Thread: Computer restarting randomly
View Single Post
Old 02-06-2007, 09:06 AM   #4 (permalink)
mrqwerty
Registered User
 
Join Date: May 2006
Posts: 22
OS: XP


Hello. thanks for helping.

Here is the ComboFix txt.

"Fix" - 07-02-06 15:47:55 Service Pack 2
ComboFix 07-02-06.3 - Running from: "C:\Documents and Settings\Fix\Desktop"

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{574a4356-777e-4747-9034-956a7d99df62}]
@=""

[HKEY_CLASSES_ROOT\clsid\{574a4356-777e-4747-9034-956a7d99df62}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{574a4356-777e-4747-9034-956a7d99df62}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{574a4356-777e-4747-9034-956a7d99df62}\InprocServer32]
@="C:\\WINDOWS\\system32\\merle32.dll"
"ThreadingModel"="Apartment"Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{1a81bbfb-62d6-49b1-9d10-258df36c7127}]
@=""

[HKEY_CLASSES_ROOT\clsid\{1a81bbfb-62d6-49b1-9d10-258df36c7127}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{1a81bbfb-62d6-49b1-9d10-258df36c7127}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{1a81bbfb-62d6-49b1-9d10-258df36c7127}\InprocServer32]
@="C:\\WINDOWS\\system32\\bpowselc.dll"
"ThreadingModel"="Apartment"Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{aa00ddc4-0b98-4238-97f4-d8b9bf5efd47}]
@=""

[HKEY_CLASSES_ROOT\clsid\{aa00ddc4-0b98-4238-97f4-d8b9bf5efd47}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{aa00ddc4-0b98-4238-97f4-d8b9bf5efd47}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{aa00ddc4-0b98-4238-97f4-d8b9bf5efd47}\InprocServer32]
@="C:\\WINDOWS\\system32\\aba20g3oe6.dll"
"ThreadingModel"="Apartment"Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{668c2ccb-c297-4c2d-855a-67bdf5f5317a}]
@=""

