HJT log- Can someone take a look please, thanks.
Ive ran many scans including my Norton Anti-Virus scan, Lavasoft Adaware, Spybot Search and Destroy, CCleaner. My main problem is that I cannot access certain websites for example Facebook. Ive even done a reformat but the problem still occurs. I think its a Vundo Trojan because when I did a Norton virus scan, It said there was a vundo trojan and some other stuff, and said it was unable to remove it.... Then I did my reformat... Problem still occurs. There where more of those files that said it was unable to remove, I dont know what there called 
. Can someone PLEASE help me out.
Deckard's System Scanner v20071014.68
Run by Jathesan on 2008-05-31 22:31:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 5 Restore Point(s) --
7: 2008-06-01 02:29:59 UTC - RP43 - Windows Update
6: 2008-06-01 00:56:48 UTC - RP42 - Installed Ad-Aware
5: 2008-05-31 20:22:40 UTC - RP41 - SPTD setup V1.56
4: 2008-05-31 07:01:02 UTC - RP39 - Windows Update
3: 2008-05-31 03:31:30 UTC - RP38 - Windows Update
-- First Restore Point --
1: 2008-05-31 02:45:02 UTC - RP36 - First_User_Boot
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Jathesan.exe) --------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:46 PM, on 31/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Jathesan\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jathesan.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} (LogMeIn Rescue Applet Downloader) - https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10570 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
All drivers whitelisted.
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\hp\quickplay\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\hp\quickplay\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
S3 Com4Qlb - "c:\program files\hewlett-packard\hp quick launch buttons\com4qlb.exe" <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-05-31 16:25:28 424 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{DD059EBF-4F48-413D-9C28-F4B9017AA04F}.job
-- Files created between 2008-04-30 and 2008-05-31 -----------------------------
2008-05-31 21:11:52 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-31 21:09:10 0 d-------- C:\Program Files\CCleaner
2008-05-31 20:58:20 1160 --a------ C:\Windows\mozver.dat
2008-05-31 20:57:20 0 d-------- C:\Program Files\Lavasoft
2008-05-31 20:57:19 0 d-------- C:\Users\All Users\Lavasoft
2008-05-31 20:56:16 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-31 20:52:06 0 d-------- C:\Program Files\uTorrent
2008-05-31 16:29:02 12306 --a------ C:\Windows\scunin.dat
2008-05-31 16:29:01 967 --a------ C:\Windows\ScUnin.pif
2008-05-31 16:29:01 68096 --a------ C:\Windows\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-05-31 16:28:31 0 d-------- C:\Program Files\Starcraft <STARCR~1>
2008-05-31 16:25:59 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-05-31 16:23:13 717296 --a------ C:\Windows\system32\drivers\sptd.sys
2008-05-31 14:45:36 0 d-------- C:\Autoruns
2008-05-31 03:04:23 0 d-------- C:\Program Files\MSXML 4.0
2008-05-31 01:29:34 0 d-------- C:\Windows\SoftwareDistribution
2008-05-31 01:29:12 12 --a------ C:\Windows\bthservsdp.dat
2008-05-31 01:27:49 0 d--hs---- C:\System Volume Information
2008-05-31 01:24:16 0 d-------- C:\Windows\Prefetch
2008-05-31 00:06:50 0 d-------- C:\Program Files\Trend Micro
2008-05-30 23:11:11 0 --a------ C:\Windows\nsreg.dat
2008-05-30 23:10:48 0 d-------- C:\VundoFix Backups
2008-05-30 22:49:04 0 d-------- C:\Users\Jathesan\Bluetooth Software
2008-05-30 22:48:44 0 dr------- C:\Users\Jathesan\Searches
2008-05-30 22:48:31 0 dr------- C:\Users\Jathesan\Contacts
2008-05-30 22:46:52 229376 --a------ C:\Windows\system32\BtwRSupport.dll <Not Verified; Broadcom Corporation.; Bluetooth Software>
2008-05-30 22:46:42 0 d-------- C:\Windows\system32\es-MX
2008-05-30 22:46:42 0 d-------- C:\Windows\system32\es-AR
2008-05-30 22:46:37 0 d-------- C:\Program Files\WIDCOMM
2008-05-30 22:44:29 44 --a------ C:\Windows\system\hpsysdrv.dat
