Other > Viruses and worms

Possible .exe virus/trojan?

<< < (3/6) > >>

marcuth:
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - c:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194502863937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189755363437
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: winhab32 - winhab32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 14569 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 mapledxp - c:\windows\system32\drivers\mapledxp.sys <Not Verified; Jeff Hurchalla and Marble Sound; MarbleSound Maple Midi XP Driver SYS>
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 1.4.2 Build 10>
R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 audiobridge (Virtual Audio Bridge) - c:\windows\system32\drivers\aubridge.sys <Not Verified; SoundGenetics; Audio Bridge Wave>
R3 CnxTrLan (NetComm USB Network Adapter Driver) - c:\windows\system32\drivers\cnxtrlan.sys <Not Verified; Conexant; Conexant USB Network Device>
R3 CnxTrUsb (NetComm USB Network Interface Device Driver) - c:\windows\system32\drivers\cnxtrusb.sys <Not Verified; Conexant; Conexant USB Network Device>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S0 ftsata2 - c:\windows\system32\drivers\ftsata2.sys (file missing)
S3 LoopBeMidi1 (nerds.de LoopBe1 - Internal Midi Port SvcDesc(WDM)) - c:\windows\system32\drivers\loopbe1.sys (file missing)
S3 pgfilter - c:\program files\peerguardian2\pgfilter.sys
S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>

marcuth:
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe"
R2 BlueSoleilCS - c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe <Not Verified; ; BlueSoleilCS Module>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R3 BsHelpCS - c:\program files\ivt corporation\bluesoleil\bshelpcs.exe <Not Verified; ; BsHelpCS Module>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-19 11:27:56       286 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
2007-11-14 17:14:02       284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-11-13 02:20:08       330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-11-09 09:03:08       360 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job


-- Files created between 2007-10-19 and 2007-11-19 -----------------------------

2007-11-19 12:08:26         0 d-------- C:\Program Files\Common Files\Java
2007-11-18 20:51:55         0 d-------- C:\Program Files\Alwil Software
2007-11-14 17:29:07         0 d-------- C:\Program Files\iPod
2007-11-13 20:20:49         0 d-------- C:\Program Files\IVT Corporation
2007-11-13 19:27:38         0 d-------- C:\Program Files\OLVI Soft
2007-11-13 18:58:50         0 --a------ C:\WINDOWS\system32\0
2007-11-13 18:58:50        32 --a------ C:\WINDOWS\0
2007-11-13 16:52:52         0 d-------- C:\Documents and Settings\HP_Administrator\Phone Browser
2007-11-13 16:32:03         0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-11-13 16:31:47         0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Nokia
2007-11-13 16:31:23         0 d-------- C:\Program Files\Common Files\PCSuite
2007-11-13 16:31:22         0 d-------- C:\Program Files\Common Files\Nokia
2007-11-13 16:31:12         0 d-------- C:\Program Files\DIFX
2007-11-13 16:31:09         0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\PC Suite
2007-11-13 16:31:03         0 d-------- C:\Program Files\PC Connectivity Solution
2007-11-13 16:30:40         0 d-------- C:\Program Files\Nokia
2007-11-13 16:29:49         0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
2007-11-12 19:35:08      4144 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-12 19:34:51     25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-12 19:34:51    289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-12 19:34:51    288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-12 19:34:51     53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-11-12 19:34:51     51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-10 11:55:48         0 d-------- C:\NVIDIA
2007-11-09 09:14:53         0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\WinPatrol
2007-11-09 09:14:47         0 d-------- C:\Program Files\BillP Studios
2007-11-08 23:23:42         0 d-------- C:\Program Files\Windows Defender
2007-11-08 22:44:41         0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2007-11-08 17:45:32         0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Registry Booster
2007-11-08 16:14:39         0 dr-h----- C:\Documents and Settings\HP_Administrator\Recent
2007-11-04 00:20:51         0 d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2007-11-04 00:18:32         0 d-------- C:\Program Files\Last.fm
2007-10-27 01:23:29         0 d-------- C:\WINDOWS\vbSkinner
2007-10-27 01:22:46         0 d-------- C:\Program Files\PFConfig
2007-10-21 20:29:38         0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Free Download Manager
2007-10-21 20:29:33         0 d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2007-10-21 20:29:32         0 d-------- C:\Program Files\Free Download Manager


