Pocket Killbox version 2.0.0.648
Running on Windows XP as Micheal Donnellan(Administrator)
was started @ Sunday, February 18, 2007, 3:23 AM
# 1 [Files to Delete]
Path = C:\WINDOWS\system32\yayyxxy.dll
*This File could not be Deleted
# 2 [Files to Delete]
Path = C:\WINDOWS\system32\yayyxxy.dll
*This File could not be Deleted
# 3 [Files to Delete]
Path = C:\WINDOWS\system32\yayyxxy.dll
*This File could not be Deleted
Killbox Closed(Exit) @ 3:29:33 AM
__________________________________________________
Pocket Killbox version 2.0.0.648
Running on Windows XP as Micheal Donnellan(Administrator)
was started @ Sunday, February 18, 2007, 3:30 AM
# 1 [Files to Delete]
Path = C:\WINDOWS\system32\jkhhe.dll
*This file does not seem to exist
# 2 [Files to Delete]
Path = C:\WINDOWS\system32\jkhhe.dll
*This file does not seem to exist
# 3 [Files to Delete]
Path = C:\WINDOWS\system32\yayyxxy.dll
*This File could not be Deleted
# 4 [Delete on Reboot]
Path = C:\WINDOWS\system32\yayyxxy.dll
*This File could not be Deleted
PendingFileRenameOperations Registry Data has been Removed by External Process! @ 3:32:05 AM
# 5 [Delete on Reboot]
Path = C:\WINDOWS\system32\yayyxxy.dll
*This File could not be Deleted
PendingFileRenameOperations Registry Data has been Removed by External Process! @ 3:39:14 AM
Killbox Closed(Exit) @ 3:40:01 AM
__________________________________________________
Pocket Killbox version 2.0.0.648
Running on Windows XP as Micheal Donnellan(Administrator)
was started @ Sunday, February 18, 2007, 1:20 PM
# 1 [Files to Delete]
Path = C:\WINDOWS\system32\yayyxxy.dll
*This File could not be Deleted
Pocket Killbox version 2.0.0.648
Running on Windows XP as Micheal Donnellan(Administrator)
was started @ Sunday, February 18, 2007, 2:59 PM
ComboScan v20070212.14 run by Micheal Donnellan on 2007-02-19 at 23:47:49
Computer is in Normal Mode.
Successfully created restore point.
Performed disk cleanup.
-- End of ComboScan: finished at 2007-02-19 at 23:48:47
dont exist
C:\Documents and Settings\Micheal Donnellan\Local Settings\Application Data\lteptcg.dll
dont exist
C:\WINDOWS\system32\drvziw.dll
ComboScan v20070212.14 run by Micheal Donnellan on 2007-02-20 at 15:35:48
Computer is in Normal Mode.
Successfully created restore point.
Performed disk cleanup.
ComboScan v20070212.14 run by Micheal Donnellan on 2007-02-20 at 17:47:42
Computer is in Normal Mode.
Successfully created restore point.
Performed disk cleanup.
ComboScan v20070212.14 run by Micheal Donnellan on 2007-02-21 at 00:42:32
Computer is in Normal Mode.
Successfully created restore point.
Performed disk cleanup.
-- End of ComboScan: finished at 2007-02-21 at 00:43:23
Did doing any of this mess with email passwords. As computer is asking for all passwords again instead of just logging in.
Comments
Running on Windows XP as Micheal Donnellan(Administrator)
was started @ Sunday, February 18, 2007, 3:23 AM
# 1 [Files to Delete]
Path = C:\WINDOWS\system32\yayyxxy.dll
*This File could not be Deleted
# 2 [Files to Delete]
Path = C:\WINDOWS\system32\yayyxxy.dll
*This File could not be Deleted
# 3 [Files to Delete]
Path = C:\WINDOWS\system32\yayyxxy.dll
*This File could not be Deleted
Killbox Closed(Exit) @ 3:29:33 AM
__________________________________________________
Pocket Killbox version 2.0.0.648
Running on Windows XP as Micheal Donnellan(Administrator)
was started @ Sunday, February 18, 2007, 3:30 AM
# 1 [Files to Delete]
Path = C:\WINDOWS\system32\jkhhe.dll
*This file does not seem to exist
# 2 [Files to Delete]
Path = C:\WINDOWS\system32\jkhhe.dll
*This file does not seem to exist
# 3 [Files to Delete]
Path = C:\WINDOWS\system32\yayyxxy.dll
*This File could not be Deleted
# 4 [Delete on Reboot]
Path = C:\WINDOWS\system32\yayyxxy.dll
*This File could not be Deleted
PendingFileRenameOperations Registry Data has been Removed by External Process! @ 3:32:05 AM
# 5 [Delete on Reboot]
Path = C:\WINDOWS\system32\yayyxxy.dll
*This File could not be Deleted
PendingFileRenameOperations Registry Data has been Removed by External Process! @ 3:39:14 AM
Killbox Closed(Exit) @ 3:40:01 AM
__________________________________________________
Pocket Killbox version 2.0.0.648
Running on Windows XP as Micheal Donnellan(Administrator)
was started @ Sunday, February 18, 2007, 1:20 PM
# 1 [Files to Delete]
Path = C:\WINDOWS\system32\yayyxxy.dll
*This File could not be Deleted
Pocket Killbox version 2.0.0.648
Running on Windows XP as Micheal Donnellan(Administrator)
was started @ Sunday, February 18, 2007, 2:59 PM
Killbox Closed(Exit) @ 3:15:56 PM
__________________________________________________
Pocket Killbox version 2.0.0.648
Running on Windows XP as Micheal Donnellan(Administrator)
was started @ Sunday, February 18, 2007, 10:16 PM
# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\yayyxxy.dll
# 2 [Delete on Reboot]
Path = C:\WINDOWS\ielocales.dll
I Rebooted @ 10:17:54 PM
Killbox Closed(Exit) @ 10:17:57 PM
__________________________________________________
Pocket Killbox version 2.0.0.648
Running on Windows XP as Micheal Donnellan(Administrator)
was started @ Monday, February 19, 2007, 9:00 PM
# 1 [Delete on Reboot]
Path = C:\WINDOWS\MSSRV.EXE
I Rebooted @ 9:00:37 PM
Killbox Closed(Exit) @ 9:00:40 PM
__________________________________________________
Pocket Killbox version 2.0.0.648
Running on Windows XP as Micheal Donnellan(Administrator)
was started @ Monday, February 19, 2007, 9:31 PM
# 1 [Delete on Reboot]
Path = C:\WINDOWS\ielocales.dll
I Rebooted @ 9:31:56 PM
Killbox Closed(Exit) @ 9:32:02 PM
__________________________________________________
Pocket Killbox version 2.0.0.648
Running on Windows XP as Micheal Donnellan(Administrator)
was started @ Monday, February 19, 2007, 10:01 PM
Killbox Closed(Exit) @ 10:01:56 PM
__________________________________________________
Pocket Killbox version 2.0.0.648
Running on Windows XP as Micheal Donnellan(Administrator)
was started @ Monday, February 19, 2007, 10:02 PM
# 1 [Delete on Reboot]
Path = C:\WINDOWS\ielocales.dll
I Rebooted @ 10:02:45 PM
Killbox Closed(Exit) @ 10:02:48 PM
__________________________________________________
Pocket Killbox version 2.0.0.648
Running on Windows XP as Micheal Donnellan(Administrator)
was started @ Monday, February 19, 2007, 11:11 PM
Killbox Closed(Exit) @ 11:11:37 PM
__________________________________________________
Pocket Killbox version 2.0.0.648
Running on Windows XP as Micheal Donnellan(Administrator)
was started @ Monday, February 19, 2007, 11:11 PM
Killbox Closed(Exit) @ 11:13:21 PM
__________________________________________________
Pocket Killbox version 2.0.0.648
Running on Windows XP as Micheal Donnellan(Administrator)
was started @ Monday, February 19, 2007, 11:13 PM
Killbox Closed(Exit) @ 11:13:30 PM
__________________________________________________
Pocket Killbox version 2.0.0.648
Running on Windows XP as Micheal Donnellan(Administrator)
was started @ Monday, February 19, 2007, 11:13 PM
Killbox Closed(Exit) @ 11:13:59 PM
__________________________________________________
Pocket Killbox version 2.0.0.648
Running on Windows XP as Micheal Donnellan(Administrator)
was started @ Monday, February 19, 2007, 11:14 PM
# 1 [Delete on Reboot]
Path = C:\WINDOWS\ielocales.dll
# 2 [Delete on Reboot]
Path = C:\WINDOWS\mssrv.exe
# 3 [Delete on Reboot]
Path = C:\WINDOWS\mslocales.exe
I Rebooted @ 11:14:35 PM
Killbox Closed(Exit) @ 11:14:42 PM
__________________________________________________
Scan saved at 23:28:36, on 19/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\Program Files\Medion Info Display\MdionLCM.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Micheal Donnellan\My Documents\Downloads\HiJackthis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [Pop-Up Stopper] "K:\BACK UP PROGRAMS\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [zSPGuard] k:\back up programs\pjw\startpage guard\spguard.exe /s
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] K:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Micheal Donnellan\My Documents\My files\Torrent go here\utorrent\utorrent.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - K:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - K:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129745320171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144105818984
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll (file missing)
Close all windows exept hijackthis and clikc fix checked.
Boot comp
Please scan again COMBOSCAN and post its log.
Now i´ve go to sleep, good night
In the morning we can clean rests if there are anymore left.
and update your java. Its important, because those vundo infections attact to old java.
C:\WINDOWS\system32\drvziw.dll
C:\Documents and Settings\Micheal Donnellan\Local Settings\Application Data\lteptcg.dll
There was mistyping from me
Computer is in Normal Mode.
Successfully created restore point.
Performed disk cleanup.
