problems opening programs- my log

[solidus422]

Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2007-12-22 23:32:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:06 PM, on 12/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\WINDOWS\ehome\mcrdsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\My Documents\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Administrator.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {cba24ac6-cafd-3159-0e64-3de240315124} - {42151304-2ed3-46e0-9513-dfac6ca42abc} - C:\WINDOWS\system32\mqglvthi.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CC11323E-0D3D-4E2F-9FB7-888E3AB2300E} - C:\WINDOWS\system32\awtqp.dll (file missing)
O2 - BHO: (no name) - {CD22B24F-0644-4346-94E0-713A09B0CB0E} - C:\WINDOWS\system32\vturp.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [c43d596f] rundll32.exe "C:\WINDOWS\system32\texvqktv.dll",b
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/s...wserPlugin.cab
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host-d.oddcast.com/hostClientIE.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O20 - Winlogon Notify: cbxyabc - cbxyabc.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe

--
End of file - 13475 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S0 ftsata2 - c:\windows\system32\drivers\ftsata2.sys (file missing)
S1 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)
S3 catchme - c:\docume~1\hp_adm~1\locals~1\temp\catchme.sys (file missing)
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRVW245 (Linksys Wireless-N USB Network Adapter WUSB300N) - c:\windows\system32\drivers\mrvw245.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11n NIC>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: SCSI/RAID Host Controller
Device ID: ACPI\PNPA000\4&5D18F2DF&1
Manufacturer: (Standard mass storage controllers)
Name: SCSI/RAID Host Controller
PNP Device ID: ACPI\PNPA000\4&5D18F2DF&1
Service: aliuseej


-- Scheduled Tasks -------------------------------------------------------------

2007-12-22 12:58:16 1612 --a------ C:\WINDOWS\Tasks\wrSpySweeper_L10B37337E239447EA350CD21468F656A.job
2007-12-07 19:05:58 430 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2007-10-26 23:54:42 362 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-10-26 23:54:40 354 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2007-11-22 and 2007-12-22 -----------------------------

2007-12-22 23:34:51 0 d-------- C:\Program Files\Trend Micro
2007-12-22 23:20:15 8576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-12-22 23:08:58 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-22 23:08:56 0 d-------- C:\WINDOWS\LastGood
2007-12-22 22:20:30 0 d-------- C:\WINDOWS\CSC
2007-12-22 21:37:38 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-12-20 17:37:23 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Media Player Classic
2007-12-20 17:33:14 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\DivX
2007-12-20 17:16:54 0 d-------- C:\Program Files\hkSFV
2007-12-18 08:54:54 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-12-18 08:54:28 0 d-------- C:\WINDOWS\system32\athan
2007-12-18 08:54:24 0 d-------- C:\Program Files\Athan
2007-12-13 19:42:52 0 d-------- C:\BMW M3 Challenge
2007-12-07 20:57:42 0 d-------- C:\Program Files\Steam
2007-12-07 19:29:22 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\muvee Technologies
2007-12-07 19:28:35 0 d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies
2007-12-04 17:03:25 0 d-------- C:\Program Files\QuickTime
2007-12-03 17:48:06 0 d-------- C:\WINDOWS\system32\ageia
2007-12-03 17:48:06 0 d-------- C:\Program Files\AGEIA Technologies
2007-12-03 17:38:44 0 d-------- C:\Program Files\Ubisoft
2007-12-02 19:52:50 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-02 19:45:16 0 d-------- C:\Program Files\Bonjour
2007-12-02 19:27:05 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-01 21:29:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-01 00:27:59 0 d-------- C:\WINDOWS\system32\logs
2007-11-29 18:53:06 0 d-------- C:\Program Files\DNA
2007-11-29 18:53:05 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\DNA
2007-11-29 17:40:59 0 d-------- C:\Program Files\Windows Live Favorites
2007-11-27 16:23:46 0 d-------- C:\Program Files\Aspyr Media, Inc
2007-11-27 09:28:34 0 d-------- C:\WINDOWS\network diagnostic
2007-11-26 20:00:37 0 d-------- C:\Program Files\KONAMI
2007-11-26 17:38:01 0 d-------- C:\Program Files\Metal Gear Solid
2007-11-25 17:51:37 0 d-------- C:\Program Files\MagicISO
2007-11-25 17:38:29 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\fltk.org
2007-11-25 10:32:20 5248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2007-11-25 10:32:19 160640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2007-11-25 09:53:34 0 d-------- C:\Program Files\Alcohol Soft
2007-11-24 20:43:30 0 d-------- C:\Program Files\Azureus
2007-11-22 23:02:43 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\.wyzo
2007-11-22 22:51:15 96652 --a------ C:\WINDOWS\Metal Gear Solid 2 - 1.scr <Not Verified; Goldshell Digital Media; FlashForge>
2007-11-22 22:51:15 404511 --a------ C:\WINDOWS\Metal Gear Solid 2 - 1.exe <Not Verified; Macromedia, Inc.; Flash 4.0>
2007-11-22 22:51:03 418768 --a------ C:\WINDOWS\Metal Gear Solid 2 - 2.exe <Not Verified; Macromedia, Inc.; Flash 4.0>
2007-11-22 22:51:03 28672 --a------ C:\WINDOWS\gscr.dll
2007-11-22 22:51:02 96652 --a------ C:\WINDOWS\Metal Gear Solid 2 - 2.scr <Not Verified; Goldshell Digital Media; FlashForge>
2007-11-22 20:39:10 0 d-------- C:\Program Files\HC Image Editor


