|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
|
|
Thread Tools |
06-09-2007, 04:32 AM
|
#1 (permalink) |
|
Registered User
Join Date: Jun 2007
Posts: 1
OS: Windows XP
|
Random Crashes, severely downgraded performance.
Hi all, I recently ran a rather dodgy file (stupid i know, but it sounded authentic, and I'd scanned it with everything I had and it came out clean). A few seconds later I saw a few batch files run and the system crashed (blue screen, dissapeared before I could read any of it). I found a few new exe's in C:\Windows\, 2_bt.exe, 3_cad.exe, 4_cha.exe. I've never seen them there before so I think they may be related.
I followed the steps, couldn't get panda thing to work, internet explorer kept saying the page had to be refreshed and every time I clicked install for the activeX nothing happened so I gave up. I've scanned in safe mode and not in safe mode with adaware SE, spybot S&D and Norton Antivirus and none have fixed the problem. I've run DSS and the log is pasted below. I usually consider my computer to be pretty safe, I don't use Internet Explorer, I use Zone Alarm, Spybot, Adaware and Norton on a regular basis but this thing (whatever it is) seemed to just slip straight in. I'd really appreciate any help I could get, and I was also wondering if a complete format (deleting everything and reinstalling the OS) is guaranteed to fix any problem (unless its like a hardware fault or something)? That may be my last resort, since I have backup's of all my important stuff it wouldn't be too much bother. Anyway, thanks for any help you can give me. This is the log from DSS: Deckard's System Scanner v20070603.47 Run by Jordan on 2007-06-09 at 11:23:26 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 74: 2007-06-09 10:23:30 UTC - RP151 - Deckard's System Scanner Restore Point 73: 2007-06-08 21:54:46 UTC - RP150 - Installed Ad-Aware 2007 72: 2007-06-07 23:32:31 UTC - RP149 - System Checkpoint 71: 2007-06-06 22:53:43 UTC - RP148 - System Checkpoint 70: 2007-06-05 21:12:42 UTC - RP147 - System Checkpoint -- First Restore Point -- 1: 2007-03-11 22:23:20 UTC - RP78 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Jordan.exe) ----------------------------------------a------ Logfile of HijackThis v1.99.1 Scan saved at 11:26:34, on 09/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\ProcessGuard\pgaccount.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\NavNT\vptray.exe C:\FRAPS\FRAPS.EXE C:\Program Files\Valve\Steam\Steam.exe C:\Program Files\ProcessGuard\procguard.exe C:\WINDOWS\system32\LVComsX.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\ProcessGuard\dcsuserprot.exe C:\Program Files\NavNT\defwatch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\NavNT\rtvscan.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\MsgSys.EXE C:\Documents and Settings\Jordan\Desktop\Install Exes\dss.exe C:\PROGRA~1\HIJACK~1\Jordan.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://auto.search.msn.com/response....h=3&prov=&utf8 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\ddccbxu.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe" O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Program Files\ProcessGuard\procguard.exe" -minimize O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=pavilion&pf=laptop O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: ddccbxu - C:\WINDOWS\SYSTEM32\ddccbxu.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- File Associations ----------------------------------------------------------- .js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe,2 .js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" .reg - regfile - shell\open\command - "regedit.exe" "%1" -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 procguard - c:\windows\system32\drivers\procguard.sys <Not Verified; DiamondCS; DiamondCS ProcessGuard> S3 jbcvpfbn - d:\games\world of warcraft\econ\jbcvpfbn.sys (file missing) S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service> R2 DCSPGSRV (DiamondCS ProcessGuard Service v3.410) - "c:\program files\processguard\dcsuserprot.exe" <Not Verified; DiamondCS; DiamondCS Usermode Aspect> -- Scheduled Tasks ------------------------------------------------------------- 2007-01-19 13:47:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2006-09-17 15:03:01 380 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job -- Files created between 2007-05-09 and 2007-06-09 ----------------------------- 2007-06-09 11:14:01 65127 --a------ C:\WINDOWS\system32\pmkhf.dll 2007-06-09 11:07:54 31719 --a------ C:\WINDOWS\system32\vtsqn.dll 2007-06-09 10:17:44 129159 --a------ C:\WINDOWS\system32\awvtr.dll 2007-06-09 09:43:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-06-09 09:33:46 48423 --a------ C:\WINDOWS\system32\awtsr.dll 2007-06-09 02:00:17 15015 --a------ C:\WINDOWS\system32\vtutu.dll 2007-06-09 00:47:12 26112 --a------ C:\WINDOWS\2_bt.exe 2007-06-09 00:47:11 27648 --a------ C:\WINDOWS\4_cha.exe 2007-06-09 00:47:11 27136 --a------ C:\WINDOWS\3_cad.exe 2007-06-08 22:54:50 0 d-------- C:\Program Files\Lavasoft 2007-06-08 22:54:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-06-08 22:54:18 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-06-08 22:47:52 108279 --a------ C:\WINDOWS\system32\vturp.dll 2007-06-08 22:23:54 195975 --a------ C:\WINDOWS\system32\mljjh.dll 2007-06-08 22:17:40 124983 --a------ C:\WINDOWS\system32\ddayx.dll 2007-06-08 22:09:57 97143 --a------ C:\WINDOWS\system32\ssqrp.dll 2007-06-08 22:03:42 33302 --a------ C:\WINDOWS\system32\ddccbxu.dll 2007-06-08 21:11:02 0 d-------- C:\Program Files\Tibia 2007-06-08 20:34:19 1970176 --a------ C:\WINDOWS\system32\d3dx9.dll 2007-06-08 20:34:19 679936 --a------ C:\WINDOWS\system32\D3DX81ab.dll <Not Verified; Generated by JEDI; D3DX81> 2007-06-08 20:34:18 0 d-------- C:\Program Files\Cheat Engine 2007-06-04 15:18:48 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections> 2007-06-04 15:17:02 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection> 2007-06-04 15:14:56 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys <Not Verified; Lavasoft AB; Ad-Watch Beta> 2007-05-29 14:46:10 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-05-23 18:59:27 615 --a------ C:\WINDOWS\eReg.dat 2007-05-23 18:50:14 0 d-------- C:\Program Files\EA Games 2007-05-23 15:58:36 0 d-------- C:\Program Files\Lionhead Studios 2007-05-10 16:19:12 53248 -ra------ C:\WINDOWS\system32\InstMed.exe 2007-05-10 16:18:59 0 d-------- C:\Program Files\Common Files\Logitech 2007-05-10 16:17:42 0 d-------- C:\Program Files\Logitech -- Find3M Report --------------------------------------------------------------- 2007-06-09 11:26:38 136756 --a------ C:\WINDOWS\system32\pghash.dat 2007-06-08 22:07:21 87076 --a------ C:\WINDOWS\system32\pguard.dat 2007-06-06 14:20:24 0 d-------- C:\Program Files\World of Warcraft 2007-06-03 20:51:17 0 d-------- C:\Program Files\DivX 2007-05-23 18:59:31 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-05-22 13:10:49 118 --a------ C:\Documents and Settings\Jordan\Application Data\wklnhst.dat 2007-05-06 15:55:03 0 d-------- C:\Program Files\ProcessGuard 2007-05-05 14:52:35 0 d-------- C:\Program Files\AutoIt3 2007-04-19 14:48:07 0 d-------- C:\Documents and Settings\Jordan\Application Data\Help 2007-04-19 14:14:52 0 d-------- C:\Program Files\netbeans-5.5 2007-04-18 18:37:03 0 d-------- C:\Program Files\Microsoft Games 2007-04-16 20:22:50 0 d-------- C:\Program Files\Ubisoft 2007-04-13 15:19:52 7680 --a------ C:\WINDOWS\system32\lsdelete.exe 2007-04-12 15:14:28 0 d-------- C:\Documents and Settings\Jordan\Application Data\Template 2007-03-22 16:00:48 196 --a------ C:\Documents and Settings\Jordan\Application Data\G-Force Prefs (WindowsMediaPlayer).txt 2007-03-15 01:05:51 278528 --a------ C:\WINDOWS\system32\livesnth.dll <Not Verified; LiveUpdate; LiveSynth> -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll {53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0\bin\ssv.dll {8A61098D-612B-4EF2-943D-64E920684061} C:\WINDOWS\system32\ddccbxu.dll {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "!1_pgaccount"="\"C:\\Program Files\\ProcessGuard\\pgaccount.exe\"" "LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe " "LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe" "vptray"="C:\\Program Files\\NavNT\\vptray.exe" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Fraps"="C:\\FRAPS\\FRAPS.EXE" "Steam"="\"C:\\Program Files\\Valve\\Steam\\Steam.exe\" -silent" "!1_ProcessGuard_Startup"="\"C:\\Program Files\\ProcessGuard\\procguard.exe\" -minimize" "LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{8A61098D-612B-4EF2-943D-64E920684061}"="" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccbxu HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE " "item"="Adobe Gamma Loader" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Bluetooth.lnk" "backup"="C:\\WINDOWS\\pss\\Bluetooth.