egrogan1
2008-04-28, 22:00
Deckard's System Scanner v20071014.68
Run by Eoin on 2008-04-28 19:05:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 4 Restore Point(s) --
4: 2008-04-28 17:02:16 UTC - RP607 - Windows Update
3: 2008-04-25 21:51:08 UTC - RP606 - Windows Defender Checkpoint
2: 2008-04-25 15:46:00 UTC - RP604 - Removed AVG 7.5
1: 2008-04-25 15:33:12 UTC - RP602 - Installed Ad-Aware 2007
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 10.56 GiB (less than 15%) free.
-- HijackThis (run as Eoin.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:04, on 28/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wmsdkns.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Bat\X_Bat.exe
C:\Program Files\Azureus\Azureus.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Eoin\Desktop\dss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Eoin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IE&c=71&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IE&c=71&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {01D7F8D2-56DB-4327-A992-00ACE6684580} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {73D6E387-53ED-41B7-9F02-DD9E615DFB2B} - C:\Windows\system32\khfCtsRk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {A3CCA0E4-F942-4CD3-A871-A9CF10F77DF7} - (no file)
O2 - BHO: (no name) - {A72E4F7F-F506-4898-B609-FF892745A1F5} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {E52BEFEB-2290-4BDF-87F9-5EC9F7ECE287} - (no file)
O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\Windows\system32\hgGvtSkl.dll
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\hgGvtSkl.dll,#1
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [BM3a2b1158] Rundll32.exe "C:\Windows\system32\yvfsnrdr.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingA4200] command /c del "C:\Windows\System32\dncjghsu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3996] cmd /c del "C:\Windows\System32\dncjghsu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5079] command /c del "C:\Windows\System32\drdekhcm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8460] cmd /c del "C:\Windows\System32\drdekhcm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA673] command /c del "C:\Windows\System32\jneqcrbb.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC444] cmd /c del "C:\Windows\System32\jneqcrbb.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1039] command /c del "C:\Windows\System32\khfCtsRk.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2090] cmd /c del "C:\Windows\System32\khfCtsRk.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1763] command /c del "C:\Windows\System32\vruhqdpo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC315] cmd /c del "C:\Windows\System32\vruhqdpo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2293] command /c del "C:\Windows\System32\wvUlJBuR.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3280] cmd /c del "C:\Windows\System32\wvUlJBuR.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3147] command /c del "C:\Windows\System32\yvfsnrdr.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7958] cmd /c del "C:\Windows\System32\yvfsnrdr.dll_old"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB3930] command /c del "C:\Windows\System32\dncjghsu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1626] cmd /c del "C:\Windows\System32\dncjghsu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6712] command /c del "C:\Windows\System32\drdekhcm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4767] cmd /c del "C:\Windows\System32\drdekhcm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9078] command /c del "C:\Windows\System32\jneqcrbb.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1397] cmd /c del "C:\Windows\System32\jneqcrbb.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8426] command /c del "C:\Windows\System32\khfCtsRk.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5643] cmd /c del "C:\Windows\System32\khfCtsRk.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5406] command /c del "C:\Windows\System32\vruhqdpo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6113] cmd /c del "C:\Windows\System32\vruhqdpo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB698] command /c del "C:\Windows\System32\wvUlJBuR.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9873] cmd /c del "C:\Windows\System32\wvUlJBuR.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3282] command /c del "C:\Windows\System32\yvfsnrdr.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD524] cmd /c del "C:\Windows\System32\yvfsnrdr.dll_old"
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LNSS_MONITOR_USR')
O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'LNSS_MONITOR_USR')
O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup (User 'LNSS_MONITOR_USR')
O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'LNSS_MONITOR_USR')
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Startup: GpsGate.lnk.disabled
O4 - Startup: Windows Calendar.lnk = D:\Program Files\Windows Calendar\WinCal.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: winpto32 - winpto32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GFI LANguard N.S.S. 8.0 Attendant Service (gfi_lnss8_attservice) - GFI Software Ltd. - C:\Program Files\GFI\LANguard Network Security Scanner 8.0\lnssatt.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: RelevantKnowledge - RelevantKnowledge - C:\Windows\system32\rlservice.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 16199 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20071010-171806-718 O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
