Tech Support Forum - View Single Post

heckernana · 01-22-2008, 04:25 PM

Thank you.

Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2008-01-20 21:22:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
58: 2008-01-21 03:22:43 UTC - RP534 - Deckard's System Scanner Restore Point
57: 2008-01-21 00:33:00 UTC - RP533 - Spyware Doctor: Cleaning Threats
56: 2008-01-20 02:53:54 UTC - RP532 - System Checkpoint
55: 2008-01-19 02:35:07 UTC - RP531 - System Checkpoint
54: 2008-01-18 02:27:44 UTC - RP530 - System Checkpoint

-- First Restore Point --
1: 2007-12-29 21:12:12 UTC - RP477 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-20 22:27:24
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\6HJZJBSD\dss[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/1me10enus/2
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F0 - win.ini: load=C:\WINDOWS\system32\mljjj.exe
F3 - REG:win.ini: Load=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E7F256F-0217-4924-B535-5530D2342791} - (no file)
O2 - BHO: {e7b2a9a9-0d80-9348-b084-f30833740cc3} - {3cc04733-803f-480b-8439-08d09a9a2b7e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9689D867-13DE-1E5D-DC2E-4FE679F3589A} - (no file)
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CD61E5EE-6447-41C9-BD85-84B4ED476CB4} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Dora Fairytale Adventures Registration.lnk = E:\ATR1.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.emdat.com (HKLM)
O15 - Trusted Zone: *.mytranscriptions.com (HKLM)
O15 - Trusted Zone: http://trymedia.com (HKLM)
O15 - Trusted Zone: https://trymedia.com (HKLM)
O15 - Trusted Zone: https://emdat.com (HKCU)
O15 - Trusted Zone: https://mytranscriptions.com (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase2895.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1178592258437
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players...stallAsst2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/A...oadcontrol.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 14197 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 sdcplh - c:\windows\system32\drivers\sdcplh.sys <Not Verified; ; SDCPLH>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 BDSelfPr - c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys <Not Verified; BitDefender S.R.L.; BitDefender>

S0 ftsata2 - c:\windows\system32\drivers\ftsata2.sys (file missing)
S3 3af54a72-c6e4-4c18-98ae-fe1c5d1ca8df - e:\cds300\cds300.dll (file missing)
S3 BOCDRIVE (BOClean Kernel Monitor.) - c:\program files\comodo\cboclean\bocdrive.sys (file missing)
S3 PCD5SRVC{085326CB-51A3560A-05010003} (PCD5SRVC{085326CB-51A3560A-05010003} - PCDR Kernel Mode Service Helper Driver) - c:\program files\pc-doctor 5 for windows\pcd5srvc.pkms <Not Verified; PC-Doctor, Inc.; PC-Doctor for Windows>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 GoogleDesktopManager-093007-112848 (Google Desktop Manager 5.5.709.30344) - "c:\program files\google\google desktop search\googledesktop.exe" (file missing)

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-01-20 22:02:00 276 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-01-20 18:24:22 354 --a------ C:\WINDOWS\Tasks\Disk Cleanup.job

-- Files created between 2007-12-20 and 2008-01-20 -----------------------------

2008-01-20 21:14:48 0 d-------- C:\ie-spyad_zo
2008-01-20 20:46:53 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-20 20:46:51 0 d-------- C:\WINDOWS\LastGood
2008-01-19 18:05:38 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Grisoft
2008-01-13 17:16:04 0 d-------- C:\WINDOWS\Cache
2008-01-12 16:15:54 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-01-11 20:43:28 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-01-09 20:25:15 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\BitDefender
2008-01-09 20:23:54 0 d-------- C:\Program Files\BitDefender
2008-01-09 20:23:54 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-01-09 20:12:50 0 d-------- C:\Program Files\Common Files\BitDefender
2008-01-03 14:22:48 717165 --ahs---- C:\WINDOWS\system32\jjjlm.ini2
2008-01-01 19:28:14 235008 --a------ C:\WINDOWS\UNBOC.EXE <Not Verified; COMODO; COMODO BOClean - Anti-Malware>
2008-01-01 19:28:13 208896 --a------ C:\WINDOWS\CMDLIC.DLL <Not Verified; COMODO; COMODO BOClean - AntiMalware>
2008-01-01 18:32:45 0 d-------- C:\Program Files\Common Files\xing shared
2008-01-01 10:16:01 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2007-12-31 20

