Hello,
Thanks for you help. I couldn't find an unistall for the 2 programs, but I did delete the QQ. Couldn't find anything at all on the other one. Here are logs you asked for.
From OT move -
Explorer killed successfully
File move failed. C:\WINDOWS\wuauclt.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system\rundll32.exe scheduled to be moved on reboot.
File/Folder C:\WINDOWS\Driver. not found.
C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools moved successfully.
File/Folder C:\WINDOWS\Driver.. not found.
File/Folder C:\Program Files\Microsoft Research Asia not found.
File/Folder C:\Program Files\QQ not found.
File/Folder C:\windows\system32\ietzbpaq.dll not found.
File/Folder C:\windows\system32\arjrdler.dll not found.
AcyiMay service deleted successfully.
IzyqLza service deleted successfully.
MxKnKmt service deleted successfully.
WgrnZyw service deleted successfully.
< emptytemp >
File delete failed. C:\DOCUME~1\Steve\LOCALS~1\Temp\~DF7773.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Steve\LOCALS~1\Temp\~DF777D.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07112008_080912
Files moved on Reboot...
File move failed. C:\WINDOWS\wuauclt.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system\rundll32.exe scheduled to be moved on reboot.
File C:\DOCUME~1\Steve\LOCALS~1\Temp\~DF7773.tmp not found!
File C:\DOCUME~1\Steve\LOCALS~1\Temp\~DF777D.tmp not found!
From DSS main -
Deckard's System Scanner v20071014.68
Run by Steve on 2008-07-11 08:26:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
116: 2008-07-11 15:26:31 UTC - RP1589 - Deckard's System Scanner Restore Point
115: 2008-07-11 05:27:26 UTC - RP1588 - Software Distribution Service 3.0
114: 2008-07-11 05:09:15 UTC - RP1587 - Software Distribution Service 3.0
113: 2008-07-11 05:06:50 UTC - RP1586 - Installed Windows Media Player 10
112: 2008-07-10 17:18:21 UTC - RP1585 - System Checkpoint
-- First Restore Point --
1: 2008-07-04 16:11:21 UTC - RP1474 - Software Distribution Service 3.0
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Steve.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:08 AM, on 7/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\wuauclt.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
D:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system\rundll32.exe
C:\WINDOWS\Driver.\daemon.exe
C:\WINDOWS\system\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system\rundll32.exe
C:\WINDOWS\Driver.\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Napster\napster.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\GA4QWHQ2\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Steve.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.yahoo.com/search/ie.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=C:\WINDOWS\system\rundll32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system\rundll32.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [NapsterShell] d:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Steam] "d:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgrMon] "C:\Program Files\Microsoft Research Asia\Digital Effects for MSN Messenger\MsnMsgrMon.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [user] C:\WINDOWS\Driver..\daemon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Steve\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: QQìŲʹ¤¾ßÌõÉèÖà - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zon...kr.cab31267.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zon...er.cab31267.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace....ploader1006.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcaf...84/mcinsctl.cabO16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) -
http://messenger.zon...wn.cab56986.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1095039390921O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -
http://www.systemreq.../sysreqlab2.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1158371617656O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -
http://xraller.space...ad/MsnPUpld.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cabO16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) -
http://messenger.zon...ry/ZAxRcMgr.cabO16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -
https://h17000.www1....loadManager.ocxO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zon...ro.cab47946.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.mcaf...,21/mcgdmgr.cabO16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) -
http://messenger.zon...ot.cab31267.cabO16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) -
http://www.systemreq...m/sysreqlab.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab56907.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ent/swflash.cabO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) -
http://a532.g.akamai...l/installer.exeO16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) -
http://messenger.zon...oF.cab31267.cabO16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
http://messenger.zon...er.cab56986.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zon...wn.cab31267.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BxplJug - Unknown owner - C:\WINDOWS\wuauclt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing)
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - D:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Maya 6 PLE Documentation Server (mple6docserver) - Unknown owner - C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\wrapper.exe (file missing)
O23 - Service: nTune Service (nTuneService) - Unknown owner - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O24 - Desktop Component 0: Everybody! Everybody! -
http://www.homestarrunner.com/--
End of file - 14281 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080709-204212-976 O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
backup-20080709-204212-756 O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
backup-20080709-204212-151 O2 - BHO: ietzbpaq.dll - {29109876-7619-9101-7012-901938475192} - (no file)
backup-20080709-204212-965 O2 - BHO: arjrdler.dll - {6C69034A-F45F-D34D-A33A-C33C4D324FC6} - (no file)
backup-20080709-204212-788 O2 - BHO: yzztjmsn.dll - {A490415F-65F8-B5C5-D8BA-9405FB12054A} - (no file)
backup-20080709-204212-254 O2 - BHO: (no name) - {F5E4032F-B58E-1B79-B01F-22DB28518DF7} - (no file)
backup-20080709-204212-923 O15 - Trusted Zone: *.frame.crazywinnings.com
backup-20080709-204212-916 O15 - Trusted Zone: *.static.topconverting.com
backup-20080709-204212-407 O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
backup-20080709-204212-931 O15 - Trusted Zone: *.static.topconverting.com (HKLM)
backup-20080709-204212-361 O23 - Service: 29A66C - Unknown owner - C:\WINDOWS\System32\113C94.EXE (file missing)
backup-20080709-204212-602 O23 - Service: MSCamSvc - Unknown owner - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (file missing)
backup-20080709-204212-877 O23 - Service: nTune Service (nTuneService) - Unknown owner - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (file missing)
backup-20080709-204212-521 O23 - Service: P4P Service - Unknown owner - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe (file missing)
backup-20080709-204212-856 O23 - Service: ProtectionServer - Unknown owner - C:\PROGRA~1\ALPSER~1\PROTEC~1.EXE (file missing)
backup-20080709-204212-585 O23 - Service: wwinsystem - Unknown owner - C:\WINDOWS\System32\tcpip.exe (file missing)
backup-20080711-075145-404 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.c...//www.yahoo.combackup-20080711-075145-321 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.htmlbackup-20080711-075145-101 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.c...//www.yahoo.combackup-20080711-075145-496 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
backup-20080711-075145-311 F3 - REG:win.ini: load=C:\WINDOWS\system\rundll32.exe
backup-20080711-075145-133 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system\rundll32.exe,
backup-20080711-075145-400 O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
backup-20080711-075145-602 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080711-075145-271 O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
backup-20080711-075145-264 O4 - HKLM\..\Policies\Explorer\Run: [user] C:\WINDOWS\Driver..\daemon.exe
backup-20080711-075145-755 O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Program Files\QQ\Africa2003\AddEmotion.htm
backup-20080711-075145-279 O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\QQ\Africa2003\AddPanel.htm
backup-20080711-075145-709 O8 - Extra context menu item: Add to QQ Emotions - C:\Program Files\QQ\Africa2003\AddEmotion.htm
backup-20080711-075145-950 O8 - Extra context menu item: Send picture by MMS - C:\Program Files\QQ\Africa2003\SendMMS.htm
