Lost Notification Icons, Couldn't Call Up Task Manager

101Kevin · 06-27-2008, 05:46 PM

Currently whatever is on my computer won't let me access Windows Update. The last updates I would have had are a few days ago using automatic updating.

I first had a problem when i opened an old video file and the computer tried opening Limewire (I had previously removed it from my system). Soon I lost my Notification area Icons and couldnt open Task Manager. I got an error on a dll called hyiobokr.dll in the Windows\System32 directory.

Very soon popups for Vista Antivirus and Spybot Activescan showed up, with others as well. All these were closed without accessing anything on them.

I performed the actions in your first five steps, I now have the Notification Items back and can call up Task Manager. I still have random popups occurring when I am using the web browser and even when I am not using it. I use IE 7 and Firefox 3.

My Hijack This Log is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 11:20:46 AM, on 6/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
C:\Program Files\Felitec\Mindful\Mindful.exe
C:\Program Files\Password Keychain\Passkeychain.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Topmost Clock\TopMostClock.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ePrompter\ePrompter.exe
C:\Program Files\Memento\Memento.exe
C:\DOCUME~1\Kevin\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Kevin\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://en.ca.acer.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: {24c1a1e1-a526-0088-9e34-a5c17f50c941} - {149c05f7-1c5a-43e9-8800-625a1e1a1c42} - C:\WINDOWS\system32\gpjaeakl.dll
O2 - BHO: AltaVista Toolbar - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\WINDOWS\DOWNLO~1\ALTAVI~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57D10F85-165C-4DB4-91C6-DEBDE891B3C1} - C:\WINDOWS\system32\qoMfgGyv.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: (no name) - {A9927246-1005-4662-BAE5-D450B9919F83} - C:\WINDOWS\system32\hgGvTmLE.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: AltaVista Toolbar - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\WINDOWS\DOWNLO~1\ALTAVI~1.DLL
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O4 - HKLM\..\Run: [Preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [cwcptray] C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
O4 - HKLM\..\Run: [Mindful] C:\Program Files\Felitec\Mindful\Mindful.exe
O4 - HKLM\..\Run: [Password Keychain] C:\Program Files\Password Keychain\Passkeychain.exe /H
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\Kevin\svchost.exe
O4 - HKLM\..\Run: [8c236871] rundll32.exe "C:\WINDOWS\system32\hyiobokr.dll",b
O4 - HKLM\..\Run: [BM8f105bed] Rundll32.exe "C:\WINDOWS\system32\ruuokcwc.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA3405] command /c del "C:\WINDOWS\system32\hgGvTmLE.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2897] cmd /c del "C:\WINDOWS\system32\hgGvTmLE.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TopmostClock] C:\Program Files\Topmost Clock\TopMostClock.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB1379] command /c del "C:\WINDOWS\system32\hgGvTmLE.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7077] cmd /c del "C:\WINDOWS\system32\hgGvTmLE.dll_old"
O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe
O4 - Startup: Memento.lnk = C:\Program Files\Memento\Memento.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: AltaVista Search - file://C:\Program Files\ALTAVISTA Toolbar\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: Translate - file://C:\Program Files\ALTAVISTA Toolbar\Cache\SelectedContextTranslation.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {21E0CB95-1198-4945-A3D2-4BF804295F78} (IDrop) - http://www.spiraxsarco.com/resources/cad/xml/idrop.cab
O16 - DPF: {48E59293-9880-11CF-9754-00AA00C00908} (Microsoft Internet Transfer Control 6.0 (SP6)) - http://aceonline2.armlink.com/GDC/GdcActiveX/msinet.cab
O16 - DPF: {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} (AltaVista Toolbar) - http://toolbar.altavista.com/static/...b?r=1206035944
O16 - DPF: {58A968A5-E3CE-4743-9CE4-A27357009527} (ComponentOne Chart 8.0 2D Control) - http://aceonline2.armlink.com/GDC/Gd...lch2x8dd11.cab
O16 - DPF: {86CEEA40-5887-4091-977F-14A8C7DAF932} (RapidsUICommon.CommonValidator) - http://aceonline.armlink.com/control...dsUICommon.ocx
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9AD9B5EB-F9E0-47D4-B20F-C29D58C6F5E1} (IndeXMap Class) - http://alta.registries.gov.ab.ca/Spi...WayToIndex.CAB
O16 - DPF: {9FBE7848-184D-429B-83DB-DA5632BD9DB6} (GridContainerDlg Class) - http://aceonline2.armlink.com/GDC/Gd...eX/ACEGrid.cab
O16 - DPF: {B102CE69-5C2F-4363-9E6D-C61B61FD92DD} (OGGPlay.UserControl1) - http://cjry.streamonfiber.com/player/oggplay.CAB
O16 - DPF: {B221B6B1-8B09-4204-9C47-F0845A34DB8B} (RapidsRuleEngine.CtrlRapidsRule) - http://aceonline2.armlink.com/GDC/Gd...RuleEngine.cab
O16 - DPF: {C728B912-5826-4B59-B3F0-1001A0163E14} (PumpDynamicCurveCtrl Ver2 Class) - http://aceonline2.armlink.com/GDC/Gd...RemoteVer2.cab
O16 - DPF: {C945E31A-102E-4A0D-8854-D599D7AED5FA} (ComponentOne FlexGrid 8.0 (OLEDB)) - http://aceonline.armlink.com/vslic/vsflex8.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Bio-Protection fingerprint solution\WinNotify.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: qoMfgGyv - C:\WINDOWS\SYSTEM32\qoMfgGyv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: ContentWatch (CwAltaService20) - ContentWatch, Inc. - C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

