PC Help Forum - Free Computer Help, Windows, Hardware, Software and more!
   
 
Become a Member Today!
Search PC Help Forum for Answers
 
Go Back   PC Help Forum - Free Computer Help, Windows, Hardware, Software and more! > Security & Safety > Spyware / AdWare > [Fixed] Hijackthis! Logs
Reload this Page [Fixed] Mega Ultra problem with my computer. Hijackthis log inside.
[Fixed] Hijackthis! Logs - [Fixed] Mega Ultra problem with my computer. Hijackthis log inside. posted in the Spyware / AdWare forums; also, along the kaspersky report, please post a fresh (after kasperksy) hjt log. Thanks, bikkit. v...

REGISTER NOW to remove these Ads

Reply
Page 2 of 3 < 1 2 3 >
 
LinkBack Thread Tools Display Modes Language
  #16  
Old 4 Weeks Ago
valis's Avatar
Senior Security Analyst
My PC
 
Posts: 2,480
Location: texas, USA
valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page
Default Re: Mega Ultra problem with my computer. Hijackthis log inside.
also, along the kaspersky report, please post a fresh (after kasperksy) hjt log.

Thanks, bikkit.

v

__________________

M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #17  
Old 4 Weeks Ago
Bikkit's Avatar
Bronze Member
My PC
 
Posts: 40
PC Experience: Still learning ^_^
Location: England
Bikkit - See this Members User comments on their Profile page
Send a message via MSN to Bikkit
Default Re: Mega Ultra problem with my computer. Hijackthis log inside.
qoMfCSLd.dll is being held on by lsass.exe and it wont let go. When I click unlock it keeps coming back up with one handle left. Do I kill the process? I just want to be absolutely sure before I do anything potentially dangerous.

Also, I think I have already deleted the pmnkIAss.dll. It came up in the panda scan so I deleted it and that's when the error came up. The error stopped after I fixed it in the log.

Last edited by Bikkit : 4 Weeks Ago at 09:19 PM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #18  
Old 4 Weeks Ago
Pancake's Avatar
Senior Security Analyst
  
Posts: 1,622
PC Experience: Elite PC Guru
Location: Victoria, Australia
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Mega Ultra problem with my computer. Hijackthis log inside.
Run ComboFix using these instructions:
Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /killall
When finished, it shall produce a log for you. Post that log in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

__________________
  • An Australian Member of
  • and
My real name is Eddy
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #19  
Old 4 Weeks Ago
Bikkit's Avatar
Bronze Member
My PC
 
Posts: 40
PC Experience: Still learning ^_^
Location: England
Bikkit - See this Members User comments on their Profile page
Send a message via MSN to Bikkit
Default Re: Mega Ultra problem with my computer. Hijackthis log inside.
Tried it.. didn't work.

Combofix just doesn't work for me. It gets to the "Preparing to run" screen and just stops. I let it be for an hour and the only thing that happened was it knocked out my internet connection. I had to restart the computer to get it back.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #20  
Old 3 Weeks Ago
Pancake's Avatar
Senior Security Analyst
  
Posts: 1,622
PC Experience: Elite PC Guru
Location: Victoria, Australia
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Mega Ultra problem with my computer. Hijackthis log inside.
Ok.Go with this..


First off please download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt to here.
Please attach extra.txt to your post.
To attach a file to a new post, simply Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:
C:\Deckard\System Scanner\extra.txt
Click Upload.
What DSS will do:
Create a new System Restore point in Windows XP and Vista.
Clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
Check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Comments on this post
valis agrees: thanks, man
__________________
  • An Australian Member of
  • and
My real name is Eddy
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #21  
Old 3 Weeks Ago
Bikkit's Avatar
Bronze Member
My PC
 
Posts: 40
PC Experience: Still learning ^_^
Location: England
Bikkit - See this Members User comments on their Profile page
Send a message via MSN to Bikkit
Default Re: Mega Ultra problem with my computer. Hijackthis log inside.
If you had read this as it was before, I found the extra.txt. I'll post it in a new post because I can't edit it in.

Here is the main.