-- Find3M Report ---------------------------------------------------------------

2007-11-19 12:10:39         0 d-------- C:\Program Files\Java
2007-11-19 12:08:26         0 d-------- C:\Program Files\Common Files
2007-11-19 11:59:47         0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\AVG7
2007-11-18 19:37:55         0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
2007-11-18 19:07:42         0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-14 17:29:29         0 d-------- C:\Program Files\iTunes
2007-11-14 17:27:08         0 d-------- C:\Program Files\QuickTime
2007-11-14 08:15:50         8 --a------ C:\Documents and Settings\HP_Administrator\Application Data\NMM-MetaData.db
2007-11-13 20:21:16        12 --a------ C:\WINDOWS\bthservsdp.dat
2007-11-12 17:38:15       664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-11 09:52:06         0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Vso
2007-11-08 17:45:27         0 d-------- C:\Program Files\Uniblue
2007-11-08 17:37:04         0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Uniblue
2007-10-18 15:10:14       534 --a------ C:\WINDOWS\eReg.dat
2007-10-18 15:09:52         0 d-------- C:\Program Files\Maxis
2007-10-16 23:58:41         0 d-------- C:\Program Files\PeerGuardian2
2007-10-09 13:32:09     72748 --a------ C:\WINDOWS\unins001.exe <Not Verified; Jordan Russell; >
2007-10-09 13:32:09      1310 --a------ C:\WINDOWS\unins001.dat
2007-10-08 15:01:27         0 d-------- C:\Program Files\ImTOO
2007-10-08 14:38:57         0 d-------- C:\Program Files\Xilisoft
2007-10-04 17:14:00   1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-10-04 17:14:00   1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-10-04 17:14:00   1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-04 17:14:00    466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-10-04 17:14:00   1478656 --a------ C:\WINDOWS\system32\nview.dll
2007-10-04 17:14:00   1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-10-04 17:14:00    442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-10-04 17:14:00    425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-10-04 15:36:22         0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\AVS4YOU
2007-10-04 15:36:10         0 d-------- C:\Program Files\Common Files\AVSMedia
2007-10-04 13:50:15         0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia
2007-09-22 14:49:50         0 d-------- C:\Program Files\MagicDVDCopier
2007-09-22 14:23:54         0 d-------- C:\Program Files\Common Files\MagicDVDCopier
2007-09-22 14:22:04         0 d-------- C:\Program Files\MagicDVDRipper
2007-09-21 19:47:57         0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\LG Electronics
2007-09-21 19:44:41         0 d-------- C:\Program Files\LG Electronics
2007-08-21 12:53:38     28766 --a------ C:\WINDOWS\system32\PlayerCtrl.dll <Not Verified; IVT; PlayerCtrl Dynamic Link Library>

marcuth:
-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ftutil2"="ftutil2.dll" [07/06/2004 07:05 AM C:\WINDOWS\system32\ftutil2.dll]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [10/08/2004 07:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [10/08/2004 07:00 AM]
"RTHDCPL"="RTHDCPL.EXE" [14/06/2006 06:05 AM C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [02/08/2005 04:19 PM C:\WINDOWS\arpwrmsg.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [13/04/2006 02:05 AM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [22/07/2005 03:14 PM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [15/02/2006 03:34 PM]
"CnxTrApp"="C:\Program Files\NetComm\NetComm USB Network\CnxTrApp.dll" [19/07/2003 10:32 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [08/11/2007 04:46 PM]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [23/08/2006 11:38 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [16/02/2005 11:11 PM]
"ISUSPM Startup"="c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [27/07/2004 04:50 PM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [10/08/2004 07:00 AM C:\WINDOWS\system32\bthprops.cpl]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [28/06/2006 07:46 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/06/2006 01:36 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 07:20 PM]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [27/10/2007 02:06 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [04/10/2007 05:14 PM]
"BtTray"="C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" [10/09/2007 11:08 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [06/09/2007 08:06 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:54 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 07:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [4/11/2007 12:18:33 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhab32]
winhab32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
backup=C:\WINDOWS\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\Program Files\ICQLite\ICQLite.exe" -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
"C:\Program Files\Microsoft IntelliType Pro\itype.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
"C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
AutoRun\command- L:\autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6E615E07-8CA2-BF63-4CB9-CD1A796988B3}]
C:\WINDOWS\system32:svchost.exe



-- End of Deckard's System Scanner: finished at 2007-11-19 12:15:41 ------------

marcuth:
Now find the extra.txt below

extra.txt log:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) D CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) D CPU 3.00GHz
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 1023.36 MiB / 518.75 MiB
Pagefile Memory (total/avail): 2458.73 MiB / 2100.81 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1904.45 MiB

C: is Fixed (NTFS) - 178.03 GiB total, 70.56 GiB free.
D: is Fixed (FAT32) - 8.26 GiB total, 0.56 GiB free.
E: is CDROM (No Media)
F: is Fixed (FAT32) - 232.83 GiB total, 45.33 GiB free.
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3200827AS - 186.31 GiB - 2 partitions
  \PARTITION0 (bootable) - Installable File System - 178.03 GiB - C:
  \PARTITION1 - Unknown - 8.27 GiB - D:

\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE1 - WD 2500BB External USB Device - 232.88 GiB - 1 partition
  \PARTITION0 - Unknown - 232.88 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: ZoneAlarm Firewall v6.5.737.000 (Zone Labs, Inc.) Disabled
AV: AVG 7.5.503 v7.5.503 (Grisoft)
AV: avast! antivirus 4.7.1043 [VPS 071118-2] v4.7.1043 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\3dsmax7\\3dsmax.exe"="C:\\3dsmax7\\3dsmax.exe:*:Enabled:3ds max 7"
"C:\\Program Files\\backburner 2\\monitor.exe"="C:\\Program Files\\backburner 2\\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\\Program Files\\backburner 2\\manager.exe"="C:\\Program Files\\backburner 2\\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\\Program Files\\backburner 2\\server.exe"="C:\\Program Files\\backburner 2\\server.exe:*:Enabled:backburner 2.3 server"
"C:\\Documents and Settings\\HP_Administrator\\My Documents\\My Music\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\HP_Administrator\\My Documents\\My Music\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\HP_Administrator\\My Documents\\marcus\\Other Crap\\utorrent.exe"="C:\\Documents and Settings\\HP_Administrator\\My Documents\\marcus\\Other Crap\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"="C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Documents and Settings\\HP_Administrator\\My Documents\\installers\\My Music\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\HP_Administrator\\My Documents\\installers\\My Music\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Documents and Settings\\HP_Administrator\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\HP_Administrator\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe:*:Enabled:Age of Empires 3"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:Last.fm"

marcuth:
-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MARCUS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Administrator
LOGONSERVER=\\MARCUS
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\backburner 2\;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0604
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=MARCUS
USERNAME=HP_Administrator
USERPROFILE=C:\Documents and Settings\HP_Administrator
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

HP_Administrator (admin)
Administrator (admin)

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version