-- File Associations -----------------------------------------------------------
.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 AFS - c:\windows\system32\drivers\afs.sys <Not Verified; Oak Technology Inc.; AFS>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 VClone - c:\windows\system32\drivers\vclone.sys <Not Verified; Elaborate Bytes AG; Virtual CloneDrive>
S0 MFX - c:\windows\system32\drivers\mfx.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\hp\quickplay\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\hp\quickplay\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
R2 ColdFusion MX Application Server - "c:\cfusionmx\runtime\bin\jrunsvc.exe" <Not Verified; Macromedia Inc.; Macromedia JRun Application Server>
R2 ColdFusion MX ODBC Agent - c:\cfusionmx\db\slserver52\bin\swagent.exe "coldfusion mx odbc agent"
R2 ColdFusion MX ODBC Server - c:\cfusionmx\db\slserver52\bin\swstrtr.exe "coldfusion mx odbc server"
R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>
R2 RelevantKnowledge - c:\windows\system32\rlservice.exe /service <Not Verified; RelevantKnowledge; RelevantKnowledge>
S2 MySQL - "c:\program files\mysql\mysql server 6.0\bin\mysqld-nt" --defaults-file="c:\program files\mysql\mysql server 6.0\my.ini" mysql (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S3 stllssvr -
S4 iSafer (iSafer - Personal Firewall) -
S4 NMIndexingService -
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMSLIMTYPE_DVD_A__DS8AZH__________________NH61____\5&61DFA57&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: Slimtype DVD A DS8AZH ATA Device
PNP Device ID: IDE\CDROMSLIMTYPE_DVD_A__DS8AZH__________________NH61____\5&61DFA57&0&0.0.0
Service: cdrom
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Dm12
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Dm12
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
-- Scheduled Tasks -------------------------------------------------------------
2008-04-25 15:21:43 406 --a------ C:\Windows\Tasks\Norton Security Scan.job
2007-11-14 09:38:12 370 --a------ C:\Windows\Tasks\RegCure.job
2007-11-14 09:38:12 436 --a------ C:\Windows\Tasks\RegCure Program Check.job
2007-11-14 01:25:00 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{EDEBA330-0D8D-4AC6-9BBE-DB587BD208FE}.job
-- Files created between 2008-03-28 and 2008-04-28 -----------------------------
2008-04-28 19:05:21 14080 --a------ C:\Windows\stcloader.exe
2008-04-28 19:05:19 10752 --a------ C:\Windows\2020search2.dll
2008-04-28 19:05:19 8192 --a------ C:\Windows\2020search.dll
2008-04-28 18:06:17 37888 --a------ C:\Windows\system32\hgGvtSkl.dll
2008-04-27 20:59:39 370945 --ahs---- C:\Windows\system32\RuBJlUvw.ini2
2008-04-26 20:11:44 11776 --a------ C:\Windows\bokja.exe
2008-04-26 02:06:07 32512 --a------ C:\Windows\saiemod.dll
2008-04-26 01:05:26 25088 --a------ C:\Windows\swin32.dll
2008-04-25 16:10:32 28672 --a------ C:\Windows\voiceip.dll
2008-04-25 16:10:32 9728 --a------ C:\Windows\cdsm32.dll
2008-04-25 16:10:31 13312 --a------ C:\Windows\mssvr.exe
2008-04-25 16:10:31 20992 --a------ C:\Windows\mspphe.dll
2008-04-25 16:10:31 14848 --a------ C:\Windows\bjam.dll
2008-04-25 16:10:26 15360 --a------ C:\Windows\msapasrc.dll
2008-04-25 16:10:26 22016 --a------ C:\Windows\msa64chk.dll
2008-04-25 16:10:25 21504 --a------ C:\Windows\shdocpl.dll
2008-04-25 16:10:25 14592 --a------ C:\Windows\shdocpe.dll
2008-04-25 16:10:25 21504 --a------ C:\Windows\ntnut.exe
2008-04-25 16:10:24 24320 --a------ C:\Windows\winsb.dll
2008-04-25 16:10:24 22272 --a------ C:\Windows\browserad.dll
2008-04-25 16:10:24 19968 --a------ C:\Windows\aviwrap32.dll
2008-04-25 16:10:24 24320 --a------ C:\Windows\avisynthex32.dll
2008-04-25 16:10:24 32000 --a------ C:\Windows\avifile32.dll
2008-04-25 16:10:23 23552 --a------ C:\Windows\autodisc32.dll
2008-04-25 16:10:23 28160 --a------ C:\Windows\audiosrv32.dll
2008-04-25 16:10:23 19200 --a------ C:\Windows\ati2dvag32.dll
2008-04-25 16:10:23 23296 --a------ C:\Windows\ati2dvaa32.dll
2008-04-25 16:10:23 21504 --a------ C:\Windows\athprxy32.dll
2008-04-25 16:10:22 29952 --a------ C:\Windows\changeurl_30.dll
2008-04-25 16:10:22 32512 --a------ C:\Windows\asycfilt32.dll
2008-04-25 16:10:22 8704 --a------ C:\Windows\asferror32.dll
2008-04-25 16:10:22 15872 --a------ C:\Windows\apphelp32.dll
2008-04-25 15:46:02 0 d-------- C:\Program Files\Bat
2008-04-25 15:44:51 4 --a------ C:\Windows\system32\winfrun32.bin
2008-04-25 15:44:36 88491 --a------ C:\Windows\system32\wmsdkns.exe <Not Verified; Microsoft; XML Media>
2008-04-25 15:44:36 88491 --a------ C:\Windows\lfn.exe <Not Verified; Microsoft; XML Media>
2008-04-25 15:43:58 0 d-------- C:\Program Files\Thinstall.VS
2008-04-25 15:42:26 38400 --a------ C:\Windows\system32\iifCVPfG.dll
2008-04-25 14:52:34 691545 --a------ C:\Windows\unins000.exe
2008-04-25 14:52:34 2535 --a------ C:\Windows\unins000.dat
2008-04-24 21:59:16 39936 --a------ C:\Windows\system32\jkkIXqpn.dll
2008-04-24 21:59:15 39936 --a------ C:\Windows\system32\geBspoNf.dll
2008-04-24 21:52:31 0 d-------- C:\Program Files\ClamWin