Deckard's System Scanner v20071014.68
Run by Bikkit on 2008-04-19 01:57:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Bikkit.exe) ----------------------------------------------

logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-19 01:58:31
Platform: Windows Vista Service Pack 1 (6.00.6001)
MSIE: Internet Explorer (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Belkin Office Keyboard\MOffice.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Belkin Office Keyboard\KBDAP32A.EXE
C:\Program Files\Belkin Office Keyboard\mouse32a.dat
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\System32\conime.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\System32\SearchFilterHost.exe
C:\Users\Bikkit\Desktop\dss.exe
C:\Program Files\Trend Micro\HijackThis\Bikkit.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Live Search
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {77EDFF05-A716-49DE-BE7A-98BDD6CDDB50} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: (no name) - {ADD40FBC-D470-463D-AF5E-E706FF80147D} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D2B5DE28-32B8-40F0-A8A6-DC7AE56E583B} - (no file)
O2 - BHO: (no name) - {F8AB5FBE-0E4C-4DF1-A897-84AED39E3B29} - C:\Windows\system32\qoMfCSLd.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Belkin Office Keyboard\moffice.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Belkin Office Keyboard\kbdap32a.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T\wlan111t.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.9.0.1407.1107.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.9.0.1407.1107.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\Windows\System32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe


--
End of file - 11796 bytes

-- Files created between 2008-03-19 and 2008-04-19 -----------------------------

2008-04-19 00:42:53 0 d-------- C:\327882R2FWJFW
2008-04-18 22:13:19 0 d-------- C:\Program Files\NovaTech Network
2008-04-18 20:31:06 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-04-18 20:31:05 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-04-18 14:11:41 0 d-------- C:\VundoFix Backups
2008-04-17 20:58:03 4096 --a------ C:\Windows\system32taack.dat
2008-04-17 20:58:03 4096 --a------ C:\Windows\system32ssvchost.com
2008-04-17 20:58:03 4096 --a------ C:\Windows\system32hxiwlgpm.dat
2008-04-17 20:58:03 4096 --a------ C:\Windows\system32bdn.com
2008-04-17 20:32:09 53248 --a------ C:\Windows\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-17 20:29:54 68096 --a------ C:\Windows\zip.exe
2008-04-17 20:29:54 49152 --a------ C:\Windows\VFind.exe
2008-04-17 20:29:54 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-17 20:29:54 98816 --a------ C:\Windows\sed.exe
2008-04-17 20:29:54 80412 --a------ C:\Windows\grep.exe
2008-04-17 20:29:54 73728 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-17 20:29:53 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-17 20:29:53 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-17 14:23:11 0 d-------- C:\Program Files\SpywareBlaster
2008-04-17 14:21:43 0 d-------- C:\ie-spyad_zo
2008-04-17 04:37:33 25600 --a------ C:\Windows\system32\WS2Fix.exe
2008-04-17 04:37:33 289144 --a------ C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-17 04:37:33 86528 --a------ C:\Windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-17 04:37:33 288417 --a------ C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-17 04:37:33 53248 --a------ C:\Windows\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-17 04:37:33 82432 --a------ C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-17 04:37:33 51200 --a------ C:\Windows\system32\dumphive.exe