-- HijackThis log (run as Micheal Donnellan.com)
Logfile of HijackThis v1.99.1
Scan saved at 23:48:11, on 19/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\Program Files\Medion Info Display\MdionLCM.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Documents and Settings\Micheal Donnellan\Desktop\comboscan.exe
C:\DOCUME~1\MICHEA~1\LOCALS~1\Temp\~sothazp.tmp\Micheal Donnellan.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [Pop-Up Stopper] "K:\BACK UP PROGRAMS\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [zSPGuard] k:\back up programs\pjw\startpage guard\spguard.exe /s
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] K:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Micheal Donnellan\My Documents\My files\Torrent go here\utorrent\utorrent.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - K:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - K:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129745320171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144105818984
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
-- HijackThis Fixed Entries (C:\Documents and Settings\Micheal Donnellan\My Documents\Downloads\HiJackthis\backups\)
backup-20061027-205325-516 O17 - HKLM\System\CCS\Services\Tcpip\..\{191376B3-78AC-418B-89C2-C8A37F40C62F}: NameServer = 213.94.190.194 213.94.190.236
backup-20061027-205455-590 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
backup-20061027-205455-663 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
backup-20061027-205705-696 O20 - Winlogon Notify: winzwr32 - C:\WINDOWS\SYSTEM32\winzwr32.dll
backup-20061027-211413-564 O4 - HKLM\..\Run: [jesmwni.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\jesmwni.dll,nubufhc
backup-20061027-213826-312 O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvrow.dll,startup
backup-20070218-011552-981 O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
backup-20070218-013912-157 O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
backup-20070218-013912-706 O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.reservoirfilms.com/codecs/nsvplayx_vp6_mp3.cab
backup-20070218-013912-762 O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
backup-20070218-013912-982 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
backup-20070218-031938-398 O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
backup-20070218-131747-412 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll
backup-20070218-131747-807 O20 - Winlogon Notify: yayyxxy - C:\WINDOWS\SYSTEM32\yayyxxy.dll
backup-20070218-131801-803 O20 - Winlogon Notify: yayyxxy - C:\WINDOWS\SYSTEM32\yayyxxy.dll
backup-20070218-131801-918 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll
backup-20070218-132236-303 O20 - Winlogon Notify: yayyxxy - C:\WINDOWS\SYSTEM32\yayyxxy.dll
backup-20070218-132236-496 O20 - Winlogon Notify: mllmj - C:\WINDOWS\system32\mllmj.dll
backup-20070218-132236-628 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll
backup-20070218-132236-827 O2 - BHO: (no name) - {AC2A6B86-76B8-4AAD-9DDF-9C9187D9B0B8} - C:\WINDOWS\system32\mllmj.dll
backup-20070218-204556-145 O20 - Winlogon Notify: yayyxxy - C:\WINDOWS\SYSTEM32\yayyxxy.dll
backup-20070218-204556-240 O2 - BHO: (no name) - {AC2A6B86-76B8-4AAD-9DDF-9C9187D9B0B8} - C:\WINDOWS\system32\mllmj.dll (file missing)
backup-20070218-204556-261 O2 - BHO: (no name) - {2F24CE48-D8C6-41F6-B3BF-FE13161F6B54} - C:\WINDOWS\system32\geedd.dll
backup-20070218-204556-450 O20 - Winlogon Notify: geedd - C:\WINDOWS\system32\geedd.dll
backup-20070218-204556-460 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll
backup-20070218-204556-635 O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\jkaiadbl.dll (file missing)
backup-20070218-215322-296 O2 - BHO: (no name) - {2F24CE48-D8C6-41F6-B3BF-FE13161F6B54} - C:\WINDOWS\system32\geedd.dll (file missing)
backup-20070218-215322-337 O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\vslcupwt.dll
backup-20070218-215322-558 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll
backup-20070218-215322-608 O20 - Winlogon Notify: yayyxxy - C:\WINDOWS\SYSTEM32\yayyxxy.dll
backup-20070218-230651-114 O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll
backup-20070218-230651-344 O20 - Winlogon Notify: yayyxxy - yayyxxy.dll (file missing)
backup-20070218-230651-397 O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\nypfgqjy.dll
backup-20070218-230651-425 O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
backup-20070218-230651-719 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll (file missing)
backup-20070218-230651-939 O2 - BHO: (no name) - {1933891C-7BAC-44D5-950F-DB470F5A65C2} - C:\WINDOWS\system32\pmkjh.dll (file missing)
backup-20070219-210358-911 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
backup-20070219-234424-754 O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll (file missing)
-- File Associations
.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - AutoCADScriptFile - "C:\WINDOWS\system32\notepad.exe" "%1"
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
3 3xHybrid (3xHybrid service) - system32\DRIVERS\3xHybrid.sys
3 AdfuUd (%USB\VID_10D6&PID_1160.DeviceDesc%) - System32\Drivers\AdfuUd.sys
2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.0.1) - system32\DRIVERS\AegisP.sys
3 AgereSoftModem (Creatix V.92 Data Fax Modem) - system32\DRIVERS\AGRSM.sys
1 aiptektp (HyperPen) - system32\DRIVERS\aiptektp.sys
3 akshasp (Aladdin HASP Key) - system32\DRIVERS\akshasp.sys
3 aksusb (Aladdin USB Key) - system32\DRIVERS\aksusb.sys
3 Arp1394 (1394 ARP Client Protocol) - system32\DRIVERS\arp1394.sys
2 atksgt - system32\DRIVERS\atksgt.sys
3 CCDECODE (Closed Caption Decoder) - system32\DRIVERS\CCDECODE.sys
3 CMISTOR (CMIUCR.SYS CM220 Card Reader Driver) - system32\DRIVERS\cmiucr.SYS
2 driverpp (Plug and Play Support Driver) - \??\C:\WINDOWS\system32\Locales\driverpp.sys
3 FTDIBUS (USB Serial Converter Driver) - system32\drivers\ftdibus.sys
3 FTSER2K (USB Serial Port Driver) - system32\drivers\ftser2k.sys
2 Hardlock - \??\C:\WINDOWS\system32\drivers\hardlock.sys
2 Haspnt - \??\C:\WINDOWS\system32\drivers\Haspnt.sys
3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - system32\DRIVERS\HDAudBus.sys
3 HidUsb (Microsoft HID Class Driver) - system32\DRIVERS\hidusb.sys
3 HPZid412 (IEEE-1284.4 Driver HPZid412) - system32\DRIVERS\HPZid412.sys
3 HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - system32\DRIVERS\HPZipr12.sys
3 HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - system32\DRIVERS\HPZius12.sys
1 hwinterface - System32\Drivers\hwinterface.sys
3 Imx5123 - system32\drivers\Imx5123.sys
0 INO_FLPY - system32\Drivers\ino_flpy.sys
2 INO_FLTR - \??\C:\WINDOWS\system32\Drivers\ino_fltr.sys
3 IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - system32\drivers\RtkHDAud.sys
1 intelppm (Intel Processor Driver) - system32\DRIVERS\intelppm.sys
1 kbdhid (Keyboard HID Driver) - system32\DRIVERS\kbdhid.sys
2 lirsgt - system32\DRIVERS\lirsgt.sys
3 mouhid (Mouse HID Driver) - system32\DRIVERS\mouhid.sys
3 MPE (BDA MPE Filter) - system32\DRIVERS\MPE.sys
3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - system32\drivers\MSTEE.sys
3 NABTSFEC (NABTS/FEC VBI Codec) - system32\DRIVERS\NABTSFEC.sys
3 NdisIP (Microsoft TV/Video Connection) - system32\DRIVERS\NdisIP.sys
3 NIC1394 (1394 Net Driver) - system32\DRIVERS\nic1394.sys
3 nm (Network Monitor Driver) - system32\DRIVERS\NMnt.sys
3 Nokia USB Modem - system32\drivers\nmwcdcm.sys
3 Nokia USB Phone Parent - system32\drivers\nmwcd.sys
3 nv - system32\DRIVERS\nv4_mini.sys
0 ohci1394 (VIA OHCI Compliant IEEE 1394 Host Controller) - system32\DRIVERS\ohci1394.sys
2 Par1284 - \??\C:\Program Files\Flexi P-Cut Apprentice 7.5v5\Program\Par1284.sys
0 PCIIde - system32\DRIVERS\pciide.sys
1 prodrv06 (StarForce Protection Environment Driver v6) - \SystemRoot\System32\drivers\prodrv06.sys
0 prohlp02 (StarForce Protection Helper Driver v2) - System32\drivers\prohlp02.sys
0 prosync1 (StarForce Protection Synchronization Driver v1) - System32\drivers\prosync1.sys
0 PxHelp20 - System32\Drivers\PxHelp20.sys
3 RT2500USB (RT2500 USB Wireless LAN Driver) - system32\DRIVERS\rt2500usb.sys
3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - system32\DRIVERS\RTL8139.SYS
2 Sentinel - \SystemRoot\System32\Drivers\SENTINEL.SYS
0 sfhlp01 (StarForce Protection Helper Driver) - System32\drivers\sfhlp01.sys
3 SLIP (BDA Slip De-Framer) - system32\DRIVERS\SLIP.sys
0 sptd - System32\Drivers\sptd.sys
3 streamip (BDA IPSink) - system32\DRIVERS\StreamIP.sys
3 usbccgp (Microsoft USB Generic Parent Driver) - system32\DRIVERS\usbccgp.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - system32\DRIVERS\usbehci.sys
3 usbprint (Microsoft USB PRINTER Class) - system32\DRIVERS\usbprint.sys
3 usbscan (USB Scanner Driver) - system32\DRIVERS\usbscan.sys
3 usbstor (USB Mass Storage Driver) - system32\DRIVERS\USBSTOR.SYS
3 vaxscsi - \SystemRoot\System32\Drivers\vaxscsi.sys
3 wanatw (WAN Miniport (ATW)) - system32\DRIVERS\wanatw4.sys
3 WSTCODEC (World Standard Teletext Codec) - system32\DRIVERS\WSTCODEC.SYS
3 XUIF (X10 USB Wireless Transceiver) - System32\Drivers\x10ufx2.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
3 Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2 Autodata Limited License Service - "C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe"
2 Autodesk Licensing Service - "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe"
3 clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2 CLSched (CyberLink Task Scheduler (CTS)) - "C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe"
2 CyberLink Media Library Service - "C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe"
2 Fax - %systemroot%\system32\fxssvc.exe
3 IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
2 InoRPC (eTrust Antivirus RPC Server) - "C:\Program Files\CA\eTrust Antivirus\InoRpc.exe"
2 InoRT (eTrust Antivirus Realtime Server) - "C:\Program Files\CA\eTrust Antivirus\InoRT.exe"
2 InoTask (eTrust Antivirus Job Server) - "C:\Program Files\CA\eTrust Antivirus\InoTask.exe"
2 LexBceS (LexBce Server) - C:\WINDOWS\system32\LEXBCES.EXE
2 LightScribeService (LightScribeService Direct Disc Labeling Service) - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe"
2 NVSvc (NVIDIA Display Driver Service) - %SystemRoot%\system32\nvsvc32.exe
2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "C:\Program Files\CyberLink\Shared Files\RichVideo.exe"
3 sassvc (ProgramCheckerPro) - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
2 UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe
3 WmcCdsLs (Windows Media Connect (WMC) Helper) - C:\Program Files\Windows Media Connect\mswmcls.exe
3 x10nets (X10 Device Network Service) - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
-- Scheduled Tasks
2007-02-19 20:43:01 284 --a
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
-- Files created between 2007-01-19 and 2007-02-19
2007-02-18 20:48:14 4420 --a
C:\WINDOWS\system32\tmp.reg
2007-02-18 20:47:45 79360 --a
C:\WINDOWS\system32\swxcacls.exe<Unsigned: SteelWerX>
2007-02-18 20:47:45 40960 --a
C:\WINDOWS\system32\swsc.exe<Unsigned: n/a>
2007-02-18 20:47:45 135168 --a
C:\WINDOWS\system32\swreg.exe<Unsigned: SteelWerX>
2007-02-18 20:47:45 288417 --a
C:\WINDOWS\system32\SrchSTS.exe<Unsigned: S!Ri>
2007-02-18 20:47:45 53248 --a
C:\WINDOWS\system32\Process.exe<Unsigned: http://www.beyondlogic.org>
2007-02-18 20:47:45 51200 --a
C:\WINDOWS\system32\dumphive.exe<Unsigned: n/a>
2007-02-18 16:43:56 0 d
C:\WINDOWS\BDOSCAN8
2007-02-18 16:42:15 0 d
C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-02-18 03:48:53 0 d
C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-02-18 03:46:43 0 d
C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver<YOU'VE~1>
2007-02-18 03:46:43 0 d
C:\Documents and Settings\Administrator\Application Data\Real
2007-02-18 03:46:43 0 d
C:\Documents and Settings\Administrator\Application Data\CyberLink<CYBERL~1>
2007-02-18 03:46:43 0 d
C:\Documents and Settings\Administrator\Application Data\AOL
2007-02-18 03:46:43 0 d
