - c:\windows\system32\drivers\mqdmserd.sys <Not Verified; MCCI; Motorola USB Diag>
S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
S3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
S3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>
S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Microsoft(R) Windows NT(R) Operating System>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 DynDNS Updater - c:\program files\dyndns updater\dynupsvc.exe <Not Verified; Dynamic Network Services, Inc.; DynDNS® Updater>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 macidwe (macidwe Service) - c:\windows\system32\macidwe.exe (file missing)
S2 perfs (perfs Service) - c:\windows\system32\perfs.exe (file missing)
S2 Routing (Routing Service) - c:\windows\system32\routing.exe (file missing)
S2 tdxdowkc (tdxdowkc Service) - c:\windows\system32\tdxdowkc.exe (file missing)
S2 WServing (WServing Service) - c:\windows\system32\wserving.exe (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WmcCdsLs (Windows Media Connect (WMC) Helper) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 AFinding (AFinding Service) - c:\windows\system32\afinding.exe
S4 NOBICYT (NOBICYT Service) - c:\windows\system32\nobicyt.exe
S4 perfmons - c:\windows\system32\perfs.exe (file missing)
S4 sobicyt - c:\windows\system32\sobicyt.exe (file missing)

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-08-07 08:09:18 234 --a------ C:\WINDOWS\Tasks\German1.job
2008-07-30 19:58:32 408 --a------ C:\WINDOWS\Tasks\Money 2007 Home & Business.job

-- Files created between 2008-07-08 and 2008-08-08 -----------------------------

2008-08-08 00:58:27 0 d-------- C:\ie-spyad_zo
2008-08-08 00:45:11 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Uniblue
2008-08-08 00:44:50 0 d-------- C:\Program Files\Uniblue
2008-08-08 00:30:36 0 d-------- C:\Program Files\Trend Micro
2008-08-07 21:43:12 0 d-------- C:\NVIDIA
2008-08-07 19:07:24 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\InstallShield Installation Information
2008-08-07 18:45:51 0 d-------- C:\Program Files\Unreal Tournament 3
2008-08-07 18:45:04 0 d-------- C:\WINDOWS\system32\AGEIA
2008-08-07 18:45:03 0 d-------- C:\Program Files\AGEIA Technologies
2008-08-07 01:48:27 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\.SwarmPlayer
2008-08-07 01:48:16 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\.Tribler
2008-08-07 01:47:23 0 d-------- C:\Program Files\SwarmPlayer
2008-08-06 11:54:25 0 d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-08-06 01:35:18 170768 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-08-06 01:35:18 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-08-06 01:35:18 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-08-06 01:35:18 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-08-06 01:35:18 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-08-06 01:35:13 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-08-06 01:35:13 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-08-06 01:35:13 162576 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-08-06 01:35:12 249616 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-08-06 01:35:12 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-08-06 01:35:12 934160 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-08-06 01:35:12 153872 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-08-06 01:35:12 169232 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-08-06 01:35:12 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-08-06 01:35:11 365328 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-08-06 01:35:11 34576 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-08-06 01:35:11 192784 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-08-06 01:35:10 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-08-06 01:26:13 0 d-------- C:\Program Files\UltraISO
2008-08-06 01:26:13 0 d-------- C:\Program Files\Common Files\EZB Systems
2008-08-05 22:55:15 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\EndNote
2008-08-05 22:55:10 0 d-------- C:\Program Files\Common Files\Risxtd
2008-08-05 22:55:06 0 d-------- C:\Program Files\Common Files\ResearchSoft
2008-08-05 22:52:08 0 d-------- C:\Program Files\EndNote X2
2008-08-05 22:51:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Thomson.ResearchSoft.Installers
2008-08-04 03:14:46 0 d-------- C:\Program Files\Vivaty
2008-08-03 21:58:40 0 d-------- C:\Program Files\AOL Companion
2008-08-03 21:58:38 0 d-------- C:\WINDOWS\occache
2008-08-03 21:58:38 0 d-------- C:\Program Files\Learn2.com
2008-08-03 21:56:42 153088 --a------ C:\WINDOWS\system32\jgdwmie.dll <Not Verified; America Online; JG Decoder>
2008-08-03 21:56:42 24659 --a------ C:\WINDOWS\system32\aolddial.dll <Not Verified; America Online, Inc.; America Online>
2008-08-03 21:56:10 65536 --a------ C:\WINDOWS\wanmpsvc.exe <Not Verified; America Online, Inc.; America Online>
2008-08-03 21:55:56 0 d-------- C:\Program Files\Common Files\aolshare
2008-08-03 21:55:45 0 d-------- C:\Program Files\America Online 9.0
2008-08-03 00:02:27 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-08-03 00:02:27 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-08-02 16:14:50 0 d-------- C:\Program Files\Samsung
2008-08-02 14:40:44 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Yahoo!
