hey im new to a of this stuff but if you could show mthrew it (be detailed) that would be very appreciated..so i guess im supposed to send this to you then yu send me back so if you can tell me (exactly) what to do that would be greeat! so my computer started to get slow. pop ups have been coming and all of the sdden my background changes to blue and says that i have spyware. now cant change my properties. many porn pop up have been coming up althought i dont do tha sort of stuff. that is pretty much my problem. thank you!
Deckard's System Scanner v20071014.68
Run by Danoo XD on 2008-07-13 02:07:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
15: 2008-07-13 06:07:41 UTC - RP225 - Deckard's System Scanner Restore Point
14: 2008-07-13 00:27:20 UTC - RP224 - Last known good configuration
13: 2008-07-13 00:27:14 UTC - RP223 - Last known good configuration
12: 2008-07-13 00:27:14 UTC - RP222 - System Checkpoint
11: 2008-07-13 00:27:14 UTC - RP221 - System Checkpoint
-- First Restore Point --
1: 2008-07-13 00:27:13 UTC - RP211 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Danoo XD.exe) --------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:11:06 AM, on 7/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\RtlWake.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_2_0_2\Setup.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Documents and Settings\Danoo XD\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Danoo XD.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: (no name) - {11A7A749-0381-4AE2-940B-27EC006D6006} - C:\WINDOWS\system32\vtUmLEvU.dll
O2 - BHO: (no name) - {445D316C-F9A7-49D5-A4AD-2E71CD1191FD} - C:\WINDOWS\system32\nnnoNgfd.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {1f22ff70-5e9d-972b-e6a4-75a49d05e8ca} - {ac8e50d9-4a57-4a6e-b279-d9e507ff22f1} - C:\WINDOWS\system32\hnqsaz.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [lphc5afj0e3g4] C:\WINDOWS\system32\lphc5afj0e3g4.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Cheeze\Local Settings\Temporary Internet Files\Content.IE5\1POHV3QE\installer_sbd_en[1].exe
O4 - HKLM\..\Run: [07011e0c] rundll32.exe "C:\WINDOWS\system32\yfpbndfv.dll",b
O4 - HKLM\..\Run: [BM04322d90] Rundll32.exe "C:\WINDOWS\system32\sqbthutm.dll",s
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = C:\WINDOWS\RtlWake.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O20 - Winlogon Notify: vtUmLEvU - C:\WINDOWS\SYSTEM32\vtUmLEvU.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 11866 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 AgereSoftModem (Agere Systems Soft Modem) - c:\windows\system32\drivers\agrsm.sys <Not Verified; Agere Systems; Agere SoftModem Driver>
R3 aracpi - c:\windows\system32\drivers\aracpi.sys <Not Verified; Microsoft Corporation; Microsoft AR ACPI Driver>
R3 arkbcfltr (Microsoft PS2 Keyboard Filter) - c:\windows\system32\drivers\arkbcfltr.sys <Not Verified; Microsoft Corporation; Microsoft AR PS/2 Keyboard Filter Driver>
R3 armoucfltr (Microsoft PS2 Mouse Filter) - c:\windows\system32\drivers\armoucfltr.sys <Not Verified; Microsoft Corporation; Microsoft AR PS/2 Mouse Filter Driver>
R3 ARPolicy - c:\windows\system32\drivers\arpolicy.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R4 CO_Mon - c:\windows\system32\drivers\co_mon.sys (file missing)
S0 ftsata2 - c:\windows\system32\drivers\ftsata2.sys (file missing)
S3 arhidfltr (MS Ar HID Filter Driver) - c:\windows\system32\drivers\arhidfltr.sys <Not Verified; Microsoft Corporation; Microsoft AR Human Interface Device Filter Driver>
S4 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ARSVC - c:\windows\arservice.exe <Not Verified; Microsoft; ARSVC Application>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 RMSvc (Media Center Extender Resource Monitor) - c:\windows\ehome\rmsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 MHN - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\ACAE2011D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\ACAE2011D800
