Thread: Several Viruses Including Trojan/Downloader and Trojan/Galgar.DY
View Single Post
Old 10-02-2007, 11:40 PM   #1 (permalink)
LinusLuxEsq
Registered User
 
Join Date: Oct 2007
Posts: 20
OS: WinXP sp2


Several Viruses Including Trojan/Downloader and Trojan/Galgar.DY
Hi. Thanks for looking at my situation. I inadvertantly opened an attachment and have since been inundated with pop-ups and adware. The other morning I opened my email inbox to see over 500 "mailer daimon" returned emails that I never sent. my computer has been taken over. I've cleared viruses myself in the past by reading through this forum. I need help this time.

[Windows XP SP2 Dell Inspiron 9300 1.25G RAM]

LOGS:

Panda -


Incident Status Location

Virus:Generic Malware Disinfected Operating system
Adware:Adware/TTC Not disinfected C:\Program Files\Movie Maker\hokevof4444.dll
Adware:Adware/TTC Not disinfected C:\Program Files\Movie Maker\hokevof83122.dll
Adware:adware/ipbill Not disinfected C:\WINDOWS\system32\dload.exe
Adware:adware/startpage.aao Not disinfected c:\windows\system32\dload.exe
Adware:adware/easysearch Not disinfected c:\windows\dialup.exe
Adware:adware/superspider Not disinfected c:\windows\runwin32.exe
Adware:adware/commad Not disinfected c:\windows\uninstall_nmon.vbs
Adware:adware/conspy Not disinfected c:\windows\waol.exe
Adware:adware program Not disinfected c:\windows\x.exe
Adware:adware/spyblast Not disinfected Windows Registry
Adware:adware/winres Not disinfected Windows Registry
Dialer:dialer.avv Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2E246FAE-8420-11D9-870D-000C2917DE7F}
Adware:adware/cws.nfo Not disinfected Windows Registry
Spyware:spyware/surfsidekick Not disinfected Windows Registry
Adware:adware/mssearch Not disinfected Windows Registry
Spyware:spyware/clientman Not disinfected Windows Registry
Adware:adware/noname Not disinfected Windows Registry
Spyware:spyware/cws.olehelp Not disinfected Windows Registry
Adware:adware/cws Not disinfected Windows Registry
Spyware:spyware/adclicker Not disinfected Windows Registry
Adware:Adware/TTC Not disinfected C:\!KillBox\Dc127.exe
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@adrevolver[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@ads.pointroll[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@adultfriendfinder[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@advertising[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@atwola[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@bluestreak[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@bs.serving-sys[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@casalemedia[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@com[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@counter10.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@counter4.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@counter9.sextracker[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@drivecleaner[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@ehg-dig.hitbox[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@fastclick[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@fastclick[3].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@findwhat[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@go[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@media.adrevolver[3].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@realmedia[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@server.iad.liveperson[3].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@serving-sys[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@sextracker[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@statcounter[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@stats.drivecleaner[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@stats1.reliablestats[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@statse.webtrendslive[1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@systemdoctor[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@tribalfusion[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@winantispyware[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@winantivirus[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@www.drivecleaner[1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@www.systemdoctor[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@www.winantiviruspro[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Linus Lux\Cookies\linus_lux@zedo[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Linus Lux\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Linus Lux\Desktop\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Linus Lux\Desktop\VundoFix\VundoFix\process.exe
Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Documents and Settings\Linus Lux\Local Settings\Temporary Internet Files\Content.IE5\6JN1S2PF\installdrivecleanerstart[1].cab
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Linus Lux\Local Settings\Temporary Internet Files\Content.IE5\7D8EZNA9\bobik[1]
Virus:Generic Malware Disinfected C:\Program Files\Windows NT\lavupagob.dll
Adware:Adware/TTC Not disinfected C:\RECYCLER\S-1-5-21-3424091001-152558605-1149079077-1005\Dc128.exe
Adware:Adware/CommAd Not disinfected C:\RECYCLER\S-1-5-21-3424091001-152558605-1149079077-1005\Dc134\n35Rxrg0nJpb.vbs
Adware:Adware/Adband Not disinfected C:\RECYCLER\S-1-5-21-3424091001-152558605-1149079077-1005\Dc62\BndDrive4.dll
Virus:Trj/Downloader.QLZ Disinfected C:\RECYCLER\S-1-5-21-3424091001-152558605-1149079077-1005\Dc64\winable.exe
Adware:Adware/Yazzle Not disinfected C:\RECYCLER\S-1-5-21-3424091001-152558605-1149079077-1005\Dc73.exe
Adware:Adware/Yazzle Not disinfected C:\RECYCLER\S-1-5-21-3424091001-152558605-1149079077-1005\Dc74.exe
Adware:Adware/TTC Not disinfected C:\RECYCLER\S-1-5-21-3424091001-152558605-1149079077-1005\Dc75.exe
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\SYSTEM32\dbtghyoc.exe
Adware:Adware/TTC Not disinfected C:\WINDOWS\SYSTEM32\DL1\MMEMDT83122.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\SYSTEM32\GB9\wrdrvrdl23.exe
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\SYSTEM32\hrgdccgk.exe
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\SYSTEM32\intr32.dll
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\SYSTEM32\iomysvlo.exe
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\SYSTEM32\msmapi32.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\SYSTEM32\Process.exe
Virus:Generic Malware Disinfected C:\WINDOWS\SYSTEM32\qgtfogsq.exe
Adware:Adware/AntispywareSoldier Not disinfected C:\WINDOWS\SYSTEM32\sklmnf.exe
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\SYSTEM32\todksvbt.exe
Virus:Generic Trojan Disinfected C:\WINDOWS\SYSTEM32\upd_123.exe
Virus:Trj/Gagar.DY Disinfected C:\WINDOWS\SYSTEM32\wyitzoel.exe
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\SYSTEM32\xeuwawtw.exe
Adware:Adware/Adband Not disinfected C:\WINDOWS\SYSTEM32\Z2\mon33dll.exe[BndDrive4.dll]
Adware:Adware/TTC Not disinfected C:\WINDOWS\tk58.exe
Adware:Adware/TTC Not disinfected C:\WINDOWS\TTC-4444.exe