The Deckard's log is

Deckard's System Scanner v20071014.68
Run by Kevin on 2008-06-27 16:59:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
6: 2008-06-27 22:59:32 UTC - RP251 - Deckard's System Scanner Restore Point
5: 2008-06-27 19:56:49 UTC - RP250 - Removed Google Toolbar for Internet Explorer
4: 2008-06-27 19:38:51 UTC - RP249 - Installed Google Toolbar for Internet Explorer
3: 2008-06-27 19:37:04 UTC - RP248 - Installed Java(TM) 6 Update 6
2: 2008-06-27 17:56:19 UTC - RP247 - System Checkpoint

-- First Restore Point --
1: 2008-06-27 17:17:24 UTC - RP246 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-27 17:01:14
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Felitec\Mindful\Mindful.exe
C:\Program Files\Password Keychain\Passkeychain.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Topmost Clock\TopMostClock.exe
C:\DOCUME~1\Kevin\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ePrompter\ePrompter.exe
C:\Program Files\Memento\Memento.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Kevin\Desktop\Downloads\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://en.ca.acer.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {57D10F85-165C-4DB4-91C6-DEBDE891B3C1} - C:\WINDOWS\system32\qoMfgGyv.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A9927246-1005-4662-BAE5-D450B9919F83} - C:\WINDOWS\system32\hgGvTmLE.dll (file missing)
O2 - BHO: (no name) - {E02B7A2B-D956-428E-8A42-172346D8324E} - C:\WINDOWS\system32\hgGYrPij.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O4 - HKLM\..\Run: [Preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [cwcptray] C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
O4 - HKLM\..\Run: [Mindful] C:\Program Files\Felitec\Mindful\Mindful.exe
O4 - HKLM\..\Run: [Password Keychain] C:\Program Files\Password Keychain\Passkeychain.exe /H
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\Kevin\svchost.exe
O4 - HKLM\..\Run: [BM8f105bed] Rundll32.exe "C:\WINDOWS\system32\ljxhqtng.dll",s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [8c236871] rundll32.exe "C:\WINDOWS\system32\rhuoogwo.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TopmostClock] C:\Program Files\Topmost Clock\TopMostClock.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe
O4 - Startup: Memento.lnk = C:\Program Files\Memento\Memento.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\cwalsp.dll
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {21E0CB95-1198-4945-A3D2-4BF804295F78} (IDrop) - http://www.spiraxsarco.com/resources/cad/xml/idrop.cab
O16 - DPF: {48E59293-9880-11CF-9754-00AA00C00908} (Microsoft Internet Transfer Control 6.0 (SP6)) - http://aceonline2.armlink.com/GDC/GdcActiveX/msinet.cab
O16 - DPF: {58A968A5-E3CE-4743-9CE4-A27357009527} (ComponentOne Chart 8.0 2D Control) - http://aceonline2.armlink.com/GDC/Gd...lch2x8dd11.cab
O16 - DPF: {86CEEA40-5887-4091-977F-14A8C7DAF932} (RapidsUICommon.CommonValidator) - http://aceonline.armlink.com/control...dsUICommon.ocx
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_06) - http://dl8-cdn-01.sun.com/s/ESD42/JS...ws-i586-jc.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9AD9B5EB-F9E0-47D4-B20F-C29D58C6F5E1} (IndeXMap Class) - http://alta.registries.gov.ab.ca/Spi...WayToIndex.CAB
O16 - DPF: {9FBE7848-184D-429B-83DB-DA5632BD9DB6} (GridContainerDlg Class) - http://aceonline2.armlink.com/GDC/Gd...eX/ACEGrid.cab
O16 - DPF: {B102CE69-5C2F-4363-9E6D-C61B61FD92DD} (OGGPlay.UserControl1) - http://cjry.streamonfiber.com/player/oggplay.CAB
O16 - DPF: {B221B6B1-8B09-4204-9C47-F0845A34DB8B} (RapidsRuleEngine.CtrlRapidsRule) - http://aceonline2.armlink.com/GDC/Gd...RuleEngine.cab
O16 - DPF: {C728B912-5826-4B59-B3F0-1001A0163E14} (PumpDynamicCurveCtrl Ver2 Class) - http://aceonline2.armlink.com/GDC/Gd...RemoteVer2.cab
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeup...tent/opuc4.cab
O16 - DPF: {C945E31A-102E-4A0D-8854-D599D7AED5FA} (ComponentOne FlexGrid 8.0 (OLEDB)) - http://aceonline.armlink.com/vslic/vsflex8.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Bio-Protection fingerprint solution\WinNotify.dll
O20 - Winlogon Notify: qoMfgGyv - C:\WINDOWS\system32\qoMfgGyv.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: ContentWatch (CwAltaService20) - ContentWatch, Inc. - C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
O23 - Service: eLock Service (eLockService) - Unknown owner - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPCap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 16587 bytes