Service: NIC1394
-- Files created between 2008-06-13 and 2008-07-13 -----------------------------
2008-07-13 02:08:52 0 d-------- C:\WINDOWS\55A6283C638A4EE0B49151118554BDA2.TMP
2008-07-13 00:36:57 0 d-------- C:\ie-spyad_zo
2008-07-13 00:31:48 105248 --a------ C:\WINDOWS\system32\hnqsaz.dll
2008-07-13 00:31:47 105248 --a------ C:\WINDOWS\system32\dfawqpip.dll
2008-07-13 00:31:45 81152 --a------ C:\WINDOWS\system32\yfpbndfv.dll
2008-07-13 00:31:29 90992 --a------ C:\WINDOWS\system32\sqbthutm.dll
2008-07-12 23:51:58 0 d-------- C:\Program Files\SpywareBlaster
2008-07-12 20:30:06 105248 --a------ C:\WINDOWS\system32\gbefph.dll
2008-07-12 20:30:05 105248 --a------ C:\WINDOWS\system32\bvtufyoc.dll
2008-07-12 20:27:51 90992 --a------ C:\WINDOWS\system32\vtrdqbdc.dll
2008-07-12 19:03:59 0 d-------- C:\Program Files\Panda Security
2008-07-12 18:52:35 0 d-------- C:\Program Files\Trend Micro
2008-07-12 15:19:09 105248 --a------ C:\WINDOWS\system32\zmnxil.dll
2008-07-12 15:19:07 105248 --a------ C:\WINDOWS\system32\jlwhurui.dll
2008-07-12 15:18:59 90992 --a------ C:\WINDOWS\system32\yltsnctn.dll
2008-07-12 15:18:18 607509 --ahs---- C:\WINDOWS\system32\sDLVxGgh.ini2
2008-07-12 15:18:14 314688 --a------ C:\WINDOWS\system32\hgGxVLDs.dll
2008-07-12 11:13:32 105248 --a------ C:\WINDOWS\system32\roqyli.dll
2008-07-12 11:13:31 105248 --a------ C:\WINDOWS\system32\kbdrptul.dll
2008-07-12 11:13:22 90992 --a------ C:\WINDOWS\system32\vdlmhlna.dll
2008-07-12 11:12:42 620048 --ahs---- C:\WINDOWS\system32\aaGhQqss.ini2
2008-07-12 11:12:38 314688 --a------ C:\WINDOWS\system32\ssqQhGaa.dll
2008-07-12 04:30:14 105248 --a------ C:\WINDOWS\system32\tgetcj.dll
2008-07-12 04:30:13 105248 --a------ C:\WINDOWS\system32\nwucllln.dll
2008-07-12 04:27:24 81152 --a------ C:\WINDOWS\system32\lmdgkewu.dll
2008-07-12 04:27:13 90992 --a------ C:\WINDOWS\system32\swmlggbx.dll
2008-07-11 18:38:16 608598 --ahs---- C:\WINDOWS\system32\MoqWwyxx.ini2
2008-07-11 18:38:13 314608 --a------ C:\WINDOWS\system32\xxywWqoM.dll
2008-07-10 04:28:04 105232 --a------ C:\WINDOWS\system32\ywxfox.dll
2008-07-10 04:28:03 105232 --a------ C:\WINDOWS\system32\ldckowyc.dll
2008-07-10 04:27:50 90912 --a------ C:\WINDOWS\system32\nkrxievi.dll
2008-07-09 18:12:46 81184 --a------ C:\WINDOWS\system32\hoirvfjr.dll
2008-07-09 18:10:31 105152 --a------ C:\WINDOWS\system32\glrqiq.dll
2008-07-09 18:10:30 105152 --a------ C:\WINDOWS\system32\sdmjcqwa.dll
2008-07-09 18:10:23 90816 --a------ C:\WINDOWS\system32\kpifnwne.dll
2008-07-09 18:09:40 635462 --ahs---- C:\WINDOWS\system32\YbIllnnn.ini2
2008-07-09 18:09:35 314672 --a------ C:\WINDOWS\system32\nnnllIbY.dll
2008-07-09 04:30:42 105152 --a------ C:\WINDOWS\system32\fkwtrf.dll
2008-07-09 04:30:41 105152 --a------ C:\WINDOWS\system32\vkoqrtyo.dll
2008-07-09 04:27:41 90816 --a------ C:\WINDOWS\system32\egblwdwb.dll
2008-07-08 04:31:31 105296 --a------ C:\WINDOWS\system32\hggpdv.dll
2008-07-08 04:31:30 105296 --a------ C:\WINDOWS\system32\nrwswqad.dll
2008-07-08 04:28:30 81104 --a------ C:\WINDOWS\system32\lyurfvoj.dll
2008-07-08 04:25:31 90880 --a------ C:\WINDOWS\system32\twqdcgiu.dll
2008-07-07 04:28:18 106304 --a------ C:\WINDOWS\system32\oqezpt.dll
2008-07-07 04:28:17 106304 --a------ C:\WINDOWS\system32\tnvvgomr.dll
2008-07-06 04:26:26 82208 --a------ C:\WINDOWS\system32\tgkrdcqj.dll
2008-07-05 22:38:16 0 d-------- C:\Program Files\Lavasoft
2008-07-05 22:38:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-05 04:26:56 106320 --a------ C:\WINDOWS\system32\ppfolwff.dll
2008-07-05 04:26:56 106320 --a------ C:\WINDOWS\system32\kruekz.dll
2008-07-05 01:25:00 0 d-------- C:\NSS
2008-07-04 02:47:50 106192 --a------ C:\WINDOWS\system32\nofszd.dll
2008-07-04 02:47:49 106192 --a------ C:\WINDOWS\system32\wvmlksmq.dll