2008-04-24 21:42:18 372459 --ahs---- C:\Windows\system32\kRstCfhk.ini2
2008-04-24 21:42:13 272384 -----n--- C:\Windows\system32\khfCtsRk.dll
2008-04-24 19:08:00 0 d-------- C:\Program Files\Spyware Doctor
2008-04-24 18:58:43 0 d-------- C:\Program Files\Norton Security Scan
2008-04-08 23:09:36 0 d-------- C:\Program Files\NFR
2008-04-08 23:05:08 0 d-------- C:\PCPRO
2008-04-08 23:03:57 0 d-------- C:\Program Files\MOBv2
2008-04-08 21:47:00 8 --a------ C:\Windows\system32\Urncb.dll
2008-04-02 21:03:33 0 d-------- C:\Program Files\Freeware PDF Unlocker
2008-04-01 15:32:37 0 d-------- C:\Program Files\Packet Tracer 4.11
-- Find3M Report ---------------------------------------------------------------
2008-04-28 19:18:43 0 d-------- C:\Users\Eoin\AppData\Roaming\Azureus
2008-04-28 18:53:40 0 d-------- C:\Users\Eoin\AppData\Roaming\KompoZer
2008-04-28 18:07:32 21 --a------ C:\qpmd8376.bin
2008-04-28 18:03:29 3308 --a------ C:\Windows\bthservsdp.dat
2008-04-28 17:39:51 0 d-------- C:\Program Files\UZC Trial
2008-04-28 17:39:37 0 d-------- C:\Program Files\Sony Ericsson
2008-04-26 21:33:15 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-26 01:44:37 12978 --a------ C:\Users\Eoin\AppData\Roaming\nvModes.001
2008-04-26 01:17:13 0 d-------- C:\Users\Eoin\AppData\Roaming\OpenOffice.org2
2008-04-25 16:53:30 554 --a------ C:\sccfg.sys
2008-04-25 16:35:33 0 d-------- C:\Program Files\Lavasoft
2008-04-25 16:32:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-25 15:42:28 0 d-------- C:\Users\Eoin\AppData\Roaming\Downloaded Installations
2008-04-24 21:59:18 0 d-------- C:\Users\Eoin\AppData\Roaming\Thinstall
2008-04-24 21:53:50 0 d-------- C:\Users\Eoin\AppData\Roaming\.clamwin
2008-04-24 21:32:39 0 d-------- C:\Users\Eoin\AppData\Roaming\WinCare2008
2008-04-24 19:08:00 0 d-------- C:\Users\Eoin\AppData\Roaming\PC Tools
2008-04-24 18:59:58 0 --a------ C:\Users\Eoin\AppData\Roaming\.googlewebacchosts
2008-04-24 18:54:18 0 d-------- C:\Program Files\Google
2008-04-18 13:17:11 0 d-------- C:\Users\Eoin\AppData\Roaming\VMware
2008-04-17 16:42:32 0 d-------- C:\Program Files\Azureus
2008-04-15 19:15:12 0 d-------- C:\Program Files\Common Files
2008-04-10 13:18:58 0 d-------- C:\Program Files\Windows Mail
2008-04-09 21:19:42 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-31 12:46:14 536784 --a------ C:\Users\Eoin\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-03-26 15:43:53 0 d-------- C:\Program Files\Elaborate Bytes
2008-03-23 22:25:11 0 d-------- C:\Program Files\HCScript
2008-03-23 21:13:56 0 d-------- C:\Program Files\Folder Lock
2008-03-21 23:01:22 0 d-------- C:\Program Files\Mindscape
2008-03-20 21:58:17 0 d-------- C:\Users\Eoin\AppData\Roaming\Apple Computer
2008-03-20 21:39:06 0 d-------- C:\Program Files\iTunes
2008-03-20 21:38:35 0 d-------- C:\Program Files\iPod
2008-03-12 23:36:38 0 d-------- C:\Program Files\LaceLevel2GDS
2008-03-12 23:17:54 0 d-------- C:\Users\Eoin\AppData\Roaming\Intel
2008-03-12 23:17:53 0 d-------- C:\Program Files\Intel
2008-03-05 11:16:41 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-03 18:11:32 0 d-------- C:\Program Files\Common Files\xing shared
2008-03-03 18:10:59 0 d-------- C:\Program Files\Common Files\Real
2008-03-01 19:55:33 0 d-------- C:\Users\Eoin\AppData\Roaming\Real
2008-03-01 15:59:59 0 d-------- C:\Users\Eoin\AppData\Roaming\AVG7
2008-02-29 23:55:40 0 d-------- C:\Program Files\Cell Phone Manager
2008-02-29 23:23:17 0 d-------- C:\Users\Eoin\AppData\Roaming\Systweak
2008-02-29 23:23:00 0 d-------- C:\Program Files\Advanced System Optimizer
2008-02-26 19:26:19 73 --a------ C:\Windows\system32\ssprs.dll
2008-02-26 19:26:17 336 --a------ C:\Windows\system32\lsprst7.dll
2008-02-25 23:57:00 75 --a------ C:\Windows\Memory
2008-02-25 23:57:00 74 --a------ C:\Windows\Logic
2008-02-25 23:53:48 76 --a------ C:\Windows\Spatial
2008-02-25 23:50:12 78 --a------ C:\Windows\Numerical
2008-02-25 23:48:50 75 --a------ C:\Windows\Verbal
2008-02-25 23:48:14 73 --a------ C:\Windows\Times New Roman
2008-02-25 23:48:14 454 --a------ C:\Windows\0
2008-02-12 14:05:08 1025 --a------ C:\Windows\system32\sysprs7.dll
2008-02-12 14:05:08 1025 --a------ C:\Windows\system32\clauth2.dll
2008-02-12 14:05:08 1025 --a------ C:\Windows\system32\clauth1.dll
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01D7F8D2-56DB-4327-A992-00ACE6684580}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73D6E387-53ED-41B7-9F02-DD9E615DFB2B}]
24/04/2008 21:42 272384 --------- C:\Windows\system32\khfCtsRk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CCA0E4-F942-4CD3-A871-A9CF10F77DF7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A72E4F7F-F506-4898-B609-FF892745A1F5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E52BEFEB-2290-4BDF-87F9-5EC9F7ECE287}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE5A1465-1E73-4784-8F63-45983FDF0DB8}]
24/04/2008 21:37 37888 --a------ C:\Windows\system32\hgGvtSkl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [12/04/2007 00:07]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [18/10/2006 18:56]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/03/2008 18:08]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15/09/2007 02:29]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/11/2006 06:02]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [25/11/2006 00:33]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [06/11/2006 19:58]