C:\Documents and Settings\Administrator\Application Data\Adobe
2007-02-18 03:46:42 0 d---s---- C:\Documents and Settings\Administrator\UserData
2007-02-18 03:46:41 1572864 --ah
C:\Documents and Settings\Administrator\NTUSER.DAT
2007-02-18 03:42:15 0 d
C:\Avenger
2007-02-18 03:23:36 0 d
C:\!KillBox
2007-02-18 02:21:54 0 d
C:\VundoFix Backups<VUNDOF~1>
2007-02-18 00:11:47 0 d
C:\WINDOWS\system32\Locales
2007-02-17 22:14:17 0 d
C:\Documents and Settings\Micheal Donnellan\Application Data\Apple Computer<APPLEC~1>
2007-02-17 22:11:43 0 d
C:\Program Files\QuickTime<QUICKT~1>
2007-02-17 22:11:22 0 d
C:\Program Files\Apple Software Update<APPLES~1>
2007-02-17 22:11:11 0 d
C:\Documents and Settings\All Users\Application Data\Apple Computer<APPLEC~1>
2007-02-10 22:57:01 118520
n--- C:\WINDOWS\system32\pxinsi64.exe<Signed: Sonic Solutions>
2007-02-10 22:57:01 116472
n--- C:\WINDOWS\system32\pxcpyi64.exe<Signed: Sonic Solutions>
2007-02-10 22:57:01 129784
n--- C:\WINDOWS\system32\pxafs.dll<Signed: Sonic Solutions>
2007-02-10 22:57:01 36624
n--- C:\WINDOWS\system32\drivers\PxHelp20.sys<Unsigned: Sonic Solutions>
2007-02-10 22:57:01 2560
n--- C:\WINDOWS\system32\drivers\cdralw2k.sys<Unsigned: Sonic Solutions>
2007-02-10 22:57:01 2432
n--- C:\WINDOWS\system32\drivers\cdr4_xp.sys<Unsigned: Sonic Solutions>
2007-02-07 00:27:56 0 d
C:\Documents and Settings\All Users\Application Data\Trymedia
2007-02-07 00:26:55 0 d
C:\Program Files\Virtual Villagers<VIRTUA~1>
2007-02-07 00:26:55 0 d
C:\Program Files\BFG
2007-02-01 04:56:06 823296 --a
C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL><Unsigned: DivX, Inc.>
2007-02-01 04:56:05 802816 --a
C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL><Unsigned: DivX, Inc.>
2007-02-01 04:56:05 823296 --a
C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL><Unsigned: DivX, Inc.>
2007-02-01 04:56:04 639066 --a
C:\WINDOWS\system32\DivX.dll<Unsigned: DivX, Inc.>
2007-01-31 23:23:11 0 d
C:\Program Files\Common Files\NSV
2007-01-31 21:27:01 524288 --a
C:\WINDOWS\system32\DivXsm.exe<Unsigned: DivX Inc.>
2007-01-30 23:21:16 0 d
C:\Program Files\Kelloggs Horrible Science<KELLOG~2>
2007-01-30 23:15:10 118784 --a
C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE><Unsigned: DivX, Inc.>
2007-01-30 05:03:40 3596288 --a
C:\WINDOWS\system32\qt-dx331.dll<Unsigned: n/a>
2007-01-30 05:03:26 200704 --a
C:\WINDOWS\system32\ssldivx.dll<Unsigned: The OpenSSL Project, http://www.openssl.org/>
2007-01-30 05:03:26 1044480 --a
C:\WINDOWS\system32\libdivx.dll<Unsigned: The OpenSSL Project, http://www.openssl.org/>
2007-01-30 04:56:56 196608 --a
C:\WINDOWS\system32\dtu100.dll<Unsigned: DivX, Inc.>
2007-01-30 04:56:56 73728 --a
C:\WINDOWS\system32\dpl100.dll<Unsigned: DivX, Inc.>
2007-01-30 04:56:54 53248 --a
C:\WINDOWS\system32\dpuGUI10.dll<Unsigned: DivXNetworks>
2007-01-30 04:56:52 57344 --a
C:\WINDOWS\system32\dpv11.dll<Unsigned: DivXNetworks>
2007-01-30 04:56:52 344064 --a
C:\WINDOWS\system32\dpus11.dll<Unsigned: DivXNetworks>
2007-01-30 04:56:52 593920 --a
C:\WINDOWS\system32\dpuGUI11.dll<Unsigned: DivXNetworks>
2007-01-30 04:56:52 294912 --a
C:\WINDOWS\system32\dpu11.dll<Unsigned: DivXNetworks>
2007-01-30 04:56:52 294912 --a
C:\WINDOWS\system32\dpu10.dll<Unsigned: DivXNetworks>
2007-01-24 02:04:43 487424 -ra
C:\WINDOWS\system32\msvcp70.dll<Unsigned: Microsoft Corporation>
2007-01-23 21:36:20 0 d
C:\Program Files\MagicISO
-- Find3M Report
2007-02-18 18:57:31 0 d
C:\Program Files\Gothic III<GOTHIC~2>
2007-02-16 22:53:05 0 d
C:\Program Files\Paint Shop Pro 5<PAINTS~1>
2007-02-16 13:14:12 0 d
C:\Program Files\CA
2007-02-15 13:22:22 0 d
C:\Documents and Settings\Micheal Donnellan\Application Data\Adobe
2007-02-10 22:57:09 0 d
C:\Program Files\DivX
2007-02-07 02:13:11 0 d
C:\Documents and Settings\Micheal Donnellan\Application Data\uTorrent
2007-01-31 01:55:13 31952 --a
C:\Documents and Settings\Micheal Donnellan\Application Data\wklnhst.dat
2007-01-30 23:21:16 0 d--h
C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-27 17:13:51 123176 --a
C:\Documents and Settings\Micheal Donnellan\Application Data\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT>
2007-01-27 16:36:15 0 d
C:\Documents and Settings\Micheal Donnellan\Application Data\AdobeUM
2007-01-23 22:38:53 0 d
C:\Program Files\Common Files\Autodesk Shared<AUTODE~1>
2007-01-23 22:34:28 0 d
C:\Program Files\Autodesk
2007-01-03 20:02:37 0 d
C:\Program Files\Bethesda Softworks<BETHES~1>
2007-01-02 14:55:07 271360 --a
C:\WINDOWS\system32\drivers\atksgt.sys<Unsigned: n/a>
2007-01-02 14:55:06 18048 --a
C:\WINDOWS\system32\drivers\lirsgt.sys<Unsigned: n/a>
2007-01-02 14:21:15 0 d
C:\Program Files\Gothic III Demo<GOTHIC~1>
2007-01-02 14:20:57 0 d
C:\Program Files\Postal2STP<POSTAL~1>
2007-01-02 14:19:33 0 d
C:\Program Files\The Guild 2<THEGUI~1>
2007-01-01 04:56:12 0 d
C:\Program Files\Singular Inversions<SINGUL~1>
2007-01-01 04:06:22 3026 --a
C:\WINDOWS\system32\drivers\hwinterface.sys<HWINTE~1.SYS><Unsigned: Logix4u>
2006-12-23 22:07:12 0 d
C:\Documents and Settings\Micheal Donnellan\Application Data\Skype
2006-12-23 14:25:39 0 d---s---- C:\Documents and Settings\Micheal Donnellan\Application Data\Microsoft<MICROS~1>
2006-12-21 18:18:36 0 d
C:\Program Files\AoA Audio Extractor<AOAAUD~1>
2006-12-12 16:24:42 12288 --a
C:\WINDOWS\system32\DivXWMPExtType.dll<DIVXWM~1.DLL><Unsigned: n/a>
2006-11-28 17:50:25 832744 --a
C:\WINDOWS\dbplugin.exe<Signed: n/a>
-- Registry Dump
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Avro Keyboard"=""
"µTorrent"="\"C:\\Documents and Settings\\Micheal Donnellan\\My Documents\\My files\\Torrent go here\\utorrent\\utorrent.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"RTHDCPL"="RTHDCPL.EXE"
"CmUCRRun"="C:\\WINDOWS\\system32\\CmUCReye.exe"
"MedionVFD"="\"C:\\Program Files\\Medion Info Display\\MdionLCM.exe\""
"CHotkey"="mHotkey.exe"
"ledpointer"="CNYHKey.exe"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"AntivirusRegistration"="C:\\Program Files\\CA\\Etrust Antivirus\\Register.exe"
"RemoteControl"="\"C:\\Program Files\\Home Cinema\\PowerDVD\\PDVDServ.exe\""
"PCMService"="\"C:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe\""
"InstantOn"="\"C:\\Program Files\\CyberLink\\PowerCinema Linux\\ion_install.exe /c \""
"Pop-Up Stopper"="\"K:\\BACK UP PROGRAMS\\Panicware\\Pop-Up Stopper\\dpps2.exe\""
"zSPGuard"="k:\\back up programs\\pjw\\startpage guard\\spguard.exe /s "
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"PCSuiteTrayApplication"="K:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -onlytray"
"LXSUPMON"="C:\\WINDOWS\\system32\\LXSUPMON.EXE RUN"
"FinePrint Dispatcher v5"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\fpdisp5a.exe\" /source=HKLM"
"Realtime Monitor"="C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe -s"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"CTDrive"="rundll32.exe C:\\WINDOWS\\system32\\drvziw.dll,startup"
@=""
"lteptcg.dll"="C:\\WINDOWS\\system32\\rundll32.exe \"C:\\Documents and Settings\\Micheal Donnellan\\Local Settings\\Application Data\\lteptcg.dll\",qtokvvf"
"syswin"="C:\\WINDOWS\\system32\\v6.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{58FF7395-B48F-41CB-A20C-2FFA2A049EB2}"=""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"mslocales"="C:\\WINDOWS\\mslocales.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{F001827A-0BB7-6153-1007-050922050161}"="\"C:\\Program Files\\Common Files\\{F001827A-0BB7-6153-1007-050922050161}\\Update.exe\" mc-110-12-0000272"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
-- End of ComboScan: finished at 2007-02-19 at 23:48:47
dont exist
C:\Documents and Settings\Micheal Donnellan\Local Settings\Application Data\lteptcg.dll
dont exist
C:\WINDOWS\system32\drvziw.dll
they dont show uo in kill box or explorer.
updated Java to 1.5.0_11. This better?
Yes its better version.
Now it seems that those files are gone. How comp´s working ?
There are few keys in registry, should be removed. I´ll make a fix for those today
Please copy follow text inside box to notebad:
Save it to desktop file type ALL FILES name regfix.reg
Doubble click it and allow to merge registry.
Boot comp
Scan once more comboscan and send its raport .
Computer is in Normal Mode.
Successfully created restore point.
Performed disk cleanup.
-- HijackThis log (run as Micheal Donnellan.com)
Logfile of HijackThis v1.99.1
Scan saved at 15:36:05, on 20/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\Program Files\Medion Info Display\MdionLCM.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Documents and Settings\Micheal Donnellan\Desktop\comboscan.exe
C:\DOCUME~1\MICHEA~1\LOCALS~1\Temp\~xuafpfu.tmp\Micheal Donnellan.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [Pop-Up Stopper] "K:\BACK UP PROGRAMS\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [zSPGuard] k:\back up programs\pjw\startpage guard\spguard.exe /s
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] K:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Micheal Donnellan\My Documents\My files\Torrent go here\utorrent\utorrent.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - K:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - K:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129745320171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144105818984
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
-- HijackThis Fixed Entries (C:\Documents and Settings\Micheal Donnellan\My Documents\Downloads\HiJackthis\backups\)
backup-20061027-205325-516 O17 - HKLM\System\CCS\Services\Tcpip\..\{191376B3-78AC-418B-89C2-C8A37F40C62F}: NameServer = 213.94.190.194 213.94.190.236
backup-20061027-205455-590 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
backup-20061027-205455-663 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
backup-20061027-205705-696 O20 - Winlogon Notify: winzwr32 - C:\WINDOWS\SYSTEM32\winzwr32.dll
backup-20061027-211413-564 O4 - HKLM\..\Run: [jesmwni.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\jesmwni.dll,nubufhc
backup-20061027-213826-312 O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvrow.dll,startup
backup-20070218-011552-981 O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
backup-20070218-013912-157 O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
backup-20070218-013912-706 O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.reservoirfilms.com/codecs/nsvplayx_vp6_mp3.cab
backup-20070218-013912-762 O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
backup-20070218-013912-982 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
backup-20070218-031938-398 O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
backup-20070218-131747-412 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll
backup-20070218-131747-807 O20 - Winlogon Notify: yayyxxy - C:\WINDOWS\SYSTEM32\yayyxxy.dll
backup-20070218-131801-803 O20 - Winlogon Notify: yayyxxy - C:\WINDOWS\SYSTEM32\yayyxxy.dll
backup-20070218-131801-918 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll
backup-20070218-132236-303 O20 - Winlogon Notify: yayyxxy - C:\WINDOWS\SYSTEM32\yayyxxy.dll
backup-20070218-132236-496 O20 - Winlogon Notify: mllmj - C:\WINDOWS\system32\mllmj.dll
backup-20070218-132236-628 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll
backup-20070218-132236-827 O2 - BHO: (no name) - {AC2A6B86-76B8-4AAD-9DDF-9C9187D9B0B8} - C:\WINDOWS\system32\mllmj.dll
backup-20070218-204556-145 O20 - Winlogon Notify: yayyxxy - C:\WINDOWS\SYSTEM32\yayyxxy.dll
backup-20070218-204556-240 O2 - BHO: (no name) - {AC2A6B86-76B8-4AAD-9DDF-9C9187D9B0B8} - C:\WINDOWS\system32\mllmj.dll (file missing)
backup-20070218-204556-261 O2 - BHO: (no name) - {2F24CE48-D8C6-41F6-B3BF-FE13161F6B54} - C:\WINDOWS\system32\geedd.dll
backup-20070218-204556-450 O20 - Winlogon Notify: geedd - C:\WINDOWS\system32\geedd.dll
backup-20070218-204556-460 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll
backup-20070218-204556-635 O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\jkaiadbl.dll (file missing)
backup-20070218-215322-296 O2 - BHO: (no name) - {2F24CE48-D8C6-41F6-B3BF-FE13161F6B54} - C:\WINDOWS\system32\geedd.dll (file missing)
