ComboScan v20070306.20 run by qd on 2007-03-15 at 14:09:34 Computer is in Normal Mode. -------------------------------------------------------------------------------- – System Restore -------------------------------------------------------------- Successfully created ComboScan Restore Point. – Last 5 Restore Point(s) – 59: 2007-03-15 13:09:37 UTC - RP116 - ComboScan Restore Point 58: 2007-03-14 22:49:18 UTC - RP115 - System Checkpoint 57: 2007-03-13 20:30:42 UTC - RP114 - System Checkpoint 56: 2007-03-12 18:11:42 UTC - RP113 - System Checkpoint 55: 2007-03-11 17:13:42 UTC - RP112 - System Checkpoint – First Restore Point – 1: 2006-12-27 00:04:02 UTC - RP58 - System Checkpoint Performed disk cleanup. – HijackThis (run as qd.exe) -------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 14:09:40, on 2007-03-15 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Documents and Settings\qd\Temporary Internet Files\Content.IE5\I1XEBADK\comboscan[1].exe C:\QD\Instalki\Reszta\qd.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= … &pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= … &pf=laptop O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM…\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM…\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM…\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [QPService] “C:\Program Files\HP\QuickPlay\QPService.exe” O4 - HKLM…\Run: [iSUSPM Startup] “C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM…\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM…\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM…\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM…\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe O4 - HKLM…\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_23.cab O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_43.cab O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe – HijackThis Fixed Entries (C:\QD\Instalki\Reszta\backups) ------------------- backup-20070315-135850-293 O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (file missing) backup-20070315-135917-653 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) – File Associations ----------------------------------------------------------- .bat - batfile - “%1” %* .chm - chm.file - “C:\WINDOWS\hh.exe” %1 .cmd - cmdfile - “%1” %* .com - comfile - “%1” %* .exe - exefile - “%1” %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe “%1” %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - “%1” %* .reg - regfile - regedit.exe “%1” .scr - scrfile - “%1” /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe “%1” %* – Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 4S agpCPQ (Compaq AGP Bus Filter) - C:\WINDOWS\system32\drivers\AGPCPQ.SYS 4S alim1541 (ALI AGP Bus Filter) - C:\WINDOWS\system32\drivers\ALIM1541.SYS 4S amdagp (AMD AGP Bus Filter Driver) - C:\WINDOWS\system32\drivers\AMDAGP.SYS 1R AmdK8 (AMD Processor Driver) - C:\WINDOWS\system32\drivers\AmdK8.sys 2R AMON - C:\WINDOWS\system32\drivers\amon.sys 3S Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys 2R atksgt - C:\WINDOWS\system32\drivers\atksgt.sys 3S BCM43XX (Broadcom 802.11 Network Adapter Driver) - C:\WINDOWS\system32\drivers\BCMWL5.SYS 4S cbidf - C:\WINDOWS\system32\drivers\cbidf2k.sys 3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\CCDECODE.sys 4S dac2w2k - C:\WINDOWS\system32\drivers\dac2w2k.sys 1R eabfiltr - C:\WINDOWS\system32\drivers\eabfiltr.sys 3S eabusb - C:\WINDOWS\system32\drivers\EabUsb.sys 3R HBtnKey - C:\WINDOWS\system32\drivers\CPQBttn.sys 3R HdAudAddService (Microsoft UAA Function Driver for High Definition Audio Service) - C:\WINDOWS\system32\drivers\CHDAud.sys 3R HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys 3R HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys 3R HSFHWAZL - C:\WINDOWS\system32\drivers\HSFHWAZL.sys 3R HSF_DPV - C:\WINDOWS\system32\drivers\HSF_DPV.sys 4S iaStor (Intel AHCI Controller) - C:\WINDOWS\system32\drivers\iaStor.sys 1R kbdhid (Keyboard HID Driver) - C:\WINDOWS\system32\drivers\kbdhid.sys 2R lirsgt - C:\WINDOWS\system32\drivers\lirsgt.sys 2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys 3S MHNDRV (MHN driver) - C:\WINDOWS\system32\drivers\mhndrv.sys 3R mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys 3R MQAC (Message Queuing access control) - C:\WINDOWS\system32\drivers\mqac.sys 