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\Program Files\Windows NT\Accessories\WORDPAD.EXE" "%1"

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 UBHelper - c:\windows\system32\drivers\ubhelper.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.6.0.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.6.0.0>
R2 EpmPsd (Acer EPM Power Scheme Driver) - c:\windows\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver>
R2 EpmShd (Acer EPM System Hardware Driver) - c:\windows\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 tvicport - c:\windows\system32\drivers\tvicport.sys <Not Verified; EnTech Taiwan; TVicPort Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
R2 zntport - c:\windows\system32\drivers\zntport.sys <Not Verified; Zeal SoftStudio; NTPort Library>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >

S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
S3 psdfilter - c:\windows\system32\drivers\psdfilter.sys <Not Verified; HiTRUST; >
S3 psdvdisk - c:\windows\system32\drivers\psdvdisk.sys <Not Verified; HiTRUST; >

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AdobeActiveFileMonitor (Adobe Active File Monitor) - c:\program files\adobe\photoshop elements 3.0\photoshopelementsfileagent.exe
R2 eLockService (eLock Service) - c:\acer\empowering technology\elock\service\elockserv.exe
R2 PhotoshopElementsDeviceConnect (Photoshop Elements Device Connect) - c:\program files\adobe\photoshop elements 3.0\photoshopelementsdeviceconnect.exe
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>

S2 BMUService (AutoBackup) - "c:\program files\memeo\autobackup\memeoservice.exe" <Not Verified; Memeo; AutoBackup>
S3 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) - c:\program files\magix\common\database\bin\fbserver.exe <Not Verified; MAGIX®; Firebird SQL Server - MAGIX Edition>
S3 SolidWorks Licensing Service - "c:\program files\common files\solidworks shared\service\solidworkslicensing.exe" <Not Verified; SolidWorks; SolidWorks Licensing Service>
S3 UPnPService - c:\program files\common files\magix shared\upnpservice\upnpservice.exe <Not Verified; Magix AG; UPnPService Module>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-06-27 16:49:28 422 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EECCD431-4D0D-425F-BB17-9010BA59FC57}.job
2008-06-27 11:37:29 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job