Deckard's System Scanner v20070905.67
Run by Linus Lux on 2007-10-03 01:24:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Linus Lux.exe) -------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-10-03 01:25:24
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)

Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\Program Files\M-Audio\Ozone\Install\ozinst.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\SYSTEM32\M-AudioTaskBarIcon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\M-Audio Ozone\OZTask.exe
C:\Program Files\PayPal\Payment Wizard\Outlook Express\OEHook.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\WINDOWS\SYSTEM32\mrtmngr.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\TASKMGR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Linus Lux\Desktop\Deckard's System Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
O2 - BHO: (no name) - {668E3EDD-0BE4-46EB-98B7-2E50F11D8716} - C:\Program Files\Movie Maker\hokevof83122.dll
O2 - BHO: BndDrive2 BHO Class - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - C:\Program Files\ISM\BndDrive4.dll (file missing)
O2 - BHO: (no name) - {9317a54d-01eb-44d4-9359-6864ce934c8a} - C:\WINDOWS\system32\hgbeifm.dll (file missing)
O2 - BHO: (no name) - {A34684F5-E6D3-4183-9B78-9A1D7EA24207} - C:\Program Files\Movie Maker\hokevof4444.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar4.dll
O2 - BHO: (no name) - {AEA92DF4-09FD-4189-B30F-72982EA64C30} - C:\WINDOWS\SYSTEM32\ssqrq.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\SYSTEM32\yjijamwp.dll
O2 - BHO: (no name) - {E64F0381-0053-4842-B3E5-08F6C4A0AEB6} - C:\WINDOWS\SYSTEM32\owamctni.dll
O2 - BHO: 0 - {F7E22B43-DB34-4695-A1B2-CB22DE4FA9ED} - C:\Program Files\Windows NT\lavupagob.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar4.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKEY_LOCAL_MACHINE\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKEY_LOCAL_MACHINE\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKEY_LOCAL_MACHINE\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKEY_LOCAL_MACHINE\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKEY_LOCAL_MACHINE\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\system32\cilirefq.dll",sitypnow
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: M-Audio Ozone Control Panel Launcher.lnk = C:\Program Files\M-Audio Ozone\OZTask.exe
O4 - Global Startup: PayPal Plug-In for Outlook Express.lnk = C:\Program Files\PayPal\Payment Wizard\Outlook Express\OEHook.exe
O4 - Global Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: opnlkkk - C:\WINDOWS\system32\opnlkkk.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe service
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
O23 - Service: M-Audio Ozone Installer (OzoneInstallerService) - Nemesis - C:\Program Files\M-Audio\Ozone\Install\ozinst.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - "C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe"
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe


-- HijackThis Fixed Entries (C:\PROGRA~1\backups\) -----------------------------

backup-20051212-115053-226 O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
backup-20051212-115053-483 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
backup-20051212-115053-587 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
backup-20051212-115053-619 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
backup-20051212-115053-766 O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\jkhhh.dll
backup-20051212-115053-900 O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
backup-20051212-115053-951 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
backup-20051212-115054-486 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20051212-115054-505 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20051212-115054-666 O20 - Winlogon Notify: jkhhh - C:\WINDOWS\system32\jkhhh.dll
backup-20051212-120448-432 O20 - Winlogon Notify: jkhhh - C:\WINDOWS\system32\jkhhh.dll
backup-20051214-182110-237 O20 - Winlogon Notify: jkhhh - C:\WINDOWS\system32\jkhhh.dll
backup-20051214-182110-258 O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\jkhhh.dll
backup-20051214-182136-813 O20 - Winlogon Notify: jkhhh - C:\WINDOWS\system32\jkhhh.dll
backup-20051214-182136-824 O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\jkhhh.dll
backup-20051214-183246-193 O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\jkhhh.dll (file missing)
backup-20051214-183246-704 O20 - Winlogon Notify: jkhhh - C:\WINDOWS\system32\jkhhh.dll (file missing)
backup-20051214-184405-501 O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\jkhhh.dll (file missing)
backup-20051214-184405-605 O20 - Winlogon Notify: jkhhh - C:\WINDOWS\system32\jkhhh.dll (file missing)
backup-20051214-185101-243 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20060511-143431-161 O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
backup-20060511-143431-219 O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
backup-20060511-143431-242 O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
backup-20060511-143431-372 O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
backup-20060511-143431-458 O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
backup-20060511-143431-490 O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
backup-20060511-143431-496 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
backup-20060511-143431-517 O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
backup-20060511-143431-571 O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
backup-20060511-143431-618 O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
backup-20060511-143431-625 O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
backup-20060511-143431-667 O2 - BHO: winapi32.MyBHO - {62E2E094-F989-48C6-B947-6E79DA2294F9} - C:\WINDOWS\system32\winapi32.dll
backup-20060511-143431-678 O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
backup-20060511-143431-757 O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
backup-20060511-143431-761 O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
backup-20060511-143431-853 O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
backup-20060511-143431-956 O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
backup-20060511-144111-209 O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
backup-20060511-144111-286 O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
backup-20060511-144111-326 O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
backup-20060511-144111-357 O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
backup-20060511-144111-454 O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
backup-20060511-144111-461 O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
backup-20060511-144111-504 O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
backup-20060511-144111-577 O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
backup-20060511-144111-593 O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
backup-20060511-144111-689 O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
backup-20060511-144111-792 O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
backup-20060810-120223-352 O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
backup-20060810-120223-375 O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
backup-20060810-120223-469 O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
backup-20060810-120223-595 O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
backup-20060810-120223-597 O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
backup-20060810-120223-604 O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
backup-20060810-120223-612 O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
backup-20060810-120223-647 O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
backup-20060810-120223-736 O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
backup-20060810-120223-832 O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
backup-20060810-120223-865 O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
backup-20060810-120223-935 O2 - BHO: office_pnl.office_panel - {B53455DB-5527-4041-AC41-F86E6947AA47} - C:\WINDOWS\system32\office_pnl.dll
backup-20060810-120613-242 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
backup-20060810-120613-517 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
backup-20061009-170030-208 O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
backup-20061009-170030-240 O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
backup-20061009-170030-375 O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
backup-20061009-170030-418 O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
backup-20061009-170030-429 O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
backup-20061009-170030-507 O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
backup-20061009-170030-512 O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
backup-20061009-170030-604 O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
backup-20061009-170030-706 O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
backup-20061009-202423-184 O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
backup-20061009-202423-187 O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
backup-20061009-202423-195 O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
backup-20061009-202423-278 O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
backup-20061009-202423-325 O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
backup-20061009-202423-370 O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
