HELP me she is dying.

F

frahmed99

New member
Hi,

im in a pickle. a few days ago this stupid malware entered my laptop. At first all it was doin was not letting open exe files. I thot it was a file association error. since i had exams, i thot i wud leave it till later on. bt today that stupid things cut off my internet connection. as in it wnt let me go on line. and also its stopped all Vista stuff from working (like, system restore, backup and resore, some control panel stuff esp. the administrative stuff). each time i try to open any of them i get: 'Windows cannot find 'C:\Abc\fdas\xyz.exe'. Make sure you have typed in the name correctly'

Please help me.

Thanks.

I have a windows vista. and i have not run hijack this. bt i will in a bit. i will post the results the moment i m done with it.
 
as promised the log of deckard

Deckard's System Scanner v20071014.68
Run by shaan on 2008-04-18 22:07:24
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

-- Last 3 Restore Point(s) --
3: 2008-04-18 16:25:14 UTC - RP163 - Windows Update
2: 2008-04-16 00:56:18 UTC - RP162 - Windows Update
1: 2008-04-13 01:22:15 UTC - RP161 - Windows Update


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 12.01 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-18 22:10:40
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\explorer.exe
C:\Windows\System32\rstrui.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Users\shaan\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=HP&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=HP&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\Windows\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [DeskSpace] C:\Users\shaan\AppData\Roaming\DeskSpace\deskspace.exe
O4 - HKCU\..\Run: [CubeDesktop] C:\Program Files\CubeDesktop\cubedesktop.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{05308A1D-D955-47CE-A825-02BE27389E6E}: NameServer = 208.67.222.222,208.67.220.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\system32\avgwlntf.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Crypkey License - Unknown owner - C:\Windows\System32\CrypServ.exe
O23 - Service: DCPFLICS service (DCPFLICS) - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPCLAMP by cebas Computer GmbH (IPClampService) - Unknown owner - C:\Program Files\cebas\IP-Clamp\ipclamp.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\System32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\Windows\System32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\Windows\System32\lktsrv.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\Windows\System32\nisvcloc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\System32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %SystemRoot%\system32\svchost.exe -k LocalService
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %SystemRoot%\system32\svchost.exe -k netsvcs
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\System32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\System32\vmnat.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe


--
End of file - 14341 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>

S1 NetworkX - c:\windows\system32\ckldrv.sys
S1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
S2 cvintdrv - c:\windows\system32\drivers\cvintdrv.sys
S2 VMnetBridge (VMware Bridge Protocol) - c:\windows\system32\drivers\vmnetbridge.sys <Not Verified; VMware, Inc.; VMware bridge driver (32-bit)>
S2 VMnetuserif (VMware Network Application Interface) - \??\c:\windows\system32\drivers\vmnetuserif.sys
S2 vmx86 (VMware vmx86) - \??\c:\windows\system32\drivers\vmx86.sys
S2 vstor2 (Vstor2 Virtual Storage Driver) - \??\c:\program files\common files\vmware\vmware virtual image editing\vstor2.sys
S2 windrvNT - \??\c:\windows\system32\windrvnt.sys
S3 pctvnet (Pinnacle PCTV Ethernet Driver) - c:\windows\system32\drivers\pctvnet.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle PCTV Sat>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>
S2 Crypkey License - crypserv.exe
S2 DCPFLICS (DCPFLICS service) - c:\program files\dcpflics\dcpflics.exe
S2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>
S2 IPClampService (IPCLAMP by cebas Computer GmbH) - c:\progra~1\cebas\ip-clamp\ipclamp.exe
S2 mi-raysat_3dsMax2008_32 (mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit) - "c:\program files\autodesk\3ds max 2008\mentalray\satellite\raysat_3dsmax2008_32server.exe"
S2 VMAuthdService (VMware Authorization Service) - c:\program files\vmware\vmware workstation\vmware-authd.exe <Not Verified; VMware, Inc.; VMware Workstation>
S2 VMnetDHCP (VMware DHCP Service) - c:\windows\system32\vmnetdhcp.exe <Not Verified; VMware, Inc.; VMware Workstation>
S2 vmount2 (VMware Virtual Mount Manager Extended) - "c:\program files\common files\vmware\vmware virtual image editing\vmount2.exe" <Not Verified; VMware, Inc.; VMware Workstation>
S2 VMware NAT Service - c:\windows\system32\vmnat.exe <Not Verified; VMware, Inc.; VMware Workstation>
S3 Com4Qlb - "c:\program files\hewlett-packard\hp quick launch buttons\com4qlb.exe" <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>
S4 NILM License Manager - "c:\program files\national instruments\shared\license manager\bin\lmgrd.exe" <Not Verified; Macrovision Corporation; >