backup-20070218-215322-337 O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\vslcupwt.dll
backup-20070218-215322-558 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll
backup-20070218-215322-608 O20 - Winlogon Notify: yayyxxy - C:\WINDOWS\SYSTEM32\yayyxxy.dll
backup-20070218-230651-114 O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll
backup-20070218-230651-344 O20 - Winlogon Notify: yayyxxy - yayyxxy.dll (file missing)
backup-20070218-230651-397 O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\nypfgqjy.dll
backup-20070218-230651-425 O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
backup-20070218-230651-719 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll (file missing)
backup-20070218-230651-939 O2 - BHO: (no name) - {1933891C-7BAC-44D5-950F-DB470F5A65C2} - C:\WINDOWS\system32\pmkjh.dll (file missing)
backup-20070219-210358-911 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
backup-20070219-234424-754 O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll (file missing)
-- File Associations
.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - AutoCADScriptFile - "C:\WINDOWS\system32\notepad.exe" "%1"
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
3 3xHybrid (3xHybrid service) - system32\DRIVERS\3xHybrid.sys
3 AdfuUd (%USB\VID_10D6&PID_1160.DeviceDesc%) - System32\Drivers\AdfuUd.sys
2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.0.1) - system32\DRIVERS\AegisP.sys
3 AgereSoftModem (Creatix V.92 Data Fax Modem) - system32\DRIVERS\AGRSM.sys
1 aiptektp (HyperPen) - system32\DRIVERS\aiptektp.sys
3 akshasp (Aladdin HASP Key) - system32\DRIVERS\akshasp.sys
3 aksusb (Aladdin USB Key) - system32\DRIVERS\aksusb.sys
3 Arp1394 (1394 ARP Client Protocol) - system32\DRIVERS\arp1394.sys
2 atksgt - system32\DRIVERS\atksgt.sys
3 CCDECODE (Closed Caption Decoder) - system32\DRIVERS\CCDECODE.sys
3 CMISTOR (CMIUCR.SYS CM220 Card Reader Driver) - system32\DRIVERS\cmiucr.SYS
2 driverpp (Plug and Play Support Driver) - \??\C:\WINDOWS\system32\Locales\driverpp.sys
3 FTDIBUS (USB Serial Converter Driver) - system32\drivers\ftdibus.sys
3 FTSER2K (USB Serial Port Driver) - system32\drivers\ftser2k.sys
2 Hardlock - \??\C:\WINDOWS\system32\drivers\hardlock.sys
2 Haspnt - \??\C:\WINDOWS\system32\drivers\Haspnt.sys
3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - system32\DRIVERS\HDAudBus.sys
3 HidUsb (Microsoft HID Class Driver) - system32\DRIVERS\hidusb.sys
3 HPZid412 (IEEE-1284.4 Driver HPZid412) - system32\DRIVERS\HPZid412.sys
3 HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - system32\DRIVERS\HPZipr12.sys
3 HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - system32\DRIVERS\HPZius12.sys
1 hwinterface - System32\Drivers\hwinterface.sys
3 Imx5123 - system32\drivers\Imx5123.sys
0 INO_FLPY - system32\Drivers\ino_flpy.sys
2 INO_FLTR - \??\C:\WINDOWS\system32\Drivers\ino_fltr.sys
3 IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - system32\drivers\RtkHDAud.sys
1 intelppm (Intel Processor Driver) - system32\DRIVERS\intelppm.sys
1 kbdhid (Keyboard HID Driver) - system32\DRIVERS\kbdhid.sys
2 lirsgt - system32\DRIVERS\lirsgt.sys
3 mouhid (Mouse HID Driver) - system32\DRIVERS\mouhid.sys
3 MPE (BDA MPE Filter) - system32\DRIVERS\MPE.sys
3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - system32\drivers\MSTEE.sys
3 NABTSFEC (NABTS/FEC VBI Codec) - system32\DRIVERS\NABTSFEC.sys
3 NdisIP (Microsoft TV/Video Connection) - system32\DRIVERS\NdisIP.sys
3 NIC1394 (1394 Net Driver) - system32\DRIVERS\nic1394.sys
3 nm (Network Monitor Driver) - system32\DRIVERS\NMnt.sys
3 Nokia USB Modem - system32\drivers\nmwcdcm.sys
3 Nokia USB Phone Parent - system32\drivers\nmwcd.sys
3 nv - system32\DRIVERS\nv4_mini.sys
0 ohci1394 (VIA OHCI Compliant IEEE 1394 Host Controller) - system32\DRIVERS\ohci1394.sys
2 Par1284 - \??\C:\Program Files\Flexi P-Cut Apprentice 7.5v5\Program\Par1284.sys
0 PCIIde - system32\DRIVERS\pciide.sys
1 prodrv06 (StarForce Protection Environment Driver v6) - \SystemRoot\System32\drivers\prodrv06.sys
0 prohlp02 (StarForce Protection Helper Driver v2) - System32\drivers\prohlp02.sys
0 prosync1 (StarForce Protection Synchronization Driver v1) - System32\drivers\prosync1.sys
0 PxHelp20 - System32\Drivers\PxHelp20.sys
3 RT2500USB (RT2500 USB Wireless LAN Driver) - system32\DRIVERS\rt2500usb.sys
3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - system32\DRIVERS\RTL8139.SYS
2 Sentinel - \SystemRoot\System32\Drivers\SENTINEL.SYS
0 sfhlp01 (StarForce Protection Helper Driver) - System32\drivers\sfhlp01.sys
3 SLIP (BDA Slip De-Framer) - system32\DRIVERS\SLIP.sys
0 sptd - System32\Drivers\sptd.sys
3 streamip (BDA IPSink) - system32\DRIVERS\StreamIP.sys
3 usbccgp (Microsoft USB Generic Parent Driver) - system32\DRIVERS\usbccgp.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - system32\DRIVERS\usbehci.sys
3 usbprint (Microsoft USB PRINTER Class) - system32\DRIVERS\usbprint.sys
3 usbscan (USB Scanner Driver) - system32\DRIVERS\usbscan.sys
3 usbstor (USB Mass Storage Driver) - system32\DRIVERS\USBSTOR.SYS
3 vaxscsi - \SystemRoot\System32\Drivers\vaxscsi.sys
3 wanatw (WAN Miniport (ATW)) - system32\DRIVERS\wanatw4.sys
3 WSTCODEC (World Standard Teletext Codec) - system32\DRIVERS\WSTCODEC.SYS
3 XUIF (X10 USB Wireless Transceiver) - System32\Drivers\x10ufx2.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
3 Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2 Autodata Limited License Service - "C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe"
2 Autodesk Licensing Service - "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe"
3 clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2 CLSched (CyberLink Task Scheduler (CTS)) - "C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe"
2 CyberLink Media Library Service - "C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe"
2 Fax - %systemroot%\system32\fxssvc.exe
3 IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
2 InoRPC (eTrust Antivirus RPC Server) - "C:\Program Files\CA\eTrust Antivirus\InoRpc.exe"
2 InoRT (eTrust Antivirus Realtime Server) - "C:\Program Files\CA\eTrust Antivirus\InoRT.exe"
2 InoTask (eTrust Antivirus Job Server) - "C:\Program Files\CA\eTrust Antivirus\InoTask.exe"
2 LexBceS (LexBce Server) - C:\WINDOWS\system32\LEXBCES.EXE
2 LightScribeService (LightScribeService Direct Disc Labeling Service) - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe"
2 NVSvc (NVIDIA Display Driver Service) - %SystemRoot%\system32\nvsvc32.exe
2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "C:\Program Files\CyberLink\Shared Files\RichVideo.exe"
3 sassvc (ProgramCheckerPro) - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
2 UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe
3 WmcCdsLs (Windows Media Connect (WMC) Helper) - C:\Program Files\Windows Media Connect\mswmcls.exe
3 x10nets (X10 Device Network Service) - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
-- Scheduled Tasks
2007-02-19 20:43:01 284 --a
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
-- Files created between 2007-01-20 and 2007-02-20
2007-02-18 20:48:14 4420 --a
C:\WINDOWS\system32\tmp.reg
2007-02-18 20:47:45 79360 --a
C:\WINDOWS\system32\swxcacls.exe<Unsigned: SteelWerX>
2007-02-18 20:47:45 40960 --a
C:\WINDOWS\system32\swsc.exe<Unsigned: n/a>
2007-02-18 20:47:45 135168 --a
C:\WINDOWS\system32\swreg.exe<Unsigned: SteelWerX>
2007-02-18 20:47:45 288417 --a
C:\WINDOWS\system32\SrchSTS.exe<Unsigned: S!Ri>
2007-02-18 20:47:45 53248 --a
C:\WINDOWS\system32\Process.exe<Unsigned: http://www.beyondlogic.org>
2007-02-18 20:47:45 51200 --a
C:\WINDOWS\system32\dumphive.exe<Unsigned: n/a>
2007-02-18 16:43:56 0 d
C:\WINDOWS\BDOSCAN8
2007-02-18 16:42:15 0 d
C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-02-18 03:48:53 0 d
C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-02-18 03:46:43 0 d
C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver<YOU'VE~1>
2007-02-18 03:46:43 0 d
C:\Documents and Settings\Administrator\Application Data\Real
2007-02-18 03:46:43 0 d
C:\Documents and Settings\Administrator\Application Data\CyberLink<CYBERL~1>
2007-02-18 03:46:43 0 d
C:\Documents and Settings\Administrator\Application Data\AOL
2007-02-18 03:46:43 0 d
C:\Documents and Settings\Administrator\Application Data\Adobe
2007-02-18 03:46:42 0 d---s---- C:\Documents and Settings\Administrator\UserData
2007-02-18 03:46:41 1572864 --ah
C:\Documents and Settings\Administrator\NTUSER.DAT
2007-02-18 03:42:15 0 d
C:\Avenger
2007-02-18 03:23:36 0 d
C:\!KillBox
2007-02-18 02:21:54 0 d
C:\VundoFix Backups<VUNDOF~1>
2007-02-18 00:11:47 0 d
C:\WINDOWS\system32\Locales
2007-02-17 22:14:17 0 d
C:\Documents and Settings\Micheal Donnellan\Application Data\Apple Computer<APPLEC~1>
2007-02-17 22:11:43 0 d
C:\Program Files\QuickTime<QUICKT~1>
2007-02-17 22:11:22 0 d
C:\Program Files\Apple Software Update<APPLES~1>
2007-02-17 22:11:11 0 d
C:\Documents and Settings\All Users\Application Data\Apple Computer<APPLEC~1>
2007-02-10 22:57:01 118520
n--- C:\WINDOWS\system32\pxinsi64.exe<Signed: Sonic Solutions>
2007-02-10 22:57:01 116472
n--- C:\WINDOWS\system32\pxcpyi64.exe<Signed: Sonic Solutions>
2007-02-10 22:57:01 129784
n--- C:\WINDOWS\system32\pxafs.dll<Signed: Sonic Solutions>
2007-02-10 22:57:01 36624
n--- C:\WINDOWS\system32\drivers\PxHelp20.sys<Unsigned: Sonic Solutions>
2007-02-10 22:57:01 2560
n--- C:\WINDOWS\system32\drivers\cdralw2k.sys<Unsigned: Sonic Solutions>
2007-02-10 22:57:01 2432
n--- C:\WINDOWS\system32\drivers\cdr4_xp.sys<Unsigned: Sonic Solutions>
2007-02-07 00:27:56 0 d
C:\Documents and Settings\All Users\Application Data\Trymedia
2007-02-07 00:26:55 0 d
C:\Program Files\Virtual Villagers<VIRTUA~1>
2007-02-07 00:26:55 0 d
C:\Program Files\BFG
2007-02-01 04:56:06 823296 --a
C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL><Unsigned: DivX, Inc.>
2007-02-01 04:56:05 802816 --a
C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL><Unsigned: DivX, Inc.>
2007-02-01 04:56:05 823296 --a
C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL><Unsigned: DivX, Inc.>
2007-02-01 04:56:04 639066 --a
C:\WINDOWS\system32\DivX.dll<Unsigned: DivX, Inc.>
2007-01-31 23:23:11 0 d
C:\Program Files\Common Files\NSV
2007-01-31 21:27:01 524288 --a
C:\WINDOWS\system32\DivXsm.exe<Unsigned: DivX Inc.>
2007-01-30 23:21:16 0 d
C:\Program Files\Kelloggs Horrible Science<KELLOG~2>
2007-01-30 23:15:10 118784 --a
C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE><Unsigned: DivX, Inc.>
2007-01-30 05:03:40 3596288 --a
C:\WINDOWS\system32\qt-dx331.dll<Unsigned: n/a>
2007-01-30 05:03:26 200704 --a
C:\WINDOWS\system32\ssldivx.dll<Unsigned: The OpenSSL Project, http://www.openssl.org/>
2007-01-30 05:03:26 1044480 --a
C:\WINDOWS\system32\libdivx.dll<Unsigned: The OpenSSL Project, http://www.openssl.org/>
2007-01-30 04:56:56 196608 --a
C:\WINDOWS\system32\dtu100.dll<Unsigned: DivX, Inc.>
2007-01-30 04:56:56 73728 --a
C:\WINDOWS\system32\dpl100.dll<Unsigned: DivX, Inc.>
2007-01-30 04:56:54 53248 --a
C:\WINDOWS\system32\dpuGUI10.dll<Unsigned: DivXNetworks>
2007-01-30 04:56:52 57344 --a
C:\WINDOWS\system32\dpv11.dll<Unsigned: DivXNetworks>
2007-01-30 04:56:52 344064 --a
C:\WINDOWS\system32\dpus11.dll<Unsigned: DivXNetworks>
2007-01-30 04:56:52 593920 --a
C:\WINDOWS\system32\dpuGUI11.dll<Unsigned: DivXNetworks>
2007-01-30 04:56:52 294912 --a
C:\WINDOWS\system32\dpu11.dll<Unsigned: DivXNetworks>
2007-01-30 04:56:52 294912 --a
C:\WINDOWS\system32\dpu10.dll<Unsigned: DivXNetworks>
2007-01-24 02:04:43 487424 -ra
C:\WINDOWS\system32\msvcp70.dll<Unsigned: Microsoft Corporation>
2007-01-23 21:36:20 0 d
C:\Program Files\MagicISO
-- Find3M Report
2007-02-20 00:04:21 0 d
C:\Program Files\Java
2007-02-18 18:57:31 0 d
C:\Program Files\Gothic III<GOTHIC~2>
2007-02-16 22:53:05 0 d
C:\Program Files\Paint Shop Pro 5<PAINTS~1>
2007-02-16 13:14:12 0 d
C:\Program Files\CA
2007-02-15 13:22:22 0 d
C:\Documents and Settings\Micheal Donnellan\Application Data\Adobe
2007-02-10 22:57:09 0 d
C:\Program Files\DivX
2007-02-07 02:13:11 0 d