[HKEY_CLASSES_ROOT\clsid\{668c2ccb-c297-4c2d-855a-67bdf5f5317a}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{668c2ccb-c297-4c2d-855a-67bdf5f5317a}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{668c2ccb-c297-4c2d-855a-67bdf5f5317a}\InprocServer32]
@="C:\\WINDOWS\\system32\\pDpnetsh.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\system32\aaas0997e.dll
C:\WINDOWS\system32\aamlib.dll
C:\WINDOWS\system32\aba20g3oe6.dll
C:\WINDOWS\system32\adi2cqag.dll
C:\WINDOWS\system32\adicap.dll
C:\WINDOWS\system32\aediosrv.dll
C:\WINDOWS\system32\afl71.dll
C:\WINDOWS\system32\ajaslgd7160.dll
C:\WINDOWS\system32\akaol1931.dll
C:\WINDOWS\system32\alao05h3e.dll
C:\WINDOWS\system32\apao05h3e.dll
C:\WINDOWS\system32\arthz.dll
C:\WINDOWS\system32\arycfilt.dll
C:\WINDOWS\system32\ataulah91d4.dll
C:\WINDOWS\system32\auipdlxx.dll
C:\WINDOWS\system32\avipdlxx.dll
C:\WINDOWS\system32\axicap.dll
C:\WINDOWS\system32\az1009hme.dll
C:\WINDOWS\system32\az1205doe.dll
C:\WINDOWS\system32\az12099oe.dll
C:\WINDOWS\system32\az120g3oe6.dll
C:\WINDOWS\system32\az14055qe.dll
C:\WINDOWS\system32\az16lifs1826.dll
C:\WINDOWS\system32\az18l51u1.dll
C:\WINDOWS\system32\az18l7hu1.dll
C:\WINDOWS\system32\az18lcju1fo8.dll
C:\WINDOWS\system32\az1m0e71eh.dll
C:\WINDOWS\system32\az1o05h3e.dll
C:\WINDOWS\system32\az1o0a33ed.dll
C:\WINDOWS\system32\az1o0c93ef.dll
C:\WINDOWS\system32\az1q0715e.dll
C:\WINDOWS\system32\az1q0cd5ef0.dll
C:\WINDOWS\system32\az1s0af7ed2.dll
C:\WINDOWS\system32\az1s0g37e6.dll
C:\WINDOWS\system32\az1slel71hq.dll
C:\WINDOWS\system32\az1slgd7160.dll
C:\WINDOWS\system32\az1ul7l91.dll
C:\WINDOWS\system32\az1ulc791f.dll
C:\WINDOWS\system32\az3205doe.dll
C:\WINDOWS\system32\az32099oe.dll
C:\WINDOWS\system32\az3m0e71eh.dll
C:\WINDOWS\system32\az3o05h3e.dll
C:\WINDOWS\system32\az3ulc791f.dll
C:\WINDOWS\system32\az5205doe.dll
C:\WINDOWS\system32\az5m0e71eh.dll
C:\WINDOWS\system32\aza0033me.dll
C:\WINDOWS\system32\aza0071me.dll
C:\WINDOWS\system32\aza009hme.dll
C:\WINDOWS\system32\aza00ejmehoa0.dll
C:\WINDOWS\system32\aza00ghme64a0.dll
C:\WINDOWS\system32\aza205doe.dll
C:\WINDOWS\system32\aza2099oe.dll
C:\WINDOWS\system32\aza20g3oe6.dll
C:\WINDOWS\system32\aza4055qe.dll
C:\WINDOWS\system32\aza40a7qed.dll
C:\WINDOWS\system32\aza40efqeh2e0.dll
C:\WINDOWS\system32\aza40glqe6qe0.dll
C:\WINDOWS\system32\aza40idqe80e0.dll
C:\WINDOWS\system32\aza60chsef460.dll
C:\WINDOWS\system32\aza6la9s1d.dll
C:\WINDOWS\system32\aza6lifs1826.dll
C:\WINDOWS\system32\aza80e1ueh.dll
C:\WINDOWS\system32\aza8l39u1.dll
C:\WINDOWS\system32\aza8l51u1.dll
C:\WINDOWS\system32\aza8l7hu1.dll
C:\WINDOWS\system32\aza8lcju1fo8.dll
C:\WINDOWS\system32\aza8li7u18.dll
C:\WINDOWS\system32\azam07f1e.dll
C:\WINDOWS\system32\azam0e71eh.dll
C:\WINDOWS\system32\azao05h3e.dll
C:\WINDOWS\system32\azao0773e.dll
C:\WINDOWS\system32\azao0a33ed.dll
C:\WINDOWS\system32\azao0c93ef.dll
C:\WINDOWS\system32\azaol1931.dll
C:\WINDOWS\system32\azaq0335e.dll
C:\WINDOWS\system32\azaq0715e.dll
C:\WINDOWS\system32\azaq09h5e.dll
C:\WINDOWS\system32\azaq0cd5ef0.dll
C:\WINDOWS\system32\azaq0ej5eho.dll
C:\WINDOWS\system32\azaql9751.dll
C:\WINDOWS\system32\azas0997e.dll
C:\WINDOWS\system32\azas0af7ed2.dll
C:\WINDOWS\system32\azas0g37e6.dll
C:\WINDOWS\system32\azasl7371.dll
C:\WINDOWS\system32\azaslcf71f2.dll
C:\WINDOWS\system32\azasled71h0.dll
C:\WINDOWS\system32\azaslel71hq.dll
C:\WINDOWS\system32\azaslgd7160.dll
C:\WINDOWS\system32\azau0id9e80.dll
C:\WINDOWS\system32\azaul7l91.dll
C:\WINDOWS\system32\azaulah91d4.dll
