Hi guys,

This is my first post here, and my first virus in years ! >:(

I got infected with win32:delf-HTI and my AVAST cannot remove it completely.
It keeps on coming back after AVAST home edition put it in quarantine.

I tried a complete AVAST scan at boot-up, SpyBot, and Super Anti-spyware with no success.

My father in law got the same infection on his PC.
He probably infected me with something he sent me.
I got my first virus notification after he sent me a news link from a known newspaper website.

So both of us are infected and he wants my help to clean up his PC.
This one is beyond my capabilities. :-[
I really need your help.

Thanks.
Max.

Hi :

A “Delf” infection requires the use of a special “tool”, best used under the
guidance of “essexboy” of these Forums. Most likely he will be by shortly
and/or you can use this Forum’s “Search” feature, using the term “Delf” and
his “Username” .

Here I be

The first thing I will need is a look at your systems current status

Please download Deckard’s System Scanner (DSS) and save it to your Desktop.
[*]Close all other windows before proceeding.
[*]Double-click on dss.exe and follow the prompts.
[*]When it has finished, dss will open two Notepads main.txt and extra.txt – please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Thanks for the help !

I really appreciate it.

Here’s the log file:

Deckard’s System Scanner v20071014.68
Run by Le Survenant ! on 2008-01-24 21:59:52
Computer is in Normal Mode.

– System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable…success.

– Last 1 Restore Point(s) –
1: 2008-01-25 02:54:13 UTC - RP526 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 4.63 GiB (less than 15%) free.

– HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-24 22:04:13
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\SCANJET\PrecisionScanLT\hppwrsav.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Multimedia\main\atidtct.exe
C:\Program Files\ATI Multimedia\main\AtiSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\EPSON\ESM2\eEBSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Le Survenant !\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”
O4 - HKLM..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM..\Run: [type32] “C:\Program Files\Microsoft IntelliType Pro\type32.exe”
O4 - HKLM..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [DMXLauncher] “C:\Program Files\Roxio\Media Experience\DMXLauncher.exe”
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe “-i”
O4 - HKLM..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM..\Run: [I downloaded pirated Software from P2P] C:\WINDOWS\system32\Madden NFL 2006 crack.exe
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM..\Run: [SoundMAX] “C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” /tray
O4 - HKCU..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU..\Run: [LDM] \Program
O4 - HKCU..\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot
O4 - HKCU..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\CRACK.exe
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll

O15 - Trusted Zone: http://www.msi.com.tw (HKCU)
O18 - Protocol: bw+0 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {74f8e33e-d835-482e-83a4-cf0a7c88a972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: offline-8876480 - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSvc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Windows Media Connect Service (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect

–
End of file - 22917 bytes

– File Associations -----------------------------------------------------------

.scr - unable to read key

– Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 rttmntr (R-TT Backup Archive Explorer) - c:\windows\system32\drivers\rttmntr.sys <Not Verified; Acronis; >
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync03 (StarForce Protection Synchronization Driver (version 3.x)) - c:\windows\system32\drivers\sfsync03.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 snaprtt (Acronis Snapshots Manager (R-TT)) - c:\windows\system32\drivers\snaprtt.sys <Not Verified; Acronis; Acronis Snapshot API>
R1 papycpu2 - c:\windows\system32\drivers\papycpu2.sys
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 rttfsfilt (R-TT FS Filter) - c:\windows\system32\drivers\rttfsfilt.sys <Not Verified; Acronis; >
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S0 ElbyVCD - c:\windows\system32\drivers\elbyvcd.sys (file missing)
S0 viaagp1 (VIA AGP Filter) - c:\windows\system32\drivers\viaagp1.sys (file missing)
S2 BTXBAR (ATI TV Wonder WDM Video Crossbar) - c:\windows\system32\drivers\btxbar.sys <Not Verified; ATI Technologies; ATI TV Wonder PCI>
S2 IAIVMOUSERVICE (IAIVMOU Service) - c:\windows\system32\drivers\iaivmou.sys <Not Verified; InterAct Accessories Incorporation; InterAct Gaming Device>
S2 PPSCAN - c:\windows\system32\drivers\ppscan.sys <Not Verified; Hewlett-Packard Co.; >
S3 Agamejoy (A4Tech Game Port Input Device) - c:\windows\system32\drivers\agamejoy.sys <Not Verified; A4Tech Co., Ltd.; A4Tech Game Device Driver>
S3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - c:\windows\system32\drivers\alcxwdm.sys (file missing)
S3 ezplay (VSO Software ezplay) - c:\windows\system32\drivers\ezplay.sys <Not Verified; VSO Software; autoplay Application>
S3 giveio - c:\windows\system32\giveio.sys
S3 GMSIPCI - f:\install\gmsipci.sys (file missing)
S3 IAIGD150FilterService (IAIGD150 Filter Service) - c:\windows\system32\drivers\iaigd150.sys <Not Verified; InterAct Accessories Incorporation; InterAct Gaming Device>
S3 IAIUpperFilterService (IAIUPPER Filter Service) - c:\windows\system32\drivers\iaiupper.sys <Not Verified; InterAct Accessories Incorporation; InterAct Gaming Device>
S3 kxwdmdrv (kX WDM Driver Service) - c:\windows\system32\drivers\kx.sys (file missing)
S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)
S3 ossrv (Creative OS Services Driver) - c:\windows\system32\drivers\ctoss2k.sys (file missing)
S3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - c:\windows\system32\drivers\rtl8139.sys (file missing)
S3 RushTopDevice - c:\program files\msi\core center\rushtop.sys (file missing)
S3 sfcure01 (StarForce Cure Driver (version 1.x)) - c:\windows\system32\drivers\sfcure01.sys
S3 SPCP825K (Sunplus Serial port driver) - c:\windows\system32\drivers\spcp825k.sys (file missing)

– Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 EpsonBidirectionalService - c:\program files\epson\esm2\eebsvc.exe
R2 Routing (Routing Service) - c:\windows\system32\routing.exe

S2 perfmons (perfmons Service) - c:\windows\system32\perfs.exe (file missing)
S2 RoxLiveShare9 (LiveShare P2P Server 9) - “c:\program files\common files\roxio shared\9.0\sharedcom\roxliveshare9.exe” (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 stllssvr - “c:\program files\common files\surething shared\stllssvr.exe” <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>

– Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer: ATK
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description:
Device ID: ROOT\IMAGE\0002
Manufacturer: Hewlett-Packard
Name:
PNP Device ID: ROOT\IMAGE\0002
Service:

Class GUID: {D45B1C18-C8FA-11D1-9F77-0000F805F530}
Description: NT Apm/Legacy Interface Node
Device ID: ROOT\NTAPM\0000
Manufacturer: Microsoft
Name: NT Apm/Legacy Interface Node
PNP Device ID: ROOT\NTAPM\0000
Service: NtApm