2008-04-17 01:19:26 0 d-------- C:\Program Files\Panda Security
2008-04-16 23:47:57 2814 --a------ C:\Windows\system32\tmp.reg
2008-04-16 22:49:06 0 d-------- C:\Users\All Users\Grisoft
2008-04-16 21:32:02 0 d-------- C:\Program Files\Trend Micro
2008-04-16 21:02:32 164037 --ahs---- C:\Windows\system32\dLSCfMoq.ini2
2008-04-16 20:54:56 81920 --a------ C:\Windows\rtqmekwg.exe
2008-04-16 20:54:56 155648 --a------ C:\Windows\qtvglped.dll
2008-04-16 20:54:56 172032 --a------ C:\Windows\pmsoarbf.dll
2008-04-16 20:54:56 94208 --a------ C:\Windows\npqtsrak.exe
2008-04-16 20:54:51 0 d-------- C:\Users\All Users\oduheryb
2008-04-16 14:53:27 0 d-------- C:\Program Files\TmNationsForever
2008-04-15 02:07:57 0 d-------- C:\Windows\PCHEALTH
2008-04-14 15:14:57 20480 --a------ C:\Windows\system32\drivers\DNISP50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); >
2008-04-14 15:14:57 21504 --a------ C:\Windows\system32\drivers\DNIMP50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); >
2008-04-14 14:58:47 110602 --a------ C:\Windows\system32\xcdsfx32.bin
2008-04-14 14:53:43 53248 --a------ C:\Windows\system32\CSVer.dll <Not Verified; Windows XP Bundled build C-Centric Single User; Windows XP Bundled build C-Centric Single User CSVer>
2008-04-14 14:52:41 0 d-------- C:\Users\All Users\SymplisIT
2008-04-14 14:50:30 66 --a------ C:\Windows\vmreg32.dll
2008-04-14 14:50:02 0 d-------- C:\Program Files\SymplisIT
2008-04-14 14:36:30 0 d-------- C:\Program Files\RadarSync Ltd
2008-04-12 13:09:24 0 d-------- C:\Program Files\Lionhead Studios Ltd
2008-04-12 12:44:58 0 d-------- C:\Program Files\Power Tab Software
2008-04-11 14:19:44 0 d-------- C:\Users\All Users\InstallShield
2008-04-11 14:13:11 0 d-------- C:\Program Files\GALA-NET
2008-04-10 23:24:19 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-04-10 22:46:08 0 d-------- C:\Users\All Users\Xfire
2008-04-10 22:46:07 0 d-------- C:\Program Files\Xfire
2008-04-09 21:21:27 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-08 14:19:45 0 d-------- C:\Windows\system32\QuickTime
2008-04-08 14:19:17 0 d-------- C:\Program Files\Common Files\TechSmith Shared
2008-04-07 00:16:39 0 d-------- C:\Program Files\BestGameEver
2008-04-06 22:55:21 0 d-------- C:\Users\All Users\SongbirdVLC
2008-04-06 22:55:09 0 d-------- C:\Program Files\Songbird
2008-04-06 12:35:30 0 d-------- C:\Program Files\Phun
2008-04-05 13:19:38 1111 --a------ C:\Users\Bikkit\_viminfo
2008-04-05 13:17:57 0 d-------- C:\Vim
2008-04-03 16:31:23 0 d-------- C:\Program Files\SystemRequirementsLab
2008-04-02 17:41:36 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-03-31 22:25:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 22:25:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 22:25:46 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 22:25:46 831488 --a------ C:\Windows\system32\divx_xx0a.dll
2008-03-31 22:25:46 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-29 16:13:41 0 d-------- C:\Users\Bikkit\Tracing
2008-03-23 18:12:51 0 d-------- C:\Users\All Users\ALM
2008-03-23 01:20:02 0 d-------- C:\Program Files\PowerISO
2008-03-22 23:06:29 2560 --a------ C:\Windows\_MSRSTRT.EXE
2008-03-22 21:47:12 0 d-------- C:\Users\All Users\Stardock
2008-03-22 21:47:07 0 d-------- C:\Program Files\Stardock
2008-03-22 15:39:53 0 d-------- C:\Program Files\Musicnotes
2008-03-21 21:30:08 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-03-21 21:28:54 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 21:28:54 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 21:28:20 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2008-03-20 20:56:03 0 d-------- C:\PerfLogs
2008-03-20 20:13:50 0 d-------- C:\f17f7959e569d62f1817


