Tech Support Forum - View Single Post - Re-install Operating System on Compaq Presario

mikeyb9 · 10-26-2007, 12:44 PM

Hello, Thank you for your help, I completely understand how busy you all are.
I have antivirus installed. it' v-com system suite pro 7 which uses trend micro I believe. I have updated the current files and ran a scan. no virus was the result.
I removed firefox from my system as I didn't use it anyway.
I deleted all cookies as requested.
I ran combo fix, dss.exe as instructed and logs are below.
If I need anything else please let me know, i think I have included everything.

Thanks,
Mikey

ComboFix 07-10-26.4 - Compaq_Administrator 2007-10-26 12:29:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1268 [GMT -4:00]
Running from: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\iMeshBar
C:\Program Files\iMeshBar\bar\History\search
C:\WINDOWS\system32\FTPx.dll
C:\WINDOWS\system32\plugin1.dat
C:\WINDOWS\system32\SysPr.prx
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm

((((((((((((((((((((((((( Files Created from 2007-09-26 to 2007-10-26 )))))))))))))))))))))))))))))))
.

2007-10-26 12:27 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-24 12:22 <DIR> d-------- C:\Program Files\HowTo-Outlook
2007-10-18 10:47 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Windows Desktop Search
2007-10-18 10:20 <DIR> d-------- C:\Program Files\Windows Desktop Search
2007-10-18 09:33 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-10-18 09:27 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-10-18 09:22 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-10-18 09:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-18 09:18 <DIR> dr-h----- C:\MSOCache
2007-10-18 08:38 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-10-18 08:34 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-10-16 13:04 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-16 02:27 <DIR> d-------- C:\Deckard
2007-10-16 02:17 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-15 09:36 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-14 19:08 <DIR> d-------- C:\Program Files\Common Files\Kodak
2007-10-08 09:52 1,048,576 --a------ C:\Temp\autorun.bin
2007-10-08 09:52 769,024 --a------ C:\Temp\SFDNWIN.exe
2007-10-08 07:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2007-10-08 06:11 <DIR> d-------- C:\Program Files\SAMSUNG
2007-10-08 05:08 <DIR> d-------- C:\Program Files\EVEREST Home Edition