backup-20080711-075145-225 O8 - Extra context menu item: Send Picture with QQ MMS - C:\Program Files\QQ\Africa2003\SendMMS.htm
backup-20080711-075145-869 O8 - Extra context menu item: Upload to QQ Network Hard Disk - C:\Program Files\QQ\Africa2003\AddToNetDisk.htm
backup-20080711-075145-204 O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\QQ\Africa2003\QQ.EXE (file missing)
backup-20080711-075147-363 O9 - Extra 'Tools' menuitem: Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\QQ\Africa2003\QQ.EXE (file missing)
backup-20080711-075148-657 O15 - Trusted Zone:
http://www.msi.com.twbackup-20080711-075148-155 O16 - DPF: {EEF29D20-9A47-4657-ADF7-283EC2504001} -
http://download.bigw...r2/winenc32.cabbackup-20080711-075150-327 O20 - AppInit_DLLs: ietzbpaq.dll,arjrdler.dll,avgrsstx.dll
backup-20080711-075150-278 O23 - Service: AcyiMay - Unknown owner - C:\WINDOWS\wuauclt.exe
backup-20080711-075150-160 O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (file missing)
backup-20080711-075150-513 O23 - Service: IzyqLza - Unknown owner - C:\WINDOWS\wuauclt.exe
backup-20080711-075150-455 O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing)
backup-20080711-075150-893 O23 - Service: Maya 6 PLE Documentation Server (mple6docserver) - Unknown owner - C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\wrapper.exe (file missing)
backup-20080711-075150-314 O23 - Service: MxknKmt - Unknown owner - C:\WINDOWS\wuauclt.exe
backup-20080711-075150-786 O23 - Service: WgrnZyw - Unknown owner - C:\WINDOWS\wuauclt.exe
backup-20080711-080519-771 F3 - REG:win.ini: load=C:\WINDOWS\system\rundll32.exe
backup-20080711-080519-688 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system\rundll32.exe,
backup-20080711-080519-468 O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)
backup-20080711-080519-863 O4 - HKLM\..\Policies\Explorer\Run: [user] C:\WINDOWS\Driver..\daemon.exe
backup-20080711-080650-768 F3 - REG:win.ini: load=C:\WINDOWS\system\rundll32.exe
backup-20080711-080650-718 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system\rundll32.exe,
backup-20080711-080650-985 O4 - HKLM\..\Policies\Explorer\Run: [user] C:\WINDOWS\Driver..\daemon.exe
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*.txt - unable to read key.txt - unable to read key.vbs - VBSFile - shell\edit\command - unable to read value-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>
R1 Amfilter (A4Tech Mouse Filter Driver) - c:\windows\system32\drivers\amfilter.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech iWheelWorks Mouse Driver>
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 hwinterface - c:\windows\system32\drivers\hwinterface.sys <Not Verified; Logix4u; hwinterface Driver Version 1.1>
R1 RCFOX (SonicWALL IPsec Driver) - c:\windows\system32\drivers\rcfox.sys <Not Verified; SonicWALL, Inc.; RCFOX IPSec Driver>
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R2 Hardlock - c:\windows\system32\drivers\hardlock.sys <Not Verified; Aladdin Knowledge Systems Ltd.; Hardlock Device Driver for Windows NT>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>
R3 c65013264 (C-Media CM6501 Like Sound UDAX Interface) - c:\windows\system32\drivers\c6501.sys <Not Verified; C-Media Inc; C-Media USB Audio Driver (WDM)>
S0 viaagp1 (VIA AGP Filter) - c:\windows\system32\drivers\viaagp1.sys (file missing)
S2 acpidisk - c:\windows\system32\drivers\acpidisk.sys (file missing)
S2 Ca533av (PocketCam X, WDM Video Capture) - c:\windows\system32\drivers\ca533av.sys (file missing)
S2 npkcrypt - c:\program files\qq\africa2003\npkcrypt.sys (file missing)
S3 AMDPCI - c:\docume~1\steve\locals~1\temp\amdpci.sys (file missing)
S3 Amps2prt (A4Tech PS/2 Port Mouse Driver) - c:\windows\system32\drivers\amps2prt.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech iWheelWorks Mouse Driver>
S3 Amusbprt (A4Tech HID-compliant Mouse Driver) - c:\windows\system32\drivers\amusbprt.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech iWheelWorks Mouse Driver>
S3 avcgbdr (Adaptec GameBridge AVC-14X0/15X0) - c:\windows\system32\drivers\avcgbdr.sys (file missing)
S3 avcgbfl (Adaptec GameBridge AVC-14X0/15X0 Loader) - c:\windows\system32\drivers\avcgbfl.sys (file missing)
S3 C-Dilla - c:\windows\system32\drivers\cdant.sys (file missing)
S3 FETNDIS (VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver) - c:\windows\system32\drivers\fetnd5.sys (file missing)