backup-20061009-202423-443 O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
backup-20061009-202423-514 O17 - HKLM\System\CCS\Services\Tcpip\..\{E3EA2855-9F13-4A7C-9A1B-E290BA3A5B9E}: NameServer = 66.102.163.231 66.209.10.201
backup-20061009-202423-571 O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
backup-20061009-202423-578 O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
backup-20061009-202423-710 O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
backup-20061009-202423-909 O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
backup-20061009-202423-975 O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
backup-20061011-114645-386 O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
backup-20061011-114645-388 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
backup-20061011-114645-535 O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
backup-20061011-114645-567 O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
backup-20061011-114645-633 O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
backup-20061011-114645-640 O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
backup-20061011-114645-745 O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
backup-20061011-114645-756 O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
backup-20061011-114645-834 O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
backup-20061011-114645-930 O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
backup-20061011-114645-971 O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
backup-20061018-112643-116 O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
backup-20061018-112643-135 O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
backup-20061018-112643-167 O2 - BHO: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
backup-20061018-112643-181 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
backup-20061018-112643-205 O2 - BHO: (no name) - {d1ac752e-883f-4ed8-8828-b618c3a72152} - (no file)
backup-20061018-112643-250 O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - (no file)
backup-20061018-112643-273 O2 - BHO: (no name) - {a6f42cad-2559-48df-af30-89e480af5dfa} - (no file)
backup-20061018-112643-278 O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
backup-20061018-112643-280 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
backup-20061018-112643-295 O2 - BHO: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
backup-20061018-112643-359 O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file)
backup-20061018-112643-376 O2 - BHO: (no name) - {2e246fae-8420-11d9-870d-000c2917de7f} - (no file)
backup-20061018-112643-417 O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - (no file)
backup-20061018-112643-438 O2 - BHO: (no name) - {746455fe-d059-47e7-af0e-140e03f5a447} - (no file)
backup-20061018-112643-444 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
backup-20061018-112643-460 O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
backup-20061018-112643-467 O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
backup-20061018-112643-492 O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - (no file)
backup-20061018-112643-500 O2 - BHO: (no name) - {15ACE85C-0BB1-42d1-9E32-07EB0506675A} - (no file)
backup-20061018-112643-540 O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file)
backup-20061018-112643-549 O2 - BHO: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - (no file)
backup-20061018-112643-553 O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
backup-20061018-112643-630 O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - (no file)
backup-20061018-112643-650 O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
backup-20061018-112643-651 O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
backup-20061018-112643-658 O2 - BHO: (no name) - {87185e78-a61b-4db3-965a-3235bbd7a622} - (no file)
backup-20061018-112643-677 O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
backup-20061018-112643-688 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
backup-20061018-112643-690 O2 - BHO: (no name) - {1c4da27d-4d52-4465-a089-98e01bb725ca} - (no file)
backup-20061018-112643-694 O2 - BHO: (no name) - {b212d577-05b7-4963-911e-4a8588160dfa} - (no file)
backup-20061018-112643-697 O2 - BHO: (no name) - {1b68470c-2def-493b-8a4a-8e2d81be4ea5} - (no file)
backup-20061018-112643-705 O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)
backup-20061018-112643-707 O2 - BHO: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)
backup-20061018-112643-771 O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
backup-20061018-112643-829 O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
backup-20061018-112643-836 O2 - BHO: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - (no file)
backup-20061018-112643-838 O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
backup-20061018-112643-863 O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file)
backup-20061018-112643-893 O2 - BHO: (no name) - {9c5875b8-93f3-429d-ff34-660b206d897a} - (no file)
backup-20061018-112643-936 O2 - BHO: (no name) - {7a7e6d97-b492-4884-9abb-c31281dcc4f2} - (no file)
backup-20061024-012950-105 O2 - BHO: (no name) - {7a7e6d97-b492-4884-9abb-c31281dcc4f2} - (no file)
backup-20061024-012950-161 O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file)
backup-20061024-012950-193 O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
backup-20061024-012950-233 O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file)
backup-20061024-012950-257 O2 - BHO: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - (no file)
backup-20061024-012950-291 O2 - BHO: (no name) - {87185e78-a61b-4db3-965a-3235bbd7a622} - (no file)
backup-20061024-012950-308 O2 - BHO: (no name) - {a6f42cad-2559-48df-af30-89e480af5dfa} - (no file)
backup-20061024-012950-321 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
backup-20061024-012950-328 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
backup-20061024-012950-329 O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
backup-20061024-012950-334 O2 - BHO: (no name) - {746455fe-d059-47e7-af0e-140e03f5a447} - (no file)
backup-20061024-012950-336 O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
backup-20061024-012950-346 O2 - BHO: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
backup-20061024-012950-357 O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
backup-20061024-012950-370 O2 - BHO: (no name) - {15ACE85C-0BB1-42d1-9E32-07EB0506675A} - (no file)
backup-20061024-012950-375 O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - (no file)
backup-20061024-012950-389 O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