-- Find3M Report ---------------------------------------------------------------

2007-12-22 23:21:27 0 d-------- C:\Program Files\iTunes
2007-12-22 23:21:08 0 d-------- C:\Program Files\MSN Messenger
2007-12-22 23:20:57 0 d-a------ C:\Program Files\Common Files\LightScribe
2007-12-22 23:20:32 0 d-------- C:\Program Files\Windows Live Toolbar
2007-12-22 23:20:29 0 d-------- C:\Program Files\Google
2007-12-22 21:33:36 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2007-12-21 18:11:11 0 d-------- C:\Program Files\LimeWire
2007-12-21 18:09:20 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\MSN6
2007-12-21 02:41:48 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent
2007-12-20 18:24:08 0 d-------- C:\Program Files\DivX
2007-12-16 18:49:59 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Vso
2007-12-14 23:04:16 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2007-12-13 21:32:32 0 d-------- C:\Program Files\Electronic Arts
2007-12-08 23:15:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-08 23:15:20 0 d-------- C:\Program Files\EA GAMES
2007-12-08 14:49:33 0 d-------- C:\Program Files\HP Games
2007-12-07 15:00:01 0 d-------- C:\Program Files\Norton Security Scan
2007-12-02 19:45:09 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-02 19:27:05 0 d-------- C:\Program Files\Common Files
2007-12-01 13:26:45 0 d-------- C:\Program Files\Yahoo!
2007-12-01 13:26:43 0 d-------- C:\Program Files\Nick Jr. Arcade
2007-11-30 00:19:18 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Azureus
2007-11-29 18:53:39 0 d-------- C:\Program Files\BitTorrent
2007-11-29 18:41:53 0 d-------- C:\Program Files\Activision
2007-11-21 18:01:23 0 d-------- C:\Program Files\McAfee
2007-11-21 14:30:35 0 d-------- C:\Program Files\iPod
2007-11-21 14:07:35 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Yahoo!
2007-11-21 14:04:20 0 d-------- C:\Program Files\Xvid
2007-11-21 14:03:44 0 d-------- C:\Program Files\Finale NotePad 2003a
2007-11-21 14:02:26 0 d-------- C:\Program Files\LinkNLog
2007-11-21 14:00:40 0 d-------- C:\Program Files\GameSpy Arcade
2007-11-21 14:00:20 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-11-21 13:58:21 0 d-------- C:\Program Files\Nick Arcade
2007-11-21 13:56:37 0 d-------- C:\Program Files\Quicken
2007-11-16 19:11:59 0 d-------- C:\Program Files\Picasa2
2007-11-10 19:22:44 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\PlayFirst
2007-11-02 16:04:51 0 d-------- C:\Program Files\DAEMON Tools
2007-11-02 1421 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-01 17:56:04 4096 --a------ C:\WINDOWS\d3dx.dat
2007-10-29 13:57:43 0 d-------- C:\Program Files\Common Files\Sandlot Shared
2007-10-27 18:42:52 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia
2007-10-26 23:55:07 0 d-------- C:\Program Files\Common Files\McAfee
2007-10-26 23:45:34 0 d-------- C:\Program Files\Symantec
2007-10-26 23:35:27 0 d-------- C:\Program Files\McAfee.com
2007-10-24 08:18:02 0 d-------- C:\Program Files\Apple Software Update
2007-10-23 20:40:15 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard
2007-10-23 19:15:23 0 d-------- C:\Program Files\Crossword Weaver
2007-10-23 12:13:41 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2007-10-04 17:14:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-10-04 17:14:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-10-04 17:14:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-04 17:14:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-10-04 17:14:00 1478656 --a------ C:\WINDOWS\system32\nview.dll
2007-10-04 17:14:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-10-04 17:14:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-10-04 17:14:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-10-02 19:31:54 20480 --a------ C:\WINDOWS\system32\H@tKeysH@@k.DLL
2007-09-22 21:02:10 604 --ah----- C:\WINDOWS\T4
2007-09-22 21:02:10 604 --ah----- C:\WINDOWS\system32\T3
2007-09-22 21:02:10 604 --ah----- C:\Program Files\STLL Notifier