-- Files created between 2008-05-27 and 2008-06-27 -----------------------------

2008-06-27 16:47:35 0 d-------- C:\ie-spyad_zo
2008-06-27 16:39:12 0 d-------- C:\Program Files\SpywareBlaster
2008-06-27 14:22:11 0 d-------- C:\WINDOWS\LastGood
2008-06-27 14:21:29 0 d-------- C:\Program Files\Panda Security
2008-06-27 13:38:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-06-27 13:37:09 0 d-------- C:\Program Files\Common Files\Java
2008-06-27 11:45:45 87040 --a------ C:\WINDOWS\system32\rhuoogwo.dll
2008-06-27 11:42:46 104960 --a------ C:\WINDOWS\system32\qrsnlm.dll
2008-06-27 11:42:44 104960 --a------ C:\WINDOWS\system32\ueyvkjjt.dll
2008-06-27 11:40:24 94208 --a------ C:\WINDOWS\system32\ljxhqtng.dll
2008-06-27 11:39:44 539809 --ahs---- C:\WINDOWS\system32\jiPrYGgh.ini2
2008-06-27 11:39:38 285184 --a------ C:\WINDOWS\system32\hgGYrPij.dll
2008-06-27 10:14:56 0 dr-h----- C:\Documents and Settings\Kevin\Recent
2008-06-27 09:58:35 0 d-------- C:\!KillBox
2008-06-27 09:58:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-27 09:56:54 0 d-------- C:\Program Files\CCleaner
2008-06-26 10:37:49 108032 --a------ C:\WINDOWS\system32\gpjaeakl.dll
2008-06-26 10:31:49 95744 --a------ C:\WINDOWS\system32\ruuokcwc.dll
2008-06-25 12:37:03 2316 --ahs---- C:\WINDOWS\system32\ELmTvGgh.ini2
2008-06-25 12:32:28 0 d--hs---- C:\Documents and Settings\Kevin\!
2008-06-25 12:31:41 33792 --a------ C:\WINDOWS\system32\qoMfgGyv.dll
2008-06-25 12:31:38 0 d-------- C:\WINDOWS\system32\modtrux05
2008-06-24 15:18:37 5092864 --a------ C:\WINDOWS\system32\Craxdrt.dll <Not Verified; Seagate Software, Inc.; Crystal Reports 7.0 ActiveX Designer.>
2008-06-24 15:18:36 979456 --a------ C:\WINDOWS\system32\Pg32.dll <Not Verified; Three D Graphics; Presentation Graphics SDK>
2008-06-24 15:18:36 59392 --a------ C:\WINDOWS\system32\P2bbnd.dll <Not Verified; Seagate Software Information Management Group, Inc.; Crystal Reports For Windows>
2008-06-24 15:18:36 229888 --a------ C:\WINDOWS\system32\crpaig32.dll <Not Verified; Seagate Software, Information Management Group, Inc.; Crystal Reports Pro For Windows>
2008-06-24 15:18:35 748160 --a------ C:\WINDOWS\system32\Co2c40en.dll <Not Verified; ; Crystal Reports for Visual Basic>
2008-06-24 15:18:28 185344 --a------ C:\WINDOWS\patchw32.dll
2008-06-24 15:18:27 0 d-------- C:\Program Files\Common Files\PocketSoft
2008-06-24 15:18:21 0 d-------- C:\Program Files\Aerofin
2008-06-17 15:08:46 0 d-------- C:\Documents and Settings\Kevin\Application Data\Memento
2008-06-17 15:03:44 0 d-------- C:\Program Files\Memento
2008-06-14 21:45:07 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-06-14 21:43:36 0 d-------- C:\Documents and Settings\Kevin\Application Data\TOSHIBA
2008-06-14 21:42:13 0 d-------- C:\Program Files\Toshiba
2008-06-06 15:00:32 0 d-------- C:\Program Files\Engineering Power Tools - Plus Edition v2.0.4
2008-06-04 21:41:32 0 d-------- C:\DVDClone
2008-06-02 09:44:32 0 d-------- C:\Program Files\EasyDVDClone
2008-06-01 20:36:14 0 d-------- C:\Documents and Settings\Kevin\Application Data\dvdcss
2008-06-01 20:22:42 0 d-------- C:\Documents and Settings\Kevin\Application Data\CDBurnerXP_Soft
2008-06-01 20:02:19 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-06-01 20:02:18 0 d-------- C:\Program Files\DVD Shrink
2008-06-01 19:54:38 45056 --a------ C:\WINDOWS\system32\Wnaspi32.dll <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-06-01 19:54:38 16877 --a------ C:\WINDOWS\system32\drivers\Aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-06-01 19:54:38 3535 --a------ C:\WINDOWS\system\Wowpost.exe
2008-06-01 19:54:38 4455 --a------ C:\WINDOWS\system\Winaspi.dll
2008-06-01 13:22:30 0 d-------- C:\Documents and Settings\Kevin\Application Data\Roxio
2008-06-01 13:07:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Napster
2008-06-01 00