C:\WINDOWS\system32\azaulc791f.dll
C:\WINDOWS\system32\azaulcf91f2.dll
C:\WINDOWS\system32\azaulg5916.dll
C:\WINDOWS\system32\azc009hme.dll
C:\WINDOWS\system32\azc205doe.dll
C:\WINDOWS\system32\azc2099oe.dll
C:\WINDOWS\system32\azc20g3oe6.dll
C:\WINDOWS\system32\azc8lcju1fo8.dll
C:\WINDOWS\system32\azcm0e71eh.dll
C:\WINDOWS\system32\azco05h3e.dll
C:\WINDOWS\system32\azcq0cd5ef0.dll
C:\WINDOWS\system32\azcs0g37e6.dll
C:\WINDOWS\system32\azculc791f.dll
C:\WINDOWS\system32\aze205doe.dll
C:\WINDOWS\system32\aze2099oe.dll
C:\WINDOWS\system32\azem0e71eh.dll
C:\WINDOWS\system32\azeo05h3e.dll
C:\WINDOWS\system32\azg205doe.dll
C:\WINDOWS\system32\batsprx2.dll
C:\WINDOWS\system32\bctsprx2.dll
C:\WINDOWS\system32\bihci.dll
C:\WINDOWS\system32\bihserv.dll
C:\WINDOWS\system32\bjowser.dll
C:\WINDOWS\system32\bJtt.dll
C:\WINDOWS\system32\bmhserv.dll
C:\WINDOWS\system32\bpowselc.dll
C:\WINDOWS\system32\bVsesrv.dll
C:\WINDOWS\system32\c4002edmgh0a2.dll
C:\WINDOWS\system32\cbmodem.dll
C:\WINDOWS\system32\ccsbrkr.dll
C:\WINDOWS\system32\cDtsrvut.dll
C:\WINDOWS\system32\cempobj.dll
C:\WINDOWS\system32\cEtsrvps.dll
C:\WINDOWS\system32\cfcfg32.dll
C:\WINDOWS\system32\cfseqchk.dll
C:\WINDOWS\system32\cfyptui.dll
C:\WINDOWS\system32\ckPasswd.dll
C:\WINDOWS\system32\ckyptsvc.dll
C:\WINDOWS\system32\cmmcat.dll
C:\WINDOWS\system32\CndbLangJA.dll
C:\WINDOWS\system32\cPiscii.dll
C:\WINDOWS\system32\cPmocx.dll
C:\WINDOWS\system32\cpseqchk.dll
C:\WINDOWS\system32\ctyptui.dll
C:\WINDOWS\system32\cviconfg.dll
C:\WINDOWS\system32\cyPasswd.dll
C:\WINDOWS\system32\d8j02i1mg8.dll
C:\WINDOWS\system32\d8j0li1m18.dll
C:\WINDOWS\system32\damstor.dll
C:\WINDOWS\system32\dbstyle.dll
C:\WINDOWS\system32\dEtaclen.dll
C:\WINDOWS\system32\dgcprop.dll
C:\WINDOWS\system32\dhsec.dll
C:\WINDOWS\system32\diskadp.dll
C:\WINDOWS\system32\djutil.dll
C:\WINDOWS\system32\dKdim.dll
C:\WINDOWS\system32\dmauth.dll
C:\WINDOWS\system32\dn8001lme.dll
C:\WINDOWS\system32\dn8201loe.dll
C:\WINDOWS\system32\dnjm0111e.dll
C:\WINDOWS\system32\dnlo0133e.dll
C:\WINDOWS\system32\dnp6017se.dll
C:\WINDOWS\system32\dtmap.dll
C:\WINDOWS\system32\dwkquota.dll
C:\WINDOWS\system32\dwsynth.dll
C:\WINDOWS\system32\dXd8thk.dll
C:\WINDOWS\system32\dydmo.dll
C:\WINDOWS\system32\e0jmla111d.dll
C:\WINDOWS\system32\e4020edoeh0c0.dll
C:\WINDOWS\system32\e402ledo1h0c.dll
C:\WINDOWS\system32\e6020gdoe60c0.dll
C:\WINDOWS\system32\eb4ul1h91.dll
C:\WINDOWS\system32\ectmgr.dll
C:\WINDOWS\system32\ef4ul1h91.dll
C:\WINDOWS\system32\en00l1dm1.dll
C:\WINDOWS\system32\en46l1hs1.dll
C:\WINDOWS\system32\en4ul1h91.dll
C:\WINDOWS\system32\en6ol1j31.dll
C:\WINDOWS\system32\en8ql1l51.dll
C:\WINDOWS\system32\enn2l15o1.dll
C:\WINDOWS\system32\ennsl1571.dll
C:\WINDOWS\system32\enr8l19u1.dll
C:\WINDOWS\system32\enrol1931.dll
C:\WINDOWS\system32\f00olad31d0.dll
C:\WINDOWS\system32\f2l00c3mef.dll
C:\WINDOWS\system32\f4l02e3mgh.dll
C:\WINDOWS\system32\f82mlif1182.dll
C:\WINDOWS\system32\fdsxp32.dll
C:\WINDOWS\system32\fisst.dll
C:\WINDOWS\system32\fjrq0395e.dll
C:\WINDOWS\system32\fjscfgwz.dll
C:\WINDOWS\system32\fjsevent.dll
C:\WINDOWS\system32\fn0021dmg.dll
C:\WINDOWS\system32\fnl0213mg.dll
C:\WINDOWS\system32\fp4603hse.dll
C:\WINDOWS\system32\fp6003jme.dll
C:\WINDOWS\system32\fp8s03l7e.dll
C:\WINDOWS\system32\fpj0031me.dll
C:\WINDOWS\system32\fpj4031qe.dll
C:\WINDOWS\system32\fpjo0313e.dll
C:\WINDOWS\system32\fpl0033me.dll
C:\WINDOWS\system32\fPl02e3mgh.dll
C:\WINDOWS\system32\fplo0333e.dll
C:\WINDOWS\system32\fplq0335e.dll
C:\WINDOWS\system32\fprq0395e.dll