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Pinnacle PCTV Ethernet-Adapter
Device ID: ROOT\NET\0000
Manufacturer: Pinnacle
Name: Pinnacle PCTV Ethernet-Adapter
PNP Device ID: ROOT\NET\0000
Service: pctvnet

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter


-- Scheduled Tasks -------------------------------------------------------------

2008-04-17 22:39:05 322 --a------ C:\Windows\Tasks\HPCeeScheduleForshaan.job


-- Files created between 2008-03-18 and 2008-04-18 -----------------------------

2008-04-11 09:25:09 0 d-------- C:\Users\shaan\.housecall6.6
2008-04-06 11:06:12 27648 --a------ C:\Windows\system32\Setup_CK.exe
2008-04-06 11:06:12 50176 --a------ C:\Windows\system32\CrypServ.exe
2008-04-06 11:06:12 240128 --a------ C:\Windows\system32\CkRfresh.exe
2008-04-06 11:06:12 20768 --a------ C:\Windows\system32\CKLDRV.sys
2008-04-06 11:06:03 29696 --a------ C:\Windows\system32\hdk3ht32.dll <Not Verified; Virtual Media Technology P/L; HDK>
2008-04-06 11:06:03 241664 --a------ C:\Windows\system32\hdk3ctnt.dll <Not Verified; Virtual Media Technology Pty Ltd; HDK3>
2008-04-06 11:06:02 86800 --a------ C:\Windows\system32\ODBCINST.DLL <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2008-04-06 11:06:02 250128 --a------ C:\Windows\system32\MSPDOX35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-06 11:06:02 166160 --a------ C:\Windows\system32\MSLTUS35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-06 11:06:02 330000 --a------ C:\Windows\system32\MSEXCH35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-06 11:06:02 284160 --a------ C:\Windows\system32\hdk3ct32.dll <Not Verified; Virtual Media Technology Pty Ltd; HDK3>
2008-04-06 11:06:02 82944 --a------ C:\Windows\system32\hdk3cryp.dll <Not Verified; Virtual Media Technology P/L; HDK>
2008-04-06 11:06:02 82944 --a------ C:\Windows\system32\hdk3cr32.dll <Not Verified; Virtual Media Technology P/L; HDK>
2008-04-06 11:06:02 172544 --a------ C:\Windows\system32\hdk3anim.dll <Not Verified; Virtual Media Technology P/L; HDK>
2008-04-06 11:06:02 177152 --a------ C:\Windows\system32\hdk3an32.dll <Not Verified; Virtual Media Technology P/L; HDK>
2008-04-06 11:06:01 287504 --a------ C:\Windows\system32\MSXBSE35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-06 11:06:01 165648 --a------ C:\Windows\system32\MSTEXT35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-06 11:06:01 98356 --a------ C:\Windows\system32\MSJTER32.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-06 11:06:01 1233680 --a------ C:\Windows\system32\Msjt4jlt.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-06 11:06:01 33552 --a------ C:\Windows\system32\MSJINT32.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet Database Engine>
2008-04-06 11:06:01 250128 --a------ C:\Windows\system32\MSEXCL35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-06 11:05:52 0 d-------- C:\Program Files\Common Files\Novell Shared
2008-04-06 11:05:45 0 d-------- C:\Program Files\Design Explorer 99 SE