2008-08-02 14:40:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-02 00:04:08 0 d---s---- C:\Documents and Settings\NetworkService\UserData
2008-08-01 23:26:30 0 d-------- C:\Documents and Settings\NetworkService\My Documents
2008-08-01 23:25:47 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Real
2008-08-01 20:52:09 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-08-01 20:24:16 0 d-------- C:\Program Files\Motorola
2008-08-01 20:02:03 5936 --a------ C:\WINDOWS\system32\drivers\mqdmwhnt.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-08-01 20:02:03 5936 --a------ C:\WINDOWS\system32\drivers\mqdmwh.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-08-01 20:02:03 79328 --a------ C:\WINDOWS\system32\drivers\mqdmserd.sys <Not Verified; MCCI; Motorola USB Diag>
2008-08-01 20:02:03 92064 --a------ C:\WINDOWS\system32\drivers\mqdmmdm.sys <Not Verified; MCCI; Motorola USB Modem>
2008-08-01 20:02:03 9232 --a------ C:\WINDOWS\system32\drivers\mqdmmdfl.sys <Not Verified; MCCI; Motorola USB Modem Filter>
2008-08-01 20:02:03 6208 --a------ C:\WINDOWS\system32\drivers\mqdmcmnt.sys <Not Verified; MCCI; Motorola USB DIAG>
2008-08-01 20:02:03 6208 --a------ C:\WINDOWS\system32\drivers\mqdmcm.sys <Not Verified; MCCI; Motorola USB DIAG>
2008-08-01 20:02:03 66656 --a------ C:\WINDOWS\system32\drivers\mqdmbus.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-08-01 20:02:03 5936 --a------ C:\Documents and Settings\Tan Pham\mqdmwhnt.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-08-01 20:02:03 79328 --a------ C:\Documents and Settings\Tan Pham\mqdmserd.sys <Not Verified; MCCI; Motorola USB Diag>
2008-08-01 20:02:03 92064 --a------ C:\Documents and Settings\Tan Pham\mqdmmdm.sys <Not Verified; MCCI; Motorola USB Modem>
2008-08-01 20:02:03 9232 --a------ C:\Documents and Settings\Tan Pham\mqdmmdfl.sys <Not Verified; MCCI; Motorola USB Modem Filter>
2008-08-01 20:02:03 4048 --a------ C:\Documents and Settings\Tan Pham\mqdmcr.sys <Not Verified; MCCI; Motorola USB DIAG>
2008-08-01 20:02:03 6208 --a------ C:\Documents and Settings\Tan Pham\mqdmcmnt.sys <Not Verified; MCCI; Motorola USB DIAG>
2008-08-01 20:02:03 66656 --a------ C:\Documents and Settings\Tan Pham\mqdmbus.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-08-01 20:02:02 6947 --a------ C:\Documents and Settings\Tan Pham\1217635322-(null)
2008-08-01 18:01:35 0 d-------- C:\Program Files\Avanquest update
2008-08-01 18:00:37 0 d-------- C:\Program Files\Motorola Phone Tools
2008-08-01 18:00:07 22768 --a------ C:\Documents and Settings\Tan Pham\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-07-31 23:19:36 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia
2008-07-31 23:19:36 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Adobe
2008-07-31 21:02:29 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\acccore
2008-07-31 20:40:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-31 20:40:03 0 d-------- C:\Program Files\Apple Software Update
2008-07-31 20:40:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-31 20:32:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-31 20:32:07 0 d-------- C:\Program Files\Yahoo!