2008-07-03 02:48:21 106272 --a------ C:\WINDOWS\system32\ewjhpe.dll
2008-07-03 02:48:20 106272 --a------ C:\WINDOWS\system32\aysixjux.dll
2008-07-03 02:45:20 85248 --a------ C:\WINDOWS\system32\lrbkrvpm.dll
2008-07-02 19:51:37 0 d-------- C:\Documents and Settings\Cheeze\Application Data\Symantec
2008-07-02 13:08:55 1831 --ahs---- C:\WINDOWS\system32\HiPrCJlm.ini2
2008-07-02 13:08:52 315168 --a------ C:\WINDOWS\system32\mlJCrPiH.dll
2008-07-02 12:54:48 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2008-07-02 01:42:10 0 d-------- C:\Program Files\Norton 360
2008-07-02 01:38:11 0 d-------- C:\Program Files\Symantec
2008-07-02 01:38:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-02 00:43:29 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-02 00:26:44 988 --ahs---- C:\WINDOWS\system32\Psvyacdd.ini2
2008-07-02 00:26:38 315168 --a------ C:\WINDOWS\system32\ddcayvsP.dll
2008-07-01 19:30:35 1219 --ahs---- C:\WINDOWS\system32\CfNqAJlm.ini2
2008-07-01 19:30:30 315168 --a------ C:\WINDOWS\system32\mlJAqNfC.dll
2008-06-30 20:51:20 496 --ahs---- C:\WINDOWS\system32\eggMnnmp.ini2
2008-06-30 20:51:00 314784 --a------ C:\WINDOWS\system32\pmnnMgge.dll
2008-06-30 16:26:29 0 d-------- C:\Program Files\Tencent
2008-06-30 16:17:52 0 d-------- C:\Program Files\AIMTunes
2008-06-30 16:15:48 0 d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-06-30 11:39:44 496 --ahs---- C:\WINDOWS\system32\vEgfOXyb.ini2
2008-06-30 11:39:41 314784 --a------ C:\WINDOWS\system32\byXOfgEv.dll
2008-06-30 01:49:53 1021 --ahs---- C:\WINDOWS\system32\uCJQBcdd.ini2
2008-06-30 01:49:47 314784 --a------ C:\WINDOWS\system32\ddcBQJCu.dll
2008-06-30 00:34:05 616558 --ahs---- C:\WINDOWS\system32\dfgNonnn.ini2
2008-06-30 00:34:02 314784 --a------ C:\WINDOWS\system32\nnnoNgfd.dll
2008-06-30 00:28:58 25504 --a------ C:\WINDOWS\system32\vtUmLEvU.dll
2008-06-27 00:10:52 0 d-------- C:\Documents and Settings\Cheeze\Application Data\Azureus
2008-06-25 14:57:29 0 d-------- C:\Documents and Settings\Cheeze\Shared
2008-06-25 14:57:24 0 d-------- C:\Documents and Settings\Cheeze\Incomplete
2008-06-25 14:57:15 0 d-------- C:\Documents and Settings\Cheeze\Application Data\FrostWire
2008-06-25 14:34:38 0 d-------- C:\Documents and Settings\Danoo XD\Shared
2008-06-25 14:34:36 0 d-------- C:\Documents and Settings\Danoo XD\Incomplete
2008-06-25 14:34:28 0 d-------- C:\Documents and Settings\Danoo XD\Application Data\FrostWire
2008-06-19 23:08:47 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Viewpoint
2008-06-15 13:50:14 0 d-------- C:\Documents and Settings\Danoo XD\Application Data\DivX
-- Find3M Report ---------------------------------------------------------------
2008-07-13 02:10:10 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-13 02:06:23 0 d-------- C:\Program Files\Common Files
2008-07-13 00:52:55 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-12 15:54:49 0 d-------- C:\Program Files\WildTangent
2008-07-12 15:52:08 0 d-------- C:\Program Files\Viewpoint
2008-07-12 15:38:41 0 d-------- C:\Program Files\LimeWire
2008-07-03 19:38:54 0 d-------- C:\Program Files\Norton Security Scan
2008-07-03 02:10:26 196 --a------ C:\Documents and Settings\Danoo XD\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
2008-07-02 20:54:41 0 d-------- C:\Program Files\Azureus
2008-07-02 02:02:03 0 d-------- C:\Documents and Settings\Danoo XD\Application Data\Symantec
2008-07-02 00:08:48 0 d-------- C:\Documents and Settings\Danoo XD\Application Data\LimeWire
2008-06-30 22:06:41 0 d-------- C:\Documents and Settings\Danoo XD\Application Data\Azureus
2008-06-30 20:13:01 0 d-------- C:\Program Files\Windows Live
2008-06-30 16:18:39 0 d-------- C:\Program Files\AIM6
2008-06-25 14:57:04 0 d-------- C:\Program Files\AskSBar
2008-06-25 02:36:45 0 d-------- C:\Program Files\DivX
2008-06-09 20:44:49 0 d-------- C:\Documents and Settings\Danoo XD\Application Data\MSNInstaller
