Thread: Help with HijackThis log
View Single Post
Old 01-18-2008, 02:50 PM   #4 (permalink)
liuall2003
Registered User
 
liuall2003's Avatar
 
Join Date: Jan 2008
Posts: 29
OS: Windows XP SP2


Re: Help with HijackThis log
Thank you for your response, here is the log (main.txt) from the DSS scan:
------------------------
Deckard's System Scanner v20071014.68
Run by Yu on 2008-01-18 16:38:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-01-18 21:38:24 UTC - RP574 - Deckard's System Scanner Restore Point
2: 2008-01-17 22:07:43 UTC - RP573 - Installed ErrorDoctor
1: 2008-01-15 00:15:33 UTC - RP572 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Yu.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:27 PM, on 1/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\tcpsvcs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\RoboTask\RoboTask.exe
C:\Documents and Settings\Yu\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Yu.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {1515B906-999A-48F3-8BF4-B7EC61BF5B38} - C:\WINDOWS\system32\iiffdaa.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6FA3C85E-3081-4522-9B7C-546F98C684F8} - C:\WINDOWS\system32\mljgf.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {da19e03d-19ae-b168-d8d4-9783a2989868} - {8689892a-3879-4d8d-861b-ea91d30e91ad} - C:\WINDOWS\system32\ccctxifm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [44d5da6c] rundll32.exe "C:\WINDOWS\system32\ltobyqlg.dll",b
O4 - HKLM\..\Run: [BM47e6e9f0] Rundll32.exe "C:\WINDOWS\system32\homaumat.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [RoboTask] C:\Program Files\RoboTask\RoboTask.exe
O4 - HKUS\S-1-5-21-1102261427-1399843325-129469713-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Steven')
O4 - HKUS\S-1-5-21-1102261427-1399843325-129469713-1007\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Steven')
O4 - HKUS\S-1-5-21-1102261427-1399843325-129469713-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Steven')
O4 - HKUS\S-1-5-21-1102261427-1399843325-129469713-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Steven')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: PowerWord - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\PROGRA~1\KINGSOFT\XDICT\ieplugin.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: Joyo - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\PROGRA~1\KINGSOFT\XDICT\ieplugin.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwic...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1126738808781
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D87BE747-157C-49BD-A392-A68B75A54947} (HotTeleClient Control) - http://www.hottelephone.com/HotTeleClient.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...13/mcfscan.cab
O20 - Winlogon Notify: iiffdaa - C:\WINDOWS\SYSTEM32\iiffdaa.dll
O20 - Winlogon Notify: winrvc32 - winrvc32.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: VideoAcceleratorEngine - Unknown owner - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (file missing)

--
End of file - 16375 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 HFCore - c:\windows\system32\drivers\hfcore.sys
R1 StarPortLite (StarPort Storage Controller (Lite)) - c:\windows\system32\drivers\starportlite.sys <Not Verified; Rocket Division Software; StarPort Storage Controller>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path ManagerŪ (32-bit)>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S2 sbbotdi - c:\progra~1\speedb~1\sbbotdi.sys (file missing)
S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys (file missing)
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 TIEHDUSB - c:\windows\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>

S2 navapsvc (Norton AntiVirus Auto-Protect Service) - "c:\program files\norton antivirus\navapsvc.exe" (file missing)
S2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
S2 VideoAcceleratorEngine - c:\progra~1\speedb~1\videoacceleratorengine.exe -start -scm (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-17 16:30:24 416 --ah---c- C:\WINDOWS\Tasks\User_Feed_Synchronization-{12BACCA3-FCCA-4B94-AE3C-64054BF14814}.job
2008-01-15 12:49:07 284 --a----c- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-12-18 and 2008-01-18 -----------------------------