C:\Documents and Settings\Micheal Donnellan\Application Data\uTorrent
2007-01-31 01:55:13 31952 --a
C:\Documents and Settings\Micheal Donnellan\Application Data\wklnhst.dat
2007-01-30 23:21:16 0 d--h
C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-27 17:13:51 123176 --a
C:\Documents and Settings\Micheal Donnellan\Application Data\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT>
2007-01-27 16:36:15 0 d
C:\Documents and Settings\Micheal Donnellan\Application Data\AdobeUM
2007-01-23 22:38:53 0 d
C:\Program Files\Common Files\Autodesk Shared<AUTODE~1>
2007-01-23 22:34:28 0 d
C:\Program Files\Autodesk
2007-01-03 20:02:37 0 d
C:\Program Files\Bethesda Softworks<BETHES~1>
2007-01-02 14:55:07 271360 --a
C:\WINDOWS\system32\drivers\atksgt.sys<Unsigned: n/a>
2007-01-02 14:55:06 18048 --a
C:\WINDOWS\system32\drivers\lirsgt.sys<Unsigned: n/a>
2007-01-02 14:21:15 0 d
C:\Program Files\Gothic III Demo<GOTHIC~1>
2007-01-02 14:20:57 0 d
C:\Program Files\Postal2STP<POSTAL~1>
2007-01-02 14:19:33 0 d
C:\Program Files\The Guild 2<THEGUI~1>
2007-01-01 04:56:12 0 d
C:\Program Files\Singular Inversions<SINGUL~1>
2007-01-01 04:06:22 3026 --a
C:\WINDOWS\system32\drivers\hwinterface.sys<HWINTE~1.SYS><Unsigned: Logix4u>
2006-12-23 22:07:12 0 d
C:\Documents and Settings\Micheal Donnellan\Application Data\Skype
2006-12-23 14:25:39 0 d---s---- C:\Documents and Settings\Micheal Donnellan\Application Data\Microsoft<MICROS~1>
2006-12-21 18:18:36 0 d
C:\Program Files\AoA Audio Extractor<AOAAUD~1>
2006-12-12 16:24:42 12288 --a
C:\WINDOWS\system32\DivXWMPExtType.dll<DIVXWM~1.DLL><Unsigned: n/a>
2006-11-28 17:50:25 832744 --a
C:\WINDOWS\dbplugin.exe<Signed: n/a>
-- Registry Dump
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Avro Keyboard"=""
"µTorrent"="\"C:\\Documents and Settings\\Micheal Donnellan\\My Documents\\My files\\Torrent go here\\utorrent\\utorrent.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"RTHDCPL"="RTHDCPL.EXE"
"CmUCRRun"="C:\\WINDOWS\\system32\\CmUCReye.exe"
"MedionVFD"="\"C:\\Program Files\\Medion Info Display\\MdionLCM.exe\""
"CHotkey"="mHotkey.exe"
"ledpointer"="CNYHKey.exe"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"AntivirusRegistration"="C:\\Program Files\\CA\\Etrust Antivirus\\Register.exe"
"RemoteControl"="\"C:\\Program Files\\Home Cinema\\PowerDVD\\PDVDServ.exe\""
"PCMService"="\"C:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe\""
"InstantOn"="\"C:\\Program Files\\CyberLink\\PowerCinema Linux\\ion_install.exe /c \""
"Pop-Up Stopper"="\"K:\\BACK UP PROGRAMS\\Panicware\\Pop-Up Stopper\\dpps2.exe\""
"zSPGuard"="k:\\back up programs\\pjw\\startpage guard\\spguard.exe /s "
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"PCSuiteTrayApplication"="K:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -onlytray"
"LXSUPMON"="C:\\WINDOWS\\system32\\LXSUPMON.EXE RUN"
"FinePrint Dispatcher v5"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\fpdisp5a.exe\" /source=HKLM"
"Realtime Monitor"="C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe -s"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"CTDrive"="rundll32.exe C:\\WINDOWS\\system32\\drvziw.dll,startup"
@=""
"lteptcg.dll"="C:\\WINDOWS\\system32\\rundll32.exe \"C:\\Documents and Settings\\Micheal Donnellan\\Local Settings\\Application Data\\lteptcg.dll\",qtokvvf"
"syswin"="C:\\WINDOWS\\system32\\v6.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{58FF7395-B48F-41CB-A20C-2FFA2A049EB2}"=""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"mslocales"="C:\\WINDOWS\\mslocales.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{F001827A-0BB7-6153-1007-050922050161}"="\"C:\\Program Files\\Common Files\\{F001827A-0BB7-6153-1007-050922050161}\\Update.exe\" mc-110-12-0000272"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
-- End of ComboScan: finished at 2007-02-20 at 15:36:37
ComboScan and Supplementary.txt
Spybot/Etrust ?
I renamed to allow attachment for you to check.
registry protection I have no idea. perhaps try in safemode if file is correct.
Please copy follow text inside box to notebad:
Save it to desktop file type ALL FILES name regfix2.reg
Doubble click it and allow to merge registry.
Boot comp
Scan once more comboscan and send its raport .
Computer is in Normal Mode.
Successfully created restore point.
Performed disk cleanup.
-- HijackThis log (run as Micheal Donnellan.com)
Logfile of HijackThis v1.99.1
Scan saved at 17:48:03, on 20/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\Program Files\Medion Info Display\MdionLCM.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Documents and Settings\Micheal Donnellan\Desktop\comboscan.exe
C:\DOCUME~1\MICHEA~1\LOCALS~1\Temp\~dvflzzq.tmp\Micheal Donnellan.com
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [Pop-Up Stopper] "K:\BACK UP PROGRAMS\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [zSPGuard] k:\back up programs\pjw\startpage guard\spguard.exe /s
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] K:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Micheal Donnellan\My Documents\My files\Torrent go here\utorrent\utorrent.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - K:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - K:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129745320171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144105818984
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
-- HijackThis Fixed Entries (C:\Documents and Settings\Micheal Donnellan\My Documents\Downloads\HiJackthis\backups\)
backup-20061027-205325-516 O17 - HKLM\System\CCS\Services\Tcpip\..\{191376B3-78AC-418B-89C2-C8A37F40C62F}: NameServer = 213.94.190.194 213.94.190.236
backup-20061027-205455-590 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
backup-20061027-205455-663 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
backup-20061027-205705-696 O20 - Winlogon Notify: winzwr32 - C:\WINDOWS\SYSTEM32\winzwr32.dll
backup-20061027-211413-564 O4 - HKLM\..\Run: [jesmwni.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\jesmwni.dll,nubufhc
backup-20061027-213826-312 O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvrow.dll,startup
backup-20070218-011552-981 O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
backup-20070218-013912-157 O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
backup-20070218-013912-706 O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.reservoirfilms.com/codecs/nsvplayx_vp6_mp3.cab
backup-20070218-013912-762 O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
backup-20070218-013912-982 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
backup-20070218-031938-398 O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
backup-20070218-131747-412 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll
backup-20070218-131747-807 O20 - Winlogon Notify: yayyxxy - C:\WINDOWS\SYSTEM32\yayyxxy.dll
backup-20070218-131801-803 O20 - Winlogon Notify: yayyxxy - C:\WINDOWS\SYSTEM32\yayyxxy.dll
backup-20070218-131801-918 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll
backup-20070218-132236-303 O20 - Winlogon Notify: yayyxxy - C:\WINDOWS\SYSTEM32\yayyxxy.dll
backup-20070218-132236-496 O20 - Winlogon Notify: mllmj - C:\WINDOWS\system32\mllmj.dll
backup-20070218-132236-628 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll
backup-20070218-132236-827 O2 - BHO: (no name) - {AC2A6B86-76B8-4AAD-9DDF-9C9187D9B0B8} - C:\WINDOWS\system32\mllmj.dll
backup-20070218-204556-145 O20 - Winlogon Notify: yayyxxy - C:\WINDOWS\SYSTEM32\yayyxxy.dll
backup-20070218-204556-240 O2 - BHO: (no name) - {AC2A6B86-76B8-4AAD-9DDF-9C9187D9B0B8} - C:\WINDOWS\system32\mllmj.dll (file missing)
backup-20070218-204556-261 O2 - BHO: (no name) - {2F24CE48-D8C6-41F6-B3BF-FE13161F6B54} - C:\WINDOWS\system32\geedd.dll
backup-20070218-204556-450 O20 - Winlogon Notify: geedd - C:\WINDOWS\system32\geedd.dll
backup-20070218-204556-460 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll
backup-20070218-204556-635 O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\jkaiadbl.dll (file missing)
backup-20070218-215322-296 O2 - BHO: (no name) - {2F24CE48-D8C6-41F6-B3BF-FE13161F6B54} - C:\WINDOWS\system32\geedd.dll (file missing)
backup-20070218-215322-337 O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\vslcupwt.dll
backup-20070218-215322-558 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll
backup-20070218-215322-608 O20 - Winlogon Notify: yayyxxy - C:\WINDOWS\SYSTEM32\yayyxxy.dll
backup-20070218-230651-114 O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll
backup-20070218-230651-344 O20 - Winlogon Notify: yayyxxy - yayyxxy.dll (file missing)
backup-20070218-230651-397 O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\nypfgqjy.dll
backup-20070218-230651-425 O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
backup-20070218-230651-719 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll (file missing)
backup-20070218-230651-939 O2 - BHO: (no name) - {1933891C-7BAC-44D5-950F-DB470F5A65C2} - C:\WINDOWS\system32\pmkjh.dll (file missing)
backup-20070219-210358-911 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
backup-20070219-234424-754 O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll (file missing)
-- File Associations
.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - AutoCADScriptFile - "C:\WINDOWS\system32\notepad.exe" "%1"
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
3 3xHybrid (3xHybrid service) - system32\DRIVERS\3xHybrid.sys
3 AdfuUd (%USB\VID_10D6&PID_1160.DeviceDesc%) - System32\Drivers\AdfuUd.sys
2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.0.1) - system32\DRIVERS\AegisP.sys
3 AgereSoftModem (Creatix V.92 Data Fax Modem) - system32\DRIVERS\AGRSM.sys
1 aiptektp (HyperPen) - system32\DRIVERS\aiptektp.sys
3 akshasp (Aladdin HASP Key) - system32\DRIVERS\akshasp.sys
3 aksusb (Aladdin USB Key) - system32\DRIVERS\aksusb.sys
3 Arp1394 (1394 ARP Client Protocol) - system32\DRIVERS\arp1394.sys
2 atksgt - system32\DRIVERS\atksgt.sys
3 CCDECODE (Closed Caption Decoder) - system32\DRIVERS\CCDECODE.sys
3 CMISTOR (CMIUCR.SYS CM220 Card Reader Driver) - system32\DRIVERS\cmiucr.SYS
2 driverpp (Plug and Play Support Driver) - \??\C:\WINDOWS\system32\Locales\driverpp.sys
3 FTDIBUS (USB Serial Converter Driver) - system32\drivers\ftdibus.sys
3 FTSER2K (USB Serial Port Driver) - system32\drivers\ftser2k.sys
2 Hardlock - \??\C:\WINDOWS\system32\drivers\hardlock.sys
2 Haspnt - \??\C:\WINDOWS\system32\drivers\Haspnt.sys
3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - system32\DRIVERS\HDAudBus.sys
3 HidUsb (Microsoft HID Class Driver) - system32\DRIVERS\hidusb.sys
3 HPZid412 (IEEE-1284.4 Driver HPZid412) - system32\DRIVERS\HPZid412.sys
3 HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - system32\DRIVERS\HPZipr12.sys
3 HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - system32\DRIVERS\HPZius12.sys
1 hwinterface - System32\Drivers\hwinterface.sys
3 Imx5123 - system32\drivers\Imx5123.sys
0 INO_FLPY - system32\Drivers\ino_flpy.sys
2 INO_FLTR - \??\C:\WINDOWS\system32\Drivers\ino_fltr.sys
3 IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - system32\drivers\RtkHDAud.sys
1 intelppm (Intel Processor Driver) - system32\DRIVERS\intelppm.sys
1 kbdhid (Keyboard HID Driver) - system32\DRIVERS\kbdhid.sys
2 lirsgt - system32\DRIVERS\lirsgt.sys
3 mouhid (Mouse HID Driver) - system32\DRIVERS\mouhid.sys
3 MPE (BDA MPE Filter) - system32\DRIVERS\MPE.sys
3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - system32\drivers\MSTEE.sys
3 NABTSFEC (NABTS/FEC VBI Codec) - system32\DRIVERS\NABTSFEC.sys
3 NdisIP (Microsoft TV/Video Connection) - system32\DRIVERS\NdisIP.sys
3 NIC1394 (1394 Net Driver) - system32\DRIVERS\nic1394.sys
3 nm (Network Monitor Driver) - system32\DRIVERS\NMnt.sys
3 Nokia USB Modem - system32\drivers\nmwcdcm.sys
3 Nokia USB Phone Parent - system32\drivers\nmwcd.sys
3 nv - system32\DRIVERS\nv4_mini.sys
0 ohci1394 (VIA OHCI Compliant IEEE 1394 Host Controller) - system32\DRIVERS\ohci1394.sys
2 Par1284 - \??\C:\Program Files\Flexi P-Cut Apprentice 7.5v5\Program\Par1284.sys
0 PCIIde - system32\DRIVERS\pciide.sys