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42151304-2ed3-46e0-9513-dfac6ca42abc}]
C:\WINDOWS\system32\mqglvthi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC11323E-0D3D-4E2F-9FB7-888E3AB2300E}]
C:\WINDOWS\system32\awtqp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD22B24F-0644-4346-94E0-713A09B0CB0E}]
C:\WINDOWS\system32\vturp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 05:30 PM]
"LXBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [11/02/2004 10:08 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/14/2007 11:43 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/29/2006 01:51 AM]
"c43d596f"="C:\WINDOWS\system32\texvqktv.dll" []
"Athan"="C:\Program Files\Athan\Athan.exe" [09/06/2007 02:25 PM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [03/21/2007 01:54 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 11:54 AM]
"Steam"="C:\Program Files\Steam\Steam.exe" [12/07/2007 08:59 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [07/16/2007 02:17 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 04:17 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxyabc]
cbxyabc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\|MicServiceUx]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=C:\WINDOWS\pss\Updates From HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMPro]
"C:\Program Files\AIM\AIM Pro\aimpro.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
ARPWRMSG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellSouthAlertManager.exe]
"C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe" /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
"c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
"C:\Program Files\Lexmark 7100 Series\ezprint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer4_in_1]
"C:\Program Files\Lexmark 7100 Series\fm3032.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftutil2]
rundll32.exe ftutil2.dll,SetWriteCacheMode

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IcoSet]
c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbxmon.exe]
"C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCLaunch]
C:\WINDOWS\NCLAUNCH.EXe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nick LaunchPad]
"C:\Program Files\Nick LaunchPad\Nick LaunchPad.exe" -r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\regcmdcons]
c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
AutoRun\command- L:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34908f44-9b6a-11dc-b1d8-0018f3d237f5}]
AutoRun\command- L:\Launch.exe

*Newly Created Service* - RKPAVPROC



-- End of Deckard's System Scanner: finished at 2007-12-22 23:36:25 ------------

[sUBs]

Do a HijackThis scan & place a check next to these items and select "Fix checked":

O2 - BHO: {cba24ac6-cafd-3159-0e64-3de240315124} - {42151304-2ed3-46e0-9513-dfac6ca42abc} - C:\WINDOWS\system32\mqglvthi.dll (file missing)
O2 - BHO: (no name) - {CC11323E-0D3D-4E2F-9FB7-888E3AB2300E} - C:\WINDOWS\system32\awtqp.dll (file missing)
O2 - BHO: (no name) - {CD22B24F-0644-4346-94E0-713A09B0CB0E} - C:\WINDOWS\system32\vturp.dll (file missing)
O4 - HKLM\..\Run: [c43d596f] rundll32.exe "C:\WINDOWS\system32\texvqktv.dll",b
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O20 - Winlogon Notify: cbxyabc - cbxyabc.dll (file missing)

Ignore any prompts for a reboot


---------------


www.bleepingcomputer.com
www.forospyware.com
www.geekstogo.com

1. Please choose from any of the above links. Download the file & Save it to Desktop.

2. Double click on ComboFix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[solidus422]

heres the log from combofix

ComboFix 07-12-24.3 - HP_Administrator 2007-12-24 14:00:04.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.489 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 )))))))))))))))))))))))))))))))
.