2008-01-17 19:50:14 86592 --a------ C:\WINDOWS\system32\ltobyqlg.dll
2008-01-17 19:44:14 70208 --a------ C:\WINDOWS\system32\homaumat.dll
2008-01-17 19:39:27 77376 --a------ C:\WINDOWS\system32\ccctxifm.dll
2008-01-17 18:27:11 0 dr-h----- C:\Documents and Settings\Yu\Recent
2008-01-17 17:25:01 0 --a----c- C:\WINDOWS\system32\Ultra.dll
2008-01-17 17:07:45 0 d-------- C:\Program Files\SoftwareDoctor
2008-01-17 16:32:59 0 d-------- C:\Program Files\InControl
2008-01-16 19:12:24 86592 --a------ C:\WINDOWS\system32\pblblvym.dll
2008-01-16 1925 70208 --a------ C:\WINDOWS\system32\jvgjspnn.dll
2008-01-16 19:03:25 76864 --a------ C:\WINDOWS\system32\ifvvnsrd.dll
2008-01-16 15:51:50 0 d-------- C:\Documents and Settings\Yu\.housecall6.6
2008-01-15 18:00:45 70208 --a------ C:\WINDOWS\system32\difjgufb.dll
2008-01-15 17:58:08 79936 --a------ C:\WINDOWS\system32\sgpgiiml.dll
2008-01-14 20:04:54 0 dr-h----- C:\Documents and Settings\Jianmin\Recent
2008-01-14 19:11:55 89152 --a------ C:\WINDOWS\system32\mmdkdydj.dll
2008-01-14 19:05:52 77888 --a------ C:\WINDOWS\system32\rlpruteu.dll
2008-01-14 19:02:52 70208 --a------ C:\WINDOWS\system32\qwvwqmrq.dll
2008-01-14 16:20:20 0 d-------- C:\Documents and Settings\Jianmin\Application Data\Mozilla
2008-01-14 08:55:36 0 d-------- C:\Documents and Settings\Jianmin\Application Data\DAZ 3D
2008-01-13 19:03:20 79936 --a------ C:\WINDOWS\system32\jlfxuimn.dll
2008-01-13 19:00:20 70208 --a------ C:\WINDOWS\system32\fblcqahq.dll
2008-01-13 09:44:38 198144 -------c- C:\WINDOWS\system32\_psisdecd.dll
2008-01-13 09:43:30 44544 --a----c- C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2008-01-12 18:26:08 76864 --a------ C:\WINDOWS\system32\ixuqgylf.dll
2008-01-12 18:23:10 70208 --a------ C:\WINDOWS\system32\ukvnvget.dll
2008-01-11 18:28:59 70208 --a------ C:\WINDOWS\system32\iixofosk.dll
2008-01-11 18:20:29 70208 --a------ C:\WINDOWS\system32\fjcafose.dll
2008-01-11 16:51:40 0 d------c- C:\WINDOWS\system32\ActiveScan
2008-01-11 15:31:18 0 dr------- C:\Documents and Settings\Administrator.ALEX\Start Menu
2008-01-11 15:31:18 0 dr-h----- C:\Documents and Settings\Administrator.ALEX\SendTo
2008-01-11 15:31:18 0 dr-h----- C:\Documents and Settings\Administrator.ALEX\Recent
2008-01-11 15:31:18 0 d--h----- C:\Documents and Settings\Administrator.ALEX\PrintHood
2008-01-11 15:31:18 0 d--h----- C:\Documents and Settings\Administrator.ALEX\NetHood
2008-01-11 15:31:18 0 d-------- C:\Documents and Settings\Administrator.ALEX\Desktop
2008-01-11 15:31:18 0 d-------- C:\Documents and Settings\Administrator.ALEX\Application Data\Symantec
2008-01-11 15:31:18 0 d-------- C:\Documents and Settings\Administrator.ALEX\Application Data\Sun
2008-01-11 15:31:18 0 d-------- C:\Documents and Settings\Administrator.ALEX\Application Data\Jasc Software Inc