"MSServer"="C:\Windows\system32\hgGvtSkl.dll" [24/04/2008 21:37]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [18/10/2006 18:32]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [17/02/2005 08:11]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [05/06/2007 09:12]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [19/04/2008 16:35]
"BM3a2b1158"="C:\Windows\system32\yvfsnrdr.dll" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [11/08/2005 22:30]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 13:35]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB3930"=command /c del "C:\Windows\System32\dncjghsu.dll_old"
"SpybotDeletingD1626"=cmd /c del "C:\Windows\System32\dncjghsu.dll_old"
"SpybotDeletingB6712"=command /c del "C:\Windows\System32\drdekhcm.dll_old"
"SpybotDeletingD4767"=cmd /c del "C:\Windows\System32\drdekhcm.dll_old"
"SpybotDeletingB9078"=command /c del "C:\Windows\System32\jneqcrbb.dll_old"
"SpybotDeletingD1397"=cmd /c del "C:\Windows\System32\jneqcrbb.dll_old"
"SpybotDeletingB8426"=command /c del "C:\Windows\System32\khfCtsRk.dll"
"SpybotDeletingD5643"=cmd /c del "C:\Windows\System32\khfCtsRk.dll"
"SpybotDeletingB5406"=command /c del "C:\Windows\System32\vruhqdpo.dll_old"
"SpybotDeletingD6113"=cmd /c del "C:\Windows\System32\vruhqdpo.dll_old"
"SpybotDeletingB698"=command /c del "C:\Windows\System32\wvUlJBuR.dll_old"
"SpybotDeletingD9873"=cmd /c del "C:\Windows\System32\wvUlJBuR.dll_old"
"SpybotDeletingB3282"=command /c del "C:\Windows\System32\yvfsnrdr.dll_old"
"SpybotDeletingD524"=cmd /c del "C:\Windows\System32\yvfsnrdr.dll_old"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingA4200"=command /c del "C:\Windows\System32\dncjghsu.dll_old"
"SpybotDeletingC3996"=cmd /c del "C:\Windows\System32\dncjghsu.dll_old"
"SpybotDeletingA5079"=command /c del "C:\Windows\System32\drdekhcm.dll_old"
"SpybotDeletingC8460"=cmd /c del "C:\Windows\System32\drdekhcm.dll_old"
"SpybotDeletingA673"=command /c del "C:\Windows\System32\jneqcrbb.dll_old"
"SpybotDeletingC444"=cmd /c del "C:\Windows\System32\jneqcrbb.dll_old"
"SpybotDeletingA1039"=command /c del "C:\Windows\System32\khfCtsRk.dll"
"SpybotDeletingC2090"=cmd /c del "C:\Windows\System32\khfCtsRk.dll"
"SpybotDeletingA1763"=command /c del "C:\Windows\System32\vruhqdpo.dll_old"
"SpybotDeletingC315"=cmd /c del "C:\Windows\System32\vruhqdpo.dll_old"
"SpybotDeletingA2293"=command /c del "C:\Windows\System32\wvUlJBuR.dll_old"
"SpybotDeletingC3280"=cmd /c del "C:\Windows\System32\wvUlJBuR.dll_old"
"SpybotDeletingA3147"=command /c del "C:\Windows\System32\yvfsnrdr.dll_old"
"SpybotDeletingC7958"=cmd /c del "C:\Windows\System32\yvfsnrdr.dll_old"
C:\Users\Eoin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bat - Auto Update.lnk - C:\Program Files\Bat\Bat.exe [25/04/2008 15:45:58]
GpsGate.lnk.disabled [15/12/2007 15:16:35]
Windows Calendar.lnk - C:\Program Files\Windows Calendar\WinCal.exe [30/08/2007 12:40:18]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"DisableTaskMgr"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"=2 (0x2)
"DontDisplayLogonHoursWarnings"=1 (0x1)
"DisableTaskMgr"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EE5A1465-1E73-4784-8F63-45983FDF0DB8}"= C:\Windows\system32\hgGvtSkl.dll [24/04/2008 21:37 37888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\Windows\system32\userinit.exe,C:\Windows\system32\wmsdkns.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winpto32]
winpto32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\khfCtsRk
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BySoft IRServer"=C:\Program Files\IRControl\IRServer.exe
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"CTRegRun"=C:\Windows\CTRegRun.EXE
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
"Startup Manager"="C:\Program Files\Advanced System Optimizer\startUp manager.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe"
"SiteAdvisor"=C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
"<NO NAME>"=
"CorelDRAW Graphics Suite 11b"=C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032007 serial=dr12wex-1504397-kty lang=EN
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"win32"=win32.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe
"CTCheck"=C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe"
"vmware-tray"=C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"win32"=win32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c1367c3-c478-11dc-b0dc-001636e944a6}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3027bfd7-7b07-11dc-949a-001636e944a6}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Cn911.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36571902-a6af-11dc-ad11-9dcbe14d6b3d}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49319c14-8bc7-11dc-b21e-001641da0939}]
- Cn911.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
8300 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-04-28 19:21:59 ------------
Run by Eoin on 2008-04-28 19:05:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 4 Restore Point(s) --
4: 2008-04-28 17:02:16 UTC - RP607 - Windows Update
3: 2008-04-25 21:51:08 UTC - RP606 - Windows Defender Checkpoint
2: 2008-04-25 15:46:00 UTC - RP604 - Removed AVG 7.5
1: 2008-04-25 15:33:12 UTC - RP602 - Installed Ad-Aware 2007
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 10.56 GiB (less than 15%) free.