backup-20061024-012950-421 O2 - BHO: (no name) - {b212d577-05b7-4963-911e-4a8588160dfa} - (no file)
backup-20061024-012950-460 O2 - BHO: (no name) - {1b68470c-2def-493b-8a4a-8e2d81be4ea5} - (no file)
backup-20061024-012950-539 O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - (no file)
backup-20061024-012950-556 O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
backup-20061024-012950-571 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
backup-20061024-012950-618 O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
backup-20061024-012950-632 O2 - BHO: (no name) - {d1ac752e-883f-4ed8-8828-b618c3a72152} - (no file)
backup-20061024-012950-641 O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
backup-20061024-012950-659 O2 - BHO: (no name) - {1c4da27d-4d52-4465-a089-98e01bb725ca} - (no file)
backup-20061024-012950-671 O2 - BHO: (no name) - {9c5875b8-93f3-429d-ff34-660b206d897a} - (no file)
backup-20061024-012950-693 O2 - BHO: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
backup-20061024-012950-724 O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
backup-20061024-012950-728 O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
backup-20061024-012950-757 O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - (no file)
backup-20061024-012950-765 O2 - BHO: (no name) - {2e246fae-8420-11d9-870d-000c2917de7f} - (no file)
backup-20061024-012950-774 O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
backup-20061024-012950-812 O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)
backup-20061024-012950-835 O2 - BHO: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - (no file)
backup-20061024-012950-836 O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file)
backup-20061024-012950-917 O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - (no file)
backup-20061024-012950-938 O2 - BHO: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)
backup-20061024-012950-956 O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
backup-20061027-111611-130 O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - (no file)
backup-20061027-111611-143 O2 - BHO: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - (no file)
backup-20061027-111611-150 O2 - BHO: (no name) - {746455fe-d059-47e7-af0e-140e03f5a447} - (no file)
backup-20061027-111611-153 O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file)
backup-20061027-111611-188 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
backup-20061027-111611-195 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
backup-20061027-111611-203 O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
backup-20061027-111611-211 O2 - BHO: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - (no file)
backup-20061027-111611-271 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
backup-20061027-111611-300 O2 - BHO: (no name) - {15ACE85C-0BB1-42d1-9E32-07EB0506675A} - (no file)
backup-20061027-111611-327 O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
backup-20061027-111611-329 O2 - BHO: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
backup-20061027-111611-372 O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file)
backup-20061027-111611-526 O2 - BHO: (no name) - {1c4da27d-4d52-4465-a089-98e01bb725ca} - (no file)
backup-20061027-111611-548 O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
backup-20061027-111611-562 O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
backup-20061027-111611-563 O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
backup-20061027-111611-603 O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
backup-20061027-111611-633 O2 - BHO: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
backup-20061027-111611-641 O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - (no file)
backup-20061027-111611-680 O2 - BHO: (no name) - {2e246fae-8420-11d9-870d-000c2917de7f} - (no file)
backup-20061027-111611-709 O2 - BHO: (no name) - {d1ac752e-883f-4ed8-8828-b618c3a72152} - (no file)
backup-20061027-111611-716 O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
backup-20061027-111611-793 O2 - BHO: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)
backup-20061027-111611-795 O2 - BHO: (no name) - {87185e78-a61b-4db3-965a-3235bbd7a622} - (no file)
backup-20061027-111611-866 O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
backup-20061027-111611-874 O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file)
backup-20061027-111611-927 O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
backup-20061027-111611-943 O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
backup-20061027-111611-957 O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
backup-20061027-111611-976 O2 - BHO: (no name) - {a6f42cad-2559-48df-af30-89e480af5dfa} - (no file)
backup-20070620-010353-424 O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
backup-20070620-010353-845 O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
backup-20070925-135140-730 O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TGludXMgTHV4\command.exe
backup-20070925-135349-778 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20070925-135505-675 O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TGludXMgTHV4\command.exe
backup-20070925-172630-441 O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TGludXMgTHV4\command.exe
backup-20070925-172630-673 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20070925-185806-550 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20070925-185807-728 O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TGludXMgTHV4\command.exe (file missing)
backup-20070926-010954-919 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20070926-010955-459 O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TGludXMgTHV4\command.exe (file missing)
backup-20070926-012636-575 O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-36.cab
backup-20070926-012637-395 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
backup-20070927-014948-729 O17 - HKLM\System\CCS\Services\Tcpip\..\{E3EA2855-9F13-4A7C-9A1B-E290BA3A5B9E}: NameServer = 66.209.10.201 66.102.163.231
backup-20070927-015806-294 O4 - HKLM\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\system32\aeuhoicr.dll",sitypnow
backup-20070927-021629-650 O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
backup-20070927-021629-869 O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB003" /M "Stylus C42"
backup-20070927-145150-371 O17 - HKLM\System\CCS\Services\Tcpip\..\{E3EA2855-9F13-4A7C-9A1B-E290BA3A5B9E}: NameServer = 66.102.163.231 66.102.163.232
backup-20070928-140117-782 O4 - HKLM\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\system32\wnmwvghp.dll",sitypnow