2008-04-06 02:49:51 0 d-------- C:\Users\All Users\Macrovision
2008-04-06 01:48:38 0 d-------- C:\Program Files\HI-TECH Software
2008-04-06 01:45:02 0 d-------- C:\Users\All Users\National Instruments
2008-04-06 01:44:17 0 d-------- C:\Windows\system32\cvirte
2008-04-06 01:44:16 0 d-------- C:\Program Files\Common Files\Merge Modules
2008-04-06 01:44:07 0 d-------- C:\Program Files\National Instruments
2008-04-06 01:42:31 0 d-------- C:\National Instruments Downloads
2008-04-04 16:26:09 0 d-------- C:\Program Files\OrCAD_Demo
2008-04-02 03:39:45 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-02 02:37:33 0 d-------- C:\Program Files\CubeDesktop
2008-04-01 01:23:53 0 d-------- C:\Users\All Users\Yahoo! Companion
2008-03-31 21:59:20 0 d-------- C:\Program Files\Visustin
2008-03-30 01:26:51 737280 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-03-29 08:57:50 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
2008-03-29 08:21:05 0 d-------- C:\Program Files\Arjaloc
2008-03-29 07:52:53 0 d-------- C:\Program Files\Smart AntiVirus
2008-03-26 20:16:56 0 d-------- C:\Program Files\MakeHuman 0.9.1 RC1
2008-03-25 22:30:50 0 d-------- C:\Program Files\Project Goth
2008-03-25 20:39:02 197120 --a------ C:\Windows\system32\System47.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2008-03-25 20:39:01 0 d-------- C:\Windows\system32\System47 dir
2008-03-25 02:56:07 0 d-------- C:\Program Files\DCPFLICS
2008-03-23 23:56:36 0 d-------- C:\Program Files\cebas
2008-03-23 12:58:07 0 d-------- C:\Program Files\BitComet
2008-03-21 17:58:52 0 d-------- C:\Program Files\Orcad
2008-03-21 17:53:27 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-21 17:53:26 252176 --a------ C:\Windows\system32\MSRD2X35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-03-21 17:53:26 1046288 --a------ C:\Windows\system32\msjet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-03-21 17:53:25 368912 --a------ C:\Windows\system32\Vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-03-21 17:53:25 72704 --a------ C:\Windows\system32\ODBCTL32.DLL <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2008-03-21 17:53:25 407312 --a------ C:\Windows\system32\MSREPL35.DLL <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-03-21 17:53:25 24848 --a------ C:\Windows\system32\MSJTER35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-03-21 17:53:25 123664 --a------ C:\Windows\system32\MSJINT35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-03-21 17:53:25 0 d-------- C:\Program Files\ODBC 35
2008-03-21 00:14:41 0 d-------- C:\Users\All Users\Kontiki
2008-03-20 17:40:42 0 d-------- C:\Program Files\Microsoft.NET
2008-03-20 17:37:19 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-03-20 17:33:35 0 dr-h----- C:\MSOCache
2008-03-20 00:15:03 0 d-------- C:\Program Files\Trillian
2008-03-18 13:37:20 0 d-------- C:\Users\All Users\Autodesk
2008-03-18 00:26:35 32768 --a------ C:\Windows\system32\FrogASPI.DLL <Not Verified; Frog ASPI / Millenod; frogaspi.dll>
2008-03-18 00:26:02 0 d-------- C:\Program Files\CDRWIN