-- Find3M Report ---------------------------------------------------------------

2008-04-19 01:56:26 0 d-------- C:\Users\Bikkit\AppData\Roaming\uTorrent
2008-04-19 01:26:11 398778 --a------ C:\Windows\system32\perfh011.dat
2008-04-19 01:26:11 110928 --a------ C:\Windows\system32\perfc011.dat
2008-04-19 01:21:32 0 d-------- C:\Program Files\Steam
2008-04-18 20:36:29 0 d-------- C:\Users\Bikkit\AppData\Roaming\Desktopicon
2008-04-17 17:26:54 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
2008-04-17 04:38:11 35 --a------ C:\Users\Bikkit\AppData\Roaming\SetValue.bat
2008-04-17 04:38:11 691 --a------ C:\Users\Bikkit\AppData\Roaming\GetValue.vbs
2008-04-17 01:19:27 3763 --a------ C:\Windows\mozver.dat
2008-04-16 22:50:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-16 22:49:21 0 d-------- C:\Users\Bikkit\AppData\Roaming\Grisoft
2008-04-15 15:17:34 0 d-------- C:\Program Files\PC Tools Firewall Plus
2008-04-15 15:17:34 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-15 15:17:34 0 d-------- C:\Program Files\Common Files\Steam
2008-04-14 15:23:29 0 d-------- C:\Program Files\ATI
2008-04-11 14:13:10 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-10 23:24:34 0 d-------- C:\Program Files\DivX
2008-04-10 23:24:19 0 d-------- C:\Program Files\Common Files
2008-04-10 22:58:16 0 d-------- C:\Users\Bikkit\AppData\Roaming\Xfire
2008-04-10 09:55:15 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-09 12:36:48 0 d-------- C:\Program Files\Windows Mail
2008-04-09 00:42:39 0 d-------- C:\Program Files\Alwil Software
2008-04-08 14:19:14 0 d-------- C:\Program Files\TechSmith
2008-04-06 22:55:57 0 d-------- C:\Users\Bikkit\AppData\Roaming\Songbird1
2008-04-03 23:36:38 0 d-------- C:\Users\Bikkit\AppData\Roaming\Adobe
2008-04-03 16:31:23 0 d-------- C:\Users\Bikkit\AppData\Roaming\SystemRequirements Lab
2008-04-03 08:24:08 0 d-------- C:\Program Files\Messenger Plus! Live
2008-03-29 16:11:49 0 d-------- C:\Program Files\Windows Live
2008-03-23 01:56:08 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-21 21:13:25 0 d-------- C:\Program Files\PokerRoom.com
2008-03-21 21:04:18 18008 --a------ C:\Users\Bikkit\AppData\Roaming\UserTile.png
2008-03-21 21:04:18 0 d-------- C:\Users\Bikkit\AppData\Roaming\PeerNetworking
2008-03-21 12:17:51 174 --ahs---- C:\Program Files\desktop.ini
2008-03-21 12:08:41 0 d-------- C:\Program Files\Windows Sidebar
2008-03-21 12:08:41 0 d-------- C:\Program Files\Windows Calendar
2008-03-21 12:08:41 0 d-------- C:\Program Files\Movie Maker
2008-03-21 12:08:40 0 d-------- C:\Program Files\Windows Photo Gallery
2008-03-21 12:08:40 0 d-------- C:\Program Files\Windows Journal
2008-03-21 12:08:40 0 d-------- C:\Program Files\Windows Collaboration
2008-03-21 12:08:39 0 d-------- C:\Program Files\Windows Defender
2008-03-21 10:18:11 0 d-------- C:\Users\Bikkit\AppData\Roaming\Google
2008-03-16 22:12:02 0 d-------- C:\Program Files\Xilisoft
2008-03-16 21:53:25 0 d-------- C:\Program Files\MediaCoder
2008-03-16 17:28:34 0 d-------- C:\Program Files\Magic Video Converter
2008-03-16 15:50:09 0 d-------- C:\Program Files\iriver
2008-03-16 03:29:47 0 d-------- C:\Program Files\Java
2008-03-16 03:28:04 0 d-------- C:\Program Files\Common Files\Java
2008-03-15 22:20:32 0 d-------- C:\Program Files\NETGEAR
2008-03-15 17:16:29 0 d-------- C:\Program Files\Gameforge4D
2008-03-15 14:40:23 0 d-------- C:\Program Files\MSXML 4.0
2008-03-15 02:24:22 0 d-------- C:\Users\Bikkit\AppData\Roaming\Earthsim
2008-03-15 02:23:47 0 d-------- C:\Program Files\Neffy
2008-03-15 00:39:26 0 d-------- C:\Program Files\BitLocker
2008-03-15 00:20:53 0 d-------- C:\Program Files\Gpotato
2008-03-14 23:26:19 0 d-------- C:\Program Files\Microsoft Games
2008-03-14 22:52:44 0 d-------- C:\Program Files\MagicDisc
2008-03-14 21:20:56 0 d-------- C:\Program Files\Google
2008-03-14 19:45:07 22216 --a------ C:\Windows\system32\emptyregdb.dat
2008-03-14 19:34:07 0 d-------- C:\Users\Bikkit\AppData\Roaming\Yahoo!
2008-03-14 19:34:07 0 d-------- C:\Users\Bikkit\AppData\Roaming\vlc