1 prodrv06 (StarForce Protection Environment Driver v6) - \SystemRoot\System32\drivers\prodrv06.sys
0 prohlp02 (StarForce Protection Helper Driver v2) - System32\drivers\prohlp02.sys
0 prosync1 (StarForce Protection Synchronization Driver v1) - System32\drivers\prosync1.sys
0 PxHelp20 - System32\Drivers\PxHelp20.sys
3 RT2500USB (RT2500 USB Wireless LAN Driver) - system32\DRIVERS\rt2500usb.sys
3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - system32\DRIVERS\RTL8139.SYS
2 Sentinel - \SystemRoot\System32\Drivers\SENTINEL.SYS
0 sfhlp01 (StarForce Protection Helper Driver) - System32\drivers\sfhlp01.sys
3 SLIP (BDA Slip De-Framer) - system32\DRIVERS\SLIP.sys
0 sptd - System32\Drivers\sptd.sys
3 streamip (BDA IPSink) - system32\DRIVERS\StreamIP.sys
3 usbccgp (Microsoft USB Generic Parent Driver) - system32\DRIVERS\usbccgp.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - system32\DRIVERS\usbehci.sys
3 usbprint (Microsoft USB PRINTER Class) - system32\DRIVERS\usbprint.sys
3 usbscan (USB Scanner Driver) - system32\DRIVERS\usbscan.sys
3 usbstor (USB Mass Storage Driver) - system32\DRIVERS\USBSTOR.SYS
3 vaxscsi - \SystemRoot\System32\Drivers\vaxscsi.sys
3 wanatw (WAN Miniport (ATW)) - system32\DRIVERS\wanatw4.sys
3 WSTCODEC (World Standard Teletext Codec) - system32\DRIVERS\WSTCODEC.SYS
3 XUIF (X10 USB Wireless Transceiver) - System32\Drivers\x10ufx2.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
3 Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2 Autodata Limited License Service - "C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe"
2 Autodesk Licensing Service - "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe"
3 clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2 CLSched (CyberLink Task Scheduler (CTS)) - "C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe"
2 CyberLink Media Library Service - "C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe"
2 Fax - %systemroot%\system32\fxssvc.exe
3 IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
2 InoRPC (eTrust Antivirus RPC Server) - "C:\Program Files\CA\eTrust Antivirus\InoRpc.exe"
2 InoRT (eTrust Antivirus Realtime Server) - "C:\Program Files\CA\eTrust Antivirus\InoRT.exe"
2 InoTask (eTrust Antivirus Job Server) - "C:\Program Files\CA\eTrust Antivirus\InoTask.exe"
2 LexBceS (LexBce Server) - C:\WINDOWS\system32\LEXBCES.EXE
2 LightScribeService (LightScribeService Direct Disc Labeling Service) - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe"
2 NVSvc (NVIDIA Display Driver Service) - %SystemRoot%\system32\nvsvc32.exe
2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "C:\Program Files\CyberLink\Shared Files\RichVideo.exe"
3 sassvc (ProgramCheckerPro) - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
2 UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe
3 WmcCdsLs (Windows Media Connect (WMC) Helper) - C:\Program Files\Windows Media Connect\mswmcls.exe
3 x10nets (X10 Device Network Service) - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
-- Scheduled Tasks
2007-02-19 20:43:01 284 --a
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
-- Files created between 2007-01-20 and 2007-02-20
2007-02-18 20:48:14 4420 --a
C:\WINDOWS\system32\tmp.reg
2007-02-18 20:47:45 79360 --a
C:\WINDOWS\system32\swxcacls.exe<Unsigned: SteelWerX>
2007-02-18 20:47:45 40960 --a
C:\WINDOWS\system32\swsc.exe<Unsigned: n/a>
2007-02-18 20:47:45 135168 --a
C:\WINDOWS\system32\swreg.exe<Unsigned: SteelWerX>
2007-02-18 20:47:45 288417 --a
C:\WINDOWS\system32\SrchSTS.exe<Unsigned: S!Ri>
2007-02-18 20:47:45 53248 --a
C:\WINDOWS\system32\Process.exe<Unsigned: http://www.beyondlogic.org>
2007-02-18 20:47:45 51200 --a
C:\WINDOWS\system32\dumphive.exe<Unsigned: n/a>
2007-02-18 16:43:56 0 d
C:\WINDOWS\BDOSCAN8
2007-02-18 16:42:15 0 d
C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-02-18 03:48:53 0 d
C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-02-18 03:46:43 0 d
C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver<YOU'VE~1>
2007-02-18 03:46:43 0 d
C:\Documents and Settings\Administrator\Application Data\Real
2007-02-18 03:46:43 0 d
C:\Documents and Settings\Administrator\Application Data\CyberLink<CYBERL~1>
2007-02-18 03:46:43 0 d
C:\Documents and Settings\Administrator\Application Data\AOL
2007-02-18 03:46:43 0 d
C:\Documents and Settings\Administrator\Application Data\Adobe
2007-02-18 03:46:42 0 d---s---- C:\Documents and Settings\Administrator\UserData
2007-02-18 03:46:41 1572864 --ah
C:\Documents and Settings\Administrator\NTUSER.DAT
2007-02-18 03:42:15 0 d
C:\Avenger
2007-02-18 03:23:36 0 d
C:\!KillBox
2007-02-18 02:21:54 0 d
C:\VundoFix Backups<VUNDOF~1>
2007-02-18 00:11:47 0 d
C:\WINDOWS\system32\Locales
2007-02-17 22:14:17 0 d
C:\Documents and Settings\Micheal Donnellan\Application Data\Apple Computer<APPLEC~1>
2007-02-17 22:11:43 0 d
C:\Program Files\QuickTime<QUICKT~1>
2007-02-17 22:11:22 0 d
C:\Program Files\Apple Software Update<APPLES~1>
2007-02-17 22:11:11 0 d
C:\Documents and Settings\All Users\Application Data\Apple Computer<APPLEC~1>
2007-02-10 22:57:01 118520
n--- C:\WINDOWS\system32\pxinsi64.exe<Signed: Sonic Solutions>
2007-02-10 22:57:01 116472
n--- C:\WINDOWS\system32\pxcpyi64.exe<Signed: Sonic Solutions>
2007-02-10 22:57:01 129784
n--- C:\WINDOWS\system32\pxafs.dll<Signed: Sonic Solutions>
2007-02-10 22:57:01 36624
n--- C:\WINDOWS\system32\drivers\PxHelp20.sys<Unsigned: Sonic Solutions>
2007-02-10 22:57:01 2560
n--- C:\WINDOWS\system32\drivers\cdralw2k.sys<Unsigned: Sonic Solutions>
2007-02-10 22:57:01 2432
n--- C:\WINDOWS\system32\drivers\cdr4_xp.sys<Unsigned: Sonic Solutions>
2007-02-07 00:27:56 0 d
C:\Documents and Settings\All Users\Application Data\Trymedia
2007-02-07 00:26:55 0 d
C:\Program Files\Virtual Villagers<VIRTUA~1>
2007-02-07 00:26:55 0 d
C:\Program Files\BFG
2007-02-01 04:56:06 823296 --a
C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL><Unsigned: DivX, Inc.>
2007-02-01 04:56:05 802816 --a
C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL><Unsigned: DivX, Inc.>
2007-02-01 04:56:05 823296 --a
C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL><Unsigned: DivX, Inc.>
2007-02-01 04:56:04 639066 --a
C:\WINDOWS\system32\DivX.dll<Unsigned: DivX, Inc.>
2007-01-31 23:23:11 0 d
C:\Program Files\Common Files\NSV
2007-01-31 21:27:01 524288 --a
C:\WINDOWS\system32\DivXsm.exe<Unsigned: DivX Inc.>
2007-01-30 23:21:16 0 d
C:\Program Files\Kelloggs Horrible Science<KELLOG~2>
2007-01-30 23:15:10 118784 --a
C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE><Unsigned: DivX, Inc.>
2007-01-30 05:03:40 3596288 --a
C:\WINDOWS\system32\qt-dx331.dll<Unsigned: n/a>
2007-01-30 05:03:26 200704 --a
C:\WINDOWS\system32\ssldivx.dll<Unsigned: The OpenSSL Project, http://www.openssl.org/>
2007-01-30 05:03:26 1044480 --a
C:\WINDOWS\system32\libdivx.dll<Unsigned: The OpenSSL Project, http://www.openssl.org/>
2007-01-30 04:56:56 196608 --a
C:\WINDOWS\system32\dtu100.dll<Unsigned: DivX, Inc.>
2007-01-30 04:56:56 73728 --a
C:\WINDOWS\system32\dpl100.dll<Unsigned: DivX, Inc.>
2007-01-30 04:56:54 53248 --a
C:\WINDOWS\system32\dpuGUI10.dll<Unsigned: DivXNetworks>
2007-01-30 04:56:52 57344 --a
C:\WINDOWS\system32\dpv11.dll<Unsigned: DivXNetworks>
2007-01-30 04:56:52 344064 --a
C:\WINDOWS\system32\dpus11.dll<Unsigned: DivXNetworks>
2007-01-30 04:56:52 593920 --a
C:\WINDOWS\system32\dpuGUI11.dll<Unsigned: DivXNetworks>
2007-01-30 04:56:52 294912 --a
C:\WINDOWS\system32\dpu11.dll<Unsigned: DivXNetworks>
2007-01-30 04:56:52 294912 --a
C:\WINDOWS\system32\dpu10.dll<Unsigned: DivXNetworks>
2007-01-24 02:04:43 487424 -ra
C:\WINDOWS\system32\msvcp70.dll<Unsigned: Microsoft Corporation>
2007-01-23 21:36:20 0 d
C:\Program Files\MagicISO
-- Find3M Report
2007-02-20 00:04:21 0 d
C:\Program Files\Java
2007-02-18 18:57:31 0 d
C:\Program Files\Gothic III<GOTHIC~2>
2007-02-16 22:53:05 0 d
C:\Program Files\Paint Shop Pro 5<PAINTS~1>
2007-02-16 13:14:12 0 d
C:\Program Files\CA
2007-02-15 13:22:22 0 d
C:\Documents and Settings\Micheal Donnellan\Application Data\Adobe
2007-02-10 22:57:09 0 d
C:\Program Files\DivX
2007-02-07 02:13:11 0 d
C:\Documents and Settings\Micheal Donnellan\Application Data\uTorrent
2007-01-31 01:55:13 31952 --a
C:\Documents and Settings\Micheal Donnellan\Application Data\wklnhst.dat
2007-01-30 23:21:16 0 d--h
C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-27 17:13:51 123176 --a
C:\Documents and Settings\Micheal Donnellan\Application Data\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT>
2007-01-27 16:36:15 0 d
C:\Documents and Settings\Micheal Donnellan\Application Data\AdobeUM
2007-01-23 22:38:53 0 d
C:\Program Files\Common Files\Autodesk Shared<AUTODE~1>
2007-01-23 22:34:28 0 d
C:\Program Files\Autodesk
2007-01-03 20:02:37 0 d
C:\Program Files\Bethesda Softworks<BETHES~1>
2007-01-02 14:55:07 271360 --a
C:\WINDOWS\system32\drivers\atksgt.sys<Unsigned: n/a>
2007-01-02 14:55:06 18048 --a
C:\WINDOWS\system32\drivers\lirsgt.sys<Unsigned: n/a>
2007-01-02 14:21:15 0 d
C:\Program Files\Gothic III Demo<GOTHIC~1>
2007-01-02 14:20:57 0 d
C:\Program Files\Postal2STP<POSTAL~1>
2007-01-02 14:19:33 0 d
C:\Program Files\The Guild 2<THEGUI~1>
2007-01-01 04:56:12 0 d
C:\Program Files\Singular Inversions<SINGUL~1>
2007-01-01 04:06:22 3026 --a
C:\WINDOWS\system32\drivers\hwinterface.sys<HWINTE~1.SYS><Unsigned: Logix4u>
2006-12-23 22:07:12 0 d
C:\Documents and Settings\Micheal Donnellan\Application Data\Skype
2006-12-23 14:25:39 0 d---s---- C:\Documents and Settings\Micheal Donnellan\Application Data\Microsoft<MICROS~1>
2006-12-21 18:18:36 0 d
C:\Program Files\AoA Audio Extractor<AOAAUD~1>
2006-12-12 16:24:42 12288 --a
C:\WINDOWS\system32\DivXWMPExtType.dll<DIVXWM~1.DLL><Unsigned: n/a>
2006-11-28 17:50:25 832744 --a
C:\WINDOWS\dbplugin.exe<Signed: n/a>
-- Registry Dump
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Avro Keyboard"=""
"µTorrent"="\"C:\\Documents and Settings\\Micheal Donnellan\\My Documents\\My files\\Torrent go here\\utorrent\\utorrent.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"RTHDCPL"="RTHDCPL.EXE"
"CmUCRRun"="C:\\WINDOWS\\system32\\CmUCReye.exe"
"MedionVFD"="\"C:\\Program Files\\Medion Info Display\\MdionLCM.exe\""
"CHotkey"="mHotkey.exe"
"ledpointer"="CNYHKey.exe"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"AntivirusRegistration"="C:\\Program Files\\CA\\Etrust Antivirus\\Register.exe"
"RemoteControl"="\"C:\\Program Files\\Home Cinema\\PowerDVD\\PDVDServ.exe\""
"PCMService"="\"C:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe\""
"InstantOn"="\"C:\\Program Files\\CyberLink\\PowerCinema Linux\\ion_install.exe /c \""
"Pop-Up Stopper"="\"K:\\BACK UP PROGRAMS\\Panicware\\Pop-Up Stopper\\dpps2.exe\""
"zSPGuard"="k:\\back up programs\\pjw\\startpage guard\\spguard.exe /s "
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"PCSuiteTrayApplication"="K:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -onlytray"
"LXSUPMON"="C:\\WINDOWS\\system32\\LXSUPMON.EXE RUN"
"FinePrint Dispatcher v5"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\fpdisp5a.exe\" /source=HKLM"
"Realtime Monitor"="C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe -s"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"CTDrive"="rundll32.exe C:\\WINDOWS\\system32\\drvziw.dll,startup"
@=""
"lteptcg.dll"="C:\\WINDOWS\\system32\\rundll32.exe \"C:\\Documents and Settings\\Micheal Donnellan\\Local Settings\\Application Data\\lteptcg.dll\",qtokvvf"
"syswin"="C:\\WINDOWS\\system32\\v6.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{58FF7395-B48F-41CB-A20C-2FFA2A049EB2}"=""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"mslocales"="C:\\WINDOWS\\mslocales.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{F001827A-0BB7-6153-1007-050922050161}"="\"C:\\Program Files\\Common Files\\{F001827A-0BB7-6153-1007-050922050161}\\Update.exe\" mc-110-12-0000272"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
-- End of ComboScan: finished at 2007-02-20 at 17:48:35
will be gone most of night until about 11pm so probable talk to you again tommorow
Do once more that regfix.reg and be sure that there is not blanks.