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
2 ezgfsfilt (EZ GIG II FS Filter) - c:\windows\system32\drivers\ezgfsfilt.sys <Not Verified; Apricorn; >
0 ezgmntr (EZ GIG II Backup Archive Explorer) - c:\windows\system32\drivers\ezgmntr.sys <Not Verified; Apricorn; >
3 ma763008 (M-Audio Ozone) - c:\windows\system32\drivers\ma763008.sys <Not Verified; M-Audio, Inc.; M-Audio Ozone>
3 MADFU008 - c:\windows\system32\drivers\madfu008.sys <Not Verified; M-Audio; Ozone Firmware Loader>
1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
3 RD1009 (EDIROL UM-1 USB Driver) - c:\windows\system32\drivers\rdwm1009.sys <Not Verified; Roland Corporation; >
2 RKCMGQRF - c:\windows\system32\rkcmgqrf.wfp (file missing)
2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
3 SEWModem (Sony Ericsson GPRS Modem) - c:\windows\system32\drivers\gc75.sys <Not Verified; Sony Ericsson; Sony Ericsson GPRS Modem Driver>
3 SEWWNIC (Sony Ericsson Wireless WAN Adapter) - c:\windows\system32\drivers\gc75net.sys <Not Verified; Sony Ericsson; Sony Ericsson Wireless WAN Adapter Driver>
0 snapman (Acronis Snapshots Manager) - c:\windows\system32\drivers\snapman.sys <Not Verified; Acronis; Acronis Snapshot API>
3 USBNZ1X1 (M-Audio Ozone Midi) - c:\windows\system32\drivers\usbnz1x1.sys <Not Verified; Doug Fetter Software Wizardry; Midiman Ozone Midi Interface>
3 wanatw (WAN Miniport (ATW)) - system32\drivers\wanatw4.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2 BthServ (Bluetooth Support Service) - c:\windows\system32\svchost.exe
3 MHN - c:\windows\system32\svchost.exe
4 Network Monitor - c:\program files\network monitor\netmon.exe service (file missing)
2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
2 OzoneInstallerService (M-Audio Ozone Installer) - c:\program files\m-audio\ozone\install\ozinst.exe <Not Verified; Nemesis; Ozone Installer Service>
3 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
3 ServiceLayer - c:\program files\common files\pcsuite\services\servicelayer.exe
3 usnsvc (Messenger Sharing USN Journal Reader service) - c:\windows\system32\svchost.exe
2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>
3 WmiApSrv (WMI Performance Adapter) - c:\windows\system32\wbem\wmiapsrv.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Files created between 2007-09-03 and 2007-10-03 -----------------------------