2008-01-11 15:31:18 0 d-------- C:\Documents and Settings\Administrator.ALEX\Application Data\Identities
2008-01-11 15:24:19 0 d--h----- C:\Documents and Settings\Administrator.ALEX\Templates
2008-01-11 15:24:19 0 dr------- C:\Documents and Settings\Administrator.ALEX\My Documents
2008-01-11 15:24:19 0 d--h----- C:\Documents and Settings\Administrator.ALEX\Local Settings
2008-01-11 15:24:19 0 dr------- C:\Documents and Settings\Administrator.ALEX\Favorites
2008-01-11 15:24:19 0 d--hs---- C:\Documents and Settings\Administrator.ALEX\Cookies
2008-01-11 15:24:19 0 dr-h----- C:\Documents and Settings\Administrator.ALEX\Application Data
2008-01-11 15:24:19 0 d---s---- C:\Documents and Settings\Administrator.ALEX\Application Data\Microsoft
2008-01-11 15:24:18 786432 --ah----- C:\Documents and Settings\Administrator.ALEX\NTUSER.DAT
2008-01-11 14:54:07 0 d-------- C:\Documents and Settings\Hong\Application Data\Yahoo!
2008-01-11 14:54:01 0 d-------- C:\Documents and Settings\Steven\Application Data\Yahoo!
2008-01-10 18:05:29 70208 --a----c- C:\WINDOWS\system32\spfwbwod.dll
2008-01-05 20:03:45 78912 --a----c- C:\WINDOWS\system32\ptigupsq.dll
2008-01-04 18:27:53 322935 --ahs--c- C:\WINDOWS\system32\fgjlm.ini2
2008-01-04 18:27:40 331264 --a----c- C:\WINDOWS\system32\mljgf.dll
2008-01-03 1938 0 d-------- C:\Documents and Settings\Jianmin\Application Data\MRTalk
2008-01-03 19:05:42 0 d-------- C:\Program Files\MediaRing
2008-01-03 17:27:13 481363 --ahs--c- C:\WINDOWS\system32\srutv.ini2
2008-01-03 17:27:06 328704 --a----c- C:\WINDOWS\system32\vturs.dll
2008-01-03 15:11:36 7009 --ahs--c- C:\WINDOWS\system32\rqtwa.ini2
2008-01-03 15:11:30 328704 --a----c- C:\WINDOWS\system32\awtqr.dll
2008-01-02 15:21:44 0 d-------- C:\Program Files\Enigma Software Group
2008-01-02 14:34:39 331776 -------c- C:\WINDOWS\system32\gebyy.dll
2008-01-01 15:04:40 327680 -------c- C:\WINDOWS\system32\awtsr.dll
2008-01-01 13:34:34 486347 --ahs--c- C:\WINDOWS\system32\qtstv.ini2
2008-01-01 13:34:26 327680 --a----c- C:\WINDOWS\system32\vtstq.dll
2008-01-01 10:33:38 7088 --ahs--c- C:\WINDOWS\system32\nnnmp.ini2
2008-01-01 10:33:29 327680 --a----c- C:\WINDOWS\system32\pmnnn.dll
2007-12-31 18:33:29 6784 --ahs--c- C:\WINDOWS\system32\stvwa.ini2
2007-12-31 18:33:23 328704 --a----c- C:\WINDOWS\system32\awvts.dll
2007-12-31 16:42:35 6589 --ahs--c- C:\WINDOWS\system32\kjllm.ini2
2007-12-31 16:42:25 328704 --a----c- C:\WINDOWS\system32\mlljk.dll
2007-12-31 14:01:53 328704 -------c- C:\WINDOWS\system32\vtsqo.dll
2007-12-31 13:11:16 481237 --ahs--c- C:\WINDOWS\system32\vybeg.ini2
2007-12-31 13:11:11 328704 --a----c- C:\WINDOWS\system32\gebyv.dll
2007-12-31 08:15:57 328704 -------c- C:\WINDOWS\system32\pmnnk.dll