C:\WINDOWS\system32\ftj4031qe.dll
C:\WINDOWS\system32\ful0213mg.dll
C:\WINDOWS\system32\g0220afoed2c0.dll
C:\WINDOWS\system32\g6400ghme64a0.dll
C:\WINDOWS\system32\g6lm0g31e6.dll
C:\WINDOWS\system32\g8040idqe80e0.dll
C:\WINDOWS\system32\gp0ql3d51.dll
C:\WINDOWS\system32\gp46l3hs1.dll
C:\WINDOWS\system32\gp82l3lo1.dll
C:\WINDOWS\system32\gpj8l31u1.dll
C:\WINDOWS\system32\gpl0l33m1.dll
C:\WINDOWS\system32\gpnsl3571.dll
C:\WINDOWS\system32\gpr8l39u1.dll
C:\WINDOWS\system32\gprul3991.dll
C:\WINDOWS\system32\h20q0cd5ef0.dll
C:\WINDOWS\system32\h24m0ch1ef4.dll
C:\WINDOWS\system32\h4l2le3o1h.dll
C:\WINDOWS\system32\h6l20g3oe6.dll
C:\WINDOWS\system32\her0059me.dll
C:\WINDOWS\system32\hjicons.dll
C:\WINDOWS\system32\hK4m0ch1ef4.dll
C:\WINDOWS\system32\hr0205doe.dll
C:\WINDOWS\system32\hr4o05h3e.dll
C:\WINDOWS\system32\hr6205joe.dll
C:\WINDOWS\system32\hr8u05l9e.dll
C:\WINDOWS\system32\hrn4055qe.dll
C:\WINDOWS\system32\hrr0059me.dll
C:\WINDOWS\system32\hrrq0595e.dll
C:\WINDOWS\system32\i0lo0a33ed.dll
C:\WINDOWS\system32\i4240efqeh2e0.dll
C:\WINDOWS\system32\i4600ejmehoa0.dll
C:\WINDOWS\system32\i460lejm1hoa.dll
C:\WINDOWS\system32\i8nm0i51e8.dll
C:\WINDOWS\system32\ibitpki.dll
C:\WINDOWS\system32\ibxsap.dll
C:\WINDOWS\system32\icstFunc.dll
C:\WINDOWS\system32\idclass.dll
C:\WINDOWS\system32\igss.dll
C:\WINDOWS\system32\iifxdgps.dll
C:\WINDOWS\system32\iijp81k.dll
C:\WINDOWS\system32\ijakeng.dll
C:\WINDOWS\system32\imdkcs32.dll
C:\WINDOWS\system32\imstFunc.dll
C:\WINDOWS\system32\imwphbk.dll
C:\WINDOWS\system32\inign32.dll
C:\WINDOWS\system32\iosecsvc.dll
C:\WINDOWS\system32\iQsrad.dll
C:\WINDOWS\system32\ir0ul5d91.dll
C:\WINDOWS\system32\ir24l5fq1.dll
C:\WINDOWS\system32\ir2ul5f91.dll
C:\WINDOWS\system32\ir4ol5h31.dll
C:\WINDOWS\system32\ir84l5lq1.dll
C:\WINDOWS\system32\irj8l51u1.dll
C:\WINDOWS\system32\irjql5151.dll
C:\WINDOWS\system32\irlsl5371.dll
C:\WINDOWS\system32\irn4l55q1.dll
C:\WINDOWS\system32\irp6l57s1.dll
C:\WINDOWS\system32\issetup.dll
C:\WINDOWS\system32\iXlmdev5.dll
C:\WINDOWS\system32\ixm32.dll
C:\WINDOWS\system32\ixrtrmgr.dll
C:\WINDOWS\system32\j2n20c5oef.dll
C:\WINDOWS\system32\j2n2lc5o1f.dll
C:\WINDOWS\system32\j40sled71h0.dll
C:\WINDOWS\system32\j60s0gd7e60.dll
C:\WINDOWS\system32\j60slgd7160.dll
C:\WINDOWS\system32\j8p00i7me8.dll
C:\WINDOWS\system32\jPvart.dll
C:\WINDOWS\system32\jt0u07d9e.dll
C:\WINDOWS\system32\jt2607fse.dll
C:\WINDOWS\system32\jt2m07f1e.dll
C:\WINDOWS\system32\jt4q07h5e.dll
C:\WINDOWS\system32\jtj0071me.dll
C:\WINDOWS\system32\jtjq0715e.dll
C:\WINDOWS\system32\jtls0737e.dll
C:\WINDOWS\system32\jtpo0773e.dll
C:\WINDOWS\system32\jtrs0797e.dll
C:\WINDOWS\system32\jvproxy.dll
C:\WINDOWS\system32\k008ladu1d08.dll
C:\WINDOWS\system32\k0800almedqa0.dll
C:\WINDOWS\system32\k2lq0c35ef.dll
C:\WINDOWS\system32\k2lqlc351f.dll
C:\WINDOWS\system32\k4lq0e35eh.dll
C:\WINDOWS\system32\k4pm0e71eh.dll
C:\WINDOWS\system32\k826lifs1826.dll
C:\WINDOWS\system32\kacom.dll
C:\WINDOWS\system32\kadru1.dll
C:\WINDOWS\system32\kcdusa.dll
C:\WINDOWS\system32\kedhe319.dll
C:\WINDOWS\system32\kedit.dll
C:\WINDOWS\system32\kfdnecNT.dll
C:\WINDOWS\system32\khdbe.dll
C:\WINDOWS\system32\khdfc.dll
C:\WINDOWS\system32\kir2l79o1.dll
C:\WINDOWS\system32\kjdbr.dll
C:\WINDOWS\system32\kjdmlt47.dll
C:\WINDOWS\system32\klcom.dll
C:\WINDOWS\system32\kldibm02.dll
C:\WINDOWS\system32\kldlt1.dll
C:\WINDOWS\system32\km48l7hu1.dll
C:\WINDOWS\system32\kmda1.dll
C:\WINDOWS\system32\kndlt1.dll
C:\WINDOWS\system32\kO800almedqa0.dll