Computer is in Normal Mode.
Successfully created restore point.
Performed disk cleanup.
-- HijackThis log (run as Micheal Donnellan.com)
Logfile of HijackThis v1.99.1
Scan saved at 00:42:51, on 21/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\Program Files\Medion Info Display\MdionLCM.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Documents and Settings\Micheal Donnellan\Desktop\comboscan.exe
C:\DOCUME~1\MICHEA~1\LOCALS~1\Temp\~zvdldsj.tmp\Micheal Donnellan.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [Pop-Up Stopper] "K:\BACK UP PROGRAMS\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [zSPGuard] k:\back up programs\pjw\startpage guard\spguard.exe /s
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] K:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Micheal Donnellan\My Documents\My files\Torrent go here\utorrent\utorrent.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - K:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - K:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - k:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129745320171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144105818984
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
-- HijackThis Fixed Entries (C:\Documents and Settings\Micheal Donnellan\My Documents\Downloads\HiJackthis\backups\)
backup-20061027-205325-516 O17 - HKLM\System\CCS\Services\Tcpip\..\{191376B3-78AC-418B-89C2-C8A37F40C62F}: NameServer = 213.94.190.194 213.94.190.236
backup-20061027-205455-590 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
backup-20061027-205455-663 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
backup-20061027-205705-696 O20 - Winlogon Notify: winzwr32 - C:\WINDOWS\SYSTEM32\winzwr32.dll
backup-20061027-211413-564 O4 - HKLM\..\Run: [jesmwni.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\jesmwni.dll,nubufhc
backup-20061027-213826-312 O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvrow.dll,startup
backup-20070218-011552-981 O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
backup-20070218-013912-157 O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
backup-20070218-013912-706 O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.reservoirfilms.com/codecs/nsvplayx_vp6_mp3.cab
backup-20070218-013912-762 O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
backup-20070218-013912-982 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
backup-20070218-031938-398 O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
backup-20070218-131747-412 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll
backup-20070218-131747-807 O20 - Winlogon Notify: yayyxxy - C:\WINDOWS\SYSTEM32\yayyxxy.dll
backup-20070218-131801-803 O20 - Winlogon Notify: yayyxxy - C:\WINDOWS\SYSTEM32\yayyxxy.dll
backup-20070218-131801-918 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll
backup-20070218-132236-303 O20 - Winlogon Notify: yayyxxy - C:\WINDOWS\SYSTEM32\yayyxxy.dll
backup-20070218-132236-496 O20 - Winlogon Notify: mllmj - C:\WINDOWS\system32\mllmj.dll
backup-20070218-132236-628 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll
backup-20070218-132236-827 O2 - BHO: (no name) - {AC2A6B86-76B8-4AAD-9DDF-9C9187D9B0B8} - C:\WINDOWS\system32\mllmj.dll
backup-20070218-204556-145 O20 - Winlogon Notify: yayyxxy - C:\WINDOWS\SYSTEM32\yayyxxy.dll
backup-20070218-204556-240 O2 - BHO: (no name) - {AC2A6B86-76B8-4AAD-9DDF-9C9187D9B0B8} - C:\WINDOWS\system32\mllmj.dll (file missing)
backup-20070218-204556-261 O2 - BHO: (no name) - {2F24CE48-D8C6-41F6-B3BF-FE13161F6B54} - C:\WINDOWS\system32\geedd.dll
backup-20070218-204556-450 O20 - Winlogon Notify: geedd - C:\WINDOWS\system32\geedd.dll
backup-20070218-204556-460 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll
backup-20070218-204556-635 O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\jkaiadbl.dll (file missing)
backup-20070218-215322-296 O2 - BHO: (no name) - {2F24CE48-D8C6-41F6-B3BF-FE13161F6B54} - C:\WINDOWS\system32\geedd.dll (file missing)
backup-20070218-215322-337 O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\vslcupwt.dll
backup-20070218-215322-558 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll
backup-20070218-215322-608 O20 - Winlogon Notify: yayyxxy - C:\WINDOWS\SYSTEM32\yayyxxy.dll
backup-20070218-230651-114 O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll
backup-20070218-230651-344 O20 - Winlogon Notify: yayyxxy - yayyxxy.dll (file missing)
backup-20070218-230651-397 O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\nypfgqjy.dll
backup-20070218-230651-425 O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
backup-20070218-230651-719 O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\yayyxxy.dll (file missing)
backup-20070218-230651-939 O2 - BHO: (no name) - {1933891C-7BAC-44D5-950F-DB470F5A65C2} - C:\WINDOWS\system32\pmkjh.dll (file missing)
backup-20070219-210358-911 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
backup-20070219-234424-754 O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll (file missing)
-- File Associations
.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - AutoCADScriptFile - "C:\WINDOWS\system32\notepad.exe" "%1"
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
3 3xHybrid (3xHybrid service) - system32\DRIVERS\3xHybrid.sys
3 AdfuUd (%USB\VID_10D6&PID_1160.DeviceDesc%) - System32\Drivers\AdfuUd.sys
2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.0.1) - system32\DRIVERS\AegisP.sys
3 AgereSoftModem (Creatix V.92 Data Fax Modem) - system32\DRIVERS\AGRSM.sys
1 aiptektp (HyperPen) - system32\DRIVERS\aiptektp.sys
3 akshasp (Aladdin HASP Key) - system32\DRIVERS\akshasp.sys
3 aksusb (Aladdin USB Key) - system32\DRIVERS\aksusb.sys
3 Arp1394 (1394 ARP Client Protocol) - system32\DRIVERS\arp1394.sys
2 atksgt - system32\DRIVERS\atksgt.sys
3 CCDECODE (Closed Caption Decoder) - system32\DRIVERS\CCDECODE.sys
3 CMISTOR (CMIUCR.SYS CM220 Card Reader Driver) - system32\DRIVERS\cmiucr.SYS
2 driverpp (Plug and Play Support Driver) - \??\C:\WINDOWS\system32\Locales\driverpp.sys
3 FTDIBUS (USB Serial Converter Driver) - system32\drivers\ftdibus.sys
3 FTSER2K (USB Serial Port Driver) - system32\drivers\ftser2k.sys
2 Hardlock - \??\C:\WINDOWS\system32\drivers\hardlock.sys
2 Haspnt - \??\C:\WINDOWS\system32\drivers\Haspnt.sys
3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - system32\DRIVERS\HDAudBus.sys
3 HidUsb (Microsoft HID Class Driver) - system32\DRIVERS\hidusb.sys
3 HPZid412 (IEEE-1284.4 Driver HPZid412) - system32\DRIVERS\HPZid412.sys
3 HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - system32\DRIVERS\HPZipr12.sys
3 HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - system32\DRIVERS\HPZius12.sys
1 hwinterface - System32\Drivers\hwinterface.sys
3 Imx5123 - system32\drivers\Imx5123.sys
0 INO_FLPY - system32\Drivers\ino_flpy.sys
2 INO_FLTR - \??\C:\WINDOWS\system32\Drivers\ino_fltr.sys
3 IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - system32\drivers\RtkHDAud.sys
1 intelppm (Intel Processor Driver) - system32\DRIVERS\intelppm.sys
1 kbdhid (Keyboard HID Driver) - system32\DRIVERS\kbdhid.sys
2 lirsgt - system32\DRIVERS\lirsgt.sys
3 mouhid (Mouse HID Driver) - system32\DRIVERS\mouhid.sys
3 MPE (BDA MPE Filter) - system32\DRIVERS\MPE.sys
3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - system32\drivers\MSTEE.sys
3 NABTSFEC (NABTS/FEC VBI Codec) - system32\DRIVERS\NABTSFEC.sys
3 NdisIP (Microsoft TV/Video Connection) - system32\DRIVERS\NdisIP.sys
3 NIC1394 (1394 Net Driver) - system32\DRIVERS\nic1394.sys
3 nm (Network Monitor Driver) - system32\DRIVERS\NMnt.sys
3 Nokia USB Modem - system32\drivers\nmwcdcm.sys
3 Nokia USB Phone Parent - system32\drivers\nmwcd.sys
3 nv - system32\DRIVERS\nv4_mini.sys
0 ohci1394 (VIA OHCI Compliant IEEE 1394 Host Controller) - system32\DRIVERS\ohci1394.sys
2 Par1284 - \??\C:\Program Files\Flexi P-Cut Apprentice 7.5v5\Program\Par1284.sys
0 PCIIde - system32\DRIVERS\pciide.sys
1 prodrv06 (StarForce Protection Environment Driver v6) - \SystemRoot\System32\drivers\prodrv06.sys
0 prohlp02 (StarForce Protection Helper Driver v2) - System32\drivers\prohlp02.sys
0 prosync1 (StarForce Protection Synchronization Driver v1) - System32\drivers\prosync1.sys
0 PxHelp20 - System32\Drivers\PxHelp20.sys
3 RT2500USB (RT2500 USB Wireless LAN Driver) - system32\DRIVERS\rt2500usb.sys
3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - system32\DRIVERS\RTL8139.SYS
2 Sentinel - \SystemRoot\System32\Drivers\SENTINEL.SYS
0 sfhlp01 (StarForce Protection Helper Driver) - System32\drivers\sfhlp01.sys
3 SLIP (BDA Slip De-Framer) - system32\DRIVERS\SLIP.sys
0 sptd - System32\Drivers\sptd.sys
3 streamip (BDA IPSink) - system32\DRIVERS\StreamIP.sys
3 usbccgp (Microsoft USB Generic Parent Driver) - system32\DRIVERS\usbccgp.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - system32\DRIVERS\usbehci.sys
3 usbprint (Microsoft USB PRINTER Class) - system32\DRIVERS\usbprint.sys
3 usbscan (USB Scanner Driver) - system32\DRIVERS\usbscan.sys
3 usbstor (USB Mass Storage Driver) - system32\DRIVERS\USBSTOR.SYS
3 vaxscsi - \SystemRoot\System32\Drivers\vaxscsi.sys
3 wanatw (WAN Miniport (ATW)) - system32\DRIVERS\wanatw4.sys
3 WSTCODEC (World Standard Teletext Codec) - system32\DRIVERS\WSTCODEC.SYS
3 XUIF (X10 USB Wireless Transceiver) - System32\Drivers\x10ufx2.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
3 Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2 Autodata Limited License Service - "C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe"
2 Autodesk Licensing Service - "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe"
3 clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2 CLSched (CyberLink Task Scheduler (CTS)) - "C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe"
2 CyberLink Media Library Service - "C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe"
2 Fax - %systemroot%\system32\fxssvc.exe