26 0 d-------- C:\Program Files\SequoiaView
2008-05-31 22:40:49 0 d-------- C:\Program Files\MagicDVDRipper
2008-05-30 17:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 17:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 17:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 17:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 17:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-27 12:55:30 0 d-------- C:\Program Files\gs
2008-05-27 12:49:53 0 --a------ C:\WINDOWS\advancedtiffeditor.dat

-- Find3M Report ---------------------------------------------------------------

2008-06-27 17:00:48 0 d-------- C:\Program Files\ePrompter
2008-06-27 13:56:51 0 d-------- C:\Program Files\Google
2008-06-27 13:41:42 0 d-------- C:\Documents and Settings\Kevin\Application Data\Mozilla
2008-06-27 13:38:41 0 d-------- C:\Program Files\Java
2008-06-27 13:37:09 0 d-------- C:\Program Files\Common Files
2008-06-24 15:18:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-19 09:13:21 0 d-------- C:\Documents and Settings\Kevin\Application Data\OpenOffice.org2
2008-06-16 20:34:32 264 --a------ C:\WINDOWS\system32\winsusrm.dll
2008-06-14 21:35:16 0 d-------- C:\Documents and Settings\Kevin\Application Data\AVG7
2008-06-10 13:30:57 0 d-------- C:\Program Files\JetAudio
2008-06-08 22:36:42 0 d-------- C:\Program Files\BearShare Applications
2008-06-06 20:14:38 0 d-------- C:\Program Files\DivX
2008-06-02 18:15:47 0 d-------- C:\Program Files\FanSelector
2008-05-30 08:55:34 0 d-------- C:\Program Files\MSECache
2008-05-27 18:36:53 0 d-------- C:\Program Files\Yahoo!
2008-05-27 18:31:29 0 d-------- C:\Program Files\ClearImage
2008-05-27 15:33:50 0 d-------- C:\Program Files\Advanced TIFF Editor
2008-05-27 09:08:14 0 d-------- C:\Program Files\Common Files\COWON
2008-05-25 17:47:58 0 d-------- C:\Program Files\Common Files\MAGIX Shared
2008-05-25 17:47:10 0 d-------- C:\Documents and Settings\Kevin\Application Data\MAGIX
2008-05-25 17:42:23 0 d-------- C:\Program Files\MAGIX
2008-05-22 16:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 16:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 16:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 16:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-21 10:29:20 349696 --a------ C:\WINDOWS\system32\cwalsp.dll <Not Verified; ContentWatch, Inc.; Alta>
2008-05-20 21:59:14 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-20 21:59:13 0 d-------- C:\Program Files\ToDoList
2008-05-20 21:59:13 0 d-------- C:\Program Files\Titus
2008-05-20 21:59:12 0 d-------- C:\Program Files\QuickTax Tracker
2008-05-20 21:59:11 0 d-------- C:\Program Files\iLuminaStarter
2008-05-20 21:59:10 0 d-------- C:\Program Files\Messenger
2008-05-20 21:59:08 0 d-------- C:\Program Files\FastStone Image Viewer
2008-05-20 21:59:08 0 d-------- C:\Program Files\DriCalc
2008-05-20 20:19:36 0 d-------- C:\Program Files\Memeo
2008-05-20 20:18:58 0 d-------- C:\Program Files\Seagate
2008-05-20 17:14:14 0 d-------- C:\Documents and Settings\Kevin\Application Data\DassaultSystemes
2008-05-20 11:23:15 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-20 09:41:18 0 d-------- C:\Program Files\Carmel
2008-05-19 09:11:08 0 d-------- C:\Documents and Settings\Kevin\Application Data\Skype
2008-05-19 09:10:17 0 d-------- C:\Program Files\WhatsRunning
2008-05-19 08:46:26 0 d-------- C:\Documents and Settings\Kevin\Application Data\skypePM
2008-05-16 16:02:14 0 d-------- C:\Program Files\AKVIS
2008-05-16 15:43:55 0 d-------- C:\Program Files\Pegasus Imaging
2008-05-16 14:37:15 0 d-------- C:\Program Files\Common Files\ClearImage
2008-05-16 14:37:01 0 d-------- C:\Program Files\iRondo
2008-05-16 14:11:03 0 d-------- C:\Program Files\Inlite
2008-05-16 12:46:17 0 d-------- C:\Program Files\Lavasoft
2008-05-16 12:45:59 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-11 01:51:27 0 d-------- C:\Program Files\QuickTime
2008-05-09 22:54:35 0 d-------- C:\Program Files\Launch Manager
2008-05-07 22:07:26 0 d-------- C:\Documents and Settings\Kevin\Application Data\CyberLink
2008-05-06 12:17:21 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-06 12:16:59 0 d-------- C:\Program Files\Common Files\Skype
2008-05-05 21:56:46 0 d-------- C:\Program Files\7-Zip
2008-05-01 11:18:15 0 d-------- C:\Program Files\Real
2008-05-01 11:18:15 0 d-------- C:\Program Files\Common Files\Real
2008-05-01 11:17:59 0 d-------- C:\Documents and Settings\Kevin\Application Data\Real
2008-04-30 17:08:23 0 d-------- C:\Documents and Settings\Kevin\Application Data\Logitech
2008-04-30 17:01:18 0 d-------- C:\Program Files\Common Files\Logishrd
2008-04-30 17:00:56 0 d-------- C:\Program Files\Logitech
2008-04-30 17:00:47 0 d-------- C:\Documents and Settings\Kevin\Application Data\InstallShield
2008-04-30 16:55:05 0 d-------- C:\Documents and Settings\Kevin\Application Data\Orbit
2008-04-28 15:54:37 0 d-------- C:\Program Files\CYTSoft
2008-04-28 15:48:55 0 d-------- C:\Program Files\BRY-AIR
2008-04-28 10:30:12 0 d-------- C:\Documents and Settings\Kevin\Application Data\COWON
2008-04-19 22:40:56 967 --a------ C:\WINDOWS\ScUnin.pif
2008-04-19 22:40:56 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-04-19 22:40:56 35190 --a------ C:\WINDOWS\scunin.dat
2008-04-02 19:45:57 120 --a------ C:\WINDOWS\system32\winsusrx.dll