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-26 16:45 --------- d-----w C:\Program Files\My Privacy Online
2007-10-26 16:25 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\VCOMAntiSpam
2007-10-26 12:19 --------- d-----w C:\Program Files\Magical Jellybean Dictionary Vv1.1
2007-10-26 12:19 --------- d-----w C:\Program Files\CoffeeCup Software
2007-10-26 12:19 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\LaunchOnFly
2007-10-24 21:23 --------- d-----w C:\Program Files\UnH Solutions
2007-10-23 18:10 --------- d-----w C:\Program Files\Microsoft Picture It! PhotoPub
2007-10-18 13:29 --------- d-----w C:\Program Files\Microsoft Works
2007-10-16 20:01 --------- d-----w C:\Program Files\****Fish
2007-10-16 19:46 --------- d-----w C:\Program Files\LaunchOnFly
2007-10-16 19:38 --------- d-----w C:\Program Files\Google
2007-10-16 19:30 --------- d---a-w C:\Program Files\Common Files\LightScribe
2007-10-16 19:30 --------- d-----w C:\Program Files\Common Files\aolshare
2007-10-16 19:25 --------- d-----w C:\Program Files\Bonjour
2007-10-16 09:14 --------- d-----w C:\Program Files\ICQLite
2007-10-16 09:11 --------- d-----w C:\Program Files\Extension Changer
2007-10-16 09:11 --------- d-----w C:\Program Files\EmEditor
2007-10-16 09:11 --------- d-----w C:\Program Files\EditPlus 2
2007-10-16 08:47 --------- d-----w C:\Program Files\ABBYY PDF Transformer 2.0
2007-10-15 16:42 --------- d-----w C:\Program Files\Smart Explorer
2007-10-15 13:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-14 23:09 --------- d-----w C:\Program Files\Kodak
2007-10-12 14:34 --------- d-----w C:\Program Files\dwyco2
2007-10-08 10:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-04 05:38 --------- d-----w C:\Program Files\Media Player Classic
2007-10-01 06:50 --------- d-----w C:\Program Files\The Logo Creator v5
2007-09-20 17:18 --------- d-----w C:\Program Files\The Logo Creator v4
2007-09-20 17:18 --------- d-----w C:\Program Files\SatFinder
2007-09-20 17:18 --------- d-----w C:\Program Files\mceWeather
2007-09-20 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\InterVideo
2007-09-20 16:01 --------- d-----w C:\Program Files\InterVideo
2007-09-20 12:12 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Media Player Classic
2007-09-18 17:32 --------- d-----w C:\Program Files\Funspot
2007-09-18 17:30 --------- d-----w C:\Program Files\Media Center Karaoke Plug-in
2007-09-12 00:01 --------- d-----w C:\Program Files\Key-Grabber-ddfg
2007-09-07 18:15 --------- d-----w C:\Program Files\DVDlabPro
2007-09-04 16:50 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-04 16:49 --------- d-----w C:\Program Files\MSBuild
2007-09-04 16:45 --------- d-----w C:\Program Files\Reference Assemblies
2007-09-04 16:15 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-30 16:50 --------- d-----w C:\Program Files\Web Page Maker V2
2007-08-30 16:50 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Web Page Maker V2
2007-08-30 15:51 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Smart Recorder
2007-08-28 16:34 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Creative
2007-08-28 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2007-08-28 16:18 --------- d-----w C:\Program Files\Creative
2007-08-28 16:16 --------- d--h--w C:\Program Files\Creative Installation Information
2007-08-28 16:16 --------- d-----w C:\Program Files\Common Files\Creative
2007-08-28 15:38 --------- d-----w C:\Program Files\Realtek AC97
2007-04-23 18:43 254,440 -c--a-w C:\Documents and Settings\Compaq_Administrator\Application Data\GDIPFONTCACHEV1.DAT
2006-12-12 20:29 13 -c-h--w C:\Documents and Settings\All Users\Application Data\ÝÙÃÄ3113›.sys
2006-07-06 19:02 0 -c----w C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
2003-08-27 18:19 36,963 -c----w C:\Program Files\Common Files\SM1updtr.dll
2006-06-03 23:02:25 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
2006-05-03 10

54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47:16 31,744 -csh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 00:56]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 03:19 C:\WINDOWS\arpwrmsg.exe]
"DMAScheduler"="c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 13:01]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 02:14]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 11:29]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 14:20]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
"Fix-It AV"="C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe" [2006-09-07 13:32]
"PhoneTray"="C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe" [2006-05-24 13:16]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"VirusScannerPro"="C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe" [2006-09-07 13:32]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-11-17 13:21]
"PCDrProfiler"="C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" [2005-10-31 15:47]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51]
"P17Helper"="P17.dll" [2005-05-03 07:38 C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"EPSON Stylus C68 Series on MIKEYS (from DORIS)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAA.exe" [2005-01-25 04:00]
"EPSON Stylus C68 Series on DEN (from BEDROOM)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAA.exe" [2005-01-25 04:00]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 03:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-06-04 18:36]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 00:00]
"MyPrivacyTask"="C:\Program Files\My Privacy Online\MyPrivacyTask.exe" [2006-02-28 11:27]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 08:38]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 06:29]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-02-22 00:18:32]

C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\
LaunchOnFly.lnk - C:\Program Files\LaunchOnFly\lf.exe [2007-03-22 12:50:24]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EmEditor.lnk - C:\Program Files\EmEditor\emedtray.exe [2004-09-06 10:29:52]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=01000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [2006-08-17 15:57 86016]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