2008-07-30 22:32:12 0 d-------- C:\VundoFix Backups
2008-07-30 14:59:30 0 d-------- C:\Program Files\Common Files\AnswerWorks 5.0
2008-07-30 14:59:15 1843200 --a------ C:\WINDOWS\system32\acXMLParser.dll <Not Verified; Apache Software Foundation; Xerces-C Version 2.7.0>
2008-07-30 14:58:25 0 d-------- C:\Program Files\Quicken
2008-07-30 14:56:07 116736 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2008-07-30 14:56:06 0 d-------- C:\Program Files\MagicDisc
2008-07-30 01:19:38 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-29 21:51:07 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Protector Suite
2008-07-29 16:52:46 0 d-------- C:\Program Files\Trillian Astra
2008-07-26 18:18:50 0 d-------- C:\Program Files\Microsoft Money 2007
2008-07-25 17:34:08 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Viewpoint
2008-07-25 17:33:34 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-07-25 17:32:58 54784 --a------ C:\WINDOWS\system32\Inetwh32.dll <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2008-07-25 17:32:57 1044480 --a------ C:\WINDOWS\system32\roboex32.dll <Not Verified; eHelp Corporation.; RoboHELP for WinHelp 9>
2008-07-24 22:07:28 102400 --a------ C:\WINDOWS\system32\OBroker.exe <Not Verified; ; Orbiscom Broker Module>
2008-07-24 22:07:28 532480 --a------ C:\WINDOWS\system32\FFCore.dll <Not Verified; Orbiscom Ltd.
All rights reserved.; Form Fill Components>
2008-07-24 22:07:28 0 d-------- C:\Program Files\Virtual Account Numbers
2008-07-24 22:07:24 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\InstallShield
2008-07-24 21:39:48 0 d-------- C:\Program Files\Netflix
2008-07-24 18:12:31 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\AdobeUM
2008-07-24 00:58:59 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\dvdcss
2008-07-24 00:21:04 0 d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-07-24 00:20:40 0 d-------- C:\WINDOWS\system32\Cache
2008-07-24 00:20:35 0 d-------- C:\WINDOWS\system32\FxsTmp
2008-07-23 21:02:16 0 d-------- C:\Program Files\Toshiba
2008-07-23 20:58:21 0 d-------- C:\Documents and Settings\All Users\Application Data\VAIO Media Platform
2008-07-23 20:57:25 2981888 --a------ C:\WINDOWS\system32\iplw7.dll <Not Verified; Intel Corporation.; Intel® Image Processing Library>
2008-07-23 20:57:25 2502656 --a------ C:\WINDOWS\system32\iplpx.dll <Not Verified; Intel Corporation.; Intel® Image Processing Library>
2008-07-23 20:57:25 2531328 --a------ C:\WINDOWS\system32\iplp6.dll <Not Verified; Intel Corporation.; Intel® Image Processing Library>
2008-07-23 20:57:25 2785280 --a------ C:\WINDOWS\system32\iplm6.dll <Not Verified; Intel Corporation.; Intel® Image Processing Library>
2008-07-23 20:57:24 2686976 --a------ C:\WINDOWS\system32\iplm5.dll <Not Verified; Intel Corporation.; Intel® Image Processing Library>
2008-07-23 20:57:24 2973696 --a------ C:\WINDOWS\system32\ipla6.dll <Not Verified; Intel Corporation.; Intel® Image Processing Library>
2008-07-23 20:57:24 53248 --a------ C:\WINDOWS\system32\ipl.dll <Not Verified; Intel Corporation.; Intel® Image Processing Library>
2008-07-23 20:57:24 19968 --a------ C:\WINDOWS\system32\Cpuinf32.dll
2008-07-23 20:34:46 0 d-------- C:\Program Files\Common Files\Protector Suite QL
2008-07-23 20:34:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-23 20:34:21 0 d-------- C:\Program Files\Viewpoint
2008-07-23 20:34:21 0 d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-07-23 20:26:51 0 d-------- C:\Program Files\Common Files\xing shared
2008-07-23 20:26:43 0 d-------- C:\Program Files\Real
2008-07-23 20:26:42 0 d-------- C:\Program Files\Common Files\Real
2008-07-23 20:20:40 0 d-------- C:\Program Files\AIM6
2008-07-23 12:05:38 0 d-------- C:\Program Files\Winamp
2008-07-23 10:54:30 0 d-------- C:\Program Files\TechSmith
2008-07-23 10:50:41 0 d-------- C:\Program Files\SlySoft
2008-07-23 10:48:51 0 d-------- C:\Program Files\Elaborate Bytes
2008-07-23 10:44:09 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-23 10:32:13 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\WinRAR
2008-07-23 09:49:02 0 d-------- C:\Program Files\Google
2008-07-23 09:48:53 0 d-------- C:\Program Files\Picasa2