2007-10-03 01:25:21 218112 --a------ C:\Program Files\Linus Lux.exe <Not Verified; Soeperman Enterprises Ltd.; HijackThis>
2007-10-02 23:28:11 182 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2007-10-02 23:28:11 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe <Not Verified; Panda Software International; Panda Anti-malware>
2007-10-02 23:10:25 0 d-------- C:\WINDOWS\LastGood
2007-10-02 18:14:27 11840 --a------ C:\WINDOWS\system32\yjijamwp.dll
2007-10-02 18:13:51 90176 --a------ C:\WINDOWS\system32\cilirefq.dll
2007-10-02 17:14:49 70208 --a------ C:\WINDOWS\system32\owamctni.dll
2007-10-02 17:13:10 11840 --a------ C:\WINDOWS\system32\bioepset.dll
2007-09-30 19:22:34 90176 -----n--- C:\WINDOWS\system32\dxfvuujx.dll
2007-09-30 19:19:44 11840 --a------ C:\WINDOWS\system32\akeeusxk.dll
2007-09-30 19:19:29 70208 --a------ C:\WINDOWS\system32\kmabipqe.dll
2007-09-30 19:19:18 2329080 ---hs---- C:\WINDOWS\system32\qrqss.bak1
2007-09-29 16:21:15 135168 --a------ C:\WINDOWS\tk58.exe
2007-09-29 16:20:56 169147 --a------ C:\WINDOWS\TTC-4444.exe
2007-09-28 18:25:14 1764266 ---hs---- C:\WINDOWS\system32\qrqss.bak2
2007-09-28 17:57:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-09-28 01:29:50 90176 -----n--- C:\WINDOWS\system32\wnmwvghp.dll
2007-09-28 01:29:39 11840 --a------ C:\WINDOWS\system32\qqlnqdsx.dll
2007-09-25 18:23:10 0 d-------- C:\!KillBox
2007-09-25 12:27:27 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2007-09-25 12:27:26 0 dr------- C:\Documents and Settings\LocalService\Favorites
2007-09-25 12:24:01 311872 -----n--- C:\WINDOWS\system32\ssqrq.dll
2007-09-25 12:20:02 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2007-09-25 12:19:57 1989 --a------ C:\WINDOWS\uninstall_nmon.vbs
2007-09-25 12:19:39 0 d-------- C:\WINDOWS\system32\Z2
2007-09-25 12:19:39 0 d-------- C:\WINDOWS\system32\GB9
2007-09-25 12:19:38 0 d-------- C:\WINDOWS\system32\Z1
2007-09-25 12:19:38 0 d-------- C:\WINDOWS\system32\DL1
2007-09-25 12:19:38 0 d-------- C:\WINDOWS\system32\C2
2007-09-25 12:19:12 0 d-------- C:\WINDOWS\system32\vMW04a
2007-09-19 15:56:10 53248 --a------ C:\WINDOWS\b122.exe
2007-09-11 15:25:42 66048 --a------ C:\WINDOWS\system32\mrtrate.dll <Not Verified; Marimba, Inc.; Rate Sensing Manager>
2007-09-11 15:25:42 65024 --a------ C:\WINDOWS\system32\mrtmngr.exe <Not Verified; Marimba Inc.; Rate Sensing Manager>
2007-09-11 15:25:41 1694992 --a------ C:\WINDOWS\system32\vba6.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2007-09-11 15:25:40 6838 --a------ C:\WINDOWS\Icoadb32.dat
2007-09-11 15:25:40 57344 --a------ C:\WINDOWS\Icg32.dll <Not Verified; Intuit; Internet Client 2.2>
2007-09-11 15:25:25 0 d-------- C:\WINDOWS\Intuit
2007-09-11 15:25:22 0 d-------- C:\Program Files\Intuit
2007-09-11 15:24:31 0 d-------- C:\Documents and Settings\Linus Lux\WINDOWS
2007-09-07 14:39:15 0 d-------- C:\Program Files\EPSON
2007-09-07 14:39:06 0 d-------- C:\epson


