View Full Version : mdelk.exe, wintems.exe, flec006.exe...
I probably got this with downloading some application. I suspect these processes are keeping the CPU usage on 10-20% even when nothing is running. The processes can't be ended in Task manager, avast isn't working, HouseCall cannot repair it. Some help would really be appreciated!
I noticed the threads with similar issue so I assumed I should do the same - I ran DSS and Icesword. The logs follow.
Deckard's System Scanner v20071014.68
Run by Matija Hocevar on 2008-01-22 18:59:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
-- Last 5 Restore Point(s) --
44: 2008-01-22 17:54:52 UTC - RP89 - Deckard's System Scanner Restore Point
43: 2008-01-21 08:24:37 UTC - RP88 - Uniblue RegistryBooster
42: 2008-01-20 22:16:07 UTC - RP87 - System Checkpoint
41: 2008-01-19 20:45:59 UTC - RP86 - System Checkpoint
40: 2008-01-18 20:05:33 UTC - RP85 - Shockwave Player
-- First Restore Point --
1: 2007-12-13 15:38:37 UTC - RP46 - Removed Need For Speed - Porsche Unleashed
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Matija Hocevar.exe) --------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01:58, on 22.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Matija Hocevar\Application Data\m\flec006.exe
C:\Documents and Settings\Matija Hocevar\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MATIJA~1.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.si/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1275210071-583907252-725345543-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Matija Hocevar')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - S-1-5-21-1275210071-583907252-725345543-1003 Startup: Mobiola Web Camera 2 for S60 3rd Edition.lnk = C:\Program Files\Mobiola Web Camera 2 for S60\BtCam.exe (User 'Matija Hocevar')
O4 - S-1-5-21-1275210071-583907252-725345543-1003 User Startup: Mobiola Web Camera 2 for S60 3rd Edition.lnk = C:\Program Files\Mobiola Web Camera 2 for S60\BtCam.exe (User 'Matija Hocevar')
O4 - Startup: Mobiola Web Camera 2 for S60 3rd Edition.lnk = C:\Program Files\Mobiola Web Camera 2 for S60\BtCam.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D3DDD7C-689F-4ACA-B278-38608AB83875}: NameServer = 193.189.160.13 193.189.160.23
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7913 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 srosa (Megadrv3) - c:\windows\system32\drivers\srosa.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0084&SUBSYS_57001462&REV_A1\3&13C0B0C5&0&09
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0084&SUBSYS_57001462&REV_A1\3&13C0B0C5&0&09
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Other PCI Bridge Device
Device ID: PCI\VEN_10DE&DEV_008C&SUBSYS_570C1462&REV_A3\3&13C0B0C5&0&20
Manufacturer:
Name: Other PCI Bridge Device
PNP Device ID: PCI\VEN_10DE&DEV_008C&SUBSYS_570C1462&REV_A3\3&13C0B0C5&0&20
Service:
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia E50
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia E50
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
-- Scheduled Tasks -------------------------------------------------------------
2008-01-22 16:00:00 384 --a------ C:\WINDOWS\Tasks\HPpromotions journeysoftware.job
2008-01-16 14:56:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2007-12-22 and 2008-01-22 -----------------------------
2008-01-22 13:15:57 0 d--h----- C:\Documents and Settings\Matija Hocevar\Application Data\m
2008-01-21 17:14:37 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-21 17:14:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-21 17:14:35 0 d-------- C:\WINDOWS\LastGood
2008-01-21 13:27:43 0 d-------- C:\Program Files\Trend Micro
2008-01-21 13:26:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-21 09:35:17 0 d-------- C:\Documents and Settings\Matija Hocevar\Application Data\PrevxCSI
2008-01-21 09:22:31 0 d-------- C:\Documents and Settings\Matija Hocevar\Application Data\Uniblue
2008-01-21 01:38:15 0 d-------- C:\Documents and Settings\Matija Hocevar\.housecall6.6
2008-01-18 13:07:29 0 d-------- C:\Program Files\Makayama
2008-01-18 01:40:46 70660 --a------ C:\WINDOWS\system32\mdelk.exe
2008-01-18 01:25:26 114688 --a------ C:\WINDOWS\system32\btcamvideosource.dll <Not Verified; Warelex LLC; Mobiola Video Source>
2008-01-18 01:25:25 0 d-------- C:\Program Files\Mobiola Web Camera 2 for S60
2008-01-18 01:20:51 0 d-------- C:\Program Files\Mobiola Web Camera 2 for S60 3rd Edition
2008-01-18 01:19:09 0 d-------- C:\WINDOWS\system32\drivers\down
2008-01-17 23:57:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-01-16 15:25:52 0 d-------- C:\Program Files\iPod