2007-12-30 14:21:19 0 d-------- C:\Program Files\QuickTime
2007-12-30 14:19:13 0 d-------- C:\Program Files\Apple Software Update
2007-12-30 14:19:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-29 21:02:27 328192 -------c- C:\WINDOWS\system32\mlljg.dll
2007-12-29 19:08:47 327680 -------c- C:\WINDOWS\system32\geebx.dll
2007-12-29 18:54:39 6709 --ahs--c- C:\WINDOWS\system32\ddeeg.ini2
2007-12-29 18:54:30 328192 --a----c- C:\WINDOWS\system32\geedd.dll
2007-12-29 17:57:53 328192 -------c- C:\WINDOWS\system32\awvvw.dll
2007-12-29 16:07:06 0 d-------- C:\Documents and Settings\Yu\Application Data\Yahoo!
2007-12-29 1622 10368 -------c- C:\WINDOWS\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
2007-12-29 16:04:11 10368 --a----c- C:\WINDOWS\system32\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
2007-12-28 17:27:29 481493 --ahs--c- C:\WINDOWS\system32\pqtss.ini2
2007-12-28 17:27:19 341504 --a----c- C:\WINDOWS\system32\sstqp.dll
2007-12-28 15:14:05 482513 --ahs--c- C:\WINDOWS\system32\nqtss.ini2
2007-12-28 15:13:57 341504 --a----c- C:\WINDOWS\system32\sstqn.dll
2007-12-28 12:25:03 6769 --ahs--c- C:\WINDOWS\system32\jlkkj.ini2
2007-12-28 12:03:46 6769 --ahs--c- C:\WINDOWS\system32\gjkkj.ini2
2007-12-28 12:03:39 341504 --a----c- C:\WINDOWS\system32\jkkjg.dll
2007-12-28 10:57:55 0 d------c- C:\WINDOWS\system32\Dell
2007-12-28 08:20:18 6854 --ahs--c- C:\WINDOWS\system32\hjjlm.ini2
2007-12-28 08:20:09 341504 --a----c- C:\WINDOWS\system32\mljjh.dll
2007-12-27 19:38:41 329728 -------c- C:\WINDOWS\system32\geedc.dll
2007-12-27 15:56:07 494315 --ahs--c- C:\WINDOWS\system32\jjkmp.ini2
2007-12-27 15:55:49 329728 --a----c- C:\WINDOWS\system32\pmkjj.dll
2007-12-27 14:41:19 6649 --ahs--c- C:\WINDOWS\system32\mnnmp.ini2
2007-12-27 14:41:07 329728 --a----c- C:\WINDOWS\system32\pmnnm.dll
2007-12-26 17:35:01 80448 --a------ C:\WINDOWS\system32\obgdbsoy.dll
2007-12-26 16:53:24 336896 -------c- C:\WINDOWS\system32\ssqro.dll
2007-12-26 16:16:19 80448 --a------ C:\WINDOWS\system32\odvsmjgg.dll
2007-12-25 15:11:53 321536 --a----c- C:\WINDOWS\system32\geedb.dll
2007-12-25 14:07:33 327680 -------c- C:\WINDOWS\system32\ddayy.dll
2007-12-23 18:05:21 78912 --a------ C:\WINDOWS\system32\ppnknywu.dll
2007-12-23 13:17:24 0 d-------- C:\Documents and Settings\Steven\Application Data\Grisoft
2007-12-23 13:03:45 0 d-------- C:\Documents and Settings\Yu\Application Data\Grisoft
2007-12-22 20:28:18 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2007-12-22 20:20:35 0 d-------- C:\Documents and Settings\Jianmin\Application Data\Yahoo!
2007-12-22 18:24:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-22 18:04:21 78400 --a------ C:\WINDOWS\system32\tklvawpe.dll
2007-12-19 14:39:25 0 d-------- C:\Program Files\Opera 9.5 beta