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57D10F85-165C-4DB4-91C6-DEBDE891B3C1}]
06/25/2008 12:31 PM 33792 --a------ C:\WINDOWS\system32\qoMfgGyv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
03/16/2008 03:25 AM 398776 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A9927246-1005-4662-BAE5-D450B9919F83}]
C:\WINDOWS\system32\hgGvTmLE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E02B7A2B-D956-428E-8A42-172346D8324E}]
06/27/2008 11:39 AM 285184 --a------ C:\WINDOWS\system32\hgGYrPij.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Preload"="C:\Windows\RUNXMLPL.exe" [04/20/2007 06:56 PM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [03/21/2007 02:00 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [12/16/2005 05:32 PM]
"RTHDCPL"="RTHDCPL.EXE" [05/28/2007 05:32 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 07:43 PM C:\WINDOWS\Alcmtr.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [06/11/2005 08:51 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 09:00 PM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 09:00 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 09:00 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 09:00 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [01/08/2007 11:26 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [01/08/2007 11:17 PM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 01:35 PM]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [10/17/2007 11:59 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/15/2008 09:26 AM]
"cwcptray"="C:\Program Files\ContentWatch\Internet Protection\cwtray.exe" [03/06/2008 12:43 PM]
"Mindful"="C:\Program Files\Felitec\Mindful\Mindful.exe" [03/15/2007 02:26 AM]
"Password Keychain"="C:\Program Files\Password Keychain\Passkeychain.exe" [07/16/2003 11:04 PM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [02/29/2008 03:12 AM C:\WINDOWS\KHALMNPR.Exe]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [07/11/2007 03:07 PM]
"@"="" []
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [04/08/2007 10:44 AM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 09:00 PM C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"Host Process"="C:\Documents and Settings\Kevin\svchost.exe" []
"BM8f105bed"="C:\WINDOWS\system32\ljxhqtng.dll" [06/27/2008 11:40 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"8c236871"="C:\WINDOWS\system32\rhuoogwo.dll" [06/27/2008 11:45 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 09:00 PM]
"TopmostClock"="C:\Program Files\Topmost Clock\TopMostClock.exe" [09/08/2002 12:52 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\
ePrompter.lnk - C:\Program Files\ePrompter\ePrompter.exe [2/11/2008 10:39:25 AM]
Memento.lnk - C:\Program Files\Memento\Memento.exe [7/1/2005 2:49:38 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [3/4/2006 10:43:54 PM]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [8/2/2007 7:41:52 PM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [5/27/2008 9:19:09 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoTrayItemsDisplay"=0 (0x0)
"HideClock"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57D10F85-165C-4DB4-91C6-DEBDE891B3C1}"= C:\WINDOWS\system32\qoMfgGyv.dll [06/25/2008 12:31 PM 33792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
C:\Program Files\Acer\Bio-Protection fingerprint solution\WinNotify.dll 01/26/2008 02:14 AM 2803200 C:\Program Files\Acer\Bio-Protection fingerprint solution\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 05/02/2008 02:42 AM 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMfgGyv]
qoMfgGyv.dll 06/25/2008 12:31 PM 33792 C:\WINDOWS\system32\qoMfgGyv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgGYrPij
"Notification Packages"= scecli C:\Program Files\Acer\Bio-Protection fingerprint solution\PwdFilter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kevin^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eLockMonitor]
C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Codec Update Service]
C:\Program Files\Essentials Codec Pack\update.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
"8c236871"=rundll32.exe "C:\WINDOWS\system32\hyiobokr.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c4f9c6c-26dc-11dd-a083-001de01260dd}]
AutoRun\command- "F:\Install FreeAgent Tools.exe" /run