-- Find3M Report ---------------------------------------------------------------

2008-04-18 21:19:45 0 d-------- C:\Users\shaan\AppData\Roaming\Shareaza
2008-04-18 17:40:16 0 d-------- C:\Users\shaan\AppData\Roaming\AVG7
2008-04-18 17:03:36 27335 --a------ C:\Users\shaan\AppData\Roaming\nvModes.001
2008-04-17 21:24:45 0 d-------- C:\Users\shaan\AppData\Roaming\Skype
2008-04-17 21:08:13 0 d-------- C:\Users\shaan\AppData\Roaming\skypePM
2008-04-16 00:16:33 27335 --a------ C:\Users\shaan\AppData\Roaming\nvModes.dat
2008-04-11 11:04:01 0 d-------- C:\Users\shaan\AppData\Roaming\LimeWire
2008-04-09 22:44:20 0 d-------- C:\Users\shaan\AppData\Roaming\Real
2008-04-06 11:05:52 0 d-------- C:\Program Files\Common Files
2008-04-06 11:05:45 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-06 01:56:46 0 d-------- C:\Users\shaan\AppData\Roaming\National Instruments
2008-04-02 03:42:59 0 d-------- C:\Users\shaan\AppData\Roaming\DeskSpace
2008-04-02 02:37:44 0 d-------- C:\Users\shaan\AppData\Roaming\Thinking Minds Budiling Bytes
2008-04-02 02:08:18 0 d-------- C:\Users\shaan\AppData\Roaming\OtakuSoftware
2008-03-29 10:16:32 0 d-------- C:\Program Files\Craft Animations
2008-03-29 08:59:57 0 d-------- C:\Users\shaan\AppData\Roaming\Mozilla
2008-03-29 01:44:43 0 d-------- C:\Program Files\Windows Mail
2008-03-28 20:25:46 0 d-------- C:\Program Files\CONEXANT
2008-03-28 02:41:35 0 d-------- C:\Users\shaan\AppData\Roaming\WildTangent
2008-03-25 02:55:07 0 d-------- C:\Users\shaan\AppData\Roaming\InstallShield
2008-03-23 21:50:33 0 d-------- C:\Program Files\AGEIA Technologies
2008-03-23 13:21:28 0 --a------ C:\Program Files\AstonWriteTest.txt
2008-03-23 13:19:55 0 d-------- C:\Users\shaan\AppData\Roaming\Aston
2008-03-21 20:12:41 0 d-------- C:\Program Files\DivX
2008-03-21 18:21:09 0 d-------- C:\Program Files\Real Desktop
2008-03-21 18:15:49 0 d-------- C:\Program Files\Project64 1.6
2008-03-20 17:43:26 0 d-------- C:\Program Files\MSBuild
2008-03-18 18:57:04 0 d-------- C:\Program Files\Orbitdownloader
2008-03-18 18:56:45 0 d-------- C:\Users\shaan\AppData\Roaming\Orbit
2008-03-18 13:47:20 0 d-------- C:\Users\shaan\AppData\Roaming\Autodesk
2008-03-18 13:40:50 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-03-18 13:37:20 0 d-------- C:\Program Files\Autodesk
2008-03-17 03:03:26 0 d-------- C:\Program Files\Real
2008-03-17 02:22:42 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-03-17 01:14:47 0 d-------- C:\Program Files\Common Files\xing shared
2008-03-17 01:14:23 0 d-------- C:\Program Files\Common Files\Real
2008-03-14 16:12:12 0 d-------- C:\Users\shaan\AppData\Roaming\Grisoft
2008-03-14 01:05:51 0 d-------- C:\Users\shaan\AppData\Roaming\yahoo!
2008-03-14 01:05:47 0 d-------- C:\Program Files\Yahoo!
2008-03-13 19:52:16 669184 --a------ C:\Windows\system32\pbsvc.exe
2008-03-13 19:34:06 0 d-------- C:\Program Files\Electronic Arts
2008-03-13 17:25:10 0 d-------- C:\Program Files\OpenOffice.org 2.3
2008-03-12 16:58:42 0 d-------- C:\Program Files\Pinnacle
2008-03-12 16:53:38 0 d-------- C:\Program Files\MSECache
2008-03-12 04:46:51 35363 --a------ C:\Windows\system32\windrvNT.sys
2008-03-12 04:46:50 0 d-------- C:\Program Files\Folder Lock
2008-03-12 04:28:34 0 d-------- C:\Program Files\CHR
2008-03-12 03:50:20 0 d-------- C:\Users\shaan\AppData\Roaming\Magic Academy
2008-03-12 03:20:07 0 d-------- C:\Users\shaan\AppData\Roaming\OpenOffice.org2
2008-03-11 02:28:53 0 d-------- C:\Users\shaan\AppData\Roaming\Acoustica
2008-03-11 02:28:48 0 d-------- C:\Program Files\Acoustica Shared Effects