C:\WINDOWS\system32\kpdnecNT.dll
C:\WINDOWS\system32\kqdca.dll
C:\WINDOWS\system32\kt26l7fs1.dll
C:\WINDOWS\system32\kt48l7hu1.dll
C:\WINDOWS\system32\kt8ul7l91.dll
C:\WINDOWS\system32\ktl2l73o1.dll
C:\WINDOWS\system32\ktlsl7371.dll
C:\WINDOWS\system32\ktnml7511.dll
C:\WINDOWS\system32\ktpol7731.dll
C:\WINDOWS\system32\ktr2l79o1.dll
C:\WINDOWS\system32\kudcan.dll
C:\WINDOWS\system32\kudjpn.dll
C:\WINDOWS\system32\kudru1.dll
C:\WINDOWS\system32\kvdfi.dll
C:\WINDOWS\system32\kxdlt1.dll
C:\WINDOWS\system32\kydmac.dll
C:\WINDOWS\system32\l02s0af7ed2.dll
C:\WINDOWS\system32\l22slcf71f2.dll
C:\WINDOWS\system32\l26olcj31fo.dll
C:\WINDOWS\system32\l4j80e1ueh.dll
C:\WINDOWS\system32\l64q0gh5e64.dll
C:\WINDOWS\system32\l80u0id9e80.dll
C:\WINDOWS\system32\LAXP2P32.DLL
C:\WINDOWS\system32\ljxlmpm.dll
C:\WINDOWS\system32\lkpsd11n.dll
C:\WINDOWS\system32\lnrhelp.dll
C:\WINDOWS\system32\LRBLGF.DLL
C:\WINDOWS\system32\lrcdll.dll
C:\WINDOWS\system32\lt4027hmg.dll
C:\WINDOWS\system32\lv4009hme.dll
C:\WINDOWS\system32\lv4q09h5e.dll
C:\WINDOWS\system32\lvj2091oe.dll
C:\WINDOWS\system32\lvl4093qe.dll
C:\WINDOWS\system32\lvpq0975e.dll
C:\WINDOWS\system32\lvr2099oe.dll
C:\WINDOWS\system32\lvrs0997e.dll
C:\WINDOWS\system32\LWamCpl.dll
C:\WINDOWS\system32\lxcalsec.dll
C:\WINDOWS\system32\lyrmonui.dll
C:\WINDOWS\system32\m0nqla551d.dll
C:\WINDOWS\system32\m0rm0a91ed.dll
C:\WINDOWS\system32\m2460chsef460.dll
C:\WINDOWS\system32\m282lclo1fqc.dll
C:\WINDOWS\system32\m4pole731h.dll
C:\WINDOWS\system32\m6ls0g37e6.dll
C:\WINDOWS\system32\m6lslg3716.dll
C:\WINDOWS\system32\m8280ifue8280.dll
C:\WINDOWS\system32\maexcl40.dll
C:\WINDOWS\system32\maimg32.dll
C:\WINDOWS\system32\majava.dll
C:\WINDOWS\system32\mbdsrv32.dll
C:\WINDOWS\system32\mbhcp.dll
C:\WINDOWS\system32\mbvidctl.dll
C:\WINDOWS\system32\mdcomput.dll
C:\WINDOWS\system32\mehcp.dll
C:\WINDOWS\system32\merle32.dll
C:\WINDOWS\system32\mexclu.dll
C:\WINDOWS\system32\mhdtcuiu.dll
C:\WINDOWS\system32\mhgsvc.dll
C:\WINDOWS\system32\mjr.dll
C:\WINDOWS\system32\mljet35.dll
C:\WINDOWS\system32\mmawt.dll
C:\WINDOWS\system32\mmltus40.dll
C:\WINDOWS\system32\mn28l9fu1.dll
C:\WINDOWS\system32\mnvci70.dll
C:\WINDOWS\system32\mogsvc.dll
C:\WINDOWS\system32\mpctfp.dll
C:\WINDOWS\system32\mv04l9dq1.dll
C:\WINDOWS\system32\mv0ul9d91.dll
C:\WINDOWS\system32\mv28l9fu1.dll
C:\WINDOWS\system32\mv2ol9f31.dll
C:\WINDOWS\system32\mv8ml9l11.dll
C:\WINDOWS\system32\mv8ql9l51.dll
C:\WINDOWS\system32\mvidntld.dll
C:\WINDOWS\system32\mvlvw7.dll
C:\WINDOWS\system32\mvn6l95s1.dll
C:\WINDOWS\system32\mvp0l97m1.dll
C:\WINDOWS\system32\mvpql9751.dll
C:\WINDOWS\system32\mwdtcuiu.dll
C:\WINDOWS\system32\mxaudite.dll
C:\WINDOWS\system32\myricons.dll
C:\WINDOWS\system32\myvcr71.dll
C:\WINDOWS\system32\mzjter40.dll
C:\WINDOWS\system32\mzvcp70.dll
C:\WINDOWS\system32\mzvcp71.dll
C:\WINDOWS\system32\n0p40a7qed.dll
C:\WINDOWS\system32\n0p4la7q1d.dll
C:\WINDOWS\system32\n22u0cf9ef2.dll
C:\WINDOWS\system32\n22ulcf91f2.dll
C:\WINDOWS\system32\n46q0ej5eho.dll
C:\WINDOWS\system32\nfiew.dll
C:\WINDOWS\system32\ngoglnt.dll
C:\WINDOWS\system32\ngrsit.dll
C:\WINDOWS\system32\ngrsnl.dll
C:\WINDOWS\system32\Nhindeo.dll
C:\WINDOWS\system32\nirszht.dll
C:\WINDOWS\system32\nkrsnl.dll
C:\WINDOWS\system32\nn4_disp.dll
C:\WINDOWS\system32\norsit.dll
C:\WINDOWS\system32\notui1.dll
C:\WINDOWS\system32\nrrspt.dll
C:\WINDOWS\system32\numsmgr.dll
C:\WINDOWS\system32\nytui2.dll
C:\WINDOWS\system32\nzrsnl.dll
C:\WINDOWS\system32\o0ro0a93ed.dll
C:\WINDOWS\system32\o2ns0c57ef.dll