42 0 d-------- C:\Program Files\Alwil Software
2007-12-30 21:38:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-12-30 21:37:41 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-30 21:26:38 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-30 21:26:09 0 d-------- C:\Program Files\Spyware Doctor
2007-12-30 21:26:09 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\PC Tools
2007-12-30 21:20:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Mozilla
2007-12-30 21:16:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-30 20:11:43 0 d-------- C:\Documents and Settings\HP_Administrator\.housecall6.6
2007-12-30 19:33:44 0 d-------- C:\Program Files\Common Files\F?nts
2007-12-30 19:33:31 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\?ssembly
2007-12-30 19:33:22 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\??mantec
2007-12-30 17:41:31 0 d-------- C:\Program Files\Enigma Software Group
2007-12-30 16:50:56 1283174 --a------ C:\Install
2007-12-30 16:11:22 0 d-------- C:\Program Files\Words
2007-12-30 15:35:53 0 d-------- C:\Program Files\Router
2007-12-30 15:20:58 0 d-------- C:\WINDOWS\??mbols
2007-12-30 15:20:46 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\a?sembly
2007-12-30 13:33:50 69632 --a------ C:\WINDOWS\b143.exe
2007-12-29 15:12:01 719058 --ahs---- C:\WINDOWS\system32\yyadd.ini2
2007-12-29 15

41 0 d-------- C:\Program Files\Common Files\??crosoft.NET
2007-12-29 15

33 0 d-------- C:\WINDOWS\?dobe
2007-12-22 21:11:33 0 d--h----- C:\WINDOWS\msdownld.tmp

-- Find3M Report ---------------------------------------------------------------

2008-01-20 21:04:46 0 d-------- C:\Program Files\SpywareBlaster
2008-01-20 20:37:43 0 d-------- C:\Program Files\Viewpoint
2008-01-19 17:40:20 0 d-------- C:\Program Files\Coupons
2008-01-15 16:58:46 10656 --a------ C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2008-01-11 20:44:45 0 d-------- C:\Program Files\Best Buy Rhapsody
2008-01-11 20:19:42 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\HP
2008-01-09 20:22:58 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-09 20:22:14 0 d-------- C:\Program Files\Symantec
2008-01-09 20:22:10 0 d-------- C:\Program Files\Common Files
2008-01-04 11:05:56 0 d-------- C:\Program Files\iTunes
2008-01-01 19:28:00 0 d-------- C:\Program Files\Comodo
2008-01-01 19:20:23 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla
2008-01-01 18:31:47 0 d-------- C:\Program Files\Common Files\Real
2008-01-01 16:55:40 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Google
2008-01-01 09:53:05 0 d-------- C:\Program Files\PC-Doctor 5 for Windows
2008-01-01 09:53:02 0 d-------- C:\Program Files\QuickTime
2007-12-31 20:23:55 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\?ssembly
2007-12-30 22:00:33 0 d-------- C:\Program Files\Common Files\F?nts
2007-12-30 21:23:31 0 d-------- C:\Program Files\Google
2007-12-30 19:35:39 0 d-------- C:\Program Files\SpywareBot
2007-12-30 19:35:08 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\??mantec
2007-12-30 19:35:08 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\a?sembly
2007-12-29 19:07:32 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-29 19:04:06 0 d-------- C:\Program Files\AIM
2007-12-29 19:03:57 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Aim
2007-12-29 19:01:44 0 d-------- C:\Program Files\Common Files\??crosoft.NET
2007-12-29 18:39:59 0 d-------- C:\Program Files\DISC
2007-12-18 22:29:27 0 d-------- C:\Program Files\Common Files\AOL
2007-11-29 16:50:20 38567 --a------ C:\WINDOWS\system32\pcpbios.exe
2007-11-27 16:46:24 77824 --a------ C:\WINDOWS\system32\xcomm.dll <Not Verified; BitDefender; BitDefender Communicator>
2007-10-23 17

08 585728 --a------ C:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Photo Gallery>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E7F256F-0217-4924-B535-5530D2342791}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3cc04733-803f-480b-8439-08d09a9a2b7e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9689D867-13DE-1E5D-DC2E-4FE679F3589A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD61E5EE-6447-41C9-BD85-84B4ED476CB4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 02:56 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/24/2006 07:15 PM]
"nwiz"="nwiz.exe" [01/24/2006 07:15 PM C:\WINDOWS\system32\nwiz.exe]
"@"="" []
"PCDrProfiler"="" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 07:00 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 09:36 AM]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [10/09/2007 03:46 PM]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [11/16/2007 04:37 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/30/2007 09:09 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/09/2004 10:00 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [12/30/2007 09:09 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb6bd30b-338a-11db-a151-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