S3 GMSIPCI - i:\install\gmsipci.sys (file missing)
S3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys (file missing)
S3 musbehco - c:\docume~1\steve\locals~1\temp\musbehco.sys (file missing)
S3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
S3 odysseyIM3 (Odyssey Network Services Miniport) - c:\windows\system32\drivers\odysseyim3.sys <Not Verified; Funk Software, Inc.; Odyssey>
S3 TNET1130 (802.11 WLAN) - c:\windows\system32\drivers\tnet1130.sys <Not Verified; Texas Instruments; TNET1130 WLAN Adapter>
S3 USBCamera (DSC Still Image Capture (CA100)) - c:\windows\system32\drivers\bulk533.sys (file missing)
S3 vmfilter303 - c:\windows\system32\drivers\vmfilter303.sys <Not Verified; Vimicro Corporation; Filter for VM303 with Face Tracking>
S3 YMIDUSB (YAMAHA Corporation USB MIDI Driver) - c:\windows\system32\drivers\ymidusb.sys <Not Verified; YAMAHA Corporation; Windows ® 2000 DDK driver>
S3 ZSMC303 (UNIS USB PC Camera (Vimicro301 Neptune)) - c:\windows\system32\drivers\usbvm303.sys <Not Verified; Vimicro Corporation; >
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 BxplJug - c:\windows\wuauclt.exe
R2 mi-raysat_3dsmax8 (RaySat_3dsmax8 Server) - "d:\program files\autodesk\3dsmax8\mentalray\satellite\raysat_3dsmax8server.exe"
S2 MDM (Machine Debug Manager) - "c:\program files\common files\microsoft shared\vs7debug\mdm.exe" (file missing)
S2 mple6docserver (Maya 6 PLE Documentation Server) - "c:\program files\alias\maya 6.0 personal learning edition\docs\wrapper.exe" -s "c:\program files\alias\maya 6.0 personal learning edition\docs\wrapper.conf" (file missing)
S2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice (file missing)
S3 RampartSvc (SonicWall VPN Client Service) - c:\program files\sonicwall\sonicwall global vpn client\rampartsvc.exe <Not Verified; SonicWALL, Inc.; RampartSvc Module>
S4 29A66C - c:\windows\system32\113c94.exe -d (file missing)
S4 ATI Smart - c:\windows\system32\ati2sgag.exe (file missing)
S4 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe" (file missing)
S4 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe (file missing)
S4 DCPFLICS - c:\program files\dcpflics\dcpflics.exe (file missing)
S4 MSCamSvc - "c:\program files\microsoft lifecam\mscams32.exe" (file missing)
S4 P4P Service - c:\program files\common files\sogou pxp\p2psvr.exe (file missing)
S4 ProtectionServer - c:\progra~1\alpser~1\protec~1.exe (file missing)
S4 wwinsystem - c:\windows\system32\tcpip.exe (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Gigabyte GN-WP01GS PCI WLAN Card(Turbo)
Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_E9341458&REV_00\4&15B9AB7D&0&3048
Manufacturer: Gigabyte Technology Corp.
Name: Gigabyte GN-WP01GS PCI WLAN Card(Turbo)
PNP Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_E9341458&REV_00\4&15B9AB7D&0&3048
Service: RT61
Class GUID:
Description:
Device ID: ACPI\_NVRAIDBUS\3&2411E6FE&0
Manufacturer:
Name:
PNP Device ID: ACPI\_NVRAIDBUS\3&2411E6FE&0
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-07-11 08:30:02 422 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D4C340F9-BC95-45C8-918F-05F0D72F9E1F}.job
2008-07-10 12:00:02 414 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (NEO-Steve).job
2008-06-16 07:55:08 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-06-11 and 2008-07-11 -----------------------------
2008-07-11 00:20:42 712704 --a------ C:\WINDOWS\system32\c6501a3d.dll <Not Verified; Sensaura Ltd; Sensaura>
2008-07-11 00:20:42 712704 --a------ C:\WINDOWS\system32\a3d.dll <Not Verified; Sensaura Ltd; Sensaura>
2008-07-11 00:20:41 253952 --a------ C:\WINDOWS\system32\c6501rm.exe <Not Verified; Razer; CmiRemoveDriver Application>
2008-07-11 00:20:41 53248 --a------ C:\WINDOWS\system32\c6501rm.dll
2008-07-11 00:20:41 32768 --a------ C:\WINDOWS\system32\c6501p.dll <Not Verified; C-Media Electronics Inc.; C-Media CM6501 Like Audio Device Property Page>
2008-07-09 09:32:24 0 d--h----- C:\$AVG8.VAULT$
2008-07-09 08:58:09 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-09 08:58:09 0 d-------- C:\Documents and Settings\Steve\Application Data\AVGTOOLBAR
2008-07-09 08:55:26 0 d-------- C:\Program Files\AVG
2008-07-09 08:55:25 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-09 04:02:30 0 d-------- C:\Program Files\Trend Micro
2008-07-09 03:39:45 0 d-------- C:\Program Files\Exterminate It!