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\WIDCOMM\\BLUETO~1\\BTTray.exe " "item"="Bluetooth" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Photosmart Premier Fast Start.lnk" "backup"="C:\\WINDOWS\\pss\\HP Photosmart Premier Fast Start.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe -s" "item"="HP Photosmart Premier Fast Start" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk" "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MICROS~3\\Office10\\OSA.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ccApp" "hkey"="HKLM" "command"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="cpqset" "hkey"="HKLM" "command"="C:\\Program Files\\Hewlett-Packard\\Default Settings\\cpqset.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ctfmon" "hkey"="HKCU" "command"="C:\\WINDOWS\\system32\\ctfmon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ehtray" "hkey"="HKLM" "command"="C:\\WINDOWS\\ehome\\ehtray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CHDAudPropShortcut" "hkey"="HKLM" "command"="CHDAudPropShortcut.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPWuSchd2" "hkey"="HKLM" "command"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Wireless Assistant" "hkey"="HKLM" "command"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="cfgwiz" "hkey"="HKLM" "command"="c:\\Program Files\\Norton Internet Security\\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE \"REBOOT\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ISUSPM" "hkey"="HKLM" "command"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="issch" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dumprep 0 -k" "hkey"="HKLM" "command"="%systemroot%\\system32\\dumprep 0 -k" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LVCOMSX" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\LVCOMSX.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="regsvr32 /s mqrt" "hkey"="HKLM" "command"="regsvr32 /s mqrt.dll" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvCpl" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvMcTray" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nwiz" "hkey"="HKLM" "command"="nwiz.exe /installquiet /nodetect" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QlbCtrl" "hkey"="HKLM" "command"="%ProgramFiles%\\Hewlett-Packard\\HP Quick Launch Buttons\\QlbCtrl.exe /Start" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QPService" "hkey"="HKLM" "command"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RecGuard" "hkey"="HKLM" "command"="C:\\Windows\\SMINST\\RecGuard.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Remind_XP" "hkey"="HKLM" "command"="C:\\Windows\\CREATOR\\Remind_XP.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Setup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Setup" "hkey"="HKLM" "command"="C:\\Program Files\\Setup\\Setup.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UsrPrmpt" "hkey"="HKLM" "command"="\"c:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GoogleToolbarNotifier" "hkey"="HKCU" "command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="vptray" "hkey"="HKLM" "command"="C:\\Program Files\\NavNT\\vptray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winampa" "hkey"="HKLM" "command"="C:\\Program Files\\Winamp\\winampa.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WMPNSCFG" "hkey"="HKCU" "command"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ehSched"=dword:00000002 "ehRecvr"=dword:00000002 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST -- End of Deckard's System Scanner: finished at 2007-06-09 at 11:27:50 --------- |
|
     |
| Thread Tools | |
|
|