R1 AutoSave;AutoSave;C:\WINDOWS\system32\drivers\AutoSave.sys
R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys
R2 LxrSII1d;Secure II Driver;\??\C:\WINDOWS\system32\Drivers\LxrSII1d.sys
R3 AVMNgBasM780;AVerMedia M780 Base Driver;C:\WINDOWS\system32\DRIVERS\AVerBas.sys
R3 AVMNgCapM780;AVerMedia M780 Audio/Video Capture Driver;C:\WINDOWS\system32\DRIVERS\AVerCap.sys
R3 AVMNgTunM780;AVerMedia M780 TVTuner Driver;C:\WINDOWS\system32\DRIVERS\AVerTun.sys
R3 KFilter;KFilter;\??\C:\PROGRA~1\VCOM\SYSTEM~1\KFilter.sys
R3 P17;SB Live! 24-bit;C:\WINDOWS\system32\drivers\P17.sys
S3 NUVision;NUVision II Video Service;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys
S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;C:\WINDOWS\system32\drivers\usbscan.sys
S3 XIRLINK;Veo PC Camera;C:\WINDOWS\system32\DRIVERS\ucdnt.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command -

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2007-10-14 23

53 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exe
"2007-10-26 16:39:04 C:\WINDOWS\Tasks\User_Feed_Synchronization-{44F941E4-56D1-4E8B-9252-6B279C4F57EF}.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-26 12:45:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-26 12:48:59 - machine was rebooted
.
--- E O F ---

Deckard's System Scanner v20071014.68
Run by Compaq_Administrator on 2007-10-26 12:58:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
147: 2007-10-26 16:58:55 UTC - RP417 - Deckard's System Scanner Restore Point
146: 2007-10-26 16:29:23 UTC - RP416 - ComboFix created restore point
145: 2007-10-25 18:07:58 UTC - RP415 - System Checkpoint
144: 2007-10-24 16:22:28 UTC - RP414 - Installed OutlookTools 2
143: 2007-10-24 01:51:50 UTC - RP413 - System Checkpoint

-- First Restore Point --
1: 2007-08-02 02:50:52 UTC - RP271 - System Checkpoint

Performed disk cleanup.