2008-05-30 22:41:27 81 --a------ C:\Windows\system32\LOG
2008-05-30 22:41:23 0 d--hs---- C:\Users\Jathesan\Templates
2008-05-30 22:41:23 0 d--hs---- C:\Users\Jathesan\Start Menu
2008-05-30 22:41:23 0 d--hs---- C:\Users\Jathesan\SendTo
2008-05-30 22:41:23 0 d--hs---- C:\Users\Jathesan\Recent
2008-05-30 22:41:23 0 d--hs---- C:\Users\Jathesan\PrintHood
2008-05-30 22:41:23 0 d--hs---- C:\Users\Jathesan\NetHood
2008-05-30 22:41:23 0 d--hs---- C:\Users\Jathesan\My Documents
2008-05-30 22:41:23 0 d--hs---- C:\Users\Jathesan\Local Settings
2008-05-30 22:41:23 0 d--hs---- C:\Users\Jathesan\Cookies
2008-05-30 22:41:23 0 d--hs---- C:\Users\Jathesan\Application Data
2008-05-30 22:41:22 0 dr------- C:\Users\Jathesan\Videos
2008-05-30 22:41:22 0 dr------- C:\Users\Jathesan\Saved Games
2008-05-30 22:41:22 0 dr------- C:\Users\Jathesan\Pictures
2008-05-30 22:41:22 1048576 --ahs---- C:\Users\Jathesan\NTUSER.DAT
2008-05-30 22:41:22 0 dr------- C:\Users\Jathesan\Music
2008-05-30 22:41:22 0 dr------- C:\Users\Jathesan\Links
2008-05-30 22:41:22 0 dr------- C:\Users\Jathesan\Favorites
2008-05-30 22:41:22 0 dr------- C:\Users\Jathesan\Downloads
2008-05-30 22:41:22 0 dr------- C:\Users\Jathesan\Documents
2008-05-30 22:41:22 0 dr------- C:\Users\Jathesan\Desktop
2008-05-30 22:41:22 0 d--h----- C:\Users\Jathesan\AppData
2008-05-30 22:34:47 0 d--hs---- C:\Users\Default\Templates
2008-05-30 22:34:47 0 d--hs---- C:\Users\Default\Start Menu
2008-05-30 22:34:47 0 d--hs---- C:\Users\Default\SendTo
2008-05-30 22:34:47 0 d--hs---- C:\Users\Default\Recent
2008-05-30 22:34:47 0 d--hs---- C:\Users\Default\PrintHood
2008-05-30 22:34:47 0 d--hs---- C:\Users\Default\NetHood
2008-05-30 22:34:47 0 d--hs---- C:\Users\Default\My Documents
2008-05-30 22:34:47 0 d--hs---- C:\Users\Default\Local Settings
2008-05-30 22:34:47 0 d--hs---- C:\Users\Default\Cookies
2008-05-30 22:34:47 0 d--hs---- C:\Users\Default\Application Data
2008-05-30 22:34:47 0 d--hs---- C:\Users\All Users\Templates
2008-05-30 22:34:47 0 d--hs---- C:\Users\All Users\Start Menu
2008-05-30 22:34:47 0 d--hs---- C:\Users\All Users\Favorites
2008-05-30 22:34:47 0 d--hs---- C:\Users\All Users\Documents
2008-05-30 22:34:47 0 d--hs---- C:\Users\All Users\Desktop
2008-05-30 22:34:47 0 d--hs---- C:\Users\All Users\Application Data
2008-05-30 22:34:47 0 d--hs---- C:\Documents and Settings
-- Find3M Report ---------------------------------------------------------------
2008-05-31 22:17:48 27620 --a------ C:\Users\Jathesan\AppData\Roaming\nvModes.dat
2008-05-31 22:17:48 27620 --a------ C:\Users\Jathesan\AppData\Roaming\nvModes.001
2008-05-31 21:45:24 0 d-------- C:\Users\Jathesan\AppData\Roaming\uTorrent
2008-05-31 20:58:25 0 d-------- C:\Users\Jathesan\AppData\Roaming\Adobe
2008-05-31 20:56:16 0 d-------- C:\Program Files\Common Files
2008-05-31 16:22:36 0 d-------- C:\Users\Jathesan\AppData\Roaming\DAEMON Tools
2008-05-31 03:48:30 174 --ahs---- C:\Program Files\desktop.ini
2008-05-31 03:41:24 0 d-------- C:\Program Files\Windows Calendar
2008-05-31 03:41:23 0 d-------- C:\Program Files\Windows Mail
2008-05-31 03:41:17 0 d-------- C:\Program Files\Windows Sidebar
2008-05-31 00:50:01 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-30 23:34:35 0 d-------- C:\Program Files\Norton Internet Security
2008-05-30 23:12:16 0 d-------- C:\Program Files\Symantec
2008-05-30 23:10:57 0 d-------- C:\Users\Jathesan\AppData\Roaming\Mozilla
2008-05-30 22:48:34 0 d-------- C:\Users\Jathesan\AppData\Roaming\Identities
2008-05-30 22:44:02 0 d-------- C:\Users\Jathesan\AppData\Roaming\Macromedia
2008-05-30 22:43:48 0 d-------- C:\Users\Jathesan\AppData\Roaming\Hewlett-Packard