2008-07-23 09:46:34 0 d-------- C:\Program Files\Lavasoft
2008-07-23 09:45:53 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-23 01:08:30 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-07-23 01:08:29 0 d-------- C:\Program Files\DVD Shrink
2008-07-23 00:59:24 0 d-------- C:\My Shared
2008-07-23 00:57:19 0 d-------- C:\Program Files\Combined Community Codec Pack
2008-07-23 00:40:39 0 d-------- C:\Program Files\Microsoft Silverlight
2008-07-23 00:31:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-07-23 00:31:17 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-23 00:29:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-22 23:55:48 0 d-------- C:\Program Files\Microsoft Picture It! 10
2008-07-22 23:28:24 0 d-------- C:\Program Files\PowerISO
2008-07-22 23:17:59 0 d-------- C:\temp
2008-07-22 23:16:37 0 d-------- C:\b9443697b46952f30f4e
2008-07-22 23:14:37 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-22 23:11:21 0 d-------- C:\Program Files\Nero
2008-07-22 23:11:21 0 d-------- C:\Program Files\Common Files\Ahead
2008-07-22 23:10:48 0 d-------- C:\93d30018e2b6dac1d9564130
2008-07-22 19:44:14 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-22 19:20:03 35382 --a------ C:\WINDOWS\scunin.dat
2008-07-22 19:20:02 967 --a------ C:\WINDOWS\ScUnin.pif
2008-07-22 19:20:02 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-07-22 19:18:47 0 d-------- C:\Program Files\Starcraft
2008-07-22 19

51 0 d-------- C:\WINDOWS\Prefetch
2008-07-22 18:46:52 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-22 18:29:37 0 d--hs---- C:\WINDOWS\CSC
2008-07-22 01:40:07 0 d-------- C:\Program Files\MSXML 4.0
2008-07-22 01:37:27 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\vlc
2008-07-22 01:12:04 0 d-------- C:\Program Files\Stardock
2008-07-22 01:12:04 0 d-------- C:\Program Files\Common Files\Stardock
2008-07-22 01:00:09 0 d-------- C:\WINDOWS\system32\PreInstall
2008-07-22 00:58:28 1929216 --a------ C:\WINDOWS\system32\cdintf250.dll <Not Verified; Amyuni Technologies
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-07-22 00:58:26 0 --a------ C:\WINDOWS\system32\ssprs.dll
2008-07-22 00:58:26 0 --a------ C:\WINDOWS\system32\serauth2.dll
2008-07-22 00:58:26 0 --a------ C:\WINDOWS\system32\serauth1.dll
2008-07-22 00:58:26 0 --a------ C:\WINDOWS\system32\nsprs.dll
2008-07-22 00:58:26 1024 --a------ C:\WINDOWS\system32\clauth2.dll
2008-07-22 00:58:26 1024 --a------ C:\WINDOWS\system32\clauth1.dll
2008-07-22 00:57:00 0 d-------- C:\Program Files\SPSS Evaluation
2008-07-22 00:56:51 1025 --a------ C:\WINDOWS\system32\sysprs7.dll
2008-07-22 00:56:51 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2008-07-22 00:54:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-22 00:46:14 0 d-------- C:\Program Files\VideoLAN
2008-07-22 00:31:50 0 d-------- C:\WINDOWS\system32\appmgmt
2008-07-22 00:24:08 0 d-------- C:\Program Files\uTorrent
2008-07-22 00:18:59 0 d-------- C:\lj2100
2008-07-22 00:17:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-07-22 00:16:11 0 d-------- C:\HP-UPD-45_PCL5-32
2008-07-22 00:14:29 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-22 00:14:26 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\skypePM
2008-07-22 00:13:00 0 d-------- C:\Program Files\Common Files\Skype
2008-07-22 00:11:49 0 d-------- C:\Program Files\QuickTime
2008-07-22 00:04:14 0 d-------- C:\Program Files\DynDNS Updater
2008-07-21 23:56:10 0 d-------- C:\WINDOWS\pss
2008-07-21 23:55:50 0 d-------- C:\WINDOWS\Sun
2008-07-21 23:35:01 0 d-------- C:\Documents and Settings\Tan Pham\winja_cache
2008-07-21 23:35:00 0 d---s---- C:\Documents and Settings\Tan Pham\UserData
2008-07-21 23:34:25 0 d-------- C:\Documents and Settings\Tan Pham\ChikkaDefault
2008-07-21 23:34:24 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\yoclient
2008-07-21 23:34:24 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Winamp
2008-07-21 23:34:23 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Wal-Mart
2008-07-21 23:34:18 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\uTorrent
2008-07-21 23:34:18 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Trillian