C:\WINDOWS\system32\o2nslc571f.dll
C:\WINDOWS\system32\o2pqlc751f.dll
C:\WINDOWS\system32\o2ro0c93ef.dll
C:\WINDOWS\system32\o448lehu1h48.dll
C:\WINDOWS\system32\o466lejs1ho6.dll
C:\WINDOWS\system32\o6840glqe6qe0.dll
C:\WINDOWS\system32\o684lglq16qe.dll
C:\WINDOWS\system32\ocbc32gt.dll
C:\WINDOWS\system32\oce2.dll
C:\WINDOWS\system32\ocuninst.dll
C:\WINDOWS\system32\ofesvr.dll
C:\WINDOWS\system32\okesvr32.dll
C:\WINDOWS\system32\olbcji32.dll
C:\WINDOWS\system32\onbc32.dll
C:\WINDOWS\system32\opeprn.dll
C:\WINDOWS\system32\Osmdspif.dll
C:\WINDOWS\system32\ovbcji32.dll
C:\WINDOWS\system32\owuninst.dll
C:\WINDOWS\system32\oxe2disp.dll
C:\WINDOWS\system32\oyengl32.dll
C:\WINDOWS\system32\oyhlp30e.dll
C:\WINDOWS\system32\p04ulah91d4.dll
C:\WINDOWS\system32\p4p60e7seh.dll
C:\WINDOWS\system32\p4p6le7s1h.dll
C:\WINDOWS\system32\p66s0gj7e6o.dll
C:\WINDOWS\system32\p66slgj716o.dll
C:\WINDOWS\system32\pbflbmsg.dll
C:\WINDOWS\system32\pcotowiz.dll
C:\WINDOWS\system32\pDpnetsh.dll
C:\WINDOWS\system32\pgintui.dll
C:\WINDOWS\system32\phapi.dll
C:\WINDOWS\system32\PmthonCOM22.dll
C:\WINDOWS\system32\pqisdecd.dll
C:\WINDOWS\system32\psdgen.dll
C:\WINDOWS\system32\psrfos.dll
C:\WINDOWS\system32\ptisdecd.dll
C:\WINDOWS\system32\pwpusd.dll
C:\WINDOWS\system32\pyintui.dll
C:\WINDOWS\system32\pzustab.dll
C:\WINDOWS\system32\q068laju1do8.dll
C:\WINDOWS\system32\q268lcju1fo8.dll
C:\WINDOWS\system32\q4nule591h.dll
C:\WINDOWS\system32\q6nulg5916.dll
C:\WINDOWS\system32\q8860ilse8q60.dll
C:\WINDOWS\system32\qrartz.dll
C:\WINDOWS\system32\qTnulg5916.dll
C:\WINDOWS\system32\r0r6la9s1d.dll
C:\WINDOWS\system32\r28s0cl7efq.dll
C:\WINDOWS\system32\r48slel71hq.dll
C:\WINDOWS\system32\r8p8li7u18.dll
C:\WINDOWS\system32\rjnd.dll
C:\WINDOWS\system32\rjpcfgex.dll
C:\WINDOWS\system32\rkvpsp.dll
C:\WINDOWS\system32\romotepg.dll
C:\WINDOWS\system32\ror20.dll
C:\WINDOWS\system32\ruvpsp.dll
C:\WINDOWS\system32\rvpwsx.dll
C:\WINDOWS\system32\rXsmxs.dll
C:\WINDOWS\system32\rzcss.dll
C:\WINDOWS\system32\s0pu0a79ed.dll
C:\WINDOWS\system32\s2pulc791f.dll
C:\WINDOWS\system32\SGMONW32.dll
C:\WINDOWS\system32\siell.dll
C:\WINDOWS\system32\sirobj.dll
C:\WINDOWS\system32\siscrap.dll
C:\WINDOWS\system32\situpdll.dll
C:\WINDOWS\system32\sne.dll
C:\WINDOWS\system32\sofolder.dll
C:\WINDOWS\system32\soorprop.dll
C:\WINDOWS\system32\susbkup.dll
C:\WINDOWS\system32\sWfrcdlg.dll
C:\WINDOWS\system32\swi_ci.dll
C:\WINDOWS\system32\SXMONW32.dll
C:\WINDOWS\system32\t2r80c9uef.dll
C:\WINDOWS\system32\t68u0gl9e6q.dll
C:\WINDOWS\system32\tqappcmp.dll
C:\WINDOWS\system32\tyext.dll
C:\WINDOWS\system32\ubrsvpia.dll
C:\WINDOWS\system32\ucrvpa.dll
C:\WINDOWS\system32\uhnpui.dll
C:\WINDOWS\system32\uknpui.dll
C:\WINDOWS\system32\umiime.dll
C:\WINDOWS\system32\ump10.dll
C:\WINDOWS\system32\uviime.dll
C:\WINDOWS\system32\uyl.dll
C:\WINDOWS\system32\uzrrtosa.dll
C:\WINDOWS\system32\uzrsvpia.dll
C:\WINDOWS\system32\VLDisply.dll
C:\WINDOWS\system32\vppodbc.dll
C:\WINDOWS\system32\vur.dll
C:\WINDOWS\system32\wcbhits.dll
C:\WINDOWS\system32\wdock32.dll
C:\WINDOWS\system32\wdpshell.dll
C:\WINDOWS\system32\wepshell.dll
C:\WINDOWS\system32\whock32.dll
C:\WINDOWS\system32\wip.dll
C:\WINDOWS\system32\WKDMPS.dll
C:\WINDOWS\system32\wlpdxm.dll
C:\WINDOWS\system32\woninet.dll
C:\WINDOWS\system32\wpbcheck.dll
C:\WINDOWS\system32\wradefui.dll
C:\WINDOWS\system32\wsnipsec.dll
C:\WINDOWS\system32\wtsys.dll
C:\WINDOWS\system32\wwsdmoe.dll
C:\WINDOWS\system32\wxaueng.dll
C:\WINDOWS\system32\wYvemsp.dll
C:\WINDOWS\system32\WZDMPS.dll