Class GUID: {4D36Å97D-Å325-11ÑÅ-ÂFÑ1-08002ÂÅ10318}
Description: Plug and Play BIOS Extension
Device ID: ROOT\SYSTEM\0003
Manufacturer: (Standard system devices)
Name: Plug and Play BIOS Extension
PNP Device ID: ROOT\SYSTEM\0003
Service: vax347b

Class GUID: {4D36Å97D-Å325-11ÑÅ-ÂFÑ1-08002ÂÅ10318}
Description: PnP BIOS Extension
Device ID: ROOT\SYSTEM\0004
Manufacturer: (Standard system devices)
Name: PnP BIOS Extension
PNP Device ID: ROOT\SYSTEM\0004
Service: d347bus

– Scheduled Tasks -------------------------------------------------------------

2008-01-24 06:44:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-12-08 00:04:01 344 --a------ C:\WINDOWS\Tasks\At6.job
2007-09-06 23:04:00 352 --a------ C:\WINDOWS\Tasks\At7.job
2007-06-08 23:04:00 350 --a------ C:\WINDOWS\Tasks\At4.job
2007-04-14 23:04:00 352 --a------ C:\WINDOWS\Tasks\At8.job
2004-01-02 23:30:30 474 --a------ C:\WINDOWS\Tasks\Event 1.job

– Files created between 2007-12-24 and 2008-01-24 -----------------------------

2008-01-24 12:01:48 250368 --a------ C:\WINDOWS\system32\andt.sys
2008-01-23 22:37:19 0 d-------- C:\Documents and Settings\Le Survenant !.housecall6.6
2008-01-23 21:55:49 45056 --a------ C:\WINDOWS\system32\Indt2.sys <Not Verified; a; Microsoft Internet Explorer1>
2008-01-23 03:08:34 0 dr-h----- C:\Documents and Settings\Le Survenant !\Recent
2008-01-22 20:18:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-01-21 18:03:58 0 d-------- C:\Documents and Settings\Le Survenant !\Application Data\SolSuite
2008-01-19 10:13:06 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-19 10:13:00 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-19 10:12:59 0 d-------- C:\Documents and Settings\Le Survenant !\Application Data\SUPERAntiSpyware.com
2008-01-19 10:12:40 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-17 16:48:34 0 d-------- C:\Documents and Settings\LocalService\My Documents

– Find3M Report ---------------------------------------------------------------

2008-01-21 21:56:12 0 d-------- C:\Documents and Settings\Le Survenant !\Application Data\Azureus
2008-01-19 14:59:57 59 --a------ C:\WINDOWS\popcinfo.dat
2008-01-19 10:18:54 0 d-------- C:\Documents and Settings\Le Survenant !\Application Data\funkitron
2008-01-19 10:12:40 0 d-------- C:\Program Files\Common Files
2008-01-12 23:31:49 0 d-------- C:\Program Files\winamp
2007-12-25 22:28:11 0 d-------- C:\Documents and Settings\Le Survenant !\Application Data\ATI MMC
2007-12-18 14:10:40 32256 --a------ C:\WINDOWS\system32\routing.exe
2007-12-08 23:08:45 0 d-------- C:\Program Files\SlySoft
2007-12-02 10:34:26 0 d-------- C:\Documents and Settings\Le Survenant !\Application Data\Vso
2007-12-01 10:11:14 0 d-------- C:\Program Files\Java
2007-11-26 20:34:26 0 d-------- C:\Program Files\eMule
2007-11-26 18:38:45 0 d-------- C:\Documents and Settings\Le Survenant !\Application Data\Media Player Classic
2007-11-25 23:31:58 0 d-------- C:\Program Files\XP Codec Pack
2007-11-18 11:39:32 13474 --a------ C:\WINDOWS\mozver.dat
2007-11-18 10:08:35 34 --a------ C:\Documents and Settings\Le Survenant !\Application Data\pcouffin.log
2007-11-18 10:08:29 47360 --a------ C:\Documents and Settings\Le Survenant !\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-11-18 10:08:29 1144 --a------ C:\Documents and Settings\Le Survenant !\Application Data\pcouffin.inf
2007-11-18 10:08:29 7887 --a------ C:\Documents and Settings\Le Survenant !\Application Data\pcouffin.cat
2007-11-18 09:42:36 12288 --a------ C:\WINDOWS\impborl.dll
2007-11-18 09:42:36 606848 --a------ C:\WINDOWS\flashax.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(R) Operating System>
2007-11-14 22:14:55 724992 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-10-29 11:07:13 251712 -rahs---- C:\ntldr

– Registry Dump ---------------------------------------------------------------

Note empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11]
“Tweak UI”=“TWEAKUI.CPL” [2000-06-18 13:03 C:\WINDOWS\system32\TWEAKUI.CPL]
“HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe” [2003-11-07 19:56]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-03-09 14:29]
“nwiz”=“nwiz.exe” [2006-03-09 14:29 C:\WINDOWS\system32\nwiz.exe]
“DU Meter”=“C:\Program Files\DU Meter\DUMeter.exe” [2004-08-25 09:26]
“LVCOMSX”=“C:\WINDOWS\system32\LVCOMSX.EXE” [2004-10-08 11:52]
“LogitechVideoRepair”=“C:\Program Files\Logitech\Video\ISStart.exe” [2005-01-18 17:47]
“LogitechVideoTray”=“C:\Program Files\Logitech\Video\LogiTray.exe” [2005-01-18 17:37]
“type32”=“C:\Program Files\Microsoft IntelliType Pro\type32.exe” [2004-06-03 01:51]
“Logitech Utility”=“Logi_MwX.Exe” [2003-12-17 09:50 C:\WINDOWS\LOGI_MWX.EXE]
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2006-03-06 19:49]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 08:00]
“DMXLauncher”=“C:\Program Files\Roxio\Media Experience\DMXLauncher.exe” [2006-08-14 00:07]
“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2006-01-12 14:40]
“HPWUTOOLBOX”=“C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe”
“hppwrsav”=“C:\SCANJET\PrecisionScanLT\hppwrsav.exe” [1999-06-07 11:27]
“MediaFace Integration”=“C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe” [2005-03-28 02:45]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-04-27 08:41]
“iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe” [2007-06-01 15:51]
“NVRaidService”=“C:\WINDOWS\system32\nvraidservice.exe” [2005-08-18 16:52]
“I downloaded pirated Software from P2P”=“C:\WINDOWS\system32\Madden NFL 2006 crack.exe”
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 01:41]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2006-03-09 14:29]
“High Definition Audio Property Page Shortcut”=“HDAShCut.exe” [2004-10-27 15:21 C:\WINDOWS\system32\HdAShCut.exe]
“SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2005-05-19 20:11]
“SoundMAX”=“C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” [2005-09-07 15:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“@”=“”
“ATI Launchpad”=“”
“ATI DeviceDetect”=“C:\Program Files\ATI Multimedia\main\ATIDtct.EXE” [2005-05-04 20:41]
“LDM”="\Program"
“LogitechSoftwareUpdate”=“C:\Program Files\Logitech\Video\ManifestEngine.exe” [2005-01-18 17:07]
“ATI Scheduler”=“C:\Program Files\ATI Multimedia\main\ATISched.EXE” [2005-05-04 20:42]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:56]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2006-11-16 18:04]
“AnyDVD”=“C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe” [2007-10-28 09:51]
“SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\CRACK.exe” [2007-06-25 22:52]
“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2007-08-31 16:46]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2007-10-29 22:46:03]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-05-11 00:29:22]
EPSON Background Monitor.lnk - C:\Program Files\EPSON\ESM2\STMS.exe [1999-06-07 11:11:18]
EPSON Status Monitor 3 Environment Check.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [1999-10-22 01:10:00]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 06:56:20]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-08-08 16:33:17]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
“DisableRegistryTools”=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“ClearRecentDocsOnExit”=01000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@=“Service”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=“Volume shadow copy”