2008-07-21 23:34:18 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Template
2008-07-21 23:34:18 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Sun
2008-07-21 23:34:18 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Southwest Airlines
2008-07-21 23:34:17 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Skype
2008-07-21 23:34:17 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Real
2008-07-21 23:34:17 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Publish Providers
2008-07-21 23:34:16 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Paltalk
2008-07-21 23:34:16 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Opera
2008-07-21 23:34:16 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\OfficeUpdate12
2008-07-21 23:34:16 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Netscape
2008-07-21 23:34:16 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Nero
2008-07-21 23:34:16 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\MySpace
2008-07-21 23:34:06 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Macromedia
2008-07-21 23:34:05 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\LimeWire
2008-07-21 23:34:05 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Juniper Networks
2008-07-21 23:34:05 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Intuit
2008-07-21 23:34:05 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Infineon
2008-07-21 23:34:05 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Gizmo Project
2008-07-21 23:34:05 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\FrostWire
2008-07-21 23:34:05 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Apple Computer
2008-07-21 23:34:05 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\AOL
2008-07-21 23:34:04 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\American Airlines DealFinder
2008-07-21 23:34:04 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Ahead
2008-07-21 23:34:03 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\.purple
2008-07-21 23:31:09 0 d-------- C:\Documents and Settings\Tan Pham\usrusmt2.tmp
2008-07-21 23:30:50 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-07-21 23:30:41 0 d-------- C:\WINDOWS\system32\LogFiles
2008-07-21 23:30:38 0 d-------- C:\WINDOWS\SQLHotfix
2008-07-21 23:29:56 0 d-------- C:\Program Files\Windows Media Connect 2
2008-07-21 23:28:32 0 d-------- C:\Program Files\Symantec
2008-07-21 23:28:32 0 d-------- C:\Program Files\Symantec AntiVirus
2008-07-21 23:28:09 0 d-------- C:\Program Files\Skype
2008-07-21 23:25:14 0 d-------- C:\Program Files\Riva
2008-07-21 23:25:13 0 d-------- C:\Program Files\Reference Assemblies
2008-07-21 23:25:09 0 d-------- C:\Program Files\Protector Suite QL
2008-07-21 23:25:07 0 d-------- C:\Program Files\Pidgin
2008-07-21 23:24:12 0 d-------- C:\Program Files\MSN Messenger
2008-07-21 23:20:17 0 d-------- C:\Program Files\DC++
2008-07-21 23:20:07 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-21 23:20:05 0 d-------- C:\Program Files\Common Files\Nero
2008-07-21 23:20:05 0 d-------- C:\Program Files\Common Files\Motorola Shared
2008-07-21 23:20:04 0 d-------- C:\Program Files\Common Files\Macromedia
2008-07-21 23:20:04 0 d-------- C:\Program Files\Common Files\GTK
2008-07-21 23:20:04 0 d-------- C:\Program Files\Common Files\GPL Ghostscript Shared
2008-07-21 23:20:00 0 d-------- C:\Program Files\Common Files\AOL
2008-07-21 23:19:56 0 d-------- C:\Program Files\AltBinz
2008-07-21 23:19:46 0 d-------- C:\Intel
2008-07-21 23:19:45 0 d-------- C:\Infineon
2008-07-21 23:19:45 0 d-------- C:\Inetpub
2008-07-21 23:19:43 0 d-------- C:\drivers
2008-07-21 23:19:42 0 d-------- C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-07-21 23:19:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Wal-Mart