2008-06-09 19:55:28 0 d-------- C:\Program Files\Trymedia
2008-06-09 19:52:20 0 d-------- C:\Program Files\UBISOFT
2008-06-09 16:49:49 0 d-------- C:\Program Files\Microsoft Works
2008-06-05 19:40:12 0 d-------- C:\Documents and Settings\Danoo XD\Application Data\AdobeUM
2008-05-30 19:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-29 14:28:36 0 d-------- C:\Documents and Settings\Danoo XD\Application Data\Sun
2008-05-27 07:40:33 0 d-------- C:\Program Files\HP
2008-05-27 07:40:22 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-27 07:38:04 34436 --a------ C:\Documents and Settings\Danoo XD\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2008-05-27 07:28:19 0 d-------- C:\Documents and Settings\Danoo XD\Application Data\WinBatch
2008-05-26 00:31:56 0 d-------- C:\Documents and Settings\Danoo XD\Application Data\Adobe
2008-05-22 18:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 18:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 18:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 18:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11A7A749-0381-4AE2-940B-27EC006D6006}]
06/30/2008 12:28 AM 25504 --a------ C:\WINDOWS\system32\vtUmLEvU.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{445D316C-F9A7-49D5-A4AD-2E71CD1191FD}]
06/30/2008 12:34 AM 314784 --a------ C:\WINDOWS\system32\nnnoNgfd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ac8e50d9-4a57-4a6e-b279-d9e507ff22f1}]
07/13/2008 12:31 AM 105248 --a------ C:\WINDOWS\system32\hnqsaz.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [06/09/2008 04:02 PM 262144]
[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/30/2005 12:01 AM]
"RTHDCPL"="RTHDCPL.EXE" [03/08/2006 07:54 AM C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [08/03/2005 02:19 AM C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/24/2006 10:15 PM]
"nwiz"="nwiz.exe" [01/24/2006 10:15 PM C:\WINDOWS\system32\nwiz.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [06/02/2005 02:35 AM]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [03/16/2006 05:12 AM]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdMgr.exe" [03/16/2006 05:11 AM]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [03/20/2006 12:05 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [07/23/2005 01:14 AM]
"@"="" []
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/16/2006 01:34 AM]
"_SetRes"="c:\hp\bin\cloaker c:\hp\bin\res.bat" []
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [12/14/2004 05:23 AM]
"regcmdcons"="c:\hp\bin\cloaker.exe" [11/07/1999 02:11 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 04:44 PM]
"lphc5afj0e3g4"="C:\WINDOWS\system32\lphc5afj0e3g4.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/18/2008 03:37 PM]
"SBI"="C:\Documents and Settings\Cheeze\Local Settings\Temporary Internet Files\Content.IE5\1POHV3QE\installer_sbd_en[1].exe" []
"07011e0c"="C:\WINDOWS\system32\yfpbndfv.dll" [07/13/2008 12:31 AM]
"BM04322d90"="C:\WINDOWS\system32\sqbthutm.dll" [07/13/2008 12:31 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [06/19/2008 01:51 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 12:00 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [08/18/2005 08:49 PM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [10/20/2005 6:55:40 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [12/15/2005 9:40:44 PM]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [7/17/2006 12:52:15 AM]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [7/17/2006 12:52:12 AM]
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [5/6/2006 11:49:36 PM]
WG111v2 Smart Wizard Wireless Setting.lnk - C:\WINDOWS\RtlWake.exe [11/30/2007 8:02:28 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{11A7A749-0381-4AE2-940B-27EC006D6006}"= C:\WINDOWS\system32\vtUmLEvU.dll [06/30/2008 12:28 AM 25504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUmLEvU]