– Hosts -----------------------------------------------------------------------

127.0.0.1 desktop.kazaa.com
127.0.0.1 www.altnetp2p.com
127.0.0.1 alpha.kazaa.com
127.0.0.1 shop.kazaa.com
127.0.0.1 www.bonzi.com
127.0.0.1 www.brilliantdigital.com
127.0.0.1 www.b3d.com
127.0.0.1 media.altnet.com
127.0.0.1 www.altnet.com
127.0.0.1 dev.bde.com.au

2 more entries in hosts file.

– End of Deckard’s System Scanner: finished at 2008-01-24 22:05:30 ------------

Here’s the extra.txt file:

Deckard’s System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

– System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3500+
Percentage of Memory in Use: 22%
Physical Memory (total/avail): 2047.29 MiB / 1585.95 MiB
Pagefile Memory (total/avail): 3940.29 MiB / 3600.88 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.51 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 37.27 GiB total, 4.63 GiB free.
D: is CDROM (UDF)
E: is Fixed (NTFS) - 379.84 GiB total, 260.7 GiB free.

\.\PHYSICALDRIVE0 - ST340016A - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.27 GiB - C:

\.\PHYSICALDRIVE1 - NVIDIA STRIPE 379.84G - 379.84 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 379.84 GiB - E:

– Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

FirewallDisableNotify is set.
AntivirusOverride is set.

AV: avast! antivirus 4.7.1098 [VPS 080125-0] v4.7.1098 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=“%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe”="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe::Enabled:Logitech Desktop Messenger”
“C:\Program Files\MSN Messenger\msnmsgr.exe”=“C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1"
“C:\Program Files\MSN Messenger\livecall.exe”="C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)”
“C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe”=“C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe:*:Enabled:RoxioUpnpService9”

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
“C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe”=“C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe::Enabled:Acrobat Reader 5.0"
“C:\WINDOWS\system32\sessmgr.exe”="C:\WINDOWS\system32\sessmgr.exe::Disabled:@xpsp2res.dll,-22019”
“C:\WINDOWS\system32\mmc.exe”=“C:\WINDOWS\system32\mmc.exe::Enabled:Microsoft Management Console"
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019”
“C:\Program Files\Messenger\msmsgs.exe”=“C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger"
“C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe”="C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe::Enabled:Java™ 2 Platform Standard Edition binary”
“C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe”=“C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe::Enabled:Remote Assistance - Windows Messenger and Voice"
“C:\Program Files\Azureus\Azureus.exe”="C:\Program Files\Azureus\Azureus.exe::Enabled:Azureus”
“D:\Backup\Images softs\Half-Life_2_READ_NFO-EMPORiO\HL2_UK\hl2.exe”=“D:\Backup\Images softs\Half-Life_2_READ_NFO-EMPORiO\HL2_UK\hl2.exe::Disabled:hl2"
“C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe”="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe::Enabled:Logitech Desktop Messenger”
“C:\Documents and Settings\Marie-France\Local Settings\Temp\~os1D.tmp\ossproxy.exe”=“C:\Documents and Settings\Marie-France\Local Settings\Temp\~os1D.tmp\ossproxy.exe::Enabled:ossproxy.exe"
“C:\Documents and Settings\Le Survenant !\Local Settings\Temp\~os4.tmp\ossproxy.exe”="C:\Documents and Settings\Le Survenant !\Local Settings\Temp\~os4.tmp\ossproxy.exe::Enabled:ossproxy.exe”
“D:\Activision\Call of Duty 2\CoD2MP_s.exe”=“D:\Activision\Call of Duty 2\CoD2MP_s.exe::Enabled:CoD2MP_s"
“D:\Sierra\Empire Earth\Empire Earth.exe”="D:\Sierra\Empire Earth\Empire Earth.exe::Enabled:Empire Earth”
“D:\Codemasters\Colin McRae Rally 2\CMR2Network.exe”=“D:\Codemasters\Colin McRae Rally 2\CMR2Network.exe::Enabled:Colin McRae Rally 2"
“D:\Codemasters\Colin McRae Rally 2\CMR2.exe”="D:\Codemasters\Colin McRae Rally 2\CMR2.exe::Enabled:Colin McRae Rally 2”
“C:\WINDOWS\system32\dplaysvr.exe”=“C:\WINDOWS\system32\dplaysvr.exe::Enabled:Microsoft DirectPlay Helper"
“C:\Documents and Settings\Le Survenant !\Local Settings\Temp\~os9.tmp\ossproxy.exe”="C:\Documents and Settings\Le Survenant !\Local Settings\Temp\~os9.tmp\ossproxy.exe::Enabled:ossproxy.exe”
“C:\Documents and Settings\Le Survenant !\Local Settings\Temp\~os3.tmp\ossproxy.exe”=“C:\Documents and Settings\Le Survenant !\Local Settings\Temp\~os3.tmp\ossproxy.exe::Enabled:ossproxy.exe"
“C:\Documents and Settings\Le Survenant !\Local Settings\Temp\~os8.tmp\ossproxy.exe”="C:\Documents and Settings\Le Survenant !\Local Settings\Temp\~os8.tmp\ossproxy.exe::Enabled:ossproxy.exe”
“D:\TrackMania Nations ESWC\TmNationsESWC.exe”=“D:\TrackMania Nations ESWC\TmNationsESWC.exe::Enabled:TmNationsESWC"
“C:\Documents and Settings\Le Survenant !\Local Settings\Temp\ojprok550ENsetup\setup\HPZnet01.exe”="C:\Documents and Settings\Le Survenant !\Local Settings\Temp\ojprok550ENsetup\setup\HPZnet01.exe::Enabled:Install Consumer Experience Network Plug in”
“C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe”=“C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe::Enabled:Toolbox for HP Printing System for Windows"
“C:\Program Files\MSN Messenger\msnmsgr.exe”="C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1”
“C:\Program Files\MSN Messenger\livecall.exe”=“C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)"
“C:\Program Files\iTunes\iTunes.exe”="C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes”
“C:\Program Files\Roxio\Sound Editor 9\SoundEdit9.exe”=“C:\Program Files\Roxio\Sound Editor 9\SoundEdit9.exe::Enabled:Roxio Sound Editor"
“C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe”="C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe::Enabled:RoxioUpnpService9”