-- HijackThis (run as Eoin.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:04, on 28/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wmsdkns.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Bat\X_Bat.exe
C:\Program Files\Azureus\Azureus.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Eoin\Desktop\dss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Eoin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IE&c=71&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IE&c=71&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {01D7F8D2-56DB-4327-A992-00ACE6684580} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {73D6E387-53ED-41B7-9F02-DD9E615DFB2B} - C:\Windows\system32\khfCtsRk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {A3CCA0E4-F942-4CD3-A871-A9CF10F77DF7} - (no file)
O2 - BHO: (no name) - {A72E4F7F-F506-4898-B609-FF892745A1F5} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {E52BEFEB-2290-4BDF-87F9-5EC9F7ECE287} - (no file)
O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\Windows\system32\hgGvtSkl.dll
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\hgGvtSkl.dll,#1
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [BM3a2b1158] Rundll32.exe "C:\Windows\system32\yvfsnrdr.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingA4200] command /c del "C:\Windows\System32\dncjghsu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3996] cmd /c del "C:\Windows\System32\dncjghsu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5079] command /c del "C:\Windows\System32\drdekhcm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8460] cmd /c del "C:\Windows\System32\drdekhcm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA673] command /c del "C:\Windows\System32\jneqcrbb.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC444] cmd /c del "C:\Windows\System32\jneqcrbb.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1039] command /c del "C:\Windows\System32\khfCtsRk.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2090] cmd /c del "C:\Windows\System32\khfCtsRk.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1763] command /c del "C:\Windows\System32\vruhqdpo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC315] cmd /c del "C:\Windows\System32\vruhqdpo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2293] command /c del "C:\Windows\System32\wvUlJBuR.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3280] cmd /c del "C:\Windows\System32\wvUlJBuR.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3147] command /c del "C:\Windows\System32\yvfsnrdr.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7958] cmd /c del "C:\Windows\System32\yvfsnrdr.dll_old"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB3930] command /c del "C:\Windows\System32\dncjghsu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1626] cmd /c del "C:\Windows\System32\dncjghsu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6712] command /c del "C:\Windows\System32\drdekhcm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4767] cmd /c del "C:\Windows\System32\drdekhcm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9078] command /c del "C:\Windows\System32\jneqcrbb.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1397] cmd /c del "C:\Windows\System32\jneqcrbb.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8426] command /c del "C:\Windows\System32\khfCtsRk.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5643] cmd /c del "C:\Windows\System32\khfCtsRk.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5406] command /c del "C:\Windows\System32\vruhqdpo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6113] cmd /c del "C:\Windows\System32\vruhqdpo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB698] command /c del "C:\Windows\System32\wvUlJBuR.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9873] cmd /c del "C:\Windows\System32\wvUlJBuR.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3282] command /c del "C:\Windows\System32\yvfsnrdr.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD524] cmd /c del "C:\Windows\System32\yvfsnrdr.dll_old"
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LNSS_MONITOR_USR')
O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'LNSS_MONITOR_USR')
O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup (User 'LNSS_MONITOR_USR')
O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'LNSS_MONITOR_USR')
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Startup: GpsGate.lnk.disabled
O4 - Startup: Windows Calendar.lnk = D:\Program Files\Windows Calendar\WinCal.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: winpto32 - winpto32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GFI LANguard N.S.S. 8.0 Attendant Service (gfi_lnss8_attservice) - GFI Software Ltd. - C:\Program Files\GFI\LANguard Network Security Scanner 8.0\lnssatt.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: RelevantKnowledge - RelevantKnowledge - C:\Windows\system32\rlservice.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 16199 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20071010-171806-718 O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
