Thread: Constant pop up with tesllar a /trojan
View Single Post
Old 05-06-2008, 03:26 PM   #1 (permalink)
DocSAI
Registered User
 
Join Date: May 2008
Posts: 2
OS: windows vista


Constant pop up with tesllar a /trojan
I am experiencing constant pop ups even after my ca anti virus located the tesllar a trojan and removed it. Any help in this matter would be greatly appreciated.

Here is the deckards system scan results ie: main.txt and extra.txt


main.txt:

Deckard's System Scanner v20071014.68
Run by ~Doc~ on 2008-05-06 16:51:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 958 MiB (1024 MiB recommended).


-- HijackThis (run as ~Doc~.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:54:13 PM, on 5/6/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe
C:\Windows\system32\taskeng.exe
C:\Users\~Doc~\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\~Doc~.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8568 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S4 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\hp\quickplay\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
S4 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\hp\quickplay\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
S4 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S4 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: HP Pavilion Webcam
Device ID: ROOT\IMAGE\0000
Manufacturer: Ricoh
Name: HP Pavilion Webcam
PNP Device ID: ROOT\IMAGE\0000
Service: usbvideo


-- Scheduled Tasks -------------------------------------------------------------

2008-05-06 12:47:20 438 --a------ C:\Windows\Tasks\RegCure Program Check.job
2008-05-06 12:47:18 372 --a------ C:\Windows\Tasks\RegCure.job
2008-05-06 1208 514 --a------ C:\Windows\Tasks\CAAntiSpywareScan_Daily as Doc at 11 00 AM.job