*Newly Created Service* - RKPAVPROC

-- End of Deckard's System Scanner: finished at 2008-06-27 17:02:05 ------------

I have attached the extra.txt.

Hope you can help. My computer is functioning on faulty cylinders and could blow up any time.

Kevin

forhockey · 07-01-2008, 08:40 PM

Hi 101Kevin,

Sorry for the delay in looking into your log, as we are extremely busy in this section of the forums. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

IMPORTANT: Make sure you install the Recovery Console before running ComboFix.

Reply back with the following:

C:\ComboFix.txt

101Kevin · 07-14-2008, 09:24 PM

forhockey

Used combofix on the laptop, appears to have solved the problem. Thanks!

Attached is my combofix.txt result. If there is anything more I should do please let me know. Again, thanks.

forhockey · 07-15-2008, 09:42 PM

Hello, there is still some cleanup to do, so please stick with me until I say your system is clean.

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

KILLALL::

File::
C:\WINDOWS\BM8f105bed.xml
Folder::
C:\WINDOWS\system32\modtrux05
C:\temp\syschk3
DirLook::
C:\Documents and Settings\Kevin\!

Save this as CFScript

Referring to the picture above, drag CFScript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------

Please reply back with the following logs:

C:\ComboFix.txt
Kaspersky online scan results

101Kevin · 07-15-2008, 10:31 PM

I wasn't able to upload combofix.txt, the file size is about 4.91 MB and max upload size is 1.96 MB. Suggestions?

101Kevin · 07-18-2008, 08:57 AM

forhockey

performed combofix and kaspersky scan. Results are attached. Had to zip combofix, file was too large as txt for upload.

Thanks.

forhockey · 07-20-2008, 05:37 PM

07-01-2008, 08:40 PM	#2 (permalink)
forhockey Analyst, Security Team Join Date: Sep 2006 Location: Ontario, Canada Posts: 2,584 OS: Windows XP Pro	Re: Lost Notification Icons, Couldn't Call Up Task Manager Hi 101Kevin, Sorry for the delay in looking into your log, as we are extremely busy in this section of the forums. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions. Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription. -------------------------------------------------------------- Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix IMPORTANT: Make sure you install the Recovery Console before running ComboFix. Reply back with the following: C:\ComboFix.txt __________________ Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum

07-15-2008, 10:31 PM	#5 (permalink)
101Kevin Registered User Join Date: Jun 2008 Posts: 4 OS: windows xp pro sp2	Re: Lost Notification Icons, Couldn't Call Up Task Manager I wasn't able to upload combofix.txt, the file size is about 4.91 MB and max upload size is 1.96 MB. Suggestions?

07-20-2008, 05:37 PM	#7 (permalink)
forhockey Analyst, Security Team Join Date: Sep 2006 Location: Ontario, Canada Posts: 2,584 OS: Windows XP Pro	Re: Lost Notification Icons, Couldn't Call Up Task Manager