-- File Associations -----------------------------------------------------------
.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 AFS - c:\windows\system32\drivers\afs.sys <Not Verified; Oak Technology Inc.; AFS>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 VClone - c:\windows\system32\drivers\vclone.sys <Not Verified; Elaborate Bytes AG; Virtual CloneDrive>
S0 MFX - c:\windows\system32\drivers\mfx.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\hp\quickplay\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\hp\quickplay\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
R2 ColdFusion MX Application Server - "c:\cfusionmx\runtime\bin\jrunsvc.exe" <Not Verified; Macromedia Inc.; Macromedia JRun Application Server>
R2 ColdFusion MX ODBC Agent - c:\cfusionmx\db\slserver52\bin\swagent.exe "coldfusion mx odbc agent"
R2 ColdFusion MX ODBC Server - c:\cfusionmx\db\slserver52\bin\swstrtr.exe "coldfusion mx odbc server"
R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>
R2 RelevantKnowledge - c:\windows\system32\rlservice.exe /service <Not Verified; RelevantKnowledge; RelevantKnowledge>
S2 MySQL - "c:\program files\mysql\mysql server 6.0\bin\mysqld-nt" --defaults-file="c:\program files\mysql\mysql server 6.0\my.ini" mysql (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S3 stllssvr -
S4 iSafer (iSafer - Personal Firewall) -
S4 NMIndexingService -
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMSLIMTYPE_DVD_A__DS8AZH__________________NH61____\5&61DFA57&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: Slimtype DVD A DS8AZH ATA Device
PNP Device ID: IDE\CDROMSLIMTYPE_DVD_A__DS8AZH__________________NH61____\5&61DFA57&0&0.0.0
Service: cdrom
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Dm12
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Dm12
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
-- Scheduled Tasks -------------------------------------------------------------
2008-04-25 15:21:43 406 --a------ C:\Windows\Tasks\Norton Security Scan.job
2007-11-14 09:38:12 370 --a------ C:\Windows\Tasks\RegCure.job
2007-11-14 09:38:12 436 --a------ C:\Windows\Tasks\RegCure Program Check.job
2007-11-14 01:25:00 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{EDEBA330-0D8D-4AC6-9BBE-DB587BD208FE}.job
-- Files created between 2008-03-28 and 2008-04-28 -----------------------------
2008-04-28 19:05:21 14080 --a------ C:\Windows\stcloader.exe
2008-04-28 19:05:19 10752 --a------ C:\Windows\2020search2.dll
2008-04-28 19:05:19 8192 --a------ C:\Windows\2020search.dll
2008-04-28 18:06:17 37888 --a------ C:\Windows\system32\hgGvtSkl.dll
2008-04-27 20:59:39 370945 --ahs---- C:\Windows\system32\RuBJlUvw.ini2
2008-04-26 20:11:44 11776 --a------ C:\Windows\bokja.exe
2008-04-26 02:06:07 32512 --a------ C:\Windows\saiemod.dll
2008-04-26 01:05:26 25088 --a------ C:\Windows\swin32.dll
2008-04-25 16:10:32 28672 --a------ C:\Windows\voiceip.dll
2008-04-25 16:10:32 9728 --a------ C:\Windows\cdsm32.dll
2008-04-25 16:10:31 13312 --a------ C:\Windows\mssvr.exe
2008-04-25 16:10:31 20992 --a------ C:\Windows\mspphe.dll
2008-04-25 16:10:31 14848 --a------ C:\Windows\bjam.dll
2008-04-25 16:10:26 15360 --a------ C:\Windows\msapasrc.dll
2008-04-25 16:10:26 22016 --a------ C:\Windows\msa64chk.dll
2008-04-25 16:10:25 21504 --a------ C:\Windows\shdocpl.dll
2008-04-25 16:10:25 14592 --a------ C:\Windows\shdocpe.dll
2008-04-25 16:10:25 21504 --a------ C:\Windows\ntnut.exe
2008-04-25 16:10:24 24320 --a------ C:\Windows\winsb.dll
2008-04-25 16:10:24 22272 --a------ C:\Windows\browserad.dll
2008-04-25 16:10:24 19968 --a------ C:\Windows\aviwrap32.dll
2008-04-25 16:10:24 24320 --a------ C:\Windows\avisynthex32.dll
2008-04-25 16:10:24 32000 --a------ C:\Windows\avifile32.dll
2008-04-25 16:10:23 23552 --a------ C:\Windows\autodisc32.dll
2008-04-25 16:10:23 28160 --a------ C:\Windows\audiosrv32.dll
2008-04-25 16:10:23 19200 --a------ C:\Windows\ati2dvag32.dll
2008-04-25 16:10:23 23296 --a------ C:\Windows\ati2dvaa32.dll
2008-04-25 16:10:23 21504 --a------ C:\Windows\athprxy32.dll
2008-04-25 16:10:22 29952 --a------ C:\Windows\changeurl_30.dll
2008-04-25 16:10:22 32512 --a------ C:\Windows\asycfilt32.dll
2008-04-25 16:10:22 8704 --a------ C:\Windows\asferror32.dll
2008-04-25 16:10:22 15872 --a------ C:\Windows\apphelp32.dll
2008-04-25 15:46:02 0 d-------- C:\Program Files\Bat
2008-04-25 15:44:51 4 --a------ C:\Windows\system32\winfrun32.bin
2008-04-25 15:44:36 88491 --a------ C:\Windows\system32\wmsdkns.exe <Not Verified; Microsoft; XML Media>
2008-04-25 15:44:36 88491 --a------ C:\Windows\lfn.exe <Not Verified; Microsoft; XML Media>
2008-04-25 15:43:58 0 d-------- C:\Program Files\Thinstall.VS
2008-04-25 15:42:26 38400 --a------ C:\Windows\system32\iifCVPfG.dll
2008-04-25 14:52:34 691545 --a------ C:\Windows\unins000.exe
2008-04-25 14:52:34 2535 --a------ C:\Windows\unins000.dat
2008-04-24 21:59:16 39936 --a------ C:\Windows\system32\jkkIXqpn.dll
2008-04-24 21:59:15 39936 --a------ C:\Windows\system32\geBspoNf.dll
2008-04-24 21:52:31 0 d-------- C:\Program Files\ClamWin
2008-04-24 21:42:18 372459 --ahs---- C:\Windows\system32\kRstCfhk.ini2