3 IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
2 InoRPC (eTrust Antivirus RPC Server) - "C:\Program Files\CA\eTrust Antivirus\InoRpc.exe"
2 InoRT (eTrust Antivirus Realtime Server) - "C:\Program Files\CA\eTrust Antivirus\InoRT.exe"
2 InoTask (eTrust Antivirus Job Server) - "C:\Program Files\CA\eTrust Antivirus\InoTask.exe"
2 LexBceS (LexBce Server) - C:\WINDOWS\system32\LEXBCES.EXE
2 LightScribeService (LightScribeService Direct Disc Labeling Service) - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe"
2 NVSvc (NVIDIA Display Driver Service) - %SystemRoot%\system32\nvsvc32.exe
2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "C:\Program Files\CyberLink\Shared Files\RichVideo.exe"
3 sassvc (ProgramCheckerPro) - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
2 UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe
3 WmcCdsLs (Windows Media Connect (WMC) Helper) - C:\Program Files\Windows Media Connect\mswmcls.exe
3 x10nets (X10 Device Network Service) - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
-- Scheduled Tasks
2007-02-19 20:43:01 284 --a
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
-- Files created between 2007-01-21 and 2007-02-21
2007-02-18 20:48:14 4420 --a
C:\WINDOWS\system32\tmp.reg
2007-02-18 20:47:45 79360 --a
C:\WINDOWS\system32\swxcacls.exe<Unsigned: SteelWerX>
2007-02-18 20:47:45 40960 --a
C:\WINDOWS\system32\swsc.exe<Unsigned: n/a>
2007-02-18 20:47:45 135168 --a
C:\WINDOWS\system32\swreg.exe<Unsigned: SteelWerX>
2007-02-18 20:47:45 288417 --a
C:\WINDOWS\system32\SrchSTS.exe<Unsigned: S!Ri>
2007-02-18 20:47:45 53248 --a
C:\WINDOWS\system32\Process.exe<Unsigned: http://www.beyondlogic.org>
2007-02-18 20:47:45 51200 --a
C:\WINDOWS\system32\dumphive.exe<Unsigned: n/a>
2007-02-18 16:43:56 0 d
C:\WINDOWS\BDOSCAN8
2007-02-18 16:42:15 0 d
C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-02-18 03:48:53 0 d
C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-02-18 03:46:43 0 d
C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver<YOU'VE~1>
2007-02-18 03:46:43 0 d
C:\Documents and Settings\Administrator\Application Data\Real
2007-02-18 03:46:43 0 d
C:\Documents and Settings\Administrator\Application Data\CyberLink<CYBERL~1>
2007-02-18 03:46:43 0 d
C:\Documents and Settings\Administrator\Application Data\AOL
2007-02-18 03:46:43 0 d
C:\Documents and Settings\Administrator\Application Data\Adobe
2007-02-18 03:46:42 0 d---s---- C:\Documents and Settings\Administrator\UserData
2007-02-18 03:46:41 1572864 --ah
C:\Documents and Settings\Administrator\NTUSER.DAT
2007-02-18 03:42:15 0 d
C:\Avenger
2007-02-18 03:23:36 0 d
C:\!KillBox
2007-02-18 02:21:54 0 d
C:\VundoFix Backups<VUNDOF~1>
2007-02-18 00:11:47 0 d
C:\WINDOWS\system32\Locales
2007-02-17 22:14:17 0 d
C:\Documents and Settings\Micheal Donnellan\Application Data\Apple Computer<APPLEC~1>
2007-02-17 22:11:43 0 d
C:\Program Files\QuickTime<QUICKT~1>
2007-02-17 22:11:22 0 d
C:\Program Files\Apple Software Update<APPLES~1>
2007-02-17 22:11:11 0 d
C:\Documents and Settings\All Users\Application Data\Apple Computer<APPLEC~1>
2007-02-10 22:57:01 118520
n--- C:\WINDOWS\system32\pxinsi64.exe<Signed: Sonic Solutions>
2007-02-10 22:57:01 116472
n--- C:\WINDOWS\system32\pxcpyi64.exe<Signed: Sonic Solutions>
2007-02-10 22:57:01 129784
n--- C:\WINDOWS\system32\pxafs.dll<Signed: Sonic Solutions>
2007-02-10 22:57:01 36624
n--- C:\WINDOWS\system32\drivers\PxHelp20.sys<Unsigned: Sonic Solutions>
2007-02-10 22:57:01 2560
n--- C:\WINDOWS\system32\drivers\cdralw2k.sys<Unsigned: Sonic Solutions>
2007-02-10 22:57:01 2432
n--- C:\WINDOWS\system32\drivers\cdr4_xp.sys<Unsigned: Sonic Solutions>
2007-02-07 00:27:56 0 d
C:\Documents and Settings\All Users\Application Data\Trymedia
2007-02-07 00:26:55 0 d
C:\Program Files\Virtual Villagers<VIRTUA~1>
2007-02-07 00:26:55 0 d
C:\Program Files\BFG
2007-02-01 04:56:06 823296 --a
C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL><Unsigned: DivX, Inc.>
2007-02-01 04:56:05 802816 --a
C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL><Unsigned: DivX, Inc.>
2007-02-01 04:56:05 823296 --a
C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL><Unsigned: DivX, Inc.>
2007-02-01 04:56:04 639066 --a
C:\WINDOWS\system32\DivX.dll<Unsigned: DivX, Inc.>
2007-01-31 23:23:11 0 d
C:\Program Files\Common Files\NSV
2007-01-31 21:27:01 524288 --a
C:\WINDOWS\system32\DivXsm.exe<Unsigned: DivX Inc.>
2007-01-30 23:21:16 0 d
C:\Program Files\Kelloggs Horrible Science<KELLOG~2>
2007-01-30 23:15:10 118784 --a
C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE><Unsigned: DivX, Inc.>
2007-01-30 05:03:40 3596288 --a
C:\WINDOWS\system32\qt-dx331.dll<Unsigned: n/a>
2007-01-30 05:03:26 200704 --a
C:\WINDOWS\system32\ssldivx.dll<Unsigned: The OpenSSL Project, http://www.openssl.org/>
2007-01-30 05:03:26 1044480 --a
C:\WINDOWS\system32\libdivx.dll<Unsigned: The OpenSSL Project, http://www.openssl.org/>
2007-01-30 04:56:56 196608 --a
C:\WINDOWS\system32\dtu100.dll<Unsigned: DivX, Inc.>
2007-01-30 04:56:56 73728 --a
C:\WINDOWS\system32\dpl100.dll<Unsigned: DivX, Inc.>
2007-01-30 04:56:54 53248 --a
C:\WINDOWS\system32\dpuGUI10.dll<Unsigned: DivXNetworks>
2007-01-30 04:56:52 57344 --a
C:\WINDOWS\system32\dpv11.dll<Unsigned: DivXNetworks>
2007-01-30 04:56:52 344064 --a
C:\WINDOWS\system32\dpus11.dll<Unsigned: DivXNetworks>
2007-01-30 04:56:52 593920 --a
C:\WINDOWS\system32\dpuGUI11.dll<Unsigned: DivXNetworks>
2007-01-30 04:56:52 294912 --a
C:\WINDOWS\system32\dpu11.dll<Unsigned: DivXNetworks>
2007-01-30 04:56:52 294912 --a
C:\WINDOWS\system32\dpu10.dll<Unsigned: DivXNetworks>
2007-01-24 02:04:43 487424 -ra
C:\WINDOWS\system32\msvcp70.dll<Unsigned: Microsoft Corporation>
2007-01-23 21:36:20 0 d
C:\Program Files\MagicISO
-- Find3M Report
2007-02-20 20:36:17 0 d
C:\Program Files\Paint Shop Pro 5<PAINTS~1>
2007-02-20 00:04:21 0 d
C:\Program Files\Java
2007-02-18 18:57:31 0 d
C:\Program Files\Gothic III<GOTHIC~2>
2007-02-16 13:14:12 0 d
C:\Program Files\CA
2007-02-15 13:22:22 0 d
C:\Documents and Settings\Micheal Donnellan\Application Data\Adobe
2007-02-10 22:57:09 0 d
C:\Program Files\DivX
2007-02-07 02:13:11 0 d
C:\Documents and Settings\Micheal Donnellan\Application Data\uTorrent
2007-01-31 01:55:13 31952 --a
C:\Documents and Settings\Micheal Donnellan\Application Data\wklnhst.dat
2007-01-30 23:21:16 0 d--h
C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-27 17:13:51 123176 --a
C:\Documents and Settings\Micheal Donnellan\Application Data\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT>
2007-01-27 16:36:15 0 d
C:\Documents and Settings\Micheal Donnellan\Application Data\AdobeUM
2007-01-23 22:38:53 0 d
C:\Program Files\Common Files\Autodesk Shared<AUTODE~1>
2007-01-23 22:34:28 0 d
C:\Program Files\Autodesk
2007-01-03 20:02:37 0 d
C:\Program Files\Bethesda Softworks<BETHES~1>
2007-01-02 14:55:07 271360 --a
C:\WINDOWS\system32\drivers\atksgt.sys<Unsigned: n/a>
2007-01-02 14:55:06 18048 --a
C:\WINDOWS\system32\drivers\lirsgt.sys<Unsigned: n/a>
2007-01-02 14:21:15 0 d
C:\Program Files\Gothic III Demo<GOTHIC~1>
2007-01-02 14:20:57 0 d
C:\Program Files\Postal2STP<POSTAL~1>
2007-01-02 14:19:33 0 d
C:\Program Files\The Guild 2<THEGUI~1>
2007-01-01 04:56:12 0 d
C:\Program Files\Singular Inversions<SINGUL~1>
2007-01-01 04:06:22 3026 --a
C:\WINDOWS\system32\drivers\hwinterface.sys<HWINTE~1.SYS><Unsigned: Logix4u>
2006-12-23 22:07:12 0 d
C:\Documents and Settings\Micheal Donnellan\Application Data\Skype
2006-12-23 14:25:39 0 d---s---- C:\Documents and Settings\Micheal Donnellan\Application Data\Microsoft<MICROS~1>
2006-12-21 18:18:36 0 d
C:\Program Files\AoA Audio Extractor<AOAAUD~1>
2006-12-12 16:24:42 12288 --a
C:\WINDOWS\system32\DivXWMPExtType.dll<DIVXWM~1.DLL><Unsigned: n/a>
2006-11-28 17:50:25 832744 --a
C:\WINDOWS\dbplugin.exe<Signed: n/a>
-- Registry Dump
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Avro Keyboard"=""
"µTorrent"="\"C:\\Documents and Settings\\Micheal Donnellan\\My Documents\\My files\\Torrent go here\\utorrent\\utorrent.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"RTHDCPL"="RTHDCPL.EXE"
"CmUCRRun"="C:\\WINDOWS\\system32\\CmUCReye.exe"
"MedionVFD"="\"C:\\Program Files\\Medion Info Display\\MdionLCM.exe\""
"CHotkey"="mHotkey.exe"
"ledpointer"="CNYHKey.exe"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"AntivirusRegistration"="C:\\Program Files\\CA\\Etrust Antivirus\\Register.exe"
"RemoteControl"="\"C:\\Program Files\\Home Cinema\\PowerDVD\\PDVDServ.exe\""
"PCMService"="\"C:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe\""
"InstantOn"="\"C:\\Program Files\\CyberLink\\PowerCinema Linux\\ion_install.exe /c \""
"Pop-Up Stopper"="\"K:\\BACK UP PROGRAMS\\Panicware\\Pop-Up Stopper\\dpps2.exe\""
"zSPGuard"="k:\\back up programs\\pjw\\startpage guard\\spguard.exe /s "
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"PCSuiteTrayApplication"="K:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -onlytray"
"LXSUPMON"="C:\\WINDOWS\\system32\\LXSUPMON.EXE RUN"
"FinePrint Dispatcher v5"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\fpdisp5a.exe\" /source=HKLM"
"Realtime Monitor"="C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe -s"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{58FF7395-B48F-41CB-A20C-2FFA2A049EB2}"=""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
-- End of ComboScan: finished at 2007-02-21 at 00:43:23
Did doing any of this mess with email passwords. As computer is asking for all passwords again instead of just logging in.
How ever, I dont see any firewall in your comp ?
Please install one.
Free Firewalls
HERE is help to understand what firewalls do.
Is the windows own Firewall no good??
This topic is now closed. If you wish it reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.
If you are not the user who started this thread, you must start a new Thread instead
Would you also be interested to join Short-Media (Team #93) with the Folding@Home Project? More information available here