2008-07-08 19:23:04 0 d-------- C:\WINDOWS\SQLTools9_KB948109_ENU
2008-07-08 19:20:49 0 d-------- C:\WINDOWS\SQL9_KB948109_ENU
2008-07-08 18:44:44 0 d-------- C:\WINDOWS\Prefetch
2008-07-08 11:00:45 36864 --a------ C:\WINDOWS\wuauclt.exe
2008-07-08 10:42:24 0 d--hs---- C:\FOUND.000
2008-07-08 09:45:20 0 d-------- C:\Documents and Settings\NetworkService\Start Menu
2008-07-08 03:11:52 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-08 03:11:52 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-08 03:11:52 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-08 03:11:51 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-07-08 03:11:51 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-07-08 03:11:48 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-07-08 03:11:48 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-07-08 03:11:48 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-08 03:11:48 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-08 03:11:48 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-08 03:11:47 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-08 03:11:47 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-08 03:11:47 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-08 03:11:47 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-08 03:11:46 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-08 03:11:46 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-08 03:11:46 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-08 03:11:45 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-07-07 11:15:59 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-07-06 21:34:39 0 d-------- C:\bad
2008-07-06 21:34:39 0 d-------- C:\bad.
2008-07-06 20:51:13 0 d-------- C:\Program Files\ASUS
2008-07-06 15:56:58 32768 --a------ C:\WINDOWS\system\rundll32.exe <Not Verified; ; ????>
2008-07-06 06:41:01 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2008-07-06 01:01:13 0 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-07-05 19:57:04 0 d-------- C:\Documents and Settings\Steve\Application Data\McAfee
2008-07-05 19:36:39 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-07-05 11:41:15 0 --a------ C:\WINDOWS\system32\Etcpip.sys
2008-07-05 11:41:15 0 --a------ C:\WINDOWS\system32\EAduio.sys
2008-07-05 11:27:41 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Adobe
2008-07-05 11:27:35 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2008-07-05 11:20:24 324 --a------ C:\WINDOWS\system32\1800f1e9ab.dll
2008-07-05 10:54:29 12 --a------ C:\WINDOWS\c84ba4bde3.dll
2008-07-05 06:34:41 51 --a------ C:\mycjjk.bat
2008-07-04 23:24:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-07-04 23:08:09 349 --a------ C:\WINDOWS\system32\18bf43bde3.dll
2008-07-04 23:07:55 960 --a------ C:\WINDOWS\system32\Aduio.sys
2008-07-04 23:07:52 816 --a------ C:\WINDOWS\system32\tcpip.sys
2008-07-04 08:05:19 0 d-------- C:\WINDOWS\system32\scripting
2008-07-04 08:05:18 0 d-------- C:\WINDOWS\system32\en
2008-07-04 08:05:18 0 d-------- C:\WINDOWS\l2schemas
2008-07-03 17:24:14 22016 -r-hs---- C:\WINDOWS\system32\wcheck.dll
2008-07-03 17:22:56 0 --a------ C:\WINDOWS\system32\comspring.dat
2008-07-03 17:22:55 247 --a------ C:\WINDOWS\system32\comarshal.dat
2008-07-03 17:21:34 0 d--h----- C:\WINDOWS\system32\INF
2008-07-03 00:15:33 0 d--h----- C:\WINDOWS\Down_Temp
2008-07-03 00:03:59 0 d-------- C:\WINDOWS\NV31483108.TMP
2008-07-02 23:57:42 32768 -ra------ C:\WINDOWS\system32\c6501prop.dll <Not Verified; C-Media Electronics Inc.; C-Media CM6501 Like Audio Device Property Page>
2008-07-02 23:57:42 712704 -ra------ C:\WINDOWS\system\a3d.dll <Not Verified; Sensaura Ltd; Sensaura>
2008-07-02 23:57:10 262144 --a------ C:\WINDOWS\Cmi6501Uninstall.exe <Not Verified; C-Media Corporation; CmiUSBUninstall Application>
2008-07-02 23:56:59 1305600 --a------ C:\WINDOWS\system32\drivers\c6501.sys <Not Verified; C-Media Inc; C-Media USB Audio Driver (WDM)>
2008-07-02 23:56:59 0 d-------- C:\Program Files\C-Media 6501 Sound
2008-07-02 23:23:41 0 d-------- C:\Documents and Settings\Default User\Application Data\DivX
2008-06-19 23:29:21 124 --a------ C:\_uninsep.bat
2008-06-18 17:53:22 0 d-------- C:\Program Files\Coupons
2008-06-18 16:30:28 24 --a------ C:\WINDOWS\system32\sqjsakaq.sys
2008-06-18 16:29:48 24 --a------ C:\WINDOWS\system32\tiwxattb.sys
2008-06-18 16:29:33 24 --a------ C:\WINDOWS\system32\qbhxaklo.sys
2008-06-18 16:26:34 24 --a------ C:\WINDOWS\system32\wymxajkl.sys
2008-06-18 16:25:36 6392 --a------ C:\WINDOWS\system32\atielf.dat
2008-06-18 11:59:56 0 d-------- C:\WINDOWS\nvidia icons
2008-06-18 10:17:38 0 d-------- C:\Documents and Settings\Steve\Application Data\SPORE Creature Creator
2008-06-18 10:16:20 0 d-------- C:\ProgramData
2008-06-18 10:16:17 2004 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-06-14 11:13:23 0 d-------- C:\WINDOWS\system32\20-20 Technologies
2008-06-14 10:03:31 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-06-14 10:03:18 0 d-------- C:\Documents and Settings\Steve\Application Data\Logitech
2008-06-14 09:56:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-06-14 09:56:44 0 d-------- C:\Program Files\Common Files\Logishrd
2008-06-14 09:56:36 0 d-------- C:\Program Files\Logitech