-- HijackThis (run as Compaq_Administrator.exe) --------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:12 PM, on 10/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\WINDOWS\SM1BG.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\EmEditor\emedtray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\LaunchOnFly\lf.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\EmEditor\EMEDITOR.EXE
C:\Documents and Settings\Compaq_Administrator\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\COMPAQ~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: (no name) - - (no file)
O2 - BHO: (no name) - 0CÁ07962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - orer - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: ****Fish Toolbar Opcode Handler - {29C88E20-4234-41B9-A9DB-982958C95FB1} - C:\Program Files\****Fish\****Fish.dll
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: FloatBar Class - {75B1A646-CDCE-4C06-B52F-84F4463B4FC8} - C:\Program Files\****Fish\FloatBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - CÁJ - (no file)
O2 - BHO: (no name) - °BÁ78D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - àBÁ49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Paessler Site Inspector 4 Toolbar - {EC3A37EF-F4CF-447A-B0FD-206073E2DAE9} - C:\PROGRA~1\PAESSL~1\PSITOO~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ****Fish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\****Fish\****Fish.dll
O3 - Toolbar: (no name) - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [PhoneTray] C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [EPSON Stylus C68 Series on MIKEYS (from DORIS)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAA.EXE /P46 "EPSON Stylus C68 Series on MIKEYS (from DORIS)" /O5 "TS002" /M "Stylus C68"
O4 - HKLM\..\Run: [EPSON Stylus C68 Series on DEN (from BEDROOM)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAA.EXE /P45 "EPSON Stylus C68 Series on DEN (from BEDROOM)" /O5 "TS003" /M "Stylus C68"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyPrivacyTask] C:\Program Files\My Privacy Online\MyPrivacyTask.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: LaunchOnFly.lnk = C:\Program Files\LaunchOnFly\lf.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: EmEditor.lnk = C:\Program Files\EmEditor\emedtray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Lookup Word - C:\Program Files\QDictionary\dict.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: ****Fish Grab movies on this page - C:\Program Files\****Fish\GRABPAGEMOVIES.HTM
O8 - Extra context menu item: ****Fish Grab pictures on this page - C:\Program Files\****Fish\GRABPAGEPICS.HTM
O8 - Extra context menu item: ****Fish Grab pictures this page links to - C:\Program Files\****Fish\GRABPAGELINKS.HTM
O8 - Extra context menu item: ****Fish Grab Target File - C:\Program Files\****Fish\GRABLINK.HTM
O8 - Extra context menu item: ****Fish Grab This Picture - C:\Program Files\****Fish\GRABPIC.HTM
O8 - Extra context menu item: PSI: Copy Image as HTML Tag - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copy-img-tag
O8 - Extra context menu item: PSI: Copy Image URL - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copy-img-src
O8 - Extra context menu item: PSI: Copy Link as HTML Tag - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copy-a-tag
O8 - Extra context menu item: PSI: Copy Meister - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copymeister
O8 - Extra context menu item: PSI: Open Frame In New Window - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/open-frame-in-new-window
O8 - Extra context menu item: PSI: Open Frame In This Window - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/open-frame-in-this-window
O8 - Extra context menu item: PSI: Open Selected Text as URL in New Window - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/open-selection
O8 - Extra context menu item: PSI: Show All Forms - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/forms
O8 - Extra context menu item: PSI: Show All Images - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/images
O8 - Extra context menu item: PSI: Show All Links - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/links
O8 - Extra context menu item: PSI: Show All Scripts - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/scripts
O8 - Extra context menu item: PSI: Show All Stylesheets - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/styles
O8 - Extra context menu item: PSI: Show HTTP Header - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/headers
O8 - Extra context menu item: PSI: Show Source - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/source
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: SurfSaver &QuickSave - C:\Program Files\askSam\SurfSaver\QuickSave.htm
O8 - Extra context menu item: SurfSaver Sav&e... - C:\Program Files\askSam\SurfSaver\Add.htm
O8 - Extra context menu item: SurfSaver Searc&h... - C:\Program Files\askSam\SurfSaver\Search.htm
O8 - Extra context menu item: T&hesaurus - C:\Program Files\QDictionary\thes.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra button: Billeo - {97ED3A9F-CD6F-473A-8FE1-7505C1B844C3} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra button: SurfSaver - {A6418A39-8884-11D3-A846-00104B8825B9} - C:\Program Files\askSam\SurfSaver\SurfBar.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188921401078
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} - http://www.kodakgallery.com/download...2/axofupld.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V020...5030/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27C876C4-3D2E-4156-8F0C-2776892E285D}: NameServer = 207.69.188.185,207.69.188.186
O18 - Protocol: asksam - {F9FF9EDA-4916-11D1-B6C1-002018305A61} - C:\Program Files\askSam\SurfSaver\AS_AIPP.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SystemSuite Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 20947 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser %1,%*
.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2
.txt - emeditor.txt - DefaultIcon - C:\Program Files\EmEditor\EMEDRES.DLL,1
.txt - emeditor.txt - shell\open\command - "C:\Program Files\EmEditor\EMEDITOR.EXE" "%1"

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 AutoSave - c:\windows\system32\drivers\autosave.sys <Not Verified; Avanquest Publishing USA, Inc.; AutoSave>
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
R1 USIUDF - c:\windows\system32\drivers\usiudf.sys <Not Verified; Ulead Systems, Inc.; Ulead UDF File System Driver>
R2 LxrSII1d (Secure II Driver) - c:\windows\system32\drivers\lxrsii1d.sys
R3 catchme - c:\docume~1\compaq~1\locals~1\temp\catchme.sys (file missing)
R3 KFilter - c:\program files\vcom\systemsuite\kfilter.sys <Not Verified; Avanquest Publishing USA, Inc.; SystemSuite>
R3 ULCDRHlp - c:\windows\system32\drivers\ulcdrhlp.sys <Not Verified; Ulead Systems, Inc.; Ulead CD/DVD Burning Engine>