2008-03-14 19:34:07 0 d-------- C:\Users\Bikkit\AppData\Roaming\ViStart
2008-03-14 19:34:06 0 d-------- C:\Users\Bikkit\AppData\Roaming\Talkback
2008-03-14 19:34:06 0 d-------- C:\Users\Bikkit\AppData\Roaming\Styler
2008-03-14 19:34:06 0 d-------- C:\Users\Bikkit\AppData\Roaming\Steinberg
2008-03-14 19:34:06 0 d-------- C:\Users\Bikkit\AppData\Roaming\Sibelius Software
2008-03-14 19:34:06 0 dr-h----- C:\Users\Bikkit\AppData\Roaming\SecuROM
2008-03-14 19:34:06 0 d-------- C:\Users\Bikkit\AppData\Roaming\PCToolsFirewallPlu s
2008-03-14 19:34:04 0 d-------- C:\Users\Bikkit\AppData\Roaming\Mozilla
2008-03-14 19:34:03 0 d-------- C:\Users\Bikkit\AppData\Roaming\Macromedia
2008-03-14 19:34:03 0 d-------- C:\Users\Bikkit\AppData\Roaming\Identities
2008-03-14 19:34:03 0 d-------- C:\Users\Bikkit\AppData\Roaming\GlarySoft
2008-03-14 19:34:03 0 d-------- C:\Users\Bikkit\AppData\Roaming\DivX
2008-03-14 19:34:03 0 d-------- C:\Users\Bikkit\AppData\Roaming\ATI
2008-03-14 19:34:03 0 d-------- C:\Users\Bikkit\AppData\Roaming\Apple Computer
2008-03-14 19:34:03 0 d-------- C:\Users\Bikkit\AppData\Roaming\Ahead
2008-03-14 19:22:08 0 d-------- C:\Program Files\Yahoo!
2008-03-14 19:22:08 0 d-------- C:\Program Files\Xvid
2008-03-14 19:22:07 0 d-------- C:\Program Files\WinLemm
2008-03-14 19:22:07 0 d-------- C:\Program Files\WinFlip
2008-03-14 19:22:06 0 d-------- C:\Program Files\Windows Live Toolbar
2008-03-14 19:22:03 0 d-------- C:\Program Files\Windows Live Safety Center
2008-03-14 19:22:03 0 d-------- C:\Program Files\Windows Live Favorites
2008-03-14 19:22:02 0 d-------- C:\Program Files\VOB
2008-03-14 19:21:58 0 d-------- C:\Program Files\VideoLAN
2008-03-14 19:21:58 0 d-------- C:\Program Files\uTorrent
2008-03-14 19:21:58 0 d-------- C:\Program Files\TrueTransparency
2008-03-14 19:21:55 0 d-------- C:\Program Files\Styler
2008-03-14 19:21:55 0 d-------- C:\Program Files\Steinberg
2008-03-14 19:21:28 0 d-------- C:\Program Files\Sibelius Software
2008-03-14 19:21:28 0 d-------- C:\Program Files\Roxio
2008-03-14 19:21:27 0 d-------- C:\Program Files\Realtek
2008-03-14 19:21:27 0 d-------- C:\Program Files\QuickTime
2008-03-14 19:21:18 0 d-------- C:\Program Files\Project64 1.6
2008-03-14 19:21:14 0 d-------- C:\Program Files\PKR
2008-03-14 19:21:13 0 d-------- C:\Program Files\NoteWorthy Composer
2008-03-14 19:20:52 0 d-------- C:\Program Files\Nero
2008-03-14 19:20:52 0 d-------- C:\Program Files\MSXML 6.0
2008-03-14 19:20:51 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-14 19:20:51 0 d-------- C:\Program Files\MSBuild
2008-03-14 19:20:50 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 3
2008-03-14 19:20:48 0 d-------- C:\Program Files\Microsoft.NET
2008-03-14 19:20:48 0 d-------- C:\Program Files\Microsoft Works
2008-03-14 19:20:47 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-03-14 19:20:11 0 d-------- C:\Program Files\microsoft frontpage
2008-03-14 19:20:09 0 d-------- C:\Program Files\Maxis
2008-03-14 19:20:09 0 d-------- C:\Program Files\MagicISO
2008-03-14 19:20:02 0 d-------- C:\Program Files\Lizard Interactive Co
2008-03-14 19:19:58 0 d-------- C:\Program Files\Intel
2008-03-14 19:19:57 0 d-------- C:\Program Files\Guild Wars
2008-03-14 19:18:01 0 d-------- C:\Program Files\GLOBEtrotter Software Inc
2008-03-14 19:18:01 0 d-------- C:\Program Files\Glary Utilities
2008-03-14 19:17:58 0 d-------- C:\Program Files\FLT
2008-03-14 19:17:56 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-14 19:17:56 0 d-------- C:\Program Files\Common Files\PC Tools
2008-03-14 19:17:56 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-14 19:17:56 0 d-------- C:\Program Files\Common Files\MSSoap
2008-03-14 19:17:50 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-14 19:17:49 0 d-------- C:\Program Files\Common Files\LightScribe
2008-03-14 19:17:48 0 d-------- C:\Program Files\Common Files\ATI Technologies
2008-03-14 19:17:35 0 d-------- C:\Program Files\Common Files\Apple
2008-03-14 19:17:30 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-03-14 19:15:14 0 d-------- C:\Program Files\Common Files\Adaptec Shared