2008-04-24 21:42:13 272384 -----n--- C:\Windows\system32\khfCtsRk.dll
2008-04-24 19:08:00 0 d-------- C:\Program Files\Spyware Doctor
2008-04-24 18:58:43 0 d-------- C:\Program Files\Norton Security Scan
2008-04-08 23:09:36 0 d-------- C:\Program Files\NFR
2008-04-08 23:05:08 0 d-------- C:\PCPRO
2008-04-08 23:03:57 0 d-------- C:\Program Files\MOBv2
2008-04-08 21:47:00 8 --a------ C:\Windows\system32\Urncb.dll
2008-04-02 21:03:33 0 d-------- C:\Program Files\Freeware PDF Unlocker
2008-04-01 15:32:37 0 d-------- C:\Program Files\Packet Tracer 4.11
-- Find3M Report ---------------------------------------------------------------
2008-04-28 19:18:43 0 d-------- C:\Users\Eoin\AppData\Roaming\Azureus
2008-04-28 18:53:40 0 d-------- C:\Users\Eoin\AppData\Roaming\KompoZer
2008-04-28 18:07:32 21 --a------ C:\qpmd8376.bin
2008-04-28 18:03:29 3308 --a------ C:\Windows\bthservsdp.dat
2008-04-28 17:39:51 0 d-------- C:\Program Files\UZC Trial
2008-04-28 17:39:37 0 d-------- C:\Program Files\Sony Ericsson
2008-04-26 21:33:15 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-26 01:44:37 12978 --a------ C:\Users\Eoin\AppData\Roaming\nvModes.001
2008-04-26 01:17:13 0 d-------- C:\Users\Eoin\AppData\Roaming\OpenOffice.org2
2008-04-25 16:53:30 554 --a------ C:\sccfg.sys
2008-04-25 16:35:33 0 d-------- C:\Program Files\Lavasoft
2008-04-25 16:32:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-25 15:42:28 0 d-------- C:\Users\Eoin\AppData\Roaming\Downloaded Installations
2008-04-24 21:59:18 0 d-------- C:\Users\Eoin\AppData\Roaming\Thinstall
2008-04-24 21:53:50 0 d-------- C:\Users\Eoin\AppData\Roaming\.clamwin
2008-04-24 21:32:39 0 d-------- C:\Users\Eoin\AppData\Roaming\WinCare2008
2008-04-24 19:08:00 0 d-------- C:\Users\Eoin\AppData\Roaming\PC Tools
2008-04-24 18:59:58 0 --a------ C:\Users\Eoin\AppData\Roaming\.googlewebacchosts
2008-04-24 18:54:18 0 d-------- C:\Program Files\Google
2008-04-18 13:17:11 0 d-------- C:\Users\Eoin\AppData\Roaming\VMware
2008-04-17 16:42:32 0 d-------- C:\Program Files\Azureus
2008-04-15 19:15:12 0 d-------- C:\Program Files\Common Files
2008-04-10 13:18:58 0 d-------- C:\Program Files\Windows Mail
2008-04-09 21:19:42 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-31 12:46:14 536784 --a------ C:\Users\Eoin\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-03-26 15:43:53 0 d-------- C:\Program Files\Elaborate Bytes
2008-03-23 22:25:11 0 d-------- C:\Program Files\HCScript
2008-03-23 21:13:56 0 d-------- C:\Program Files\Folder Lock
2008-03-21 23:01:22 0 d-------- C:\Program Files\Mindscape
2008-03-20 21:58:17 0 d-------- C:\Users\Eoin\AppData\Roaming\Apple Computer
2008-03-20 21:39:06 0 d-------- C:\Program Files\iTunes
2008-03-20 21:38:35 0 d-------- C:\Program Files\iPod
2008-03-12 23:36:38 0 d-------- C:\Program Files\LaceLevel2GDS
2008-03-12 23:17:54 0 d-------- C:\Users\Eoin\AppData\Roaming\Intel
2008-03-12 23:17:53 0 d-------- C:\Program Files\Intel
2008-03-05 11:16:41 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-03 18:11:32 0 d-------- C:\Program Files\Common Files\xing shared
2008-03-03 18:10:59 0 d-------- C:\Program Files\Common Files\Real
2008-03-01 19:55:33 0 d-------- C:\Users\Eoin\AppData\Roaming\Real
2008-03-01 15:59:59 0 d-------- C:\Users\Eoin\AppData\Roaming\AVG7
2008-02-29 23:55:40 0 d-------- C:\Program Files\Cell Phone Manager
2008-02-29 23:23:17 0 d-------- C:\Users\Eoin\AppData\Roaming\Systweak
2008-02-29 23:23:00 0 d-------- C:\Program Files\Advanced System Optimizer
2008-02-26 19:26:19 73 --a------ C:\Windows\system32\ssprs.dll
2008-02-26 19:26:17 336 --a------ C:\Windows\system32\lsprst7.dll
2008-02-25 23:57:00 75 --a------ C:\Windows\Memory
2008-02-25 23:57:00 74 --a------ C:\Windows\Logic
2008-02-25 23:53:48 76 --a------ C:\Windows\Spatial
2008-02-25 23:50:12 78 --a------ C:\Windows\Numerical
2008-02-25 23:48:50 75 --a------ C:\Windows\Verbal
2008-02-25 23:48:14 73 --a------ C:\Windows\Times New Roman
2008-02-25 23:48:14 454 --a------ C:\Windows\0
2008-02-12 14:05:08 1025 --a------ C:\Windows\system32\sysprs7.dll
2008-02-12 14:05:08 1025 --a------ C:\Windows\system32\clauth2.dll
2008-02-12 14:05:08 1025 --a------ C:\Windows\system32\clauth1.dll
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01D7F8D2-56DB-4327-A992-00ACE6684580}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73D6E387-53ED-41B7-9F02-DD9E615DFB2B}]
24/04/2008 21:42 272384 --------- C:\Windows\system32\khfCtsRk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CCA0E4-F942-4CD3-A871-A9CF10F77DF7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A72E4F7F-F506-4898-B609-FF892745A1F5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E52BEFEB-2290-4BDF-87F9-5EC9F7ECE287}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE5A1465-1E73-4784-8F63-45983FDF0DB8}]
24/04/2008 21:37 37888 --a------ C:\Windows\system32\hgGvtSkl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [12/04/2007 00:07]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [18/10/2006 18:56]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/03/2008 18:08]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15/09/2007 02:29]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/11/2006 06:02]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [25/11/2006 00:33]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [06/11/2006 19:58]