2008-01-16 15:25:48 0 d-------- C:\Program Files\iTunes
2008-01-16 15:24:43 0 d-------- C:\Program Files\QuickTime
2008-01-10 13:46:43 0 d-------- C:\Documents and Settings\Matija Hocevar\Application Data\vlc
2008-01-09 21:05:48 0 d-------- C:\Documents and Settings\Matija Hocevar\Application Data\dvdcss
2008-01-09 20:56:19 0 d-------- C:\Program Files\VideoLAN
2008-01-09 12:36:59 0 d-------- C:\Program Files\ratDVD
2008-01-02 23:24:18 0 d-------- C:\Program Files\FileName Pro
2007-12-22 16:32:32 0 d-------- C:\Documents and Settings\Matija Hocevar\Application Data\Nokia Multimedia Player
2007-12-22 16:32:01 0 d-------- C:\Documents and Settings\Matija Hocevar\Phone Browser
-- Find3M Report ---------------------------------------------------------------
2008-01-21 01:33:27 0 d-------- C:\Program Files\Avast4
2008-01-19 13:42:28 0 d-------- C:\Documents and Settings\Matija Hocevar\Application Data\uTorrent
2008-01-18 21:05:51 2058 --a------ C:\WINDOWS\mozver.dat
2008-01-18 13:45:42 0 d-------- C:\Program Files\eMule
2008-01-18 00:01:49 0 d-------- C:\Documents and Settings\Matija Hocevar\Application Data\PC Suite
2008-01-18 00:01:48 0 d-------- C:\Documents and Settings\Matija Hocevar\Application Data\Nokia
2008-01-17 23:54:04 0 d-------- C:\Program Files\Nokia
2008-01-17 23:52:40 0 d-------- C:\Program Files\Common Files\Nokia
2008-01-13 00:51:02 0 d---s---- C:\Documents and Settings\Matija Hocevar\Application Data\Microsoft
2007-12-22 16:32:32 0 d-------- C:\Documents and Settings\Matija Hocevar\Application Data\Nokia Multimedia Player
2007-12-15 12:37:32 298 --a------ C:\WINDOWS\EReg072.dat
2007-12-15 12:36:52 0 d-------- C:\Program Files\Electronic Arts
2007-12-10 21:33:57 0 d-------- C:\Program Files\Common Files
2007-12-10 21:33:57 0 d-------- C:\Program Files\Common Files\DirectX
2007-12-06 22:31:40 0 d-------- C:\Documents and Settings\Matija Hocevar\Application Data\Command & Conquer 3 Tiberium Wars
2007-12-06 22:11:33 0 d-------- C:\Program Files\SystemRequirementsLab
2007-12-03 15:05:26 0 d-------- C:\Documents and Settings\Matija Hocevar\Application Data\Apple Computer
2007-11-29 21:17:41 0 d-------- C:\Program Files\MessengerDiscovery
2007-11-29 21:13:35 0 d-------- C:\Program Files\MSN Messenger
2007-11-28 22:18:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-22 14:31:34 0 d-------- C:\Program Files\AC3Filter
2007-11-22 14:26:21 0 d-------- C:\Program Files\ffdshow
2007-11-22 14:24:29 0 d-------- C:\Program Files\DivX
2007-11-18 17:23:30 70273 --a------ C:\WINDOWS\hpoins05.dat
2007-11-16 21:31:31 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-16 19:38:55 62 --ahs---- C:\Documents and Settings\Matija Hocevar\Application Data\desktop.ini
2007-11-16 18:52:11 0 -rahs---- C:\MSDOS.SYS
2007-11-16 18:52:11 0 -rahs---- C:\IO.SYS
2007-11-16 18:52:11 0 --a------ C:\CONFIG.SYS
2007-11-16 18:52:11 0 --a------ C:\AUTOEXEC.BAT
2007-11-16 18:48:47 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" []
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [20.09.2007 09:51]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [18.06.2007 15:10]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [13.09.2004 15:49]
"SoundMan"="SOUNDMAN.EXE" [17.11.2006 05:42 C:\WINDOWS\soundman.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10.10.2007 19:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 01:11]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [04.10.2007 17:14]
"nwiz"="nwiz.exe" [04.10.2007 17:14 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [04.10.2007 17:14]
"avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [21.01.2008 18:03]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10.01.2008 15:27]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15.01.2008 03:22]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 00:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [20.09.2007 15:35]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [17.11.2007 12:53]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [22.01.2008 18:59]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [4.11.2004 19:28:24]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=0 (0x0)
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
-- End of Deckard's System Scanner: finished at 2008-01-22 19:02:27 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) XP 2600+
Percentage of Memory in Use: 38%
Physical Memory (total/avail): 1023.48 MiB / 630.78 MiB
Pagefile Memory (total/avail): 2461.65 MiB / 2231.07 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.8 MiB
C: is Fixed (NTFS) - 19.53 GiB total, 7.16 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 213.34 GiB total, 75.28 GiB free.