2007-12-22 23:34 . 2007-12-22 23:34 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-22 23:32 . 2007-12-22 23:32 <DIR> d-------- C:\Deckard
2007-12-22 23:20 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2007-12-22 23:09 . 2007-12-22 23:19 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-22 23:09 . 2007-12-22 23:19 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-22 23:09 . 2007-12-22 23:19 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-22 23:08 . 2007-12-22 23:20 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-22 21:37 . 2007-12-22 21:37 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-12-20 17:37 . 2007-12-20 17:37 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Media Player Classic
2007-12-20 17:33 . 2007-12-20 17:33 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\DivX
2007-12-20 17:32 . 2007-12-11 17:34 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-12-20 17:16 . 2007-12-23 11:54 <DIR> d-------- C:\Program Files\hkSFV
2007-12-20 17:13 . 2007-12-20 17:53 68 --a------ C:\WINDOWS\MyProg.ini
2007-12-18 08:54 . 2007-12-22 23:21 <DIR> d-------- C:\WINDOWS\system32\athan
2007-12-18 08:54 . 2007-12-22 23:21 <DIR> d-------- C:\Program Files\Athan
2007-12-18 08:54 . 2007-12-18 08:54 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-12-14 23:29 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-14 23:29 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-13 21:32 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-12-13 21:32 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-12-13 21:32 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-12-13 21:32 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-12-13 21:32 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-12-13 21:32 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-12-13 21:32 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-12-13 21:32 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-12-13 21:32 . 2007-06-20 20:45 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-12-12 23:57 . 2007-12-12 23:57 1,500 --a------ C:\WINDOWS\system32\MRT.INI
2007-12-11 17:32 . 2007-12-11 17:32 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-08 01:27 . 2007-12-08 01:27 268 --ah----- C:\sqmdata07.sqm
2007-12-08 01:27 . 2007-12-08 01:27 244 --ah----- C:\sqmnoopt07.sqm
2007-12-07 20:57 . 2007-12-22 23:40 <DIR> d-------- C:\Program Files\Steam
2007-12-07 19:29 . 2007-12-07 19:29 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\muvee Technologies
2007-12-07 19:28 . 2007-12-07 19:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies
2007-12-06 23:47 . 2007-12-06 23:47 268 --ah----- C:\sqmdata06.sqm
2007-12-06 23:47 . 2007-12-06 23:47 244 --ah----- C:\sqmnoopt06.sqm
2007-12-05 23:01 . 2007-12-05 23:01 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-04 17:06 . 2007-12-23 11:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-04 17:06 . 2007-12-04 17:06 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-04 17:03 . 2007-12-04 17:05 <DIR> d-------- C:\Program Files\QuickTime
2007-12-03 17:48 . 2007-12-03 17:48 <DIR> d-------- C:\WINDOWS\system32\ageia
2007-12-03 17:48 . 2007-12-03 17:48 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-12-03 17:38 . 2007-12-03 17:38 <DIR> d-------- C:\Program Files\Ubisoft
2007-12-02 19:52 . 2007-12-02 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-02 19:45 . 2007-12-22 23:21 <DIR> d-------- C:\Program Files\Bonjour
2007-12-02 19:27 . 2007-12-02 19:27 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-01 21:29 . 2007-12-01 21:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-01 00:27 . 2007-12-01 00:27 <DIR> d-------- C:\WINDOWS\system32\logs
2007-11-29 18:53 . 2007-11-29 18:53 <DIR> d-------- C:\Program Files\DNA
2007-11-29 18:53 . 2007-12-03 18:21 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\DNA
2007-11-29 17:40 . 2007-12-23 10:43 <DIR> d-------- C:\Program Files\Windows Live Favorites
2007-11-29 17:15 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-11-29 17:15 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-11-29 17:15 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-11-29 17:15 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-11-29 17:15 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-11-29 17:15 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-11-29 17:15 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-11-29 17:15 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-11-29 17:15 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-11-27 16:23 . 2007-11-27 16:23 <DIR> d-------- C:\Program Files\Aspyr Media, Inc
2007-11-27 09:40 . 2007-10-10 18:55 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-27 09:40 . 2007-04-17 04:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-27 09:40 . 2007-03-08 00:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-27 09:40 . 2007-10-10 18:55 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-27 09:40 . 2007-10-10 18:55 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-27 09:40 . 2007-10-10 18:55 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-27 09:40 . 2007-10-10 18:55 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-27 09:40 . 2007-10-10 18:55 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-27 09:40 . 2007-10-10 05:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-26 20:00 . 2007-11-26 20:00 <DIR> d-------- C:\Program Files\KONAMI
2007-11-26 17:38 . 2007-12-12 21:01 <DIR> d-------- C:\Program Files\Metal Gear Solid
2007-11-25 17:51 . 2007-12-12 08:13 <DIR> d-------- C:\Program Files\MagicISO
2007-11-25 17:38 . 2007-11-25 17:38 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\fltk.org
2007-11-25 10:32 . 2004-04-30 09:37 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2007-11-25 10:32 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2007-11-25 09:53 . 2007-11-25 09:53 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-11-24 20:43 . 2007-11-24 20:43 <DIR> d-------- C:\Program Files\Azureus