vtUmLEvU.dll 06/30/2008 12:28 AM 25504 C:\WINDOWS\system32\vtUmLEvU.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\nnnoNgfd
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE
-- End of Deckard's System Scanner: finished at 2008-07-13 02:12:53 ------------
Deckard's System Scanner v20071014.68
Run by Danoo XD on 2008-07-13 02:07:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
15: 2008-07-13 06:07:41 UTC - RP225 - Deckard's System Scanner Restore Point
14: 2008-07-13 00:27:20 UTC - RP224 - Last known good configuration
13: 2008-07-13 00:27:14 UTC - RP223 - Last known good configuration
12: 2008-07-13 00:27:14 UTC - RP222 - System Checkpoint
11: 2008-07-13 00:27:14 UTC - RP221 - System Checkpoint
-- First Restore Point --
1: 2008-07-13 00:27:13 UTC - RP211 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Danoo XD.exe) --------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:11:06 AM, on 7/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\RtlWake.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_2_0_2\Setup.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Documents and Settings\Danoo XD\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Danoo XD.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: (no name) - {11A7A749-0381-4AE2-940B-27EC006D6006} - C:\WINDOWS\system32\vtUmLEvU.dll
O2 - BHO: (no name) - {445D316C-F9A7-49D5-A4AD-2E71CD1191FD} - C:\WINDOWS\system32\nnnoNgfd.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {1f22ff70-5e9d-972b-e6a4-75a49d05e8ca} - {ac8e50d9-4a57-4a6e-b279-d9e507ff22f1} - C:\WINDOWS\system32\hnqsaz.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [lphc5afj0e3g4] C:\WINDOWS\system32\lphc5afj0e3g4.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Cheeze\Local Settings\Temporary Internet Files\Content.IE5\1POHV3QE\installer_sbd_en[1].exe
O4 - HKLM\..\Run: [07011e0c] rundll32.exe "C:\WINDOWS\system32\yfpbndfv.dll",b
O4 - HKLM\..\Run: [BM04322d90] Rundll32.exe "C:\WINDOWS\system32\sqbthutm.dll",s
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = C:\WINDOWS\RtlWake.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O20 - Winlogon Notify: vtUmLEvU - C:\WINDOWS\SYSTEM32\vtUmLEvU.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 11866 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 AgereSoftModem (Agere Systems Soft Modem) - c:\windows\system32\drivers\agrsm.sys <Not Verified; Agere Systems; Agere SoftModem Driver>
R3 aracpi - c:\windows\system32\drivers\aracpi.sys <Not Verified; Microsoft Corporation; Microsoft AR ACPI Driver>
R3 arkbcfltr (Microsoft PS2 Keyboard Filter) - c:\windows\system32\drivers\arkbcfltr.sys <Not Verified; Microsoft Corporation; Microsoft AR PS/2 Keyboard Filter Driver>
R3 armoucfltr (Microsoft PS2 Mouse Filter) - c:\windows\system32\drivers\armoucfltr.sys <Not Verified; Microsoft Corporation; Microsoft AR PS/2 Mouse Filter Driver>
R3 ARPolicy - c:\windows\system32\drivers\arpolicy.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R4 CO_Mon - c:\windows\system32\drivers\co_mon.sys (file missing)
S0 ftsata2 - c:\windows\system32\drivers\ftsata2.sys (file missing)
S3 arhidfltr (MS Ar HID Filter Driver) - c:\windows\system32\drivers\arhidfltr.sys <Not Verified; Microsoft Corporation; Microsoft AR Human Interface Device Filter Driver>
S4 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ARSVC - c:\windows\arservice.exe <Not Verified; Microsoft; ARSVC Application>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 RMSvc (Media Center Extender Resource Monitor) - c:\windows\ehome\rmsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 MHN - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\ACAE2011D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\ACAE2011D800
Service: NIC1394
-- Files created between 2008-06-13 and 2008-07-13 -----------------------------
2008-07-13 02:08:52 0 d-------- C:\WINDOWS\55A6283C638A4EE0B49151118554BDA2.TMP