(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\deskbar.exe
C:\deskbar_e31.exe
C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\newname.dat
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\taskkill.com
C:\INSTALL.LOG
C:\tigen001.exe
C:\WINDOWS\offun.exe
C:\Program Files\Common Files\{3C853~1
C:\Program Files\Common Files\{9C853~1
C:\Program Files\Deskbar
C:\Program Files\InetGet2


((((((((((((((((((((((((((((((( Files Created from 2007-01-06 to 2007-02-06 ))))))))))))))))))))))))))))))))))


2007-02-06 15:55 <DIR> d-------- C:\WINDOWS\ERDNT
2007-02-05 17:16 <DIR> d-------- C:\hijackthis
2007-02-04 21:58 234,226 -r--s---- C:\WINDOWS\system32\xfsp3res.dll
2007-02-04 21:16 2,560 --a------ C:\Program Files\dellater.exe
2007-02-04 21:04 2,560 --a------ C:\dellater.exe
2007-02-04 20:04 78,336 --a------ C:\WINDOWS\wnu_205.exe
2007-02-04 20:04 3 --a------ C:\WINDOWS\unq32.dat
2007-02-04 19:22 <DIR> d-------- C:\DOCUME~1\Fix\Application Data\Apple Computer
2007-02-04 17:54 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-02-04 17:02 52,161 --a------ C:\DOCUME~1\Fix\mt-uninstaller.exe
2007-02-04 16:47 <DIR> d-------- C:\DOCUME~1\Fix\Application Data\Lavasoft
2007-02-04 16:29 <DIR> d-------- C:\DOCUME~1\Fix\Application Data\AOL
2007-02-04 16:28 <DIR> d-------- C:\DOCUME~1\Fix\Application Data\Real
2007-02-04 16:27 1,048,576 --ah----- C:\DOCUME~1\Fix\NTUSER.DAT
2007-02-04 16:27 <DIR> d-a------ C:\DOCUME~1\Fix\WINDOWS
2007-02-04 16:27 <DIR> d-a------ C:\DOCUME~1\Fix\Application Data\Symantec
2007-02-04 16:27 <DIR> d-a------ C:\DOCUME~1\Fix\Application Data\Sonic
2007-02-04 16:27 <DIR> d-a------ C:\DOCUME~1\Fix\Application Data\SampleView
2007-02-04 16:27 <DIR> d-a------ C:\DOCUME~1\Fix\.javaws
2007-02-04 16:17 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-02-04 16:17 <DIR> d-a------ C:\DOCUME~1\ADMINI~1\WINDOWS
2007-02-04 16:17 <DIR> d-a------ C:\DOCUME~1\ADMINI~1\Application Data\Symantec
2007-02-04 16:17 <DIR> d-a------ C:\DOCUME~1\ADMINI~1\Application Data\Sonic
2007-02-04 16:17 <DIR> d-a------ C:\DOCUME~1\ADMINI~1\Application Data\SampleView
2007-02-04 16:17 <DIR> d-a------ C:\DOCUME~1\ADMINI~1\.javaws
2007-01-21 13:10 233,497 -r--s---- C:\WINDOWS\system32\fgsres.dll
2007-01-20 23:56 233,497 -r--s---- C:\WINDOWS\system32\phort_res.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-04 20:35 -------- d--h----- C:\Program Files\installshield installation information
2007-02-04 20:02 -------- d-------- C:\Program Files\Common Files\logitech
2007-02-04 19:22 -------- d-------- C:\Documents and Settings\Fix\Application Data\apple computer
2007-02-04 18:20 -------- d-------- C:\Program Files\logitech
2007-02-04 18:02 -------- d-a------ C:\Documents and Settings\Fix\Application Data\microsoft
2007-02-04 16:47 -------- d-------- C:\Documents and Settings\Fix\Application Data\lavasoft
2007-02-04 16:29 -------- d-------- C:\Documents and Settings\Fix\Application Data\aol
2007-02-04 16:28 -------- d-------- C:\Documents and Settings\Fix\Application Data\real
2006-12-05 19:20 233497 -r--s---- C:\WINDOWS\system32\nxwrses.dll
2006-11-29 16:43 43520 --a------ C:\WINDOWS\system32\cmdlineext03.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech Desktop Messenger.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\%FP%Friendly fts.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fts"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\VoyagerTest\\fts.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCXMNTR"
"hkey"="HKLM"
"command"="ALCXMNTR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccRegVfy"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csrss]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dfndrff_e33"
"hkey"="HKLM"
"command"="C:\\\\dfndrff_e33.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dfndrff_e33"
"hkey"="HKLM"
"command"="C:\\\\dfndrff_e33.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dslagent"
"hkey"="HKLM"
"command"="dslagent.exe USB"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GSICONEXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="gsicon"
"hkey"="HKLM"
"command"="gsicon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\hkcmd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpsysdrv"
"hkey"="HKLM"
"command"="c:\\windows\\system\\hpsysdrv.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IMJPMIG"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IndexSearch"
"hkey"="HKLM"
"command"="C:\\Program Files\\Scansoft\\PaperPort\\IndexSearch.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cfgwiz"
"hkey"="HKLM"
"command"="C:\\Program Files\\Norton Internet Security\\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE \"REBOOT\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kybrdff_e33"
"hkey"="HKLM"
"command"="C:\\\\kybrdff_e33.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BackWeb-8876480"
"hkey"="HKCU"
"command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISStart"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ImScInst"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwnmff_e33"
"hkey"="HKLM"
"command"="C:\\\\nwnmff_e33.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Norton SystemWorks\\Norton Ghost\\Agent\\GhostTray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton SystemWorks]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cfgwiz"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OneTouchMon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Xerox One Touch\\OneTouchMon.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAS_Check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="udcpas"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\DriveCleaner 2006 Free\\udcpas.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PP8 Reminder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="navLoad"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Scansoft\\PaperPort\\WebEreg\\NAVBrowser.exe\" -r \"C:\\Program Files\\Scansoft\\PaperPort\\WebEreg\\navLoad.ini\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ps2"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\ps2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pVRV3eP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ujtnzbw"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\ujtnzbw.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qmpxrngA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qmpxrngA"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\qmpxrngA.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RECGUARD"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6_Check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="udcsdr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\DriveCleaner 2006 Free\\udcsdr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_05\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svdhost]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="svdhost"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\1031\\svdhost.lnk"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vcqpg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="anfvfa"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\anfvfa.exe reg_run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VTTimer"
"hkey"="HKLM"
"command"="VTTimer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="start"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\system32\\1031\\start.lnk\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{53-3A-A5-58-ZN}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dwdsregt"
"hkey"="HKLM"
"command"="C:\\windows\\system32\\dwdsregt.exe GEN001"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=dword:00000002
"NISUM"=dword:00000002
"ccPxySvc"=dword:00000002
"ccEvtMgr"=dword:00000002
"Speed Disk service"=dword:00000002
"SPBBCSvc"=dword:00000003
"SNDSrvc"=dword:00000003
"SAVScan"=dword:00000003
"NSCService"=dword:00000003
"NProtectService"=dword:00000002
"NPFMntor"=dword:00000002
"Norton Ghost"=dword:00000002
"navapsvc"=dword:00000002
"ccSetMgr"=dword:00000002
"comHost"=dword:00000003
"ccProxy"=dword:00000002
"ccISPwdSvc"=dword:00000003
"xmlprov"=dword:00000003
"WZCSVC"=dword:00000002
"wuauserv"=dword:00000002
"WmiApSrv"=dword:00000003
"WmdmPmSN"=dword:00000003
"winmgmt"=dword:00000002
"Windows Overlay Components"=dword:00000002
"WebClient"=dword:00000002
"W32Time"=dword:00000002
"VSS"=dword:00000003
"UPS"=dword:00000003
"upnphost"=dword:00000003
"UMWdf"=dword:00000002
"TrkWks"=dword:00000002
"Themes"=dword:00000002
"TermService"=dword:00000003
"TapiSrv"=dword:00000003
"SysmonLog"=dword:00000003
"SwPrv"=dword:00000003
"stisvc"=dword:00000002
"SSDPSRV"=dword:00000003
"Spooler"=dword:00000002
"ShellHWDetection"=dword:00000002
"SENS"=dword:00000002
"seclogon"=dword:00000002
"Schedule"=dword:00000002
"SCardSvr"=dword:00000003
"SamSs"=dword:00000002
"RSVP"=dword:00000003
"RDSessMgr"=dword:00000003
"RasMan"=dword:00000003
"RasAuto"=dword:00000002
"ProtectedStorage"=dword:00000002
"PolicyAgent"=dword:00000002
"PlugPlay"=dword:00000002
"NtmsSvc"=dword:00000003
"NtLmSsp"=dword:00000003
"Nla"=dword:00000003
"Netman"=dword:00000003
"Netlogon"=dword:00000003
"MSIServer"=dword:00000003
"MSDTC"=dword:00000003
"mnmsrvc"=dword:00000003
"LmHosts"=dword:00000002
"LexBceS"=dword:00000002
"lanmanworkstation"=dword:00000002
"lanmanserver"=dword:00000002
"iPodService"=dword:00000003
"ImapiService"=dword:00000003
"IDriverT"=dword:00000003
"HTTPFilter"=dword:00000003
"helpsvc"=dword:00000002
"GEARSecurity"=dword:00000002
"Fax"=dword:00000003
"FastUserSwitchingCompatibility"=dword:00000003
"EventSystem"=dword:00000003
"Eventlog"=dword:00000002
"ERSvc"=dword:00000002
"Dnscache"=dword:00000002
"dmserver"=dword:00000003
"dmadmin"=dword:00000003
"Dhcp"=dword:00000002
"CryptSvc"=dword:00000003
"COMSysApp"=dword:00000003
"CiSvc"=dword:00000003
"Browser"=dword:00000002
"BITS"=dword:00000002
"AudioSrv"=dword:00000002
"Ati HotKey Poller"=dword:00000002
"aspnet_state"=dword:00000003
"AppMgmt"=dword:00000003
"AOLService"=dword:00000002
"AOL ACS"=dword:00000002
"ALG"=dword:00000003