2008-07-21 23:19:41 0 d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-07-21 23:19:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-21 23:19:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-21 23:19:31 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-07-21 23:19:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-21 23:19:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-21 23:19:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-07-21 23:19:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2008-07-21 23:19:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-21 23:19:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-07-21 23:19:23 0 d-------- C:\Documents and Settings\All Users\Application Data\G7PS
2008-07-21 23:19:23 0 d-------- C:\Documents and Settings\All Users\Application Data\DynDNS
2008-07-21 23:19:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
2008-07-21 23:19:23 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-21 23:19:17 0 d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-07-21 23:19:16 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-07-21 23:19:16 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-07-21 23:19:14 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-07-21 23

55 0 d-------- C:\Program Files\Microsoft.NET
2008-07-21 23:03:45 724992 --a------ C:\WINDOWS\system32\ebCrypt.dll <Not Verified; EB Design Pty Ltd; ebCrypt>
2008-07-21 23:03:43 0 d-------- C:\Program Files\chatClient
2008-07-21 23:00:25 0 d-------- C:\WINDOWS\SHELLNEW
2008-07-21 22:59:36 0 d-------- C:\WINDOWS\system32\NtmsData
2008-07-21 22:59:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-21 22:50:33 0 dr-h----- C:\MSOCache
2008-07-21 22:45:46 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Adobe
2008-07-21 22:43:33 0 d-------- C:\Program Files\Trillian
2008-07-21 22:41:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-07-21 22:35:22 0 d-------- C:\WINDOWS\system32\scripting
2008-07-21 22:35:21 0 d-------- C:\WINDOWS\l2schemas
2008-07-21 22:35:20 0 d-------- C:\WINDOWS\system32\en
2008-07-21 22:35:20 0 d-------- C:\WINDOWS\system32\bits
2008-07-21 22:31:37 0 d-------- C:\Program Files\MozBackup
2008-07-21 22:30:56 0 d-------- C:\WINDOWS\network diagnostic
2008-07-21 22:25:04 335 --a------ C:\WINDOWS\nsreg.dat
2008-07-21 22:25:01 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Mozilla
2008-07-21 22:21:19 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-21 22:10:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-07-21 22:10:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-07-21 22:10:14 0 d-------- C:\Program Files\Logitech
2008-07-21 22:05:49 0 d-------- C:\Program Files\Common Files\logishrd
2008-07-21 22:02:29 0 dr------- C:\Documents and Settings\Tan Pham\Favorites
2008-07-21 22:02:29 0 dr------- C:\Documents and Settings\Tan Pham\Desktop
2008-07-21 22:02:29 0 d---s---- C:\Documents and Settings\Tan Pham\Cookies
2008-07-21 22:02:29 0 dr-h----- C:\Documents and Settings\Tan Pham\Application Data
2008-07-21 22:02:29 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Sony Corporation
2008-07-21 22:02:29 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Intel
2008-07-21 22:02:29 0 d-------- C:\Documents and Settings\Tan Pham\Application Data\Identities
2008-07-21 22:02:28 0 d--h----- C:\Documents and Settings\Tan Pham\Templates
2008-07-21 22:02:28 0 dr------- C:\Documents and Settings\Tan Pham\Start Menu
2008-07-21 22:02:28 0 dr-h----- C:\Documents and Settings\Tan Pham\SendTo
2008-07-21 22:02:28 0 dr-h----- C:\Documents and Settings\Tan Pham\Recent
2008-07-21 22:02:28 0 d--h----- C:\Documents and Settings\Tan Pham\PrintHood
2008-07-21 22:02:28 7602176 --ah----- C:\Documents and Settings\Tan Pham\NTUSER.DAT
2008-07-21 22:02:28 0 d--h----- C:\Documents and Settings\Tan Pham\NetHood
2008-07-21 22:02:28 0 dr------- C:\Documents and Settings\Tan Pham\My Documents
2008-07-21 22:02:28 0 d--h----- C:\Documents and Settings\Tan Pham\Local Settings
2008-07-21 22:02:06 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-07-21 22:01:59 0 d-------- C:\Documents and Settings\Default User\Application Data\Sony Corporation
2008-07-21 22:01:59 0 d-------- C:\Documents and Settings\Default User\Application Data\Intel
2008-07-21 22:01:41 0 d-------- C:\WINDOWS\system32\SoftwareDistribution

-- Find3M Report ---------------------------------------------------------------

2008-08-06 01:26:13 0 d-------- C:\Program Files\Common Files
2008-08-06 01:15:09 0 d-------- C:\Program Files\Sony