2008-07-13 00:36:57 0 d-------- C:\ie-spyad_zo
2008-07-13 00:31:48 105248 --a------ C:\WINDOWS\system32\hnqsaz.dll
2008-07-13 00:31:47 105248 --a------ C:\WINDOWS\system32\dfawqpip.dll
2008-07-13 00:31:45 81152 --a------ C:\WINDOWS\system32\yfpbndfv.dll
2008-07-13 00:31:29 90992 --a------ C:\WINDOWS\system32\sqbthutm.dll
2008-07-12 23:51:58 0 d-------- C:\Program Files\SpywareBlaster
2008-07-12 20:30:06 105248 --a------ C:\WINDOWS\system32\gbefph.dll
2008-07-12 20:30:05 105248 --a------ C:\WINDOWS\system32\bvtufyoc.dll
2008-07-12 20:27:51 90992 --a------ C:\WINDOWS\system32\vtrdqbdc.dll
2008-07-12 19:03:59 0 d-------- C:\Program Files\Panda Security
2008-07-12 18:52:35 0 d-------- C:\Program Files\Trend Micro
2008-07-12 15:19:09 105248 --a------ C:\WINDOWS\system32\zmnxil.dll
2008-07-12 15:19:07 105248 --a------ C:\WINDOWS\system32\jlwhurui.dll
2008-07-12 15:18:59 90992 --a------ C:\WINDOWS\system32\yltsnctn.dll
2008-07-12 15:18:18 607509 --ahs---- C:\WINDOWS\system32\sDLVxGgh.ini2
2008-07-12 15:18:14 314688 --a------ C:\WINDOWS\system32\hgGxVLDs.dll
2008-07-12 11:13:32 105248 --a------ C:\WINDOWS\system32\roqyli.dll
2008-07-12 11:13:31 105248 --a------ C:\WINDOWS\system32\kbdrptul.dll
2008-07-12 11:13:22 90992 --a------ C:\WINDOWS\system32\vdlmhlna.dll
2008-07-12 11:12:42 620048 --ahs---- C:\WINDOWS\system32\aaGhQqss.ini2
2008-07-12 11:12:38 314688 --a------ C:\WINDOWS\system32\ssqQhGaa.dll
2008-07-12 04:30:14 105248 --a------ C:\WINDOWS\system32\tgetcj.dll
2008-07-12 04:30:13 105248 --a------ C:\WINDOWS\system32\nwucllln.dll
2008-07-12 04:27:24 81152 --a------ C:\WINDOWS\system32\lmdgkewu.dll
2008-07-12 04:27:13 90992 --a------ C:\WINDOWS\system32\swmlggbx.dll
2008-07-11 18:38:16 608598 --ahs---- C:\WINDOWS\system32\MoqWwyxx.ini2
2008-07-11 18:38:13 314608 --a------ C:\WINDOWS\system32\xxywWqoM.dll
2008-07-10 04:28:04 105232 --a------ C:\WINDOWS\system32\ywxfox.dll
2008-07-10 04:28:03 105232 --a------ C:\WINDOWS\system32\ldckowyc.dll
2008-07-10 04:27:50 90912 --a------ C:\WINDOWS\system32\nkrxievi.dll
2008-07-09 18:12:46 81184 --a------ C:\WINDOWS\system32\hoirvfjr.dll
2008-07-09 18:10:31 105152 --a------ C:\WINDOWS\system32\glrqiq.dll
2008-07-09 18:10:30 105152 --a------ C:\WINDOWS\system32\sdmjcqwa.dll
2008-07-09 18:10:23 90816 --a------ C:\WINDOWS\system32\kpifnwne.dll
2008-07-09 18:09:40 635462 --ahs---- C:\WINDOWS\system32\YbIllnnn.ini2
2008-07-09 18:09:35 314672 --a------ C:\WINDOWS\system32\nnnllIbY.dll
2008-07-09 04:30:42 105152 --a------ C:\WINDOWS\system32\fkwtrf.dll
2008-07-09 04:30:41 105152 --a------ C:\WINDOWS\system32\vkoqrtyo.dll
2008-07-09 04:27:41 90816 --a------ C:\WINDOWS\system32\egblwdwb.dll
2008-07-08 04:31:31 105296 --a------ C:\WINDOWS\system32\hggpdv.dll
2008-07-08 04:31:30 105296 --a------ C:\WINDOWS\system32\nrwswqad.dll
2008-07-08 04:28:30 81104 --a------ C:\WINDOWS\system32\lyurfvoj.dll
2008-07-08 04:25:31 90880 --a------ C:\WINDOWS\system32\twqdcgiu.dll
2008-07-07 04:28:18 106304 --a------ C:\WINDOWS\system32\oqezpt.dll
2008-07-07 04:28:17 106304 --a------ C:\WINDOWS\system32\tnvvgomr.dll
2008-07-06 04:26:26 82208 --a------ C:\WINDOWS\system32\tgkrdcqj.dll
2008-07-05 22:38:16 0 d-------- C:\Program Files\Lavasoft
2008-07-05 22:38:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-05 04:26:56 106320 --a------ C:\WINDOWS\system32\ppfolwff.dll
2008-07-05 04:26:56 106320 --a------ C:\WINDOWS\system32\kruekz.dll
2008-07-05 01:25:00 0 d-------- C:\NSS
2008-07-04 02:47:50 106192 --a------ C:\WINDOWS\system32\nofszd.dll
2008-07-04 02:47:49 106192 --a------ C:\WINDOWS\system32\wvmlksmq.dll
2008-07-03 02:48:21 106272 --a------ C:\WINDOWS\system32\ewjhpe.dll
2008-07-03 02:48:20 106272 --a------ C:\WINDOWS\system32\aysixjux.dll
2008-07-03 02:45:20 85248 --a------ C:\WINDOWS\system32\lrbkrvpm.dll
2008-07-02 19:51:37 0 d-------- C:\Documents and Settings\Cheeze\Application Data\Symantec