F: is Fixed (NTFS) - 76.68 GiB total, 76.61 GiB free.
G: is CDROM (CDFS)
H: is Removable (No Media)
\\.\PHYSICALDRIVE1 - ExcelStor Technology J880 - 76.69 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 76.68 GiB - F:
\\.\PHYSICALDRIVE0 - ST3250410AS - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 19.53 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 213.34 GiB - E:
\\.\PHYSICALDRIVE2 - HP PSC 1610 USB Device
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before download.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AntivirusOverride is set.
Unable to create WMI object.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Matija Hocevar\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KABINET
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Matija Hocevar
LOGONSERVER=\\KABINET
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Nero\Lib\;C:\Program Files\Common Files\Nero\Lib\;C:\Program Files\Common Files\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MATIJA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\MATIJA~1\LOCALS~1\Temp
USERDOMAIN=KABINET
USERNAME=Matija Hocevar
USERPROFILE=C:\Documents and Settings\Matija Hocevar
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Matija Hocevar (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ASP32 slovarji 29in1 --> "C:\Program Files\ASP32\unins000.exe"
avast! Antivirus --> rundll32 C:\PROGRA~1\Avast4\Setup\setiface.dll,RunSetup
BS.Player PRO --> "C:\Program Files\BSplayerPro\uninstall.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
EA Network Play System --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\uninst.isu"
eMule --> "C:\Program Files\eMule\Uninstall.exe"
FileName Pro --> C:\Program Files\FileName Pro\uninstall.exe
HP Image Zone 4.7 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Express --> MsiExec.exe /X{8F7A4D82-B168-4F89-99C2-B9873EC877AF}
HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Media Studio 4.0 for Nokia® --> C:\PROGRA~1\Makayama\MEDIAS~1.0FO\Setup.exe /remove /q0
MessengerDiscovery Live 1.3.0322 --> "C:\Program Files\MessengerDiscovery\unins000.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mobiola Web Camera 2 for S60 3rd Edition --> "C:\Program Files\Mobiola Web Camera 2 for S60\unins000.exe"
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Need For Speed - Porsche 2000 --> C:\WINDOWS\IsUninst.exe -fe:\igre\NFSPOR~1\uninst.log
Need For Speed High Stakes --> C:\WINDOWS\ISUNINST.EXE -f"e:\igre\NFS 4\Uninst.isu" -c"e:\igre\NFS 4\uninst.dll" E
Nero 8 Demo --> MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_slv.exe
Nokia PC Suite --> MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
Nokia Software Updater --> MsiExec.exe /X{3741689E-584D-40C9-B011-373A0371846D}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PC Connectivity Solution --> MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
ratDVD 0.78.1444 --> C:\Program Files\ratDVD\uninst.exe
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Ski Challenge 2008 --> "E:\Igre\SC 08\uninstall.exe" SC08-SLO_MAIN
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Subtitle Workshop 2.51 --> "C:\Program Files\Subtitle Workshop\uninstall.exe"
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TBS WMP Plug-in --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{DB5F474C-B584-417F-810B-DEBBC1893C2A}
Texas Hold'em Poker 3D - Deluxe Edition 1.0 --> "E:\Igre\Texas Hold'em Poker 3D\unins000.exe"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
WinAVI Video Converter --> "C:\Program Files\WinAVI Video Converter\unins000.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Windows Live installer --> MsiExec.exe /X{E6ED0036-8BC2-433D-9FF9-31AE231465B6}
Windows Live Messenger --> MsiExec.exe /X{0E2691E6-B4D2-4F72-997B-3F4CFA2BEFD1}
WinRAR arhiver --> C:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type4067 / Error
Event Submitted/Written: 01/22/2008 06:37:22 PM
Event ID/Source: 1090 / Userenv
Event Description:
Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.
Event Record #/Type4066 / Error
Event Submitted/Written: 01/22/2008 05:56:17 PM
Event ID/Source: 1090 / Userenv
Event Description:
Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.
Event Record #/Type4065 / Error
Event Submitted/Written: 01/22/2008 04:47:22 PM
Event ID/Source: 1090 / Userenv
Event Description:
Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.
Event Record #/Type4064 / Error
Event Submitted/Written: 01/22/2008 03:57:17 PM
Event ID/Source: 1090 / Userenv
Event Description:
Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.
Event Record #/Type4063 / Error
Event Submitted/Written: 01/22/2008 02:59:22 PM
Event ID/Source: 1090 / Userenv
Event Description:
Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type2798 / Warning
Event Submitted/Written: 01/22/2008 07:02:15 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 00173F0AB294. The IP address being used is 169.254.41.141.