“E:\setup\HPZNET01.EXE”=“E:\setup\HPZNET01.EXE::Enabled:hpznet01.exe"
“E:\setup\HPONICIFS01.EXE”="E:\setup\HPONICIFS01.EXE::Enabled:hponicifs01.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe::Enabled:hpqtra08.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe::Enabled:hpqste08.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe::Enabled:hpofxm08.exe"
“C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe::Enabled:hposfx08.exe”
“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe::Enabled:hposid01.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe::Enabled:hpqscnvw.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe::Enabled:hpqkygrp.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe::Enabled:hpqcopy.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe::Enabled:hpfccopy.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe::Enabled:hpzwiz01.exe”
“C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”=“C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe::Enabled:hpqphunl.exe"
“C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe::Enabled:hpqdia.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe::Enabled:hpoews01.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe”="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe::Enabled:hpqnrs08.exe”

– Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Le Survenant !\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MAXIME
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Le Survenant !
LOGONSERVER=\MAXIME
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 63 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=3f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\LESURV~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\LESURV~1\LOCALS~1\Temp
USERDOMAIN=MAXIME
USERNAME=Le Survenant !
USERPROFILE=C:\Documents and Settings\Le Survenant !
windir=C:\WINDOWS

– User Profiles ---------------------------------------------------------------

Le Survenant ! I[/I]
Administrator I[/I]

– Add/Remove Programs ---------------------------------------------------------

→ C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
→ C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
→ C:\WINDOWS\system32\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
→ C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
→ C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
→ C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
→ C:\WINDOWS\UNNeroVision.exe /UNINSTALL
→ C:\WINDOWS\UNRecode.exe /UNINSTALL
→ MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
→ MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
→ MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
→ MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
→ MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
→ MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
→ MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
→ MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
→ MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
→ MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
→ MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
→ MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
→ MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
→ rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only) → C:\Program Files\AC3Filter\uninstall.exe
Adobe Common File Installer → MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Flash Player 9 ActiveX → C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Help Center 2.0 → MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Reader 8 → MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Stock Photos 1.0 → MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Advanced Uninstaller PRO 2005 - version 7 → “C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2005 version 7\unins000.exe”
Amazing Slow Downer (remove only) → “C:\Program Files\Roni Music\Amazing Slow Downer\uninstall.exe”
Ango´s Game Collection → C:\Program Files\AnGo´s Game Collection\Uninst.exe
AnyDVD → “C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe” /D=“C:\Program Files\SlySoft\AnyDVD”
Apple Software Update → MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Athlon 64 Processor Driver → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe” -l0x9
ATI Multimedia Center 9.08 → C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3CBA0E30-6F54-47EF-910E-1D4D450AFE45}
avast! Antivirus → rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Avi2Dvd 0.4.5 beta → C:\Program Files\Avi2Dvd\uninst.exe
AviSynth 2.5 → “C:\Program Files\AviSynth 2.5\Uninstall.exe”
Azureus → C:\Program Files\Azureus\Uninstall.exe
Bink and Smacker → C:\PROGRA~1\RADVideo\UNWISE.EXE C:\PROGRA~1\RADVideo\INSTALL.LOG
Colour@Home II → C:\WINDOWS\iun6002.exe “C:\Program Files\CILPaint\Colour@Home II\irunin.ini”
ConvertXtoDVD 2.2.3.258 → “C:\Program Files\VSO\ConvertXtoDVD\unins000.exe”
Cypress USB Mass Storage Driver Installation → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe” -l0x9 NotFirstInstall
DivX → C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DU Meter → “C:\Program Files\DU Meter\unins000.exe”
DVD Audio Extractor 4.2.1 → “C:\Program Files\DVD Audio Extractor\unins000.exe”
DVD Shrink 3.2 → “C:\Program Files\DVD Shrink\unins000.exe”
eMule → “C:\Program Files\eMule\Uninstall.exe”
EPSON Printer Software → C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\epupdate.exe /r
EPSON Status Monitor 2 → C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{87C51198-5A95-4577-9F47-B953D862FA90}
FLV Player 1.3.3 → “C:\Program Files\FLVPlayer\uninstall.exe”