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 19:06 --------- d-----w C:\Program Files\McAfee
2007-12-23 15:43 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-23 13:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2007-12-23 13:51 --------- d-----w C:\Program Files\HP Games
2007-12-23 04:21 --------- d-----w C:\Program Files\MSN Messenger
2007-12-23 04:21 --------- d-----w C:\Program Files\iTunes
2007-12-23 04:20 --------- d---a-w C:\Program Files\Common Files\LightScribe
2007-12-23 04:20 --------- d-----w C:\Program Files\Google
2007-12-23 03:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-21 23:11 --------- d-----w C:\Program Files\LimeWire
2007-12-21 23:09 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\MSN6
2007-12-21 07:41 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent
2007-12-20 23:24 --------- d-----w C:\Program Files\DivX
2007-12-16 23:49 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Vso
2007-12-15 04:04 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2007-12-14 02:32 --------- d-----w C:\Program Files\Electronic Arts
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-11 22:34 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-12-09 04:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-09 04:15 --------- d-----w C:\Program Files\EA GAMES
2007-12-07 20:00 --------- d-----w C:\Program Files\Norton Security Scan
2007-12-03 00:45 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-01 18:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-01 18:26 --------- d-----w C:\Program Files\Yahoo!
2007-12-01 18:26 --------- d-----w C:\Program Files\Nick Jr. Arcade
2007-11-30 05:19 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Azureus
2007-11-29 23:53 --------- d-----w C:\Program Files\BitTorrent
2007-11-29 23:41 --------- d-----w C:\Program Files\Activision
2007-11-27 21:42 --------- d-----w C:\Program Files\HC Image Editor
2007-11-25 14:50 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-23 04:02 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\.wyzo
2007-11-23 03:51 96,652 ----a-w C:\WINDOWS\Metal Gear Solid 2 - 2.scr
2007-11-23 03:51 96,652 ----a-w C:\WINDOWS\Metal Gear Solid 2 - 1.scr
2007-11-23 03:51 418,768 ----a-w C:\WINDOWS\Metal Gear Solid 2 - 2.exe
2007-11-23 03:51 404,511 ----a-w C:\WINDOWS\Metal Gear Solid 2 - 1.exe
2007-11-23 03:51 28,672 ----a-w C:\WINDOWS\gscr.dll
2007-11-22 21:50 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-22 21:49 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-11-21 19:30 --------- d-----w C:\Program Files\iPod
2007-11-21 19:07 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Yahoo!
2007-11-21 19:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-21 19:04 --------- d-----w C:\Program Files\Xvid
2007-11-21 19:03 --------- d-----w C:\Program Files\Finale NotePad 2003a
2007-11-21 19:02 --------- d-----w C:\Program Files\LinkNLog
2007-11-21 19:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\MakeMusic
2007-11-21 19:00 --------- d-----w C:\Program Files\GameSpy Arcade
2007-11-21 19:00 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-11-21 18:58 --------- d-----w C:\Program Files\Nick Arcade
2007-11-21 18:56 --------- d-----w C:\Program Files\Quicken
2007-11-17 00:11 --------- d-----w C:\Program Files\Picasa2
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 00:22 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\PlayFirst
2007-11-10 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-11-02 21:04 --------- d-----w C:\Program Files\DAEMON Tools
2007-11-02 19:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-01 22:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\BlockBreaker
2007-10-30 23:42 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-29 18:57 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
2007-10-27 22:39 228,864 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:39 228,864 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-27 04:55 --------- d-----w C:\Program Files\Common Files\McAfee
2007-10-27 04:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-27 04:45 --------- d-----w C:\Program Files\Symantec
2007-10-27 04:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-27 04:35 --------- d-----w C:\Program Files\McAfee.com
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-24 13:18 --------- d-----w C:\Program Files\Apple Software Update
2007-10-24 01:40 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Hewlett-Packard
2007-10-24 00:15 --------- d-----w C:\Program Files\Crossword Weaver
2007-10-23 22:38 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-10-10 23:56 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-10-04 22:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-04 22:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-04 22:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-04 22:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-04 22:14 6,854,464 ----a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-10-04 22:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 22:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-04 22:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-07-01 16:53 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2007-08-14 02:05 80 --sh--r C:\WINDOWS\system32\FF08437FEE.dll
2007-09-15 19:39 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2007-12-24_13.54.28.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-28 18:34:18 306,528 ----a-w C:\WINDOWS\Temp\0277641198522573mcinst.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-09 23:00 C:\WINDOWS\system32\rundll32.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-29 01:51]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-21 13:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\|MicServiceUx]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=C:\WINDOWS\pss\Updates From HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMPro]
C:\Program Files\AIM\AIM Pro\aimpro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
ARPWRMSG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]
2007-09-06 14:25 1003520 --a------ C:\Program Files\Athan\Athan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellSouthAlertManager.exe]
C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2007-11-29 18:53 290112 --a------ C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c43d596f]
rundll32.exe C:\WINDOWS\system32\texvqktv.dll,b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
2003-05-21 17:37 229437 --a------ C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
2006-04-13 11:05 90112 --a------ c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 23:01 67584 --a------ C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2004-09-17 08:24 61440 --a------ C:\Program Files\Lexmark 7100 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer4_in_1]
C:\Program Files\Lexmark 7100 Series\fm3032.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftutil2]
rundll32.exe ftutil2.dll,SetWriteCacheMode