Event Record #/Type2796 / Error
Event Submitted/Written: 01/22/2008 06:59:01 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Event Record #/Type2789 / Warning
Event Submitted/Written: 01/22/2008 02:41:10 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Event Record #/Type2788 / Warning
Event Submitted/Written: 01/21/2008 11:35:56 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type2787 / Error
Event Submitted/Written: 01/21/2008 05:37:46 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
-- End of Deckard's System Scanner: finished at 2008-01-22 19:02:27 ------------
Process:
System Idle Process
System
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Matija Hocevar\Application Data\m\flec006.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wintems.exe
C:\Documents and Settings\Matija Hocevar\Desktop\IceSword122en\IceSword122en\IceSword.exe
Started Service:
Service Name:Apple Mobile Device Display Name:Apple Mobile Device
Service Name:AudioSrv Display Name:Windows Audio
Service Name:Browser Display Name:Computer Browser
Service Name:CryptSvc Display Name:Cryptographic Services
Service Name:DcomLaunch Display Name:DCOM Server Process Launcher
Service Name:Dhcp Display Name:DHCP Client
Service Name:dmserver Display Name:Logical Disk Manager
Service Name:Dnscache Display Name:DNS Client
Service Name:ERSvc Display Name:Error Reporting Service
Service Name:Eventlog Display Name:Event Log
Service Name:EventSystem Display Name:COM+ Event System
Service Name:FastUserSwitchingCompatibility Display Name:Fast User Switching Compatibility
Service Name:helpsvc Display Name:Help and Support
Service Name:iPod Service Display Name:iPod Service
Service Name:lanmanserver Display Name:Server
Service Name:lanmanworkstation Display Name:Workstation
Service Name:LmHosts Display Name:TCP/IP NetBIOS Helper
Service Name:Nero BackItUp Scheduler 3 Display Name:Nero BackItUp Scheduler 3
Service Name:Netman Display Name:Network Connections
Service Name:Nla Display Name:Network Location Awareness (NLA)
Service Name:NMIndexingService Display Name:NMIndexingService
Service Name:NVSvc Display Name:NVIDIA Display Driver Service
Service Name:PlugPlay Display Name:Plug and Play
Service Name:PolicyAgent Display Name:IPSEC Services
Service Name:ProtectedStorage Display Name:Protected Storage
Service Name:RasMan Display Name:Remote Access Connection Manager
Service Name:RemoteRegistry Display Name:Remote Registry
Service Name:RpcSs Display Name:Remote Procedure Call (RPC)
Service Name:SamSs Display Name:Security Accounts Manager
Service Name:Schedule Display Name:Task Scheduler
Service Name:seclogon Display Name:Secondary Logon
Service Name:SENS Display Name:System Event Notification
Service Name:ServiceLayer Display Name:ServiceLayer
Service Name:ShellHWDetection Display Name:Shell Hardware Detection
Service Name:Spooler Display Name:Print Spooler
Service Name:srservice Display Name:System Restore Service
Service Name:SSDPSRV Display Name:SSDP Discovery Service
Service Name:stisvc Display Name:Windows Image Acquisition (WIA)
Service Name:TapiSrv Display Name:Telephony
Service Name:TermService Display Name:Terminal Services
Service Name:Themes Display Name:Themes
Service Name:TrkWks Display Name:Distributed Link Tracking Client
Service Name:usnjsvc Display Name:Storitev Messenger Sharing Folders USN Journal Reader
Service Name:W32Time Display Name:Windows Time
Service Name:WebClient Display Name:WebClient
Service Name:winmgmt Display Name:Windows Management Instrumentation
Service Name:WudfSvc Display Name:Windows Driver Foundation - User-mode Driver Framework
Startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
WinampAgent
"C:\Program Files\Winamp\winampa.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NeroFilterCheck
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NBKeyScan
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PCSuiteTrayApplication
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HP Software Update
"C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SoundMan
SOUNDMAN.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adobe Reader Speed Launcher
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SunJavaUpdateSched
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvCplDaemon
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
nwiz
nwiz.exe /install
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvMediaCenter
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
avast!
C:\PROGRA~1\Avast4\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
QuickTime Task
"C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
iTunesHelper
"C:\Program Files\iTunes\iTunesHelper.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE
C:\WINDOWS\system32\ctfmon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
DAEMON Tools
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
drvsyskit
C:\WINDOWS\system32\drivers\hldrrr.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
german.exe
C:\WINDOWS\system32\wintems.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Uniblue RegistryBooster 2
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
SpybotSD TeaTimer
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
mule_st_key
C:\Documents and Settings\Matija Hocevar\Application Data\m\flec006.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
desktop.ini
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Remark£º)
C:\Documents and Settings\Matija Hocevar\Start Menu\Programs\Startup
Mobiola Web Camera 2 for S60 3rd Edition.lnk
C:\Program Files\Mobiola Web Camera 2 for S60\BtCam.exe (Remark£º)
SSDT:
KModule name: spdt.sys (appears in red 7 times)