GameHouse Games Collection: Academy of Magic → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\ACADEM~1\Install.log
GameHouse Games Collection: Adventure Inlay → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\ADVENT~1\Install.log
GameHouse Games Collection: Adventure Inlay - Safari Edition → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\ADVENT~2\Install.log
GameHouse Games Collection: Air Strike 3D → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\AIRSTR~1\Install.log
GameHouse Games Collection: Alien Sky → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\ALIENS~1\Install.log
GameHouse Games Collection: Aloha Solitaire → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\ALOHAS~1\Install.log
GameHouse Games Collection: Aloha TriPeaks → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\ALOHAT~1\Install.log
GameHouse Games Collection: Ancient Tri-Jong → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\ANCIEN~1\Install.log
GameHouse Games Collection: Ancient Tripeaks → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\ANCIEN~2\Install.log
GameHouse Games Collection: Astrobatics → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\ASTROB~1\Install.log
GameHouse Games Collection: Atlantis → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\Atlantis\Install.log
GameHouse Games Collection: Atomaders → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\ATOMAD~1\Install.log
GameHouse Games Collection: Bejeweled 2 → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\BEJEWE~1\Install.log
GameHouse Games Collection: Bewitched → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\BEWITC~1\Install.log
GameHouse Games Collection: Big Kahuna Reef → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\BIGKAH~1\Install.log
GameHouse Games Collection: Boggle Supreme → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\BOGGLE~1\Install.log
GameHouse Games Collection: Bounce Out Blitz → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\BOUNCE~1\Install.log
GameHouse Games Collection: Casino Island To Go → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\CASINO~1\Install.log
GameHouse Games Collection: Chainz → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\Chainz\Install.log
GameHouse Games Collection: Chainz 2 - Relinked → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\CHAINZ~1\Install.log
GameHouse Games Collection: Charm Solitaire → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\CHARMS~1\Install.log
GameHouse Games Collection: Charm Tale → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\CHARMT~1\Install.log
GameHouse Games Collection: Chicktionary → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\CHICKT~1\Install.log
GameHouse Games Collection: Chuzzle Deluxe → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\CHUZZL~1\Install.log
GameHouse Games Collection: Collapse! Crunch → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\COLLAP~1\Install.log
GameHouse Games Collection: Combo Chaos! → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\COMBOC~1\Install.log
GameHouse Games Collection: Crystal Path → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\CRYSTA~1\Install.log
GameHouse Games Collection: Cubis Gold 2 → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\CUBISG~1\Install.log
GameHouse Games Collection: Digby’s Donuts → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\DIGBY’~1\Install.log
GameHouse Games Collection: Diner Dash → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\DINERD~1\Install.log
GameHouse Games Collection: Feeding Frenzy → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\FEEDIN~1\Install.log
GameHouse Games Collection: Fiber Twig → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\FIBERT~1\Install.log
GameHouse Games Collection: Five Card Deluxe → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\FIVECA~1\Install.log
GameHouse Games Collection: Flip Words → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\FLIPWO~1\Install.log
GameHouse Games Collection: Flying Leo → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\FLYING~1\Install.log
GameHouse Games Collection: Fortune Tiles Gold → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\FORTUN~1\Install.log
GameHouse Games Collection: Fresco Wizard → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\FRESCO~1\Install.log
GameHouse Games Collection: GameHouse Sudoku → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\GAMEHO~1\Install.log
GameHouse Games Collection: Gearz → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\Gearz\Install.log
GameHouse Games Collection: Granny in Paradise → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\GRANNY~1\Install.log
GameHouse Games Collection: Gutterball → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\GUTTER~1\Install.log
GameHouse Games Collection: Gutterball 2 → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\GUTTER~2\Install.log
GameHouse Games Collection: Hamsterball → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\HAMSTE~1\Install.log
GameHouse Games Collection: Hello! → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\Hello!\Install.log
GameHouse Games Collection: Holiday Express → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\HOLIDA~1\Install.log
GameHouse Games Collection: Iggle Pop! → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\IGGLEP~1\Install.log
GameHouse Games Collection: Incadia → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\Incadia\Install.log
GameHouse Games Collection: Incredible Ink → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\INCRED~1\Install.log
GameHouse Games Collection: Insaniquarium Deluxe → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\INSANI~1\Install.log
GameHouse Games Collection: Inspector Parker → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\INSPEC~1\Install.log
GameHouse Games Collection: Invadazoid → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\INVADA~1\Install.log
GameHouse Games Collection: Jewel Quest → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\JEWELQ~1\Install.log
GameHouse Games Collection: Lemonade Tycoon → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\LEMONA~1\Install.log
GameHouse Games Collection: Luxor → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\Luxor\Install.log
GameHouse Games Collection: Mad Caps → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\MADCAP~1\Install.log
GameHouse Games Collection: Magic Ball → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\MAGICB~1\Install.log
GameHouse Games Collection: Magic Ball 2 → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\MAGICB~2\Install.log
GameHouse Games Collection: Magic Ball 2 - New Worlds → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\MAGICB~3\Install.log
GameHouse Games Collection: Magic Inlay → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\MAGICI~1\Install.log
GameHouse Games Collection: Magic Vines → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\MAGICV~1\Install.log
GameHouse Games Collection: Mah Jong Adventures → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\MAHJON~1\Install.log
GameHouse Games Collection: Mah Jong Medley → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\MAHJON~2\Install.log
GameHouse Games Collection: Mah Jong Quest → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\MAHJON~3\Install.log
GameHouse Games Collection: Mahjong Garden To Go → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\MAHJON~4\Install.log
GameHouse Games Collection: Mahjong Towers Eternity → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\MA32CC~1\Install.log
GameHouse Games Collection: Maui Wowee → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\MAUIWO~1\Install.log

GameHouse Games Collection: Phlinx To Go → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\PHLINX~1\Install.log
GameHouse Games Collection: Pin High Country Club Golf → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\PINHIG~1\Install.log
GameHouse Games Collection: Pizza Frenzy → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\PIZZAF~1\Install.log
GameHouse Games Collection: Platypus → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\Platypus\Install.log
GameHouse Games Collection: Poker Superstars → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\POKERS~1\Install.log
GameHouse Games Collection: Puzzle Express → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\PUZZLE~2\Install.log
GameHouse Games Collection: Puzzle Inlay → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\PUZZLE~1\Install.log
GameHouse Games Collection: Puzzle Solitaire → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\PUZZLE~3\Install.log
GameHouse Games Collection: QBz → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\QBz\Install.log
GameHouse Games Collection: Reader’s Digest Super Word Power → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\READER~1\Install.log
GameHouse Games Collection: Ricochet → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\Ricochet\Install.log
GameHouse Games Collection: Ricochet Lost Worlds → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\RICOCH~1\Install.log
GameHouse Games Collection: Ricochet Lost Worlds - Recharged → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\RICOCH~2\Install.log
GameHouse Games Collection: Roller Rush → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\ROLLER~1\Install.log
GameHouse Games Collection: Saints & Sinners Bingo → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SAINTS~1\Install.log
GameHouse Games Collection: SCRABBLE → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SCRABBLE\Install.log
GameHouse Games Collection: Shape Shifter → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SHAPES~1\Install.log
GameHouse Games Collection: Slingo Deluxe → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SLINGO~1\Install.log
GameHouse Games Collection: Spelvin → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\Spelvin\Install.log
GameHouse Games Collection: Splash → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\Splash\Install.log
GameHouse Games Collection: Spring Sprang Sprung → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SPRING~1\Install.log
GameHouse Games Collection: Super 5-Line Slots → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SUPER5~1\Install.log
GameHouse Games Collection: Super Blackjack! → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SUPERB~1\Install.log
GameHouse Games Collection: Super Bounce Out! → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SUPERB~2\Install.log
GameHouse Games Collection: Super Candy Cruncher → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SUPERC~1\Install.log
GameHouse Games Collection: Super Collapse! → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SUPERC~2\Install.log
GameHouse Games Collection: Super Collapse! II → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SUPERC~3\Install.log
GameHouse Games Collection: Super Collapse! II Platinum → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SUPERC~4\Install.log
GameHouse Games Collection: Super Fruit Frolic → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SUPERF~1\Install.log
GameHouse Games Collection: Super GameHouse Solitaire Vol. 1 → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SUPERG~1.1\Install.log
GameHouse Games Collection: Super GameHouse Solitaire Vol. 2 → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SUPERG~1.2\Install.log
GameHouse Games Collection: Super GameHouse Solitaire Vol. 3 → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SUPERG~1.3\Install.log
GameHouse Games Collection: Super Gem Drop → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SUPERG~1\Install.log
GameHouse Games Collection: Super Glinx! → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SUPERG~2\Install.log
GameHouse Games Collection: Super Letter Linker → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SUPERL~1\Install.log
GameHouse Games Collection: Super Mah Jong Solitaire → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SUPERM~1\Install.log
GameHouse Games Collection: Super Nisqually → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SUPERN~1\Install.log
GameHouse Games Collection: Super PileUp! → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SUPERP~1\Install.log
GameHouse Games Collection: Super Pool → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SUPERP~2\Install.log
GameHouse Games Collection: Super Pop & Drop! → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SUPERP~3\Install.log
GameHouse Games Collection: Super Rumble Cube → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SUPERR~1\Install.log
GameHouse Games Collection: Super SpongeBob Collapse! → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SUPERS~1\Install.log
GameHouse Games Collection: Super TextTwist → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SUPERT~1\Install.log
GameHouse Games Collection: Super WHATword → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SUPERW~1\Install.log
GameHouse Games Collection: Super Wild Wild Words → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\SUPERW~2\Install.log
GameHouse Games Collection: Tap a Jam → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\TAPAJA~1\Install.log
GameHouse Games Collection: Ten Pin Championship Bowling Pro → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\TENPIN~1\Install.log
GameHouse Games Collection: Tennis Titans → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\TENNIS~1\Install.log
GameHouse Games Collection: Tradewinds 2 → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\TRADEW~1\Install.log
GameHouse Games Collection: Trivia Machine → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\TRIVIA~1\Install.log
GameHouse Games Collection: Tropical Swaps → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\TROPIC~1\Install.log
GameHouse Games Collection: Tumblebugs → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\TUMBLE~1\Install.log
GameHouse Games Collection: Turtle Bay → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\TURTLE~1\Install.log
GameHouse Games Collection: Twistingo → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\TWISTI~1\Install.log
GameHouse Games Collection: Ultimate Dominoes → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\ULTIMA~1\Install.log
GameHouse Games Collection: Varmintz Deluxe → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\VARMIN~1\Install.log
GameHouse Games Collection: Walls of Jericho, The → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\WALLSO~1\Install.log
GameHouse Games Collection: Wheel of Fortune → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\WHEELO~1\Install.log
GameHouse Games Collection: Word Jolt → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\WORDJO~1\Install.log
GameHouse Games Collection: Word Slinger → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\WORDSL~1\Install.log
GameHouse Games Collection: WordJong To Go → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\WORDJO~2\Install.log
GameHouse Games Collection: Zuma Deluxe → C:\PROGRA~1\GAMEHO~1\unwise.exe /U C:\PROGRA~1\GAMEHO~1\ZUMADE~1\Install.log