S3 XUIF (X10 USB Wireless Transceiver) - c:\windows\system32\drivers\x10ufx2.sys <Not Verified; X10 Wireless Technology, Inc.; X10 USB Control Interface>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 LxrSII1s (Lexar Secure II) - lxrsii1s.exe
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
R2 SystemSuite Task Manager - c:\progra~1\vcom\system~1\mxtask.exe -service <Not Verified; Avanquest Publishing USA, Inc.; >

S3 Adobe Version Cue CS2 - "c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe" -win32service <Not Verified; Adobe Systems Incorporated; Adobe Version Cue CS2>
S3 x10nets (X10 Device Network Service) - c:\progra~1\common~1\x10\common\x10nets.exe <Not Verified; X10; x10 Module>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\svchost.exe (pid 1212)
2006-09-07 13:32:30 53248 --a------ C:\Program Files\VCOM\SystemSuite\MxAVlsp.dll <Not Verified; Avanquest Publishing USA, Inc.; SystemSuite>
2006-10-24 16:55:00 81920 --a------ C:\Program Files\VCOM\SystemSuite\MXPM.dll <Not Verified; Avanquest Publishing USA, Inc.; >
2006-12-11 17:12:34 135168 --a------ C:\Program Files\VCOM\SystemSuite\UFilter.dll <Not Verified; Avanquest Publishing USA, Inc.; SystemSuite>
2005-11-28 12:11:28 94208 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Computer, Inc.; Bonjour>
2006-09-07 13:57:52 32768 --a------ C:\Program Files\VCOM\SystemSuite\MXR.dll <Not Verified; Avanquest Publishing USA, Inc.; >

C:\WINDOWS\explorer.exe (pid 2524)
2006-09-07 13:37:12 53248 --a------ C:\Program Files\VCOM\SystemSuite\errhook.dll <Not Verified; Avanquest Publishing USA, Inc.; SystemSuite>
2001-02-07 13:17:02 364607 --a------ C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL <Not Verified; Microsoft Corporation; Microsoft(R) Handwriting Input UI>
2005-07-28 17:28:33 77824 --a------ C:\Program Files\Common Files\aolshare\aolshcpy.dll <Not Verified; America Online Inc.; aolshcpy Module>
2006-09-07 13:32:30 53248 --a------ C:\Program Files\VCOM\SystemSuite\MxAVlsp.dll <Not Verified; Avanquest Publishing USA, Inc.; SystemSuite>
2006-10-24 16:55:00 81920 --a------ C:\Program Files\VCOM\SystemSuite\MXPM.dll <Not Verified; Avanquest Publishing USA, Inc.; >
2006-12-11 17:12:34 135168 --a------ C:\Program Files\VCOM\SystemSuite\UFilter.dll <Not Verified; Avanquest Publishing USA, Inc.; SystemSuite>
2006-08-17 15:57:20 86016 -ra------ C:\Program Files\Qualcomm\Eudora\EuShlExt.dll <Not Verified; Qualcomm Inc.; Eudora>

C:\WINDOWS\system32\rundll32.exe (pid 2804)
2006-12-05 19:01:32 54272 --a------ C:\WINDOWS\system32\DrvTrNTm.dll <Not Verified; High Criteria inc.; Total Recorder (Professional Edition)>
2006-12-05 19:01:12 106496 --a------ C:\WINDOWS\system32\DrvTrNTl.dll <Not Verified; High Criteria inc.; Total Recorder (Professional Edition)>
2006-09-07 13:37:12 53248 --a------ C:\Program Files\VCOM\SystemSuite\errhook.dll <Not Verified; Avanquest Publishing USA, Inc.; SystemSuite>