-- End of Deckard's System Scanner: finished at 2008-01-20 22:28:10 ------------

01-22-2008, 04:25 PM	#5 (permalink)
heckernana Registered User Join Date: Jan 2008 Posts: 18 OS: XP	Re: Error message [Moved from XP] Thank you. Deckard's System Scanner v20071014.68 Run by HP_Administrator on 2008-01-20 21:22:37 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 58: 2008-01-21 03:22:43 UTC - RP534 - Deckard's System Scanner Restore Point 57: 2008-01-21 00:33:00 UTC - RP533 - Spyware Doctor: Cleaning Threats 56: 2008-01-20 02:53:54 UTC - RP532 - System Checkpoint 55: 2008-01-19 02:35:07 UTC - RP531 - System Checkpoint 54: 2008-01-18 02:27:44 UTC - RP530 - System Checkpoint -- First Restore Point -- 1: 2007-12-29 21:12:12 UTC - RP477 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-01-20 22:27:24 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\arservice.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\alg.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe C:\WINDOWS\RTHDCPL.EXE C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\6HJZJBSD\dss[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/1me10enus/2 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll F0 - win.ini: load=C:\WINDOWS\system32\mljjj.exe F3 - REG:win.ini: Load=C:\WINDOWS\system32\userinit.exe, O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2E7F256F-0217-4924-B535-5530D2342791} - (no file) O2 - BHO: {e7b2a9a9-0d80-9348-b084-f30833740cc3} - {3cc04733-803f-480b-8439-08d09a9a2b7e} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9689D867-13DE-1E5D-DC2E-4FE679F3589A} - (no file) O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {CD61E5EE-6447-41C9-BD85-84B4ED476CB4} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Dora Fairytale Adventures Registration.lnk = E:\ATR1.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: .emdat.com (HKLM) O15 - Trusted Zone: .mytranscriptions.com (HKLM) O15 - Trusted Zone: http://trymedia.com (HKLM) O15 - Trusted Zone: https://trymedia.com (HKLM) O15 - Trusted Zone: https://emdat.com (HKCU) O15 - Trusted Zone: https://mytranscriptions.com (HKCU) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/re...s/MSNPUpld.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase2895.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1178592258437 O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players...stallAsst2.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/A...oadcontrol.cab O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 14197 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 sdcplh - c:\windows\system32\drivers\sdcplh.sys <Not Verified; ; SDCPLH> R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)> R3 BDSelfPr - c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys <Not Verified; BitDefender S.R.L.; BitDefender> S0 ftsata2 - c:\windows\system32\drivers\ftsata2.sys (file missing) S3 3af54a72-c6e4-4c18-98ae-fe1c5d1ca8df - e:\cds300\cds300.dll (file missing) S3 BOCDRIVE (BOClean Kernel Monitor.) - c:\program files\comodo\cboclean\bocdrive.sys (file missing) S3 PCD5SRVC{085326CB-51A3560A-05010003} (PCD5SRVC{085326CB-51A3560A-05010003} - PCDR Kernel Mode Service Helper Driver) - c:\program files\pc-doctor 5 for windows\pcd5srvc.pkms <Not Verified; PC-Doctor, Inc.; PC-Doctor for Windows> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S3 GoogleDesktopManager-093007-112848 (Google Desktop Manager 5.5.709.30344) - "c:\program files\google\google desktop search\googledesktop.exe" (file missing) -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-01-20 22:02:00 276 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job 2008-01-20 18:24:22 354 --a------ C:\WINDOWS\Tasks\Disk Cleanup.job -- Files created between 2007-12-20 and 2008-01-20 ----------------------------- 2008-01-20 21:14:48 0 d-------- C:\ie-spyad_zo 2008-01-20 20:46:53 0 d-------- C:\WINDOWS\system32\ActiveScan 2008-01-20 20:46:51 0 d-------- C:\WINDOWS\LastGood 2008-01-19 18:05:38 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Grisoft 2008-01-13 17:16:04 0 d-------- C:\WINDOWS\Cache 2008-01-12 16:15:54 0 d-------- C:\Documents and Settings\LocalService\Start Menu 2008-01-11 20:43:28 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE 2008-01-09 20:25:15 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\BitDefender 2008-01-09 20:23:54 0 d-------- C:\Program Files\BitDefender 2008-01-09 20:23:54 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender 2008-01-09 20:12:50 0 d-------- C:\Program Files\Common Files\BitDefender 2008-01-03 14:22:48 717165 --ahs---- C:\WINDOWS\system32\jjjlm.ini2 2008-01-01 19:28:14 235008 --a------ C:\WINDOWS\UNBOC.EXE <Not Verified; COMODO; COMODO BOClean - Anti-Malware> 2008-01-01 19:28:13 208896 --a------ C:\WINDOWS\CMDLIC.DLL <Not Verified; COMODO; COMODO BOClean - AntiMalware> 2008-01-01 18:32:45 0 d-------- C:\Program Files\Common Files\xing shared 2008-01-01 10:16:01 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer 2007-12-31 2042 0 d-------- C:\Program Files\Alwil Software 2007-12-30 21:38:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2007-12-30 