Google Earth → MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Video Player → “C:\Program Files\Google\Google Video Player\Uninstall.exe”
GSpot Codec Information Appliance → C:\Program Files\GSpot\Uninstall.exe
High Definition Audio Driver Package - KB888111 → C:\WINDOWS$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HighMAT Extension to Microsoft Windows XP CD Writing Wizard → MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Hotfix for Windows Media Format SDK (KB902344) → “C:\WINDOWS$NtUninstallKB902344$\spuninst\spuninst.exe”
HP Customer Participation Program 7.0 → C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Viewer 7.0 → C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0 → C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5 → C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A → C:\Program Files\HP\Digital Imaging{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP PrecisionScan LT Software → C:\SCANJET\PrecisionScanLT\uninstal.exe C:\SCANJET\PrecisionScanLT\uninstal.cfg
HP Software Update → MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0 → C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
IMPÔTMATIQUE 2006 → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{DC882FD8-CDD3-44E7-AA3A-D74EAC83362D}\isetup.ex_” -l0xc0c -uninst
iTunes → MsiExec.exe /I{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}
J2SE Runtime Environment 5.0 Update 11 → MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 4 → MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 → MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 2 → MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 → MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 → MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Logiciel QuickCam de Logitech → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe” -l0x40c
Logitech Desktop Messenger → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe” -l0x40c UNINSTALL
Logitech MouseWare 9.79.1 → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe” -l0x40c -l040c UNINSTALL
Logitech Print Service → C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech® Camera Driver → “C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE” UNINSTALL REMOVEPROMPT
MahJong Suite → C:\PROGRA~1\MAHJON~1\UNWISE.EXE C:\PROGRA~1\MAHJON~1\INSTALL.LOG
MediaFACE 4.2 → C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9DFCAA7A-9B62-4468-8F91-F68150AA8BAD}
Microsoft Base Smart Card Cryptographic Service Provider Package → “C:\WINDOWS$NtUninstallbasecsp$\spuninst\spuninst.exe”
Microsoft Office 2000 SR-1 Premium → MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 → “C:\WINDOWS$NtUninstallWudf01000$\spuninst\spuninst.exe”
Mozilla Firefox (2.0.0.11) → C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Premium → MsiExec.exe /I{37BA50EE-C851-4394-93DD-A0A611891033}
NVIDIA Display Driver → C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Drivers → C:\WINDOWS\system32\nvunrm.exe UninstallGUI
OCR Software by I.R.I.S 7.0 → C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
QuickTime → MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer → C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic → “C:\Program Files\Registry Mechanic\unins000.exe”
Roxio Easy Media Creator 9 Suite → MsiExec.exe /I{938B1CD7-7C60-491E-AA90-1F1888168240}
Security Update for CAPICOM (KB931906) → MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) → MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sibelius Scorch → MsiExec.exe /I{51C65CD6-A344-41B5-81E2-3CCAC8024F68}
SoundMAX → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe” -l0x9 -removeonly
Spybot - Search & Destroy → “C:\Program Files\Spybot - Search & Destroy\unins000.exe”
SUPER © Version 2007.bld.21 (Jan 4, 2007) → C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SUPERAntiSpyware Free Edition → MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Workshop 2.3 → “C:\Program Files\Elrise\System Workshop\unins000.exe”
TitanTV Client components for ATI → MsiExec.exe /I{F6882759-2522-4744-A117-615651ADE66F}
USB Storage Adapter FX (SM1) → SM1UN.EXE SM1FX_AT
Wheel GamePad/EZ-Gamepad → C:\WINDOWS\System32\Aguninst.exe
Winamp (remove only) → “C:\Program Files\Winamp\UninstWA.exe”
Windows Live Messenger → MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Connect → “C:\WINDOWS$NtUninstallWMCSetup$\spuninst\spuninst.exe”
Windows Media Encoder 9 Series → msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series → MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime → “C:\WINDOWS$NtUninstallWMFDist11$\spuninst\spuninst.exe”
Windows Media Format SDK Hotfix - KB891122 → “C:\WINDOWS$NtUninstallKB891122$\spuninst\spuninst.exe”
WinRAR archiver → C:\Program Files\WinRAR\uninstall.exe
XP Codec Pack → C:\Program Files\XP Codec Pack\Uninstall.exe
XviD MPEG-4 Video Codec → “C:\Program Files\XviD\unins000.exe”

– Application Event Log -------------------------------------------------------

Event Record #/Type9072 / Warning
Event Submitted/Written: 01/23/2008 03:04:21 AM
Event ID/Source: 40 / WinMgmt
Event Description:
WMI ADAP was unable to create the object Win32_PerfRawData_ASPNET_2050727_ASPNETAppsv2050727 for Performance Library ASP.NET_2.0.50727 because error 0x80041001 was returned

Event Record #/Type9071 / Warning
Event Submitted/Written: 01/23/2008 03:04:21 AM
Event ID/Source: 35 / WinMgmt
Event Description:
WMI ADAP was unable to load the ASP.NET_2.0.50727 performance library because it returned invalid data: 0x0

Event Record #/Type9070 / Warning
Event Submitted/Written: 01/23/2008 03:04:19 AM
Event ID/Source: 40 / WinMgmt
Event Description:
WMI ADAP was unable to create the object Win32_PerfRawData_ASPNET_ASPNETApplications for Performance Library ASP.NET because error 0x80041001 was returned