-- Find3M Report ---------------------------------------------------------------

2007-10-03 00:56:47 0 d-------- C:\Program Files\Windows NT
2007-10-03 00:44:56 0 d-------- C:\Program Files\Movie Maker
2007-10-03 00:44:03 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-10-03 00:41:45 0 d-------- C:\Program Files\M-Audio Ozone
2007-10-03 00:41:07 0 d-------- C:\Program Files\iTunes
2007-10-03 00:39:47 0 d-------- C:\Program Files\Google
2007-09-28 14:01:17 0 d-------- C:\Program Files\backups
2007-09-25 12:27:45 0 d-------- C:\Documents and Settings\Linus Lux\Application Data\LimeWire
2007-09-24 03:40:13 2695699 --a------ C:\Documents and Settings\Linus Lux\Application Data\NMM-MetaData.db
2007-09-18 23:48:50 0 d-------- C:\Documents and Settings\Linus Lux\Application Data\AdobeUM
2007-09-17 10:15:22 0 d-------- C:\Program Files\Dl_cats
2007-08-14 20:41:22 0 d-------- C:\Documents and Settings\Linus Lux\Application Data\Datalayer
2007-08-03 12:24:31 0 d-------- C:\Documents and Settings\Linus Lux\Application Data\U3


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{668E3EDD-0BE4-46EB-98B7-2E50F11D8716}]
08/02/2007 09:43 AM 282624 --a------ C:\Program Files\Movie Maker\hokevof83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B27CC68-110C-46a9-80D3-F3107DE6EB98}]
C:\Program Files\ISM\BndDrive4.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9317a54d-01eb-44d4-9359-6864ce934c8a}]
C:\WINDOWS\system32\hgbeifm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A34684F5-E6D3-4183-9B78-9A1D7EA24207}]
08/02/2007 09:43 AM 282624 --a------ C:\Program Files\Movie Maker\hokevof4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AEA92DF4-09FD-4189-B30F-72982EA64C30}]
09/25/2007 12:24 PM 311872 --------- C:\WINDOWS\system32\ssqrq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C}]
10/02/2007 06:14 PM 11840 --a------ C:\WINDOWS\system32\yjijamwp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E64F0381-0053-4842-B3E5-08F6C4A0AEB6}]
10/02/2007 05:14 PM 70208 --a------ C:\WINDOWS\system32\owamctni.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F7E22B43-DB34-4695-A1B2-CB22DE4FA9ED}]
09/29/2007 04:21 PM 70144 --------- C:\Program Files\Windows NT\lavupagob.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/30/2004 03:59 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [05/06/2004 03:58 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 09:38 AM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [05/06/2004 03:58 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11/30/2004 06:05 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/02/2006 12:59 AM]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [04/26/2006 08:29 AM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/10/2004 06:00 AM C:\WINDOWS\SYSTEM32\BTHPROPS.CPL]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [06/18/2006 06:54 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 10:54 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 07:05 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [04/13/2005 03:48 AM]
"M-Audio Taskbar Icon"="C:\WINDOWS\System32\M-AudioTaskBarIcon.exe" [10/18/2005 10:00 AM]
"FolderView"="C:\WINDOWS\system32\cilirefq.dll" [10/02/2007 06:13 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [06/16/2006 02:38 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [06/26/2006 04:13 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/26/2007 01:32 PM]
"@"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 06:00 AM]

C:\Documents and Settings\Linus Lux\Start Menu\Programs\Startup\
DESKTOP.INI [8/19/2004 5:07:20 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [8/19/2004 5:07:20 PM]
M-Audio Ozone Control Panel Launcher.lnk - C:\Program Files\M-Audio Ozone\OZTask.exe [1/31/2003 1:34:50 PM]
PayPal Plug-In for Outlook Express.lnk - C:\Program Files\PayPal\Payment Wizard\Outlook Express\OEHook.exe [11/30/2005 12:56:56 AM]
QuickBooks Delivery Agent.lnk - C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe [9/11/2007 3:25:40 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Windows NT\profsydyzaz.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2DF26EA8-AAF5-45BD-A107-778EB1D5C0C9}"= C:\WINDOWS\system32\opnlkkk.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 05:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnlkkk]
opnlkkk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqrq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28597a92-3a9e-11dc-8710-0016419f5869}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ebfe8ec-3e09-11dc-8711-0016419f5869}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9543717-024b-11dc-86fa-001143762027}]
AutoRun\command- G:\wd_windows_tools\setup.exe




-- End of Deckard's System Scanner: finished at 2007-10-03 01:26:18 ------------
Attached Files
File Type: txt extra.txt (18.6 KB, 0 views)
LinusLuxEsq is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here