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-04-11 14:25 212992 --a------ C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 10:24 49152 --a------ C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-07-28 09:43 188416 --a------ C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IcoSet]
c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-15 13:11 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBXCATS]
rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbxmon.exe]
2005-01-18 04:43 196608 --a------ C:\Program Files\Lexmark 7100 Series\lxbxmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCLaunch]
2007-07-24 12:18 40960 --a------ C:\WINDOWS\NCLAUNCH.EXe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nick LaunchPad]
C:\Program Files\Nick LaunchPad\Nick LaunchPad.exe -r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-10-23 16:18 443968 --a------ C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2005-07-23 00:14 237568 --a------ C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\regcmdcons]
c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-03-14 02:43 83608 --a------ C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-10-06 15:19 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\Launch.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-27 04:54:42 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2007-10-27 04:54:40 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-12-08 00:05:58 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-12-24 19:00:19 C:\WINDOWS\Tasks\wrSpySweeper_L10B37337E239447EA350CD21468F656A.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe>/ScheduleSweep=wrSpySweeper_L10B37337E239447EA350CD21468F656A
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- C:\
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 1435
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwEnumerateValueKey, ZwQueryDirectoryFile, ZwQuerySystemInformation

scanning hidden processes ...

C:\WINDOWS\system32\comwl\svchost.exe [1500] 0x850DC6E8

scanning hidden autostart entries ...

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
System =
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell = Explorer.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\system32\userinit.exe,

scanning hidden files ...