21:37:41 0 d-------- C:\Program Files\Common Files\Adobe 2007-12-30 21:26:38 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-30 21:26:09 0 d-------- C:\Program Files\Spyware Doctor 2007-12-30 21:26:09 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\PC Tools 2007-12-30 21:20:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Mozilla 2007-12-30 21:16:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2007-12-30 20:11:43 0 d-------- C:\Documents and Settings\HP_Administrator\.housecall6.6 2007-12-30 19:33:44 0 d-------- C:\Program Files\Common Files\F?nts 2007-12-30 19:33:31 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\?ssembly 2007-12-30 19:33:22 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\??mantec 2007-12-30 17:41:31 0 d-------- C:\Program Files\Enigma Software Group 2007-12-30 16:50:56 1283174 --a------ C:\Install 2007-12-30 16:11:22 0 d-------- C:\Program Files\Words 2007-12-30 15:35:53 0 d-------- C:\Program Files\Router 2007-12-30 15:20:58 0 d-------- C:\WINDOWS\??mbols 2007-12-30 15:20:46 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\a?sembly 2007-12-30 13:33:50 69632 --a------ C:\WINDOWS\b143.exe 2007-12-29 15:12:01 719058 --ahs---- C:\WINDOWS\system32\yyadd.ini2 2007-12-29 1541 0 d-------- C:\Program Files\Common Files\??crosoft.NET 2007-12-29 1533 0 d-------- C:\WINDOWS\?dobe 2007-12-22 21:11:33 0 d--h----- C:\WINDOWS\msdownld.tmp -- Find3M Report --------------------------------------------------------------- 2008-01-20 21:04:46 0 d-------- C:\Program Files\SpywareBlaster 2008-01-20 20:37:43 0 d-------- C:\Program Files\Viewpoint 2008-01-19 17:40:20 0 d-------- C:\Program Files\Coupons 2008-01-15 16:58:46 10656 --a------ C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat 2008-01-11 20:44:45 0 d-------- C:\Program Files\Best Buy Rhapsody 2008-01-11 20:19:42 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\HP 2008-01-09 20:22:58 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-01-09 20:22:14 0 d-------- C:\Program Files\Symantec 2008-01-09 20:22:10 0 d-------- C:\Program Files\Common Files 2008-01-04 11:05:56 0 d-------- C:\Program Files\iTunes 2008-01-01 19:28:00 0 d-------- C:\Program Files\Comodo 2008-01-01 19:20:23 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla 2008-01-01 18:31:47 0 d-------- C:\Program Files\Common Files\Real 2008-01-01 16:55:40 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Google 2008-01-01 09:53:05 0 d-------- C:\Program Files\PC-Doctor 5 for Windows 2008-01-01 09:53:02 0 d-------- C:\Program Files\QuickTime 2007-12-31 20:23:55 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\?ssembly 2007-12-30 22:00:33 0 d-------- C:\Program Files\Common Files\F?nts 2007-12-30 21:23:31 0 d-------- C:\Program Files\Google 2007-12-30 19:35:39 0 d-------- C:\Program Files\SpywareBot 2007-12-30 19:35:08 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\??mantec 2007-12-30 19:35:08 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\a?sembly 2007-12-29 19:07:32 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-12-29 19:04:06 0 d-------- C:\Program Files\AIM 2007-12-29 19:03:57 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Aim 2007-12-29 19:01:44 0 d-------- C:\Program Files\Common Files\??crosoft.NET 2007-12-29 18:39:59 0 d-------- C:\Program Files\DISC 2007-12-18 22:29:27 0 d-------- C:\Program Files\Common Files\AOL 2007-11-29 16:50:20 38567 --a------ C:\WINDOWS\system32\pcpbios.exe 2007-11-27 16:46:24 77824 --a------ C:\WINDOWS\system32\xcomm.dll <Not Verified; BitDefender; BitDefender Communicator> 2007-10-23 1708 585728 --a------ C:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Photo Gallery> -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E7F256F-0217-4924-B535-5530D2342791}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3cc04733-803f-480b-8439-08d09a9a2b7e}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9689D867-13DE-1E5D-DC2E-4FE679F3589A}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD61E5EE-6447-41C9-BD85-84B4ED476CB4}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 02:56 PM] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/24/2006 07:15 PM] "nwiz"="nwiz.exe" [01/24/2006 07:15 PM C:\WINDOWS\system32\nwiz.exe] "@"="" [] "PCDrProfiler"="" [] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 07:00 AM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 09:36 AM] "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [10/09/2007 03:46 PM] "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [11/16/2007 04:37 PM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/30/2007 09:09 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/09/2004 10:00 PM] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [12/30/2007 09:09 PM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktop"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx scan [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb6bd30b-338a-11db-a151-806d6172696f}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 -- End of Deckard's System Scanner: finished at 2008-01-20 22:28:10 ------------