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wbsys.dll"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec Network Driver Update Warning"="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\SNDWarn.EXE"
"Symantec NetDriver Warning"="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\SNDWarn.EXE"
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Symantec Network Driver Update Warning"="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\SNDWarn.EXE"
"Symantec NetDriver Warning"="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\SNDWarn.EXE"
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command D:\Info.exe folder.htt 480 480

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14afc656-2ce6-11d8-877c-806d6172696f}]
Shell\AutoRun\command D:\Info.exe folder.htt 480 480


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-06 15:59:23



---------------------------------------------------------------
---------------------------------------------------------------
---------------------------------------------------------------
---------------------------------------------------------------

Here is the HJT Log.

Logfile of HijackThis v1.99.1
Scan saved at 16:02:37, on 06/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tesco.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qgb9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qgb9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qgb9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.tesco.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tesco.net
O2 - BHO: Glwcick Class - {BDF4E4DF-B6BB-4ECE-8CD9-1880DEC7B82F} - C:\WINDOWS\system32\lqe2z.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O4 - HKLM\..\Run: [{53-3A-A5-58-ZN}] C:\windows\system32\dwdsregt.exe GEN001
O4 - HKLM\..\Run: [Yahoo] "C:\WINDOWS\system32\1031\start.lnk"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [svdhost] C:\WINDOWS\system32\1031\svdhost.lnk
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [SDR6_Check] "C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [qmpxrngA] C:\WINDOWS\qmpxrngA.exe
O4 - HKLM\..\Run: [pVRV3eP] C:\WINDOWS\system32\ujtnzbw.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PP8 Reminder] "C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PAS_Check] "C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe"
O4 - HKLM\..\Run: [OneTouch Monitor] "C:\Program Files\Xerox One Touch\OneTouchMon.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e33.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e33.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e33.exe
O4 - HKLM\..\Run: [csrss] C:\\dfndrff_e33.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKCU\..\Run: [vcqpg] C:\WINDOWS\system32\anfvfa.exe reg_run
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files...reeInstall.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molb...4/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\qmpxrng.exe
mrqwerty is offline