C:\WINDOWS\system32\comwl

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2007-12-24 14:07:23 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-24 13:55
C:\ComboFix3.txt ... 2007-12-22 22:41
.
2007-12-13 04:57:49 --- E O F ---


heres the log for hijackthis

Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2007-12-24 14:10:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:10:11 PM, on 12/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\ehome\mcrdsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\HP_Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_ADM~1.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5289 bytes

-- Files created between 2007-11-24 and 2007-12-24 -----------------------------

2007-12-22 23:34:51 0 d-------- C:\Program Files\Trend Micro
2007-12-22 23:20:15 8576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-12-22 23:08:58 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-22 22:20:30 0 d-------- C:\WINDOWS\CSC
2007-12-22 21:37:38 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-12-20 17:37:23 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Media Player Classic
2007-12-20 17:33:14 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\DivX
2007-12-20 17:16:54 0 d-------- C:\Program Files\hkSFV
2007-12-18 08:54:54 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-12-18 08:54:28 0 d-------- C:\WINDOWS\system32\athan
2007-12-18 08:54:24 0 d-------- C:\Program Files\Athan
2007-12-13 19:42:52 0 d-------- C:\BMW M3 Challenge
2007-12-07 20:57:42 0 d-------- C:\Program Files\Steam
2007-12-07 19:29:22 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\muvee Technologies
2007-12-07 19:28:35 0 d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies
2007-12-04 17:03:25 0 d-------- C:\Program Files\QuickTime
2007-12-03 17:48:06 0 d-------- C:\WINDOWS\system32\ageia
2007-12-03 17:48:06 0 d-------- C:\Program Files\AGEIA Technologies
2007-12-03 17:38:44 0 d-------- C:\Program Files\Ubisoft
2007-12-02 19:52:50 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-02 19:45:16 0 d-------- C:\Program Files\Bonjour
2007-12-02 19:27:05 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-01 21:29:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-01 00:27:59 0 d-------- C:\WINDOWS\system32\logs
2007-11-29 18:53:06 0 d-------- C:\Program Files\DNA
2007-11-29 18:53:05 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\DNA
2007-11-29 17:40:59 0 d-------- C:\Program Files\Windows Live Favorites
2007-11-27 16:23:46 0 d-------- C:\Program Files\Aspyr Media, Inc
2007-11-27 09:28:34 0 d-------- C:\WINDOWS\network diagnostic
2007-11-26 20:00:37 0 d-------- C:\Program Files\KONAMI
2007-11-26 17:38:01 0 d-------- C:\Program Files\Metal Gear Solid
2007-11-25 17:51:37 0 d-------- C:\Program Files\MagicISO
2007-11-25 17:38:29 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\fltk.org
2007-11-25 10:32:20 5248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2007-11-25 10:32:19 160640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2007-11-25 09:53:34 0 d-------- C:\Program Files\Alcohol Soft
2007-11-24 20:43:30 0 d-------- C:\Program Files\Azureus