-- Files created between 2008-04-06 and 2008-05-06 -----------------------------

2008-05-06 16:49:41 0 d-------- C:\Users\All Users\TEMP
2008-05-06 16:49:34 0 d-------- C:\Program Files\SpywareBlaster
2008-05-06 14:50:10 0 d-------- C:\Program Files\Panda Security
2008-05-06 14:29:06 0 d-------- C:\Program Files\Trend Micro
2008-05-06 12:47:09 0 d-------- C:\Program Files\RegCure
2008-05-06 11:50:05 0 --a------ C:\Windows\system32\core
2008-05-06 11:00:16 0 d-------- C:\Program Files\Common Files\Scanner
2008-05-06 10:59:55 0 d-------- C:\Users\All Users\CA
2008-05-06 10:59:47 0 d-------- C:\Program Files\CA
2008-05-06 10:53:57 1732 --a------ C:\Windows\system32\drivers\nvphy.bin
2008-05-06 10:47:18 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-06 09:33:39 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-05 19:46:59 0 d-------- C:\Program Files\Temporary
2008-05-05 19:46:59 0 d-------- C:\Program Files\Svconr
2008-05-04 19:37:26 0 d-------- C:\Users\All Users\Yahoo! Companion
2008-05-04 19:37:23 429 --a------ C:\Users\~Doc~\977.bat
2008-05-04 19:37:15 86144 -----n--- C:\Windows\system32\drivers\ecachee.sys
2008-05-04 19:37:11 0 d-------- C:\Windows\system32\NFi
2008-05-04 19:37:11 0 d-------- C:\Windows\system32\dvb1
2008-05-04 19:37:11 0 d-------- C:\Windows\system32\bTMP
2008-05-04 19:37:09 0 d-------- C:\Windows\system32\bkEur18
2008-05-04 19:37:09 0 d-------- C:\Temp
2008-04-29 21:50:12 0 d-------- C:\Users\All Users\HP
2008-04-29 20:41:38 0 d-------- C:\Users\All Users\muvee Technologies
2008-04-28 00:30:41 0 d-------- C:\Program Files\Teamspeak2_RC2
2008-04-27 18:50:56 0 d-------- C:\Program Files\MagicISO
2008-04-27 13:29:05 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-25 21:37:04 0 d-------- C:\Users\All Users\Nero
2008-04-25 21:37:03 0 d-------- C:\Program Files\Nero
2008-04-25 21:37:03 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-24 17:44:20 73728 --a------ C:\Windows\b156.exe
2008-04-23 22:56:38 0 d-------- C:\Users\All Users\NVIDIA
2008-04-21 23:32:44 0 d-------- C:\Program Files\MSXML 4.0
2008-04-21 23:10:58 0 d-------- C:\Windows\SoftwareDistribution
2008-04-21 23:08:54 0 d--hs---- C:\System Volume Information
2008-04-21 23:05:35 0 d-------- C:\Windows\Prefetch
2008-04-21 19:47:56 0 dr------- C:\Users\~Doc~\Searches
2008-04-21 19:47:46 0 dr------- C:\Users\~Doc~\Contacts
2008-04-21 19:44:27 44 --a------ C:\Windows\system\hpsysdrv.dat
2008-04-21 19:38:45 81 --a------ C:\Windows\system32\LOG
2008-04-21 19:38:41 0 dr------- C:\Users\~Doc~\Videos
2008-04-21 19:38:41 0 d--hs---- C:\Users\~Doc~\Templates
2008-04-21 19:38:41 0 d--hs---- C:\Users\~Doc~\Start Menu
2008-04-21 19:38:41 0 d--hs---- C:\Users\~Doc~\SendTo
2008-04-21 19:38:41 0 dr------- C:\Users\~Doc~\Saved Games
2008-04-21 19:38:41 0 d--hs---- C:\Users\~Doc~\Recent
2008-04-21 19:38:41 0 d--hs---- C:\Users\~Doc~\PrintHood
2008-04-21 19:38:41 0 dr------- C:\Users\~Doc~\Pictures
2008-04-21 19:38:41 1310720 --ahs---- C:\Users\~Doc~\NTUSER.DAT
2008-04-21 19:38:41 0 d--hs---- C:\Users\~Doc~\NetHood
2008-04-21 19:38:41 0 d--hs---- C:\Users\~Doc~\My Documents
2008-04-21 19:38:41 0 dr------- C:\Users\~Doc~\Music
2008-04-21 19:38:41 0 d--hs---- C:\Users\~Doc~\Local Settings
2008-04-21 19:38:41 0 dr------- C:\Users\~Doc~\Links
2008-04-21 19:38:41 0 dr------- C:\Users\~Doc~\Favorites
2008-04-21 19:38:41 0 dr------- C:\Users\~Doc~\Downloads
2008-04-21 19:38:41 0 dr------- C:\Users\~Doc~\Documents
2008-04-21 19:38:41 0 dr------- C:\Users\~Doc~\Desktop
2008-04-21 19:38:41 0 d--hs---- C:\Users\~Doc~\Cookies
2008-04-21 19:38:41 0 d--hs---- C:\Users\~Doc~\Application Data
2008-04-21 19:38:41 0 d--h----- C:\Users\~Doc~\AppData
2008-04-21 19:32:17 0 d--hs---- C:\Users\Default\Templates
2008-04-21 19:32:17 0 d--hs---- C:\Users\Default\Start Menu
2008-04-21 19:32:17 0 d--hs---- C:\Users\Default\SendTo
2008-04-21 19:32:17 0 d--hs---- C:\Users\Default\Recent
2008-04-21 19:32:17 0 d--hs---- C:\Users\Default\PrintHood
2008-04-21 19:32:17 0 d--hs---- C:\Users\Default\NetHood
2008-04-21 19:32:17 0 d--hs---- C:\Users\Default\My Documents
2008-04-21 19:32:17 0 d--hs---- C:\Users\Default\Local Settings
2008-04-21 19:32:17 0 d--hs---- C:\Users\Default\Cookies
2008-04-21 19:32:17 0 d--hs---- C:\Users\Default\Application Data
2008-04-21 19:32:17 0 d--hs---- C:\Users\All Users\Templates
2008-04-21 19:32:17 0 d--hs---- C:\Users\All Users\Start Menu
2008-04-21 19:32:17 0 d--hs---- C:\Users\All Users\Favorites
2008-04-21 19:32:17 0 d--hs---- C:\Users\All Users\Documents
2008-04-21 19:32:17 0 d--hs---- C:\Users\All Users\Desktop
2008-04-21 19:32:17 0 d--hs---- C:\Users\All Users\Application Data
2008-04-21 19:32:17 0 d--hs---- C:\Documents and Settings