Event Record #/Type9069 / Warning
Event Submitted/Written: 01/23/2008 03:04:19 AM
Event ID/Source: 35 / WinMgmt
Event Description:
WMI ADAP was unable to load the ASP.NET performance library because it returned invalid data: 0x0

Event Record #/Type9051 / Warning
Event Submitted/Written: 01/23/2008 03:02:48 AM
Event ID/Source: 1020 / ASP.NET 2.0.50727.0
Event Description:
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

– Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

– System Event Log ------------------------------------------------------------

Event Record #/Type62845 / Error
Event Submitted/Written: 01/24/2008 09:57:21 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
ElbyVCD

Event Record #/Type62844 / Error
Event Submitted/Written: 01/24/2008 09:57:21 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The perfmons Service service failed to start due to the following error:
%%2

Event Record #/Type62843 / Error
Event Submitted/Written: 01/24/2008 09:57:21 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ATI TV Wonder WDM Video Crossbar service failed to start due to the following error:
%%1058

Event Record #/Type62842 / Error
Event Submitted/Written: 01/24/2008 09:57:21 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ATI TV Wonder WDM Video Capture service failed to start due to the following error:
%%2

Event Record #/Type62841 / Error
Event Submitted/Written: 01/24/2008 09:57:21 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ATI TV Wonder WDM Audio Crossbar service failed to start due to the following error:
%%2

– End of Deckard’s System Scanner: finished at 2008-01-24 22:05:30 ------------

Wow!

I never thaught I had so much stuff in that PC ! :-[ :o

That was hard to cut down for the post.

Anyway, thanks for your time!

Max.

Well I can see where you got it from !

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. [b]

O4 - HKLM..\Run: [I downloaded pirated Software from P2P] C:\WINDOWS\system32\Madden NFL 2006 crack.exe
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\CRACK.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
[/b]
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

Please download the OTMoveIt2 by OldTimer.

[*] Save it to your desktop.
[*] Please double-click OTMoveIt2.exe to run it.
[*]Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

c:\windows\system32\drivers\elbyvcd.sys 
c:\windows\system32\routing.exe
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\Event 1.job
C:\WINDOWS\system32\andt.sys
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\Madden NFL 2006 crack.exe
C:\Program Files\SUPERAntiSpyware\CRACK.exe
 

[*] Return to OTMoveIt2, right click in the “Paste List of Files/Folders to be Moved” window (under the light blue bar) and choose Paste.

[*]Click the red Moveit! button.
[*]Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
[*]Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

FINALLY FOR NOW

Download ComboFix from Here or Here to your Desktop.

[*]Double click combofix.exe and follow the prompts.
[*]When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix’s window while its running. That may cause it to stall

Here’s the combofix log:

ComboFix 08-01-23.1C - Le Survenant ! 2008-01-25 19:51:31.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1586 [GMT -5:00]
Running from: C:\Documents and Settings\Le Survenant !\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))
.

2008-01-25 17:13 . 2008-01-25 17:13 d-------- C:\Program Files\Trend Micro
2008-01-25 13:44 . 2008-01-25 13:44 250,368 --a------ C:\WINDOWS\system32\ndt2.sys
2008-01-24 23:19 . 2008-01-24 23:19 d-------- C:\WINDOWS\ERUNT
2008-01-24 22:59 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 21:53 . 2008-01-24 21:53 d-------- C:\Deckard
2008-01-23 22:41 . 2008-01-23 22:37 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-19 10:13 . 2008-01-25 17:19 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-19 10:12 . 2008-01-19 10:12 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-17 21:07 . 2007-07-09 08:09 584,192 -----c— C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-14 21:53 . 2008-01-14 21:53 38 --a------ C:\WINDOWS\AviSplitter.INI
2008-01-12 23:24 . 2007-10-30 12:20 360,064 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2008-01-12 23:23 . 2007-11-07 04:26 721,920 --a------ C:\WINDOWS\system32\lsasrv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 04:31 --------- d-----w C:\Program Files\winamp
2007-12-09 04:08 --------- d-----w C:\Program Files\SlySoft
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-01 15:11 --------- d-----w C:\Program Files\Java
2007-11-27 01:34 --------- d-----w C:\Program Files\eMule
2007-11-26 04:31 --------- d-----w C:\Program Files\XP Codec Pack
2007-11-18 14:42 606,848 ----a-w C:\WINDOWS\flashax.exe
2007-11-18 14:42 12,288 ----a-w C:\WINDOWS\impborl.dll
2007-11-15 03:14 724,992 ----a-w C:\WINDOWS\iun6002.exe
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2006-02-26 16:13 45,743 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_02_24_17_45_52_small.dmp.zip
2006-02-26 16:13 43,756 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_02_24_17_45_49_small.dmp.zip
2006-02-19 07:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2005-12-21 21:38 45,754 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_12_20_17_18_28_small.dmp.zip
2005-12-21 21:38 42,575 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_12_20_17_18_18_small.dmp.zip
2005-11-30 00:15 45,840 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_11_29_18_03_54_small.dmp.zip
2005-11-30 00:15 43,591 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_11_29_18_01_30_small.dmp.zip
2005-11-13 05:09 54 ----a-w C:\Program Files\inc1.bat
2005-11-13 05:09 41 ----a-w C:\Program Files\sleep.bat
2005-09-25 00:03 46,726 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_09_24_18_41_51_small.dmp.zip
2005-09-25 00:03 45,695 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_09_24_18_41_59_small.dmp.zip
2003-08-27 19:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll
1998-08-24 16:09 10,000 ----a-w C:\WINDOWS\inf\unregpn.exe
2006-05-03 10:06 163,328 --sh–r C:\WINDOWS\system32\flvDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-24_23.11.59.53 )))))))))))))))))))))))))))))))))))))))))
.