"MSServer"="C:\Windows\system32\hgGvtSkl.dll" [24/04/2008 21:37]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [18/10/2006 18:32]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [17/02/2005 08:11]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [05/06/2007 09:12]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [19/04/2008 16:35]
"BM3a2b1158"="C:\Windows\system32\yvfsnrdr.dll" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [11/08/2005 22:30]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 13:35]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB3930"=command /c del "C:\Windows\System32\dncjghsu.dll_old"
"SpybotDeletingD1626"=cmd /c del "C:\Windows\System32\dncjghsu.dll_old"
"SpybotDeletingB6712"=command /c del "C:\Windows\System32\drdekhcm.dll_old"
"SpybotDeletingD4767"=cmd /c del "C:\Windows\System32\drdekhcm.dll_old"
"SpybotDeletingB9078"=command /c del "C:\Windows\System32\jneqcrbb.dll_old"
"SpybotDeletingD1397"=cmd /c del "C:\Windows\System32\jneqcrbb.dll_old"
"SpybotDeletingB8426"=command /c del "C:\Windows\System32\khfCtsRk.dll"
"SpybotDeletingD5643"=cmd /c del "C:\Windows\System32\khfCtsRk.dll"
"SpybotDeletingB5406"=command /c del "C:\Windows\System32\vruhqdpo.dll_old"
"SpybotDeletingD6113"=cmd /c del "C:\Windows\System32\vruhqdpo.dll_old"
"SpybotDeletingB698"=command /c del "C:\Windows\System32\wvUlJBuR.dll_old"
"SpybotDeletingD9873"=cmd /c del "C:\Windows\System32\wvUlJBuR.dll_old"
"SpybotDeletingB3282"=command /c del "C:\Windows\System32\yvfsnrdr.dll_old"
"SpybotDeletingD524"=cmd /c del "C:\Windows\System32\yvfsnrdr.dll_old"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingA4200"=command /c del "C:\Windows\System32\dncjghsu.dll_old"
"SpybotDeletingC3996"=cmd /c del "C:\Windows\System32\dncjghsu.dll_old"
"SpybotDeletingA5079"=command /c del "C:\Windows\System32\drdekhcm.dll_old"
"SpybotDeletingC8460"=cmd /c del "C:\Windows\System32\drdekhcm.dll_old"
"SpybotDeletingA673"=command /c del "C:\Windows\System32\jneqcrbb.dll_old"
"SpybotDeletingC444"=cmd /c del "C:\Windows\System32\jneqcrbb.dll_old"
"SpybotDeletingA1039"=command /c del "C:\Windows\System32\khfCtsRk.dll"
"SpybotDeletingC2090"=cmd /c del "C:\Windows\System32\khfCtsRk.dll"
"SpybotDeletingA1763"=command /c del "C:\Windows\System32\vruhqdpo.dll_old"
"SpybotDeletingC315"=cmd /c del "C:\Windows\System32\vruhqdpo.dll_old"
"SpybotDeletingA2293"=command /c del "C:\Windows\System32\wvUlJBuR.dll_old"
"SpybotDeletingC3280"=cmd /c del "C:\Windows\System32\wvUlJBuR.dll_old"
"SpybotDeletingA3147"=command /c del "C:\Windows\System32\yvfsnrdr.dll_old"
"SpybotDeletingC7958"=cmd /c del "C:\Windows\System32\yvfsnrdr.dll_old"
C:\Users\Eoin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bat - Auto Update.lnk - C:\Program Files\Bat\Bat.exe [25/04/2008 15:45:58]
GpsGate.lnk.disabled [15/12/2007 15:16:35]
Windows Calendar.lnk - C:\Program Files\Windows Calendar\WinCal.exe [30/08/2007 12:40:18]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"DisableTaskMgr"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"=2 (0x2)
"DontDisplayLogonHoursWarnings"=1 (0x1)
"DisableTaskMgr"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EE5A1465-1E73-4784-8F63-45983FDF0DB8}"= C:\Windows\system32\hgGvtSkl.dll [24/04/2008 21:37 37888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\Windows\system32\userinit.exe,C:\Windows\system32\wmsdkns.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winpto32]
winpto32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\khfCtsRk
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BySoft IRServer"=C:\Program Files\IRControl\IRServer.exe
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"CTRegRun"=C:\Windows\CTRegRun.EXE
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
"Startup Manager"="C:\Program Files\Advanced System Optimizer\startUp manager.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe"
"SiteAdvisor"=C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
"<NO NAME>"=
"CorelDRAW Graphics Suite 11b"=C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032007 serial=dr12wex-1504397-kty lang=EN
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"win32"=win32.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe
"CTCheck"=C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe"
"vmware-tray"=C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"win32"=win32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c1367c3-c478-11dc-b0dc-001636e944a6}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3027bfd7-7b07-11dc-949a-001636e944a6}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Cn911.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36571902-a6af-11dc-ad11-9dcbe14d6b3d}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49319c14-8bc7-11dc-b21e-001641da0939}]
- Cn911.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
8300 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-04-28 19:21:59 ------------