-- Find3M Report ---------------------------------------------------------------

2008-01-18 16:15:34 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-17 15:47:05 0 d-------- C:\Program Files\PPLive
2008-01-13 10:44:51 0 d-------- C:\Documents and Settings\Yu\Application Data\CyberLink
2008-01-13 09:41:58 0 d-------- C:\Program Files\CyberLink
2008-01-11 16:34:52 0 d-------- C:\Program Files\Trend Micro
2008-01-05 15:27:30 0 d-------- C:\Documents and Settings\Yu\Application Data\Image Zone Express
2008-01-02 16:40:09 0 d-------- C:\Program Files\JetAudio
2007-12-30 15:09:25 0 d-------- C:\Program Files\Need3Space
2007-12-29 15:45:54 0 d-------- C:\Documents and Settings\Yu\Application Data\Vso
2007-12-28 10:57:56 0 d-------- C:\Program Files\Dell
2007-12-27 12:27:39 0 d-------- C:\Documents and Settings\Yu\Application Data\Adobe
2007-12-26 17:35:48 0 d-------- C:\Program Files\Smart Install Maker
2007-12-26 17:35:25 0 d-------- C:\Program Files\project dogwaffle
2007-12-25 13:20:43 0 d-------- C:\Program Files\Best Buy Rhapsody
2007-12-24 15:57:46 0 d-------- C:\Program Files\Google
2007-12-23 17:28:22 0 dr------- C:\Program Files\Aston
2007-12-21 19:44:36 0 d-------- C:\Program Files\Opera
2007-12-19 14:39:35 0 d-------- C:\Documents and Settings\Yu\Application Data\Opera
2007-12-16 15:30:56 4 --a----c- C:\WINDOWS\system32\4F25D9
2007-12-16 15:19:59 0 d-------- C:\Documents and Settings\Yu\Application Data\uTorrent
2007-12-13 18:33:18 0 d-------- C:\Program Files\AnVir Task Manager
2007-12-11 17:27:34 0 d------c- C:\Program Files\Common Files
2007-12-11 17:27:34 0 d------c- C:\Program Files\Common Files\Bcgsoft
2007-12-10 17:29:46 35840 -------c- C:\WINDOWS\system32\iiffdaa.dll
2007-12-10 14:28:58 432635 --ahs--c- C:\WINDOWS\system32\ybeeg.ini2
2007-12-09 18:25:24 698 --ahs--c- C:\WINDOWS\system32\egjlm.ini2
2007-12-09 18:25:11 973 --ahs--c- C:\WINDOWS\system32\rqstv.ini2
2007-12-09 18:25:11 452 --ahs--c- C:\WINDOWS\system32\npqss.ini2
2007-12-09 18:25:06 7198 --ahs--c- C:\WINDOWS\system32\kjkmp.ini2
2007-12-08 16:52:46 336992 --a----c- C:\WINDOWS\system32\vtsqr.dll
2007-12-08 14:40:18 34 --a------ C:\Documents and Settings\Yu\Application Data\pcouffin.log
2007-12-08 14:40:02 47360 --a------ C:\Documents and Settings\Yu\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-12-08 14:40:02 1144 --a------ C:\Documents and Settings\Yu\Application Data\pcouffin.inf
2007-12-08 14:40:02 7176 --a------ C:\Documents and Settings\Yu\Application Data\pcouffin.cat
2007-12-08 14:40:02 81920 --a------ C:\Documents and Settings\Yu\Application Data\ezpinst.exe
2007-12-08 14:40:00 0 d-------- C:\Program Files\Plato DVD Copy
2007-12-08 13:43:48 336992 --a----c- C:\WINDOWS\system32\mljge.dll
2007-12-08 11:47:11 336992 --a----c- C:\WINDOWS\system32\ssqpn.dll
2007-12-08 07:41:51 336992 --a----c- C:\WINDOWS\system32\pmkjk.dll
2007-12-07 18:23:27 339552 -------c- C:\WINDOWS\system32\pmnli.dll
2007-12-06 13:30:20 22528 --a----c- C:\WINDOWS\system32\wineak32.dll
2007-12-05 18:26:05 0 d-------- C:\Program Files\Java
2007-12-04 16:47:03 0 d-------- C:\Program Files\CA
2007-12-04 16:47:03 0 d-------- C:\Program Files\CA(3)
2007-12-04 16:47:02 0 d-------- C:\Program Files\Microsoft Silverlight
2007-12-04 16:46:43 0 d-------- C:\Program Files\Thoosje Sidebar V2.3
2007-11-29 19:22:46 0 d-------- C:\Program Files\DAP
2007-11-29 17:04:58 0 d-------- C:\Documents and Settings\Yu\Application Data\Corel
2007-11-29 17:00:39 0 d-------- C:\Program Files\Corel
2007-11-28 15:07:39 0 d-------- C:\Documents and Settings\Yu\Application Data\DemoCreator
2007-11-28 14:52:19 0 d-------- C:\Program Files\Wondershare
2007-11-26 17:12:00 0 d-------- C:\Documents and Settings\Yu\Application Data\Mp3tag
2007-11-26 17:09:27 0 d-------- C:\Program Files\Mp3tag
2007-11-26 14:36:18 0 d-------- C:\Documents and Settings\Yu\Application Data\Real
2007-11-24 12:16:49 0 d-------- C:\Program Files\Digital Photo Navigator 1.5
2007-11-24 12:14:53 0 d-------- C:\Program Files\IE7Pro
2007-11-24 12:14:47 0 d-------- C:\Documents and Settings\Yu\Application Data\IE7Pro
2007-11-23 1148 0 d-------- C:\Program Files\Sandisk
2007-11-23 11:01:18 0 d-------- C:\Program Files\Real