-- Scheduled Tasks -------------------------------------------------------------

2007-10-26 12:54:05 452 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{44F941E4-56D1-4E8B-9252-6B279C4F57EF}.job
2007-10-14 19

53 466 --a------ C:\WINDOWS\Tasks\EasyShare Registration Task.job

-- Files created between 2007-09-26 and 2007-10-26 -----------------------------

2007-10-26 11:57:33 0 dr-h----- C:\Documents and Settings\Compaq_Administrator\Recent
2007-10-24 12:22:29 0 d-------- C:\Program Files\HowTo-Outlook
2007-10-18 10:47:16 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Windows Desktop Search
2007-10-18 10:20:40 0 d-------- C:\Program Files\Windows Desktop Search
2007-10-18 09:27:42 0 d-------- C:\Program Files\Microsoft.NET
2007-10-18 09:22:42 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-10-18 09:21:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-18 09:18:45 0 dr-h----- C:\MSOCache
2007-10-18 08:38:26 0 d-------- C:\Program Files\Alcohol Soft
2007-10-18 08:34:06 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-10-16 13:04:51 0 d-------- C:\Program Files\Trend Micro
2007-10-16 02:17:34 0 d-------- C:\Program Files\SpywareBlaster
2007-10-15 09:36:40 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-10-14 19:08:46 0 d-------- C:\Program Files\Common Files\Kodak
2007-10-08 07:30:09 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2007-10-08 06:11:33 0 d-------- C:\Program Files\SAMSUNG
2007-10-08 05:08:49 0 d-------- C:\Program Files\EVEREST Home Edition