-- Find3M Report ---------------------------------------------------------------
2008-07-08 13:28:58 124624 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-07-08 09:45:16 23388 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-19 14:53:12 249924 -r------- C:\WINDOWS\HOSTS
2008-06-10 23:24:00 0 d-------- C:\Program Files\Common Files\Macromedia
2008-06-10 22:08:12 0 d-------- C:\Program Files\Common Files\Vbox
2008-06-04 20:45:34 0 d-------- C:\Program Files\Havok
2008-06-01 12:06:40 0 d-------- C:\Program Files\iPod
2008-06-01 12:06:36 0 d-------- C:\Program Files\iTunes
2008-05-11 19:49:54 274432 --a------ C:\WINDOWS\msnsk1d.dll
2008-04-12 20:32:38 2543 --a------ C:\WINDOWS\unins000.dat
2008-04-12 20:31:14 691545 --a------ C:\WINDOWS\unins000.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{385AB8C6-FB22-4D17-8834-064E2BA0A6F0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/09/2008 08:58 AM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/09/2008 08:58 AM 2055960]
[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [11/17/2006 05:42 AM C:\WINDOWS\soundman.exe]
"kdx"="C:\Program Files\Kontiki\KHost.exe" []
"NapsterShell"="d:\Program Files\Napster\napster.exe" [10/29/2007 06:14 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"Google IME Autoupdater"="C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe" [05/26/2008 05:33 AM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [02/29/2008 03:12 AM C:\WINDOWS\KHALMNPR.Exe]
"C6501Sound"="c6501.cpl" []
"WheelMouse"="C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" [08/25/2004 05:31 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/09/2008 08:58 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files\valve\steam\steam.exe" [03/27/2008 05:42 PM]
"MsnMsgrMon"="C:\Program Files\Microsoft Research Asia\Digital Effects for MSN Messenger\MsnMsgrMon.exe" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 05:12 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Documents and Settings\Steve\Start Menu\Programs\Startup\
DESKTOP.INI [7/18/2003 12:12:06 AM]
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [7/20/2007 10:57:16 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"user"=C:\WINDOWS\Driver..\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system\rundll32.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 05/02/2008 02:42 AM 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AgentSvr.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AppSvc32.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ati2evxx.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autoruns.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgrssvc.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvMonitor.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCenter.exe]
Debugger=TASKMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccSvcHst.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\egui.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FileDsty.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FTCleanerShell.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\HijackThis.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\idag.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\isPwdSvc.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kaccore.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KaScrScn.SCR]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASMain.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASTask.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVDX.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVPF.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVSetup.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVStart.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KISLnchr.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kissvc.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KMailMon.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KMFilter.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPFW32.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kpfwsvc.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPPMain.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRepair.com]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KsLoader.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVCenter.kxp]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvfwMcl.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP_1.kxp]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvol.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvolself.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvReport.kxp]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVScan.kxp]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVStub.kxp]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvupload.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatch.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatch9x.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatchX.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcconsol.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmqczj.exe]
Debugger=C:\WINDOWS\system32\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file ex
This topic is locked
Sign In
Create Account