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1515B906-999A-48F3-8BF4-B7EC61BF5B38}]
12/10/2007 05:29 PM 35840 -----c--- C:\WINDOWS\system32\iiffdaa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FA3C85E-3081-4522-9B7C-546F98C684F8}]
01/04/2008 06:27 PM 331264 --a--c--- C:\WINDOWS\system32\mljgf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8689892a-3879-4d8d-861b-ea91d30e91ad}]
01/17/2008 07:39 PM 77376 --a------ C:\WINDOWS\system32\ccctxifm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/15/2006 05:29 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 07:42 PM]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [01/17/2006 12:03 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [02/16/2005 04:15 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 09:35 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 09:36 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 09:32 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/11/2005 10:12 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 01:05 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 02:06 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [12/01/2007 05:00 PM]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [12/01/2007 05:00 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 10:56 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 10:09 AM]
"44d5da6c"="C:\WINDOWS\system32\ltobyqlg.dll" [01/17/2008 07:50 PM]
"BM47e6e9f0"="C:\WINDOWS\system32\homaumat.dll" [01/17/2008 07:44 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
"TweakRAM"="C:\Program Files\TweakRAM\TweakRAM.exe" [09/15/2007 05:52 AM]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [10/01/2007 01:59 PM]
"RoboTask"="C:\Program Files\RoboTask\RoboTask.exe" [09/25/2007 03:05 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1515B906-999A-48F3-8BF4-B7EC61BF5B38}"= C:\WINDOWS\system32\iiffdaa.dll [12/10/2007 05:29 PM 35840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffdaa]
iiffdaa.dll 12/10/2007 05:29 PM 35840 C:\WINDOWS\system32\iiffdaa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrvc32]
winrvc32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljgf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc




-- End of Deckard's System Scanner: finished at 2008-01-18 16:43:22 ------------

The extra.txt is attached and the results from the peek.bat is below:


----------------------------------------------------------------
-------------------------------------------------------------

[boot loader]
timeout=3
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
Attached Files
File Type: txt extra.txt (34.9 KB, 3 views)
liuall2003 is offline