• 2008-01-24 14:01:35 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
• 2008-01-25 04:20:19 8,658,944 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users[u]0[/u]0000001\NTUSER.DAT
• 2008-01-25 04:20:20 1,486,848 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users[u]0[/u]0000002\UsrClass.dat
• 2008-01-24 14:01:35 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
• 2008-01-25 04:19:51 8,658,944 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users[u]0[/u]0000001\NTUSER.DAT
• 2008-01-25 04:19:52 1,486,848 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users[u]0[/u]0000002\UsrClass.dat
  .
  ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  Note empty entries & legit default entries are not shown
  REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ATI Launchpad”=“”
“ATI DeviceDetect”=“C:\Program Files\ATI Multimedia\main\ATIDtct.EXE” [2005-05-04 20:41 53248]
“LDM”="\Program"
“LogitechSoftwareUpdate”=“C:\Program Files\Logitech\Video\ManifestEngine.exe” [2005-01-18 17:07 196608]
“ATI Scheduler”=“C:\Program Files\ATI Multimedia\main\ATISched.EXE” [2005-05-04 20:42 36864]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:56 15360]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2006-11-16 18:04 139264]
“AnyDVD”=“C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe” [2007-10-28 09:51 1600448]
“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11 132496]
“Tweak UI”=“TWEAKUI.CPL” [2000-06-18 13:03 106544 C:\WINDOWS\system32\TWEAKUI.CPL]
“HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe” [2003-11-07 19:56 188416]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-03-09 14:29 7561216]
“nwiz”=“nwiz.exe” [2006-03-09 14:29 1519616 C:\WINDOWS\system32\nwiz.exe]
“DU Meter”=“C:\Program Files\DU Meter\DUMeter.exe” [2004-08-25 09:26 1465856]
“LVCOMSX”=“C:\WINDOWS\system32\LVCOMSX.EXE” [2004-10-08 11:52 221184]
“LogitechVideoRepair”=“C:\Program Files\Logitech\Video\ISStart.exe” [2005-01-18 17:47 458752]
“LogitechVideoTray”=“C:\Program Files\Logitech\Video\LogiTray.exe” [2005-01-18 17:37 217088]
“type32”=“C:\Program Files\Microsoft IntelliType Pro\type32.exe” [2004-06-03 01:51 172032]
“Logitech Utility”=“Logi_MwX.Exe” [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2006-03-06 19:49 180269]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 08:00 79224]
“DMXLauncher”=“C:\Program Files\Roxio\Media Experience\DMXLauncher.exe” [2006-08-14 00:07 102400]
“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2006-01-12 14:40 155648]
“HPWUTOOLBOX”=“C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe”
“hppwrsav”=“C:\SCANJET\PrecisionScanLT\hppwrsav.exe” [1999-06-07 11:27 23552]
“MediaFace Integration”=“C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe” [2005-03-28 02:45 53248]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-04-27 08:41 282624]
“iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe” [2007-06-01 15:51 257088]
“NVRaidService”=“C:\WINDOWS\system32\nvraidservice.exe” [2005-08-18 16:52 113152]
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 01:41 49152]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2006-03-09 14:29 86016]
“High Definition Audio Property Page Shortcut”=“HDAShCut.exe” [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
“SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2005-05-19 20:11 925696]
“SoundMAX”=“C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” [2005-09-07 15:35 716800]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 23:56 15360]

C:\Documents and Settings\Max\Menu D‚marrer\Programmes\D‚marrage
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2007-10-29 22:46:03 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-05-11 00:29:22 738968]
EPSON Background Monitor.lnk - C:\Program Files\EPSON\ESM2\STMS.exe [1999-06-07 11:11:18 233984]
EPSON Status Monitor 3 Environment Check.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [1999-10-22 01:10:00 217600]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22 288472]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 06:56:20 73728]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-08-08 16:33:17 196608]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll

R0 rttmntr;R-TT Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\rttmntr.sys [2004-02-13 09:59]
R0 snaprtt;Acronis Snapshots Manager (R-TT);C:\WINDOWS\system32\DRIVERS\snaprtt.sys [2004-01-07 03:29]
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 02:00]
R2 ATIBTCAP;ATI TV Wonder Video Capture;C:\WINDOWS\system32\drivers\atibtcap.sys [2002-11-04 23:00]
R2 ATIBTXBAR;ATI TV Wonder Video Crossbar;C:\WINDOWS\system32\drivers\atibtxbr.sys [2002-11-04 23:00]
R2 ATIVTUTW;ATI TV Wonder TV Tuner;C:\WINDOWS\system32\drivers\ativtutw.sys [2002-11-04 23:00]
R2 ATIVXSTW;ATI TV Wonder Audio Crossbar;C:\WINDOWS\system32\drivers\ativxstw.sys [2002-11-04 23:00]
R2 rttfsfilt;R-TT FS Filter;C:\WINDOWS\system32\DRIVERS\rttfsfilt.sys [2004-02-13 09:59]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 22:01]
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys
S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 14:05]
S2 ATIXBAR;ATI TV Wonder WDM Audio Crossbar;C:\WINDOWS\system32\drivers\ativxstw.sys [2002-11-04 23:00]
S2 BT848;ATI TV Wonder WDM Video Capture;C:\WINDOWS\system32\drivers\atibtcap.sys [2002-11-04 23:00]
S2 BTXBAR;ATI TV Wonder WDM Video Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys [2002-07-15 09:00]
S2 IAIVMOUSERVICE;IAIVMOU Service;C:\WINDOWS\system32\DRIVERS\IAIVMou.sys [2000-12-28 07:43]
S2 PPSCAN;PPSCAN;C:\WINDOWS\system32\drivers\PPSCAN.sys [2002-03-29 12:58]
S2 Routing;Routing Service;C:\WINDOWS\system32\routing.exe
S3 Agamejoy;A4Tech Game Port Input Device;C:\WINDOWS\system32\DRIVERS\Agamejoy.sys [2001-10-24 19:54]
S3 DLKRTS;D-Link DFE-538TX 10/100 Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTS.SYS [2001-10-17 07:59]
S3 IAIGD150FilterService;IAIGD150 Filter Service;C:\WINDOWS\system32\DRIVERS\iaiGD150.sys [2000-12-28 07:43]
S3 IAIUpperFilterService;IAIUPPER Filter Service;C:\WINDOWS\system32\DRIVERS\iaiUpper.sys [2000-12-28 07:43]
S3 kxwdmdrv;kX WDM Driver Service;C:\WINDOWS\system32\drivers\kx.sys
S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-23 07:00]
S3 QCAbsee;Logitech QuickCam Web (0801);C:\WINDOWS\system32\DRIVERS\OVCA.sys [2001-08-17 14:05]
S3 RushTopDevice;RushTopDevice;C:\Program Files\MSI\Core Center\RushTop.sys
S3 SPCP825K;Sunplus Serial port driver;C:\WINDOWS\system32\DRIVERS\SPCP825K.sys

.
Contents of the ‘Scheduled Tasks’ folder
“2008-01-24 11:44:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job”

• C:\Program Files\Apple Software Update\SoftwareUpdate.exe
  .

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 19:55:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

.
Completion time: 2008-01-25 19:56:37
ComboFix-quarantined-files.txt 2008-01-26 00:56:11
ComboFix2.txt 2008-01-25 22:25:34
ComboFix3.txt 2008-01-25 04:12:17
.
2008-01-23 08:03:28 — E O F —

Here’s the Hijack this log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:10, on 2008-01-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\SCANJET\PrecisionScanLT\hppwrsav.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\main\ATISched.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”
O4 - HKLM..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM..\Run: [type32] “C:\Program Files\Microsoft IntelliType Pro\type32.exe”
O4 - HKLM..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [DMXLauncher] “C:\Program Files\Roxio\Media Experience\DMXLauncher.exe”
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe “-i”
O4 - HKLM..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM..\Run: [SoundMAX] “C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” /tray
O4 - HKCU..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU..\Run: [LDM] \Program
O4 - HKCU..\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot
O4 - HKCU..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.msi.com.tw

O18 - Protocol: bw+0 - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {74F8E33E-D835-482E-83A4-CF0A7C88A972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll