Ok done that
Heres the Main.txt file log...
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:28:39, on 18/07/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Microsoft Works\WkDetect.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O16 - DPF: Yahoo! Pool 2 -
http://origin.games.yahoo.net/games/cli ... poti_x.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/Mi ... b31267.cabO16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} -
http://208.98.1.71/talk.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cabO16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{0B5D0846-148F-4BFD-BB40-B08FC4038CC6}: NameServer = 212.139.132.57 212.139.132.56
O17 - HKLM\System\CS2\Services\Tcpip\..\{0B5D0846-148F-4BFD-BB40-B08FC4038CC6}: NameServer = 212.139.132.57 212.139.132.56
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Handling the DHCP requests (DHCP Client) - Unknown owner - C:\WINDOWS\system32\service.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
--
End of file - 5169 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080415-223436-523 O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
backup-20080415-223639-190 O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
backup-20080415-223639-441 O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
backup-20080415-223639-626 O2 - BHO: (no name) - {688DA5BF-B6D0-4AAB-884C-710748E1EA1B} - (no file)
backup-20080415-223639-941 O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - (no file)
backup-20080415-223640-563 O2 - BHO: (no name) - {930D35D2-094D-41B9-8E89-D1B76F2C6E97} - (no file)
backup-20080415-223640-889 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080415-224420-158 O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
backup-20080415-224420-764 O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
backup-20080415-233647-979 O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
backup-20080415-233648-559 O2 - BHO: 403445 helper - {9E654A16-4765-4EAA-94EC-D5A6578053A4} - (no file)
backup-20080415-233648-842 O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
backup-20080415-233648-954 O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
backup-20080415-233727-337 O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
backup-20080415-233727-347 O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
backup-20080415-233905-284 O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
backup-20080611-210215-114 O1 - Hosts: 213.159.235.174
http://www.ukpersonal.hsbc.co.ukbackup-20080611-210215-147 O1 - Hosts: 213.159.235.174 webbank.openplan.co.uk
backup-20080611-210215-173 O1 - Hosts: 213.159.235.174 banesnet.banesto.es
backup-20080611-210215-240 O1 - Hosts: 213.159.235.174 ibank.barclays.co.uk
backup-20080611-210215-266 O1 - Hosts: 213.159.235.174 meine.deutsche-bank.de
backup-20080611-210215-292 O1 - Hosts: 213.159.235.174 online-business.lloydstsb.co.uk
backup-20080611-210215-319 O1 - Hosts: 213.159.235.174 oi.cajamadrid.es
backup-20080611-210215-327 O1 - Hosts: 213.159.235.174
http://www.rbsdigital.combackup-20080611-210215-339 O1 - Hosts: 213.159.235.174 ibank.cahoot.com
backup-20080611-210215-367 O20 - Winlogon Notify: awtsqpn - awtsqpn.dll (file missing)
backup-20080611-210215-381 O1 - Hosts: 213.159.235.174
http://www.nwolb.combackup-20080611-210215-417 O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
backup-20080611-210215-477 O1 - Hosts: 213.159.235.174 online.lloydstsb.co.uk
backup-20080611-210215-590 O1 - Hosts: 213.159.235.174
http://www.bankofscotlandhalifax-online.co.ukbackup-20080611-210215-645 O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
backup-20080611-210215-749 O1 - Hosts: 213.159.235.174 bancae.caixapenedes.com
backup-20080611-210215-836 O1 - Hosts: 213.159.235.174 ebanking.bccbrescia.it
backup-20080611-210215-842 O1 - Hosts: 213.159.235.174 extranet.banesto.es
backup-20080611-210215-854 O1 - Hosts: 213.159.235.174
http://www.halifax-online.co.ukbackup-20080611-210215-909 O1 - Hosts: 213.159.235.174 myonlineaccounts2.abbeynational.co.uk
backup-20080611-210215-991 O1 - Hosts: 213.159.235.174 banking.postbank.de
backup-20080611-210216-174 O23 - Service: Handling the DHCP requests (DHCP Client) - Unknown owner - C:\WINDOWS\system32\service.exe (file missing)
backup-20080611-210216-481 O20 - Winlogon Notify: winius32 - winius32.dll (file missing)
backup-20080611-210216-505 O23 - Service: Srv32 - Unknown owner - C:\WINDOWS\system32\srv32.exe (file missing)
backup-20080611-210216-612 O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\rslocysy.exe (file missing)
backup-20080611-210216-787 O20 - Winlogon Notify: vtsqp - C:\WINDOWS\System32\vtsqp.dll (file missing)
backup-20080712-163227-787 O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
backup-20080712-165741-427 O8 - Extra context menu item: &Search -
http://km.bar.need2find.com/KM/menusearch.html?p=KMbackup-20080712-165741-460 O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
backup-20080712-165741-472 O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
backup-20080712-165741-562 O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
backup-20080712-165741-686 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
backup-20080712-165741-760 O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
backup-20080712-165742-130 O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) -
http://pcpitstop.com/mhLbl.cabbackup-20080712-165742-398 O17 - HKLM\System\CCS\Services\Tcpip\..\{0B5D0846-148F-4BFD-BB40-B08FC4038CC6}: NameServer = 85.255.116.167 85.255.112.168
backup-20080712-165742-506 O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
backup-20080712-165742-705 O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
backup-20080712-165742-813 O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
backup-20080712-165742-828 O17 - HKLM\System\CS2\Services\Tcpip\..\{0B5D0846-148F-4BFD-BB40-B08FC4038CC6}: NameServer = 85.255.116.167 85.255.112.168
backup-20080717-192355-114 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080717-192355-216 O17 - HKLM\System\CS2\Services\Tcpip\..\{0B5D0846-148F-4BFD-BB40-B08FC4038CC6}: NameServer = 85.255.116.167 85.255.112.168
backup-20080717-192355-394 O17 - HKLM\System\CCS\Services\Tcpip\..\{0B5D0846-148F-4BFD-BB40-B08FC4038CC6}: NameServer = 85.255.116.167 85.255.112.168
backup-20080717-192355-404 O4 - HKUS\S-1-5-18\..\RunServices: [Microsoft Support] sys32ms.exe (User 'SYSTEM')
backup-20080717-192355-483 O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
backup-20080717-192355-579 O4 - HKUS\.DEFAULT\..\RunServices: [Microsoft Support] sys32ms.exe (User 'Default user')
backup-20080717-192355-624 O4 - HKLM\..\Run: [dyfmvipo.exe] C:\Documents and Settings\All Users\Application Data\dyfmvipo.exe
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 adiusbaw (USB ADSL WAN Adapter) - c:\windows\system32\drivers\adiusbaw.sys <Not Verified; Analog Devices Inc.; ADSL USB WAN Driver>
S2 ADILOADER (General Purpose USB Driver (adildr.sys)) - c:\windows\system32\drivers\adildr.sys <Not Verified; Analog Deivces; ADI ADSL chipset loader>
S3 catchme - c:\docume~1\owner\locals~1\temp\catchme.sys (file missing)
S3 usbsermptxp (Motorola USB Modem Driver for MPT XP) - c:\windows\system32\drivers\usbsermptxp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 LicCtrlService (LicCtrl Service) - c:\windows\runservice.exe
S2 DHCP Client (Handling the DHCP requests) - c:\windows\system32\service.exe (file missing)
S4 DomainService - c:\windows\system32\rslocysy.exe /service (file missing)
S4 Srv32 - c:\windows\system32\srv32.exe s (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-07-12 22:38:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-06-18 and 2008-07-18 -----------------------------
2008-07-17 23:00:37 0 d-------- C:\WINDOWS\System32\PreInstall
2008-07-17 23:00:31 0 d--h----- C:\WINDOWS\$hf_mig$
2008-07-16 23:49:04 171280 --a------ C:\WINDOWS\System32\jit.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-07-16 23:49:04 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-07-16 23:49:03 139536 --a------ C:\WINDOWS\System32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-07-16 23:49:03 313856 --a------ C:\WINDOWS\System32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-07-16 23:49:03 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-07-16 23:48:54 113 --a------ C:\WINDOWS\System32\zonedon.reg
2008-07-16 23:48:54 113 --a------ C:\WINDOWS\System32\zonedoff.reg
2008-07-16 23:48:54 171792 --a------ C:\WINDOWS\System32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-07-16 23:48:53 286992 --a------ C:\WINDOWS\System32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-07-16 23:48:53 21264 --a------ C:\WINDOWS\System32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-07-16 23:48:52 947472 --a------ C:\WINDOWS\System32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-07-16 23:48:52 154384 --a------ C:\WINDOWS\System32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-07-16 23:48:51 172304 --a------ C:\WINDOWS\System32\jview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-07-16 23:48:51 15120 --a------ C:\WINDOWS\System32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-07-16 23:48:50 404752 --a------ C:\WINDOWS\System32\javart.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-07-16 23:48:50 63248 --a------ C:\WINDOWS\System32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-07-16 23:48:50 187152 --a------ C:\WINDOWS\System32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-07-16 23:48:47 49424 --a------ C:\WINDOWS\System32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-07-16 23:01:11 25600 --a------ C:\WINDOWS\System32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 20:55:37 0 d-------- C:\WINDOWS\Prefetch
2008-07-16 20:48:19 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-16 20:48:18 0 d-------- C:\WINDOWS\ehome
2008-07-15 18:29:40 0 d-------- C:\WINDOWS\ERUNT
2008-07-15 08:00:26 11885297 -----n--- C:\avg7qt.dat
2008-07-13 14:26:01 0 d-------- C:\WINDOWS\System32\RMBin
2008-07-13 14:26:01 139264 --a------ C:\WINDOWS\System32\NCTVideoFile.dll <Not Verified; NCT Company Ltd.; NCTVideoFile ActiveX DLL>