2008-03-11 00:13:46 0 d-------- C:\Users\shaan\AppData\Roaming\Talkback
2008-03-09 20:55:36 0 d-------- C:\Program Files\CircuitMaker 2000
2008-03-07 01:58:23 0 d-------- C:\Users\shaan\AppData\Roaming\dvdcss
2008-03-07 01:05:45 0 d-------- C:\Users\shaan\AppData\Roaming\7Wonders
2008-03-07 00:35:19 0 d-------- C:\Program Files\BitLord2
2008-03-06 23:26:03 25634816 --a------ C:\Windows\system32\imageres.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-06 23:03:15 0 d-------- C:\Users\shaan\AppData\Roaming\Media Player Classic
2008-03-06 19:22:09 0 d-------- C:\Program Files\Stardock
2008-03-06 18:20:19 0 d-------- C:\Program Files\Common Files\Nero
2008-03-06 17:08:22 0 d-------- C:\Program Files\PowerISO
2008-03-05 22:37:41 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-03-05 22:17:51 0 d-------- C:\Users\shaan\AppData\Roaming\VMware
2008-03-05 20:44:58 0 d-------- C:\Program Files\LSoft Technologies
2008-03-05 00:37:43 0 d-------- C:\Program Files\Common Files\VMware
2008-03-05 00:37:41 0 d-------- C:\Program Files\VMware
2008-03-05 00:09:32 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-04 20:38:26 0 d-------- C:\Users\shaan\AppData\Roaming\Adobe
2008-03-04 20:18:02 0 -rahs---- C:\MSDOS.SYS
2008-03-04 20:18:02 0 -rahs---- C:\IO.SYS
2008-03-04 03:40:20 114 --a------ C:\Users\shaan\AppData\Roaming\wklnhst.dat
2008-03-04 01:34:08 0 d-------- C:\Program Files\mIRC
2008-03-04 01:11:44 0 d-------- C:\Users\shaan\AppData\Roaming\SecondLife
2008-03-03 04:07:54 0 d-------- C:\Program Files\SystemRequirementsLab
2008-03-03 03:42:02 0 d-------- C:\Users\shaan\AppData\Roaming\mIRC
2008-03-03 02:22:36 0 d-------- C:\Program Files\Google
2008-03-03 02:20:42 0 d-------- C:\Users\shaan\AppData\Roaming\DAEMON Tools
2008-03-03 02:10:02 0 d-------- C:\Users\shaan\AppData\Roaming\CyberLink
2008-03-03 02:09:59 0 d-------- C:\Users\shaan\AppData\Roaming\HP
2008-03-02 22:07:10 0 d-------- C:\Program Files\Hewlett-Packard
2008-03-02 22:04:32 0 d-------- C:\Program Files\CyberLink
2008-03-02 21:47:09 0 d-------- C:\Program Files\Java
2008-03-02 20:26:08 0 d-------- C:\Users\shaan\AppData\Roaming\Google
2008-03-01 14:55:36 0 d-------- C:\Program Files\Rockstar Games
2008-02-29 22:53:05 0 d-------- C:\Program Files\7-Zip
2008-02-29 20:29:20 0 d-------- C:\Program Files\Azureus
2008-02-29 18:51:04 0 d-------- C:\Users\shaan\AppData\Roaming\Azureus
2008-02-29 17:37:47 0 d-------- C:\Program Files\Radical Games
2008-02-29 13:43:30 0 d-------- C:\Program Files\LimeWire
2008-02-29 04:31:37 0 d-------- C:\Program Files\eMule
2008-02-29 03:49:17 0 d-------- C:\Users\shaan\AppData\Roaming\eMule
2008-02-29 02:41:22 24206 --a------ C:\Users\shaan\AppData\Roaming\UserTile.png
2008-02-29 02:40:55 0 d-------- C:\Users\shaan\AppData\Roaming\PeerNetworking
2008-02-29 02:38:07 0 d-------- C:\Users\shaan\AppData\Roaming\DivX
2008-02-29 01:35:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-28 19:57:20 0 d-------- C:\Users\shaan\AppData\Roaming\vlc
2008-02-28 19:55:16 0 d-------- C:\Program Files\VideoLAN
2008-02-28 18:40:25 0 d-------- C:\Users\shaan\AppData\Roaming\MathWorks
2008-02-28 17:43:07 0 d-------- C:\Program Files\MATLAB
2008-02-28 15:15:38 0 d-------- C:\Users\shaan\AppData\Roaming\Nero
2008-02-28 15:11:21 0 d-------- C:\Program Files\Nero
2008-02-28 13:38:39 0 d-------- C:\Users\shaan\AppData\Roaming\SystemRequirementsLab
2008-02-28 11:49:46 0 d-------- C:\Program Files\Windows Sidebar
2008-02-28 04:13:24 0 d-------- C:\Program Files\MSXML 4.0