2008-08-06 01:15:09 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-03 03:18:55 0 d-------- C:\Program Files\Common Files\Adobe
2008-08-01 20:52:57 2528 --a------ C:\Documents and Settings\Tan Pham\Application Data\$_hpcst$.hpc
2008-07-23 20:59:09 0 d-------- C:\Program Files\Common Files\Sony Shared
2008-07-22 18:58:59 0 d-------- C:\Program Files\Messenger
2008-07-22 18:58:36 0 d-------- C:\Program Files\Movie Maker
2008-07-22 18:55:43 0 d-------- C:\Program Files\Windows NT
2008-07-21 23:21:10 0 d-------- C:\Program Files\Java

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{246D8DEE-5F51-4351-B33C-009E3F33D131}]
C:\WINDOWS\system32\uRLDvwwV.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE961036-940B-42C8-9180-FF943717739b}]
C:\WINDOWS\system32\esqeobds.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c45908b5-baf9-4162-a53f-a07e7410fe14}]
C:\WINDOWS\system32\vmjmwi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/17/2005 03:08 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/17/2005 03:08 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/17/2005 03:08 PM]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [11/17/2004 11:47 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [02/28/2006 05:25 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [02/28/2006 05:25 PM]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [02/28/2006 05:29 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/20/2006 08:45 PM]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/20/2003 12:08 AM]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [06/13/2006 01:22 PM]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [02/20/2004 05:12 PM]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [02/14/2006 03:11 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/19/2006 07:26 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [09/27/2006 08:33 PM]
"Biomenu"="C:\Program Files\Protector Suite QL\menusw.exe" [02/22/2006 06:10 PM]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [12/27/2005 01:58 PM]
"PartSeal"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/20/2003 12:08 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50 AM]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [04/23/2008 02:08 AM]
"@"="" []
"VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [05/15/2007 08:46 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [05/30/2008 03:54 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 05:42 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [11/13/2006 01:39 PM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [07/23/2008 01:16 PM]

C:\Documents and Settings\Tan Pham\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [7/22/2008 1:12:04 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [8/2/2008 10:31:48 PM]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [8/3/2008 9:56:30 PM]
DynDNS Updater Tray Icon.lnk - C:\Program Files\DynDNS Updater\DynTray.exe [6/23/2008 3:04:20 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
fusstub.dll 02/22/2006 06:11 PM 39936 C:\WINDOWS\system32\fusstub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 03/09/2006 05:51 PM 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\uRLDvwwV
"Notification Packages"= fusstub

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tan Pham^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Tan Pham\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tan Pham^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Tan Pham\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\58a63c70]
rundll32.exe "C:\WINDOWS\system32\wsghmmht.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Citi Virtual Account Numbers]
C:\PROGRA~1\VIRTUA~1\CitiVAN.exe /lang=en_RG /dontopenmycards

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
"C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSecurity]
"C:\Program Files\Sony\VAIO Security Center\VSC.exe" 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HPZ12 Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8940 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-08-08 01:21:49 ------------