2008-07-13 14:26:01 2260992 --a------ C:\WINDOWS\System32\NCTVideoCompress.dll <Not Verified; NCT Company Ltd.; NCTVideoCompress ActiveX DLL>
2008-07-13 14:26:01 282624 --a------ C:\WINDOWS\System32\NCTQuickTimeFile.dll <Not Verified; Online Media Technologies Company Ltd.; NCTQuickTimeFile Module>
2008-07-13 14:26:01 261632 --a------ C:\WINDOWS\System32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2008-07-13 14:26:00 196608 --a------ C:\WINDOWS\System32\NCTWMVFile.dll <Not Verified; NCT Company Ltd.; NCTWMVFile ActiveX DLL>
2008-07-13 14:26:00 106496 --a------ C:\WINDOWS\System32\NCTVideoCoreU.dll <Not Verified; NCT Company Ltd.; NCTVideoCoreU ActiveX DLL>
2008-07-13 14:26:00 991232 --a------ C:\WINDOWS\System32\NCTVideoCoreM.dll <Not Verified; NCT Company Ltd.; NCTVideoCoreM ActiveX DLL>
2008-07-13 14:26:00 1245184 --a------ C:\WINDOWS\System32\NCTRMFile.dll <Not Verified; NCT Company Ltd.; NCTRMFile ActiveX DLL>
2008-07-13 14:26:00 294912 --a------ C:\WINDOWS\System32\NCTAVIFile.dll <Not Verified; NCT Company Ltd.; NCTAVIFile ActiveX DLL>
2008-07-13 14:25:59 1986560 --a------ C:\WINDOWS\System32\NCTAudioFile2.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL>
2008-07-13 14:25:59 2564096 --a------ C:\WINDOWS\System32\NCTAudioCompress3.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioCompress3 Module>
2008-07-13 14:25:59 1810432 --a------ C:\WINDOWS\System32\NCTAudioCompress2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioCompress2 Module>
2008-07-13 14:25:58 126464 --a------ C:\WINDOWS\System32\lame_enc.dll
2008-07-13 14:25:55 0 d-------- C:\Program Files\4U Computing
2008-07-13 14:18:43 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-07-13 14:09:54 0 d-------- C:\divx
2008-06-30 02:48:43 0 d-------- C:\WINDOWS\System32\modtrux01
2008-06-24 03:01:16 0 d-------- C:\Program Files\FLV Player
-- Find3M Report ---------------------------------------------------------------
2008-07-18 14:58:03 1505 --ahs---- C:\WINDOWS\System32\mmf.sys
2008-07-16 21:01:22 4212 ---h----- C:\WINDOWS\System32\zllictbl.dat
2008-07-16 21:00:14 0 d-------- C:\Program Files\MSN Messenger
2008-07-16 20:50:44 0 d-------- C:\Program Files\Messenger
2008-07-16 20:48:01 0 d-------- C:\Program Files\Movie Maker
2008-07-15 18:46:34 0 d-------- C:\Program Files\Common Files
2008-07-13 14:06:37 0 d-------- C:\Program Files\DivX
2008-07-06 14:31:02 0 d-------- C:\Program Files\Tennis Elbow Manager
2008-06-29 04:01:56 0 d-------- C:\Program Files\QuickTime
2008-06-29 03:53:25 0 d-------- C:\Program Files\Microsoft Picture It! PhotoPub
2008-06-18 07:51:55 0 d-------- C:\Program Files\Tennis Elbow 2006
2008-06-11 01:07:20 3596288 --a------ C:\WINDOWS\System32\qt-dx331.dll
2008-06-11 01:03:26 196608 --a------ C:\WINDOWS\System32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-11 01:03:26 81920 --a------ C:\WINDOWS\System32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-11 01:03:20 802816 --a------ C:\WINDOWS\System32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-11 01:03:20 823296 --a------ C:\WINDOWS\System32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:20 815104 --a------ C:\WINDOWS\System32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:20 823296 --a------ C:\WINDOWS\System32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:18 683520 --a------ C:\WINDOWS\System32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-03 05:16:32 0 d-------- C:\Program Files\Lavasoft
2008-06-03 05:15:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-22 23:18:54 12288 --a------ C:\WINDOWS\System32\DivXWMPExtType.dll
2008-05-20 02:26:26 7555 --a------ C:\WINDOWS\mozver.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07/05/1998 09:04]
"KBD"="C:\HP\KBD\KBD.EXE" [06/07/2001 14:56]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [23/12/2005 03:26]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [14/12/2004 18:19]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [24/08/2006 00:38]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [14/09/2005 21:44]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 13:54]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [30/06/2000 00:00]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [26/05/2005 09:52]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NTSF MICROSOFT SYSTEM"=scvhost.exe
"Microsoft Support"=sys32ms.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe [28/06/2005 13:47:39]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DHCP Client]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibin]
C:\wdns.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
C:\Program Files\Norton Personal Firewall\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\izone]
C:\wdns.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft IIS]
C:\WINDOWS\system32\syshost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Support]
sys32ms.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NTSF MICROSOFT SYSTEM]
scvhost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
pctspk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe
-- End of Deckard's System Scanner: finished at 2008-07-18 19:32:06 ------------