2008-07-02 13:08:55 1831 --ahs---- C:\WINDOWS\system32\HiPrCJlm.ini2
2008-07-02 13:08:52 315168 --a------ C:\WINDOWS\system32\mlJCrPiH.dll
2008-07-02 12:54:48 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2008-07-02 01:42:10 0 d-------- C:\Program Files\Norton 360
2008-07-02 01:38:11 0 d-------- C:\Program Files\Symantec
2008-07-02 01:38:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-02 00:43:29 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-02 00:26:44 988 --ahs---- C:\WINDOWS\system32\Psvyacdd.ini2
2008-07-02 00:26:38 315168 --a------ C:\WINDOWS\system32\ddcayvsP.dll
2008-07-01 19:30:35 1219 --ahs---- C:\WINDOWS\system32\CfNqAJlm.ini2
2008-07-01 19:30:30 315168 --a------ C:\WINDOWS\system32\mlJAqNfC.dll
2008-06-30 20:51:20 496 --ahs---- C:\WINDOWS\system32\eggMnnmp.ini2
2008-06-30 20:51:00 314784 --a------ C:\WINDOWS\system32\pmnnMgge.dll
2008-06-30 16:26:29 0 d-------- C:\Program Files\Tencent
2008-06-30 16:17:52 0 d-------- C:\Program Files\AIMTunes
2008-06-30 16:15:48 0 d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-06-30 11:39:44 496 --ahs---- C:\WINDOWS\system32\vEgfOXyb.ini2
2008-06-30 11:39:41 314784 --a------ C:\WINDOWS\system32\byXOfgEv.dll
2008-06-30 01:49:53 1021 --ahs---- C:\WINDOWS\system32\uCJQBcdd.ini2
2008-06-30 01:49:47 314784 --a------ C:\WINDOWS\system32\ddcBQJCu.dll
2008-06-30 00:34:05 616558 --ahs---- C:\WINDOWS\system32\dfgNonnn.ini2
2008-06-30 00:34:02 314784 --a------ C:\WINDOWS\system32\nnnoNgfd.dll
2008-06-30 00:28:58 25504 --a------ C:\WINDOWS\system32\vtUmLEvU.dll
2008-06-27 00:10:52 0 d-------- C:\Documents and Settings\Cheeze\Application Data\Azureus
2008-06-25 14:57:29 0 d-------- C:\Documents and Settings\Cheeze\Shared
2008-06-25 14:57:24 0 d-------- C:\Documents and Settings\Cheeze\Incomplete
2008-06-25 14:57:15 0 d-------- C:\Documents and Settings\Cheeze\Application Data\FrostWire
2008-06-25 14:34:38 0 d-------- C:\Documents and Settings\Danoo XD\Shared
2008-06-25 14:34:36 0 d-------- C:\Documents and Settings\Danoo XD\Incomplete
2008-06-25 14:34:28 0 d-------- C:\Documents and Settings\Danoo XD\Application Data\FrostWire
2008-06-19 23:08:47 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Viewpoint
2008-06-15 13:50:14 0 d-------- C:\Documents and Settings\Danoo XD\Application Data\DivX
-- Find3M Report ---------------------------------------------------------------
2008-07-13 02:10:10 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-13 02:06:23 0 d-------- C:\Program Files\Common Files
2008-07-13 00:52:55 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-12 15:54:49 0 d-------- C:\Program Files\WildTangent
2008-07-12 15:52:08 0 d-------- C:\Program Files\Viewpoint
2008-07-12 15:38:41 0 d-------- C:\Program Files\LimeWire
2008-07-03 19:38:54 0 d-------- C:\Program Files\Norton Security Scan
2008-07-03 02:10:26 196 --a------ C:\Documents and Settings\Danoo XD\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
2008-07-02 20:54:41 0 d-------- C:\Program Files\Azureus
2008-07-02 02:02:03 0 d-------- C:\Documents and Settings\Danoo XD\Application Data\Symantec
2008-07-02 00:08:48 0 d-------- C:\Documents and Settings\Danoo XD\Application Data\LimeWire
2008-06-30 22:06:41 0 d-------- C:\Documents and Settings\Danoo XD\Application Data\Azureus
2008-06-30 20:13:01 0 d-------- C:\Program Files\Windows Live
2008-06-30 16:18:39 0 d-------- C:\Program Files\AIM6
2008-06-25 14:57:04 0 d-------- C:\Program Files\AskSBar
2008-06-25 02:36:45 0 d-------- C:\Program Files\DivX
2008-06-09 20:44:49 0 d-------- C:\Documents and Settings\Danoo XD\Application Data\MSNInstaller
2008-06-09 19:55:28 0 d-------- C:\Program Files\Trymedia
2008-06-09 19:52:20 0 d-------- C:\Program Files\UBISOFT
2008-06-09 16:49:49 0 d-------- C:\Program Files\Microsoft Works
2008-06-05 19:40:12 0 d-------- C:\Documents and Settings\Danoo XD\Application Data\AdobeUM