-- Find3M Report ---------------------------------------------------------------

2008-05-06 13:56:15 0 d-------- C:\Users\~Doc~\AppData\Roaming\WinRAR
2008-05-06 13:27:54 0 d-------- C:\Program Files\Java
2008-05-06 12:02:36 13025 --a------ C:\Users\~Doc~\AppData\Roaming\nvModes.001
2008-05-06 11:55:10 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-06 11:54:17 12 --a------ C:\Windows\bthservsdp.dat
2008-05-06 11:38:29 0 d-------- C:\Program Files\Common Files
2008-05-06 10:51:46 13025 --a------ C:\Users\~Doc~\AppData\Roaming\nvModes.dat
2008-05-06 10:38:07 0 d-------- C:\Program Files\CONEXANT
2008-05-04 22:18:49 0 d-------- C:\Users\~Doc~\AppData\Roaming\WildTangent
2008-05-02 16:37:00 0 d-------- C:\Users\~Doc~\AppData\Roaming\CyberLink
2008-04-29 21:50:12 0 d-------- C:\Users\~Doc~\AppData\Roaming\HP
2008-04-29 20:41:55 0 d-------- C:\Users\~Doc~\AppData\Roaming\muvee Technologies
2008-04-29 18:18:22 0 d-------- C:\Users\~Doc~\AppData\Roaming\Ahead
2008-04-28 00:30:57 0 d-------- C:\Users\~Doc~\AppData\Roaming\teamspeak2
2008-04-27 13:00:53 0 d-------- C:\Users\~Doc~\AppData\Roaming\Adobe
2008-04-22 00:25:44 174 --ahs---- C:\Program Files\desktop.ini
2008-04-22 00:19:05 0 d-------- C:\Program Files\Windows Calendar
2008-04-22 00:19:03 0 d-------- C:\Program Files\Windows Mail
2008-04-22 00:19:01 0 d-------- C:\Program Files\Windows Defender
2008-04-22 00:18:50 0 d-------- C:\Program Files\Windows Sidebar
2008-04-21 19:49:40 0 d-------- C:\Users\~Doc~\AppData\Roaming\Hewlett-Packard
2008-04-21 19:47:49 0 d-------- C:\Users\~Doc~\AppData\Roaming\Identities
2008-04-21 19:46:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-21 19:41:07 0 d-------- C:\Users\~Doc~\AppData\Roaming\Macromedia


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/21/2008 11:54 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [09/15/2007 02:50 AM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [11/24/2006 07:33 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/17/2005 03:11 AM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [11/06/2006 02:58 PM]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [11/28/2006 07:42 PM]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [10/18/2006 01:56 PM]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [10/18/2006 01:32 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 03:40 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [09/15/2007 02:29 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [02/27/2007 11:26 AM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [02/27/2007 11:26 AM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [02/27/2007 11:26 AM]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [08/16/2007 10:19 PM]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [05/06/2008 11:00 AM]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [08/20/2007 01:36 PM]
"MSConfig"="C:\Windows\system32\msconfig.exe" [11/02/2006 05:45 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [04/21/2008 11:38 PM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 08:36 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - C:\Program Files\HP Connections\6811507\Program\HP Connections.exe [12/21/2006 3:47:31 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceActiveDesktopOn"=1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\82754b71]
rundll32.exe "C:\Users\~Doc~\AppData\Local\Temp\mlisikhd.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM814678ed]
Rundll32.exe "C:\Users\~Doc~\AppData\Local\Temp\xbakejwk.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
rundll32.exe C:\Users\~Doc~\AppData\Local\Temp\opnnkhGA.dll,c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
"c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
rundll32.exe C:\Users\~Doc~\AppData\Local\Temp\wvUmmMca.dll,#1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
"c:\Program Files\Norton Internet Security\osCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{682e04df-1023-11dd-8b3c-001636df3ed9}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-05-06 16:56:43 -----------
Attached Files
File Type: txt extra.txt (20.6 KB, 1 views)
DocSAI is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here