2008-02-28 02:31:36 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-28 01:41:43 0 d-------- C:\Program Files\Skype
2008-02-28 01:41:38 0 d-------- C:\Program Files\Common Files\Skype
2008-02-28 00:38:08 0 d-------- C:\Program Files\Symantec
2008-02-28 00:26:04 0 --a------ C:\Windows\nsreg.dat
2008-02-27 23:55:42 0 d-------- C:\Program Files\Shareaza Applications
2008-02-27 23:39:58 0 d-------- C:\Program Files\Windows Live
2008-02-27 23:39:05 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-27 22:22:26 0 d-------- C:\Users\shaan\AppData\Roaming\Template
2008-02-27 20:35:10 0 d-------- C:\Users\shaan\AppData\Roaming\muvee Technologies
2008-02-27 20:02:29 0 d-------- C:\Program Files\VirtualDJ
2008-02-27 14:15:04 0 d-------- C:\Users\shaan\AppData\Roaming\Hewlett-Packard
2008-02-27 14:14:23 0 d-------- C:\Users\shaan\AppData\Roaming\Symantec
2008-02-27 14:13:26 0 d-------- C:\Users\shaan\AppData\Roaming\Identities
2008-02-27 14:13:10 81 --a------ C:\Windows\system32\LOG
2008-02-27 14:11:40 0 d-------- C:\Users\shaan\AppData\Roaming\Macromedia
2008-02-27 14:11:04 0 dr------- C:\Program Files\Online Services
2008-02-21 03:03:24 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15/09/2007 09:29]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [03/10/2007 06:00]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [06/09/2007 22:46]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [17/08/2007 08:13]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [21/10/2007 18:55]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" []
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [09/05/2007 00:24]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [13/09/2007 16:47]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [08/01/2007 23:53]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [09/10/2007 19:21]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [09/10/2007 19:21]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [09/10/2007 19:21]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 02:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [20/01/2008 08:05]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"PinnacleDriverCheck"="C:\Windows\system32\PSDrvCheck.exe" [10/11/2003 18:06]
"Pinnacle WebUpdater"="C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" [24/08/2006 12:02]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [13/09/2006 15:11]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [16/04/2008 21:04]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [17/03/2008 01:14]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 01:47]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/09/2007 09:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 13:35]
"PMCS"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [25/07/2006 12:12]
"ares"="C:\Program Files\Ares\Ares.exe" []
"BitComet"="C:\Program Files\BitComet\BitComet.exe" []
"DeskSpace"="C:\Users\shaan\AppData\Roaming\DeskSpace\deskspace.exe" []
"CubeDesktop"="C:\Program Files\CubeDesktop\cubedesktop.exe" [19/03/2008 19:31]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 14/03/2008 14:27 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^shaan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Users\shaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\Windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df8f15c1-e9e3-11dc-9ef8-001b24f19390}]
AutoRun\command- H:\LaunchU3.exe -a

*Newly Created Service* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-18 22:11:43 ------------

:sick:
 
You must log in or register to reply here.
Back
Top