-- Find3M Report ---------------------------------------------------------------

2007-10-26 12:45:34 0 d-------- C:\Program Files\My Privacy Online
2007-10-26 12:25:55 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\VCOMAntiSpam
2007-10-26 08:19:21 0 d-------- C:\Program Files\Magical Jellybean Dictionary Vv1.1
2007-10-26 08:19:20 0 d-------- C:\Program Files\CoffeeCup Software
2007-10-26 08:19:06 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\LaunchOnFly
2007-10-24 17:23:44 0 d-------- C:\Program Files\UnH Solutions
2007-10-23 14:10:27 0 d-------- C:\Program Files\Microsoft Picture It! PhotoPub
2007-10-23 04:19:45 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Help
2007-10-18 09:50:30 0 d-------- C:\Program Files\Common Files
2007-10-18 09:29:33 0 d-------- C:\Program Files\Microsoft Works
2007-10-16 16:01:01 0 d-------- C:\Program Files\****Fish
2007-10-16 15:46:04 0 d-------- C:\Program Files\LaunchOnFly
2007-10-16 15:38:34 0 d-------- C:\Program Files\Google
2007-10-16 15:30:42 0 d-a------ C:\Program Files\Common Files\LightScribe
2007-10-16 15:30:10 0 d-------- C:\Program Files\Common Files\aolshare
2007-10-16 15:25:11 0 d-------- C:\Program Files\Bonjour
2007-10-16 12:21:42 49194 --a------ C:\logfile
2007-10-16 05:14:15 0 d-------- C:\Program Files\ICQLite
2007-10-16 05:11:46 0 d-------- C:\Program Files\Extension Changer
2007-10-16 05:11:25 0 d-------- C:\Program Files\EmEditor
2007-10-16 05:11:21 0 d-------- C:\Program Files\EditPlus 2
2007-10-16 04:47:57 0 d-------- C:\Program Files\ABBYY PDF Transformer 2.0
2007-10-15 12:42:01 0 d-------- C:\Program Files\Smart Explorer
2007-10-14 19:09:39 0 d-------- C:\Program Files\Kodak
2007-10-12 10:34:42 0 d-------- C:\Program Files\dwyco2
2007-10-12 01:05:34 768 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-10-08 06:11:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-04 01:38:20 0 d-------- C:\Program Files\Media Player Classic
2007-10-03 12:54:01 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Macromedia
2007-10-01 02:50:30 0 d-------- C:\Program Files\The Logo Creator v5
2007-09-20 13:18:33 0 d-------- C:\Program Files\The Logo Creator v4
2007-09-20 13:18:29 0 d-------- C:\Program Files\SatFinder
2007-09-20 13:18:24 0 d-------- C:\Program Files\mceWeather
2007-09-20 12:01:33 0 d-------- C:\Program Files\InterVideo
2007-09-20 08:12:00 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Media Player Classic
2007-09-18 13:32:28 0 d-------- C:\Program Files\Funspot
2007-09-18 13:30:48 0 d-------- C:\Program Files\Media Center Karaoke Plug-in
2007-09-11 20:01:45 0 d-------- C:\Program Files\Key-Grabber-ddfg
2007-09-07 14:15:41 0 d-------- C:\Program Files\DVDlabPro
2007-09-04 12:50:01 0 d-------- C:\Program Files\MSXML 6.0
2007-09-04 12:49:19 0 d-------- C:\Program Files\MSBuild
2007-09-04 12:45:43 0 d-------- C:\Program Files\Reference Assemblies
2007-09-04 12:15:29 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-30 12:50:57 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Web Page Maker V2
2007-08-30 12:50:53 0 d-------- C:\Program Files\Web Page Maker V2
2007-08-30 11:51:50 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Smart Recorder
2007-08-28 12:34:14 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Creative
2007-08-28 12:18:50 0 d-------- C:\Program Files\Creative
2007-08-28 12:16:59 0 d-------- C:\Program Files\Common Files\Creative
2007-08-28 12:16:58 0 d--h----- C:\Program Files\Creative Installation Information
2007-08-28 11:38:42 0 d-------- C:\Program Files\Realtek AC97
2007-08-21 19:32:49 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-08-05 15:58:09 192 --a----c- C:\Documents and Settings\Compaq_Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/06/2005 12:56 AM]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [08/03/2005 03:19 AM C:\WINDOWS\arpwrmsg.exe]
"DMAScheduler"="c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [11/01/2005 01:01 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [07/23/2005 02:14 AM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [11/09/2005 11:29 AM]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [08/27/2003 02:20 PM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 04:44 PM]
"Fix-It AV"="C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe" [09/07/2006 01:32 PM]
"PhoneTray"="C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe" [05/24/2006 01:16 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"VirusScannerPro"="C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe" [09/07/2006 01:32 PM]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [11/17/2004 01:21 PM]
"PCDrProfiler"="C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" [10/31/2005 03:47 PM]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [03/19/2002 05:30 PM]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [10/31/2005 10:51 AM]
"P17Helper"="P17.dll" [05/03/2005 07:38 AM C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"EPSON Stylus C68 Series on MIKEYS (from DORIS)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAA.exe" [01/25/2005 04:00 AM]
"EPSON Stylus C68 Series on DEN (from BEDROOM)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAA.exe" [01/25/2005 04:00 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/28/2004 03:50 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [06/04/2006 06:36 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 12:00 AM]
"MyPrivacyTask"="C:\Program Files\My Privacy Online\MyPrivacyTask.exe" [02/28/2006 11:27 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/08/2007 08:38 AM]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [07/02/2007 06:29 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\
LaunchOnFly.lnk - C:\Program Files\LaunchOnFly\lf.exe [3/22/2007 12:50:24 PM]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EmEditor.lnk - C:\Program Files\EmEditor\emedtray.exe [9/6/2004 10:29:52 AM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 3:40:46 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartBanner"=01000000
"ClearRecentDocsOnExit"=01000000
"NoRecentDocsHistory"=01000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [08/17/2006 03:57 PM 86016]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 03:39 PM 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command-

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

-- End of Deckard's System Scanner: finished at 2007-10-26 13:00:27 ------------