3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\MSTEE.sys 3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\NABTSFEC.sys 3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\NdisIP.sys 3S NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys 3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys 0R nvata - C:\WINDOWS\system32\drivers\nvata.sys 3R NVENETFD (NVIDIA nForce Networking Controller Driver) - C:\WINDOWS\system32\drivers\NVENETFD.sys 3R nvnetbus (NVIDIA Network Bus Enumerator) - C:\WINDOWS\system32\drivers\nvnetbus.sys 3R nvsmu - C:\WINDOWS\system32\drivers\nvsmu.sys 2R NwlnkIpx (NWLink IPX/SPX/NetBIOS Compatible Transport Protocol) - C:\WINDOWS\system32\drivers\nwlnkipx.sys 2R NwlnkNb (NWLink NetBIOS) - C:\WINDOWS\system32\drivers\nwlnknb.sys 2R NwlnkSpx (NWLink SPX/SPXII Protocol) - C:\WINDOWS\system32\drivers\nwlnkspx.sys 0R ohci1394 (OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys 0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys 3R rimmptsk - C:\WINDOWS\system32\drivers\rimmptsk.sys 3R rimsptsk - C:\WINDOWS\system32\drivers\rimsptsk.sys 3R rismxdp (Ricoh xD-Picture Card Driver) - C:\WINDOWS\system32\drivers\rixdptsk.sys 3R RMCAST (Reliable Multicast Protocol driver) - C:\WINDOWS\system32\drivers\rmcast.sys 3S rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - C:\WINDOWS\system32\drivers\RTL8139.sys 3R sdbus - C:\WINDOWS\system32\drivers\sdbus.sys 0R sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - C:\WINDOWS\system32\drivers\sfdrv01.sys 3S sffdisk (SFF Storage Class Driver) - C:\WINDOWS\system32\drivers\sffdisk.sys 3S sffp_sd (SFF Storage Protocol Driver for SDBus) - C:\WINDOWS\system32\drivers\sffp_sd.sys 0R sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - C:\WINDOWS\system32\drivers\sfhlp02.sys 0R sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - C:\WINDOWS\system32\drivers\sfvfs02.sys 4S sisagp (SIS AGP Bus Filter) - C:\WINDOWS\system32\drivers\SISAGP.SYS 3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\SLIP.sys 3R SNP2UVC (USB2.0 PC Camera (SNP2UVC)) - C:\WINDOWS\system32\drivers\snp2uvc.sys 0R sptd - C:\WINDOWS\system32\drivers\sptd.sys 3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\StreamIP.sys 3S SYMIDSCO - C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20060922.092\symidsco.sys (not found) 3R SynTP (Synaptics TouchPad Driver) - C:\WINDOWS\system32\drivers\SynTP.sys 3S usbaudio (USB Audio Driver (WDM)) - C:\WINDOWS\system32\drivers\USBAUDIO.sys 3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys 3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys 3R usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys 3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys 3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS 4S viaagp (VIA AGP Bus Filter) - C:\WINDOWS\system32\drivers\VIAAGP.SYS 3R winachsf - C:\WINDOWS\system32\drivers\HSF_CNXT.sys 1R WmiAcpi (Microsoft Windows Management Interface for ACPI) - C:\WINDOWS\system32\drivers\wmiacpi.sys 1R WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\system32\drivers\ws2ifsl.sys 3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\WSTCODEC.SYS – Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 3S AddFiltr - “C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe” 3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe 2R ehRecvr (Media Center Receiver Service) - C:\WINDOWS\eHome\ehRecvr.exe 2R ehSched (Media Center Scheduler Service) - C:\WINDOWS\eHome\ehSched.exe 2R hpqwmiex - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 3S IDriverT (InstallDriver Table Manager) - “C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe” 2R LightScribeService (LightScribeService Direct Disc Labeling Service) - “C:\Program Files\Common Files\LightScribe\LSSrvc.exe” 2R McrdSvc (Media Center Extender Service) - C:\WINDOWS\ehome\mcrdsvc.exe 3S MHN - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R MSMQ (Message Queuing) - C:\WINDOWS\system32\mqsvc.exe 2R MSMQTriggers (Message Queuing Triggers) - C:\WINDOWS\system32\mqtgsvc.exe 2R NOD32krn (NOD32 Kernel Service) - “C:\Program Files\Eset\nod32krn.exe” 2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe 3S ose (Office Source Engine) - “C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE” 3S UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe 3S WMConnectCDS (Windows Media Connect Service) - C:\Program Files\Windows Media Connect 2\wmccds.exe – Scheduled Tasks ------------------------------------------------------------- 2007-03-13 19:13:26 982 --ah----- C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job 2006-11-26 23:58:47 452 --a------ C:\WINDOWS\Tasks\Easy Internet Sign-up.job – Files created between 2007-02-15 and 2007-03-15 ----------------------------- 2007-03-06 14:27:04 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll 2007-03-06 14:27:04 17212 --a------ C:\WINDOWS\system32\SIntf32.dll 2007-03-06 14:27:04 12067 --a------ C:\WINDOWS\system32\SIntf16.dll 2007-03-06 14:22:05 151552 --a------ C:\WINDOWS\system32\MSOSS.DLL 2007-02-19 12:02:43 0 d-------- C:\Documents and Settings\qd\Application Data\Sports Interactive 2007-02-18 23:08:47 0 d-------- C:\Program Files\Common Files\system32 2007-02-18 21:12:14 0 d-------- C:\Program Files\Temp 2007-02-18 21:12:14 0 d-------- C:\Program Files\GinRoulette 2007-02-18 21:12:14 0 d-------- C:\Program Files\Common 2007-02-18 21:12:14 0 d-------- C:\Program Files\Adv – Find3M Report --------------------------------------------------------------- 2007-03-14 22:52:10 0 d-------- C:\Documents and Settings\qd\Application Data\Skype 2007-03-14 13:35:49 0 d-------- C:\Documents and Settings\qd\Application Data\Azureus 2007-03-09 08:34:44 0 d-------- C:\Program Files\mIRC 2007-03-06 16:12:19 0 d-------- C:\Program Files\Google 2007-03-06 14:22:04 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-03-05 18:32:50 0 d-------- C:\Program Files\eMule 2007-03-01 22:00:06 0 d-------- C:\Program Files\Java 2007-02-19 11:51:37 0 d-------- C:\Program Files\Common Files\InstallShield 2007-02-18 23:50:38 0 d-------- C:\Program Files\Azureus 2007-02-18 23:42:49 0 d-------- C:\Program Files\GanymedeNet 2007-01-18 18:53:05 0 d-------- C:\Program Files\Common Files\Adobe 2007-01-18 18:51:02 0 d-------- C:\Documents and Settings\qd\Application Data\AdobeUM 2007-01-15 15:46:44 0 d—s---- C:\Documents and Settings\qd\Application Data\Microsoft 2007-01-15 12:03:52 0 d-------- C:\Documents and Settings\qd\Application Data\Google 2007-01-05 00:27:51 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll – Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “ehTray”=“C:\WINDOWS\ehome\ehtray.exe” “hpWirelessAssistant”=“C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe” “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”" “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” “MsmqIntCert”=“regsvr32 /s mqrt.dll” “High Definition Audio Property Page Shortcut”=“CHDAudPropShortcut.exe” “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” “QPService”="“C:\Program Files\HP\QuickPlay\QPService.exe”" “ISUSPM Startup”="“C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup" “ISUSScheduler”="“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start" “QlbCtrl”=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,48,65,77,6c,65,\ 74,74,2d,50,61,63,6b,61,72,64,5c,48,50,20,51,75,69,63,6b,20,4c,61,75,6e,63,\ 68,20,42,75,74,74,6f,6e,73,5c,51,6c,62,43,74,72,6c,2e,65,78,65,20,2f,53,74,\ 61,72,74,00 “Cpqset”=“C:\Program Files\HPQ\Default Settings\cpqset.exe” “RecGuard”=“C:\Windows\SMINST\RecGuard.exe” “nod32kui”="“C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE" “NetLimiter”=“C:\Program Files\NetLimiter\NetLimiter.exe /s” “QuickTime Task”="“C:\Program Files\QuickTime\qttask.exe” -atboottime" “nwiz”=“nwiz.exe /install” “HP Software Update”=“C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe” “HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe” “DeviceDiscovery”=“C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe” “{0228e555-4f9c-4e35-a3ec-b109a192b4c2}”=“C:\Program Files\Google\Gmail Notifier\gnotify.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] “UPnPMonitor”="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “InstallVisualStyle”=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 “InstallTheme”=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{21d72d52-9f58-11db-87dc-0016d30cb056}] Shell\AutoRun\command F:\Launcher.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{6a7938f9-4d48-11db-86ec-806d6172696f}] Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 – End of ComboScan: finished at 2007-03-15 at 14:10:02 ------------------------