-- Find3M Report ---------------------------------------------------------------

2007-12-24 1405 0 d-------- C:\Program Files\McAfee
2007-12-23 10:43:20 0 d-------- C:\Program Files\Windows Live Toolbar
2007-12-23 08:51:15 0 d-------- C:\Program Files\HP Games
2007-12-22 23:21:27 0 d-------- C:\Program Files\iTunes
2007-12-22 23:21:08 0 d-------- C:\Program Files\MSN Messenger
2007-12-22 23:20:57 0 d-a------ C:\Program Files\Common Files\LightScribe
2007-12-22 23:20:29 0 d-------- C:\Program Files\Google
2007-12-22 21:33:36 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2007-12-21 18:11:11 0 d-------- C:\Program Files\LimeWire
2007-12-21 18:09:20 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\MSN6
2007-12-21 02:41:48 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent
2007-12-20 18:24:08 0 d-------- C:\Program Files\DivX
2007-12-16 18:49:59 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Vso
2007-12-14 23:04:16 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2007-12-13 21:32:32 0 d-------- C:\Program Files\Electronic Arts
2007-12-08 23:15:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-08 23:15:20 0 d-------- C:\Program Files\EA GAMES
2007-12-07 15:00:01 0 d-------- C:\Program Files\Norton Security Scan
2007-12-02 19:45:09 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-02 19:27:05 0 d-------- C:\Program Files\Common Files
2007-12-01 13:26:45 0 d-------- C:\Program Files\Yahoo!
2007-12-01 13:26:43 0 d-------- C:\Program Files\Nick Jr. Arcade
2007-11-30 00:19:18 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Azureus
2007-11-29 18:53:39 0 d-------- C:\Program Files\BitTorrent
2007-11-29 18:41:53 0 d-------- C:\Program Files\Activision
2007-11-27 16:42:34 0 d-------- C:\Program Files\HC Image Editor
2007-11-22 23:02:43 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\.wyzo
2007-11-22 22:51:15 96652 --a------ C:\WINDOWS\Metal Gear Solid 2 - 1.scr <Not Verified; Goldshell Digital Media; FlashForge>
2007-11-22 22:51:15 404511 --a------ C:\WINDOWS\Metal Gear Solid 2 - 1.exe <Not Verified; Macromedia, Inc.; Flash 4.0>
2007-11-22 22:51:03 418768 --a------ C:\WINDOWS\Metal Gear Solid 2 - 2.exe <Not Verified; Macromedia, Inc.; Flash 4.0>
2007-11-22 22:51:03 28672 --a------ C:\WINDOWS\gscr.dll
2007-11-22 22:51:02 96652 --a------ C:\WINDOWS\Metal Gear Solid 2 - 2.scr <Not Verified; Goldshell Digital Media; FlashForge>
2007-11-21 14:30:35 0 d-------- C:\Program Files\iPod
2007-11-21 14:07:35 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Yahoo!
2007-11-21 14:04:20 0 d-------- C:\Program Files\Xvid
2007-11-21 14:03:44 0 d-------- C:\Program Files\Finale NotePad 2003a
2007-11-21 14:02:26 0 d-------- C:\Program Files\LinkNLog
2007-11-21 14:00:40 0 d-------- C:\Program Files\GameSpy Arcade
2007-11-21 14:00:20 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-11-21 13:58:21 0 d-------- C:\Program Files\Nick Arcade
2007-11-21 13:56:37 0 d-------- C:\Program Files\Quicken
2007-11-16 19:11:59 0 d-------- C:\Program Files\Picasa2
2007-11-10 19:22:44 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\PlayFirst
2007-11-02 16:04:51 0 d-------- C:\Program Files\DAEMON Tools
2007-11-02 1421 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-01 17:56:04 4096 --a------ C:\WINDOWS\d3dx.dat
2007-10-29 13:57:43 0 d-------- C:\Program Files\Common Files\Sandlot Shared
2007-10-27 18:42:52 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia
2007-10-26 23:55:07 0 d-------- C:\Program Files\Common Files\McAfee
2007-10-26 23:45:34 0 d-------- C:\Program Files\Symantec
2007-10-26 23:35:27 0 d-------- C:\Program Files\McAfee.com
2007-10-24 08:18:02 0 d-------- C:\Program Files\Apple Software Update
2007-10-04 17:14:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-10-04 17:14:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-10-04 17:14:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-04 17:14:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-10-04 17:14:00 1478656 --a------ C:\WINDOWS\system32\nview.dll
2007-10-04 17:14:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-10-04 17:14:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-10-04 17:14:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-10-02 19:31:54 20480 --a------ C:\WINDOWS\system32\H@tKeysH@@k.DLL


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/04/2007 05:14 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/29/2006 01:51 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [03/21/2007 01:54 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\|MicServiceUx]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=C:\WINDOWS\pss\Updates From HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMPro]
"C:\Program Files\AIM\AIM Pro\aimpro.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
ARPWRMSG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]
C:\Program Files\Athan\Athan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellSouthAlertManager.exe]
"C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe" /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c43d596f]
rundll32.exe "C:\WINDOWS\system32\texvqktv.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
"c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
"C:\Program Files\Lexmark 7100 Series\ezprint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer4_in_1]
"C:\Program Files\Lexmark 7100 Series\fm3032.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftutil2]
rundll32.exe ftutil2.dll,SetWriteCacheMode

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IcoSet]
c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBXCATS]
rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbxmon.exe]
"C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCLaunch]
C:\WINDOWS\NCLAUNCH.EXe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nick LaunchPad]
"C:\Program Files\Nick LaunchPad\Nick LaunchPad.exe" -r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\regcmdcons]
c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
AutoRun\command- L:\Launch.exe




-- End of Deckard's System Scanner: finished at 2007-12-24 14:10:37 ------------

[sUBs]

Quote:

Completion time: 2007-12-24 14:07:23 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-24 13:55
C:\ComboFix3.txt ... 2007-12-22 22:41

I would like to see these other logs.