2008-03-14 19:15:12 0 d-------- C:\Program Files\CCleaner
2008-03-14 19:15:12 0 d-------- C:\Program Files\Bonjour
2008-03-14 19:15:11 0 d-------- C:\Program Files\Bethesda Softworks
2008-03-14 19:15:11 0 d-------- C:\Program Files\Belkin Office Keyboard
2008-03-14 19:15:11 0 d-------- C:\Program Files\ATI Technologies
2008-03-14 19:15:05 0 d-------- C:\Program Files\Apple Software Update
2008-02-25 22:05:00 593920 --a------ C:\Windows\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-02-25 09:06:24 0 --a------ C:\Windows\ativpsrm.bin
2008-02-25 08:26:45 250048 -rahs---- C:\ntldr
2008-02-22 16:44:54 0 d-------- C:\Program Files\Windows Media Connect 2
2008-02-13 23:30:05 0 --a------ C:\Windows\nsreg.dat
2008-02-13 15:59:22 98304 --a------ C:\Windows\RTKAUDIOSERVICE.EXE <Not Verified; Realtek Semiconductor; Realtek Audio Service>
2008-01-19 21:18:56 264704 --a------ C:\Windows\system32\hlvdd.dll <Not Verified; Aladdin Knowledge Systems; Hardlock Win32 DLL>
2008-01-19 21:18:56 6656 --a------ C:\Windows\system32\haspvdd.dll <Not Verified; Aladdin Knowledge Systems.; Windows NT HASP Virtual Device Driver>
2008-01-19 21:18:56 383 --a------ C:\Windows\system32\haspdos.sys
2008-01-19 17:46:59 534 --a------ C:\Windows\eReg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77EDFF05-A716-49DE-BE7A-98BDD6CDDB50}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ADD40FBC-D470-463D-AF5E-E706FF80147D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2B5DE28-32B8-40F0-A8A6-DC7AE56E583B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8AB5FBE-0E4C-4DF1-A897-84AED39E3B29}]
C:\Windows\system32\qoMfCSLd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-04-09 12:35]
"FLMOFFICE4DMOUSE"="C:\Program Files\Belkin Office Keyboard\moffice.exe" [2008-02-04 17:31]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00]
"OFFICEKB"="C:\Program Files\Belkin Office Keyboard\kbdap32a.exe" [2008-02-04 17:31]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 13:17]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2008-03-29 18:37]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-26 17:24 C:\Windows\RtHDVCpl.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 06:10]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 08:33]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-11-02 10:45]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 16:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2008-03-14 21:20]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15:30]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-04-14 15:10]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 08:33]

C:\Users\Bikkit\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [1/24/2008 8:38:15 PM]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [8/24/2007 5:45:42 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111T\wlan111t.exe [4/14/2008 3:56:55 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{F3AEF888-A3E2-44EB-BD85-F0C85BA7673F}"= C:\Windows\system32\pmnkIAss.dll [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\qoMfCSLd
"Notification Packages"= scecli scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RestartNeroSetup]
"C:\Users\Bikkit\AppData\Local\Temp\Nero Web\SetupXu.exe" MODE="update" STARTMODE="2" USERSEL="3" FAMILYNAME="Nero 7" RUNSETUPXU="1" OS_UPDATED="1" STUB="1" UPGRADE="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
dot3svc dot3svc
eapsvcs eaphost
WudfServiceGroup WUDFSvc
GPSvcGroup GPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\E]
AutoRun\command- E:\setup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-19 02:00:41 ------------


I'm off to bed. I'll check this thread at around 12pm GMT+1.

Last edited by Bikkit : 3 Weeks Ago at 02:19 AM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #22  
Old 3 Weeks Ago
Bikkit's Avatar
Bronze Member
My PC
 
Posts: 40
PC Experience: Still learning ^_^
Location: England
Bikkit - See this Members User comments on their Profile page