2008-05-30 19:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-29 14:28:36 0 d-------- C:\Documents and Settings\Danoo XD\Application Data\Sun
2008-05-27 07:40:33 0 d-------- C:\Program Files\HP
2008-05-27 07:40:22 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-27 07:38:04 34436 --a------ C:\Documents and Settings\Danoo XD\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2008-05-27 07:28:19 0 d-------- C:\Documents and Settings\Danoo XD\Application Data\WinBatch
2008-05-26 00:31:56 0 d-------- C:\Documents and Settings\Danoo XD\Application Data\Adobe
2008-05-22 18:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 18:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 18:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 18:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11A7A749-0381-4AE2-940B-27EC006D6006}]
06/30/2008 12:28 AM 25504 --a------ C:\WINDOWS\system32\vtUmLEvU.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{445D316C-F9A7-49D5-A4AD-2E71CD1191FD}]
06/30/2008 12:34 AM 314784 --a------ C:\WINDOWS\system32\nnnoNgfd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ac8e50d9-4a57-4a6e-b279-d9e507ff22f1}]
07/13/2008 12:31 AM 105248 --a------ C:\WINDOWS\system32\hnqsaz.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [06/09/2008 04:02 PM 262144]
[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/30/2005 12:01 AM]
"RTHDCPL"="RTHDCPL.EXE" [03/08/2006 07:54 AM C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [08/03/2005 02:19 AM C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/24/2006 10:15 PM]
"nwiz"="nwiz.exe" [01/24/2006 10:15 PM C:\WINDOWS\system32\nwiz.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [06/02/2005 02:35 AM]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [03/16/2006 05:12 AM]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdMgr.exe" [03/16/2006 05:11 AM]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [03/20/2006 12:05 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [07/23/2005 01:14 AM]
"@"="" []
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/16/2006 01:34 AM]
"_SetRes"="c:\hp\bin\cloaker c:\hp\bin\res.bat" []
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [12/14/2004 05:23 AM]
"regcmdcons"="c:\hp\bin\cloaker.exe" [11/07/1999 02:11 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 04:44 PM]
"lphc5afj0e3g4"="C:\WINDOWS\system32\lphc5afj0e3g4.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/18/2008 03:37 PM]
"SBI"="C:\Documents and Settings\Cheeze\Local Settings\Temporary Internet Files\Content.IE5\1POHV3QE\installer_sbd_en[1].exe" []
"07011e0c"="C:\WINDOWS\system32\yfpbndfv.dll" [07/13/2008 12:31 AM]
"BM04322d90"="C:\WINDOWS\system32\sqbthutm.dll" [07/13/2008 12:31 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [06/19/2008 01:51 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 12:00 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [08/18/2005 08:49 PM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [10/20/2005 6:55:40 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [12/15/2005 9:40:44 PM]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [7/17/2006 12:52:15 AM]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [7/17/2006 12:52:12 AM]
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [5/6/2006 11:49:36 PM]
WG111v2 Smart Wizard Wireless Setting.lnk - C:\WINDOWS\RtlWake.exe [11/30/2007 8:02:28 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{11A7A749-0381-4AE2-940B-27EC006D6006}"= C:\WINDOWS\system32\vtUmLEvU.dll [06/30/2008 12:28 AM 25504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUmLEvU]
vtUmLEvU.dll 06/30/2008 12:28 AM 25504 C:\WINDOWS\system32\vtUmLEvU.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\nnnoNgfd
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE
-- End of Deckard's System Scanner: finished at 2008-07-13 02:12:53 ------------