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [05/08/2007 12:16 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [12/01/2007 11:36 PM]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/01/2007 07:59 AM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [23/04/2007 09:11 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [13/02/2007 02:38 PM]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [12/03/2007 02:54 PM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [08/07/2007 10:57 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [08/07/2007 10:57 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [08/07/2007 10:57 PM]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [01/03/2007 04:18 PM]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [10/01/2007 07:12 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [17/02/2005 02:11 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [05/08/2007 01:46 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29/01/2008 05:38 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [31/05/2008 03:10 AM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [19/04/2007 04:26 PM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [01/04/2008 05:39 AM]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [23/10/2006 4:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [23/10/2006 3:01:50 AM]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [29/03/2007 1:11:50 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d41ee704-2eba-11dd-915a-001e37600012}]
Auto\command- PegeFile.pif
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL PegeFile.pif
*Newly Created Service* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- End of Deckard's System Scanner: finished at 2008-05-31 22:33:44 ------------
. Can someone PLEASE help me out. Deckard's System Scanner v20071014.68
Run by Jathesan on 2008-05-31 22:31:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 5 Restore Point(s) --
7: 2008-06-01 02:29:59 UTC - RP43 - Windows Update
6: 2008-06-01 00:56:48 UTC - RP42 - Installed Ad-Aware
5: 2008-05-31 20:22:40 UTC - RP41 - SPTD setup V1.56
4: 2008-05-31 07:01:02 UTC - RP39 - Windows Update
3: 2008-05-31 03:31:30 UTC - RP38 - Windows Update
-- First Restore Point --
1: 2008-05-31 02:45:02 UTC - RP36 - First_User_Boot
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Jathesan.exe) --------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:46 PM, on 31/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Jathesan\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jathesan.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} (LogMeIn Rescue Applet Downloader) - https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10570 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
All drivers whitelisted.
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\hp\quickplay\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\hp\quickplay\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
S3 Com4Qlb - "c:\program files\hewlett-packard\hp quick launch buttons\com4qlb.exe" <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-05-31 16:25:28 424 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{DD059EBF-4F48-413D-9C28-F4B9017AA04F}.job
-- Files created between 2008-04-30 and 2008-05-31 -----------------------------
2008-05-31 21:11:52 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-31 21:09:10 0 d-------- C:\Program Files\CCleaner
2008-05-31 20:58:20 1160 --a------ C:\Windows\mozver.dat
2008-05-31 20:57:20 0 d-------- C:\Program Files\Lavasoft
2008-05-31 20:57:19 0 d-------- C:\Users\All Users\Lavasoft
2008-05-31 20:56:16 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-31 20:52:06 0 d-------- C:\Program Files\uTorrent
2008-05-31 16:29:02 12306 --a------ C:\Windows\scunin.dat
2008-05-31 16:29:01 967 --a------ C:\Windows\ScUnin.pif
2008-05-31 16:29:01 68096 --a------ C:\Windows\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-05-31 16:28:31 0 d-------- C:\Program Files\Starcraft <STARCR~1>
2008-05-31 16:25:59 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-05-31 16:23:13 717296 --a------ C:\Windows\system32\drivers\sptd.sys
2008-05-31 14:45:36 0 d-------- C:\Autoruns
2008-05-31 03:04:23 0 d-------- C:\Program Files\MSXML 4.0
2008-05-31 01:29:34 0 d-------- C:\Windows\SoftwareDistribution
2008-05-31 01:29:12 12 --a------ C:\Windows\bthservsdp.dat
2008-05-31 01:27:49 0 d--hs---- C:\System Volume Information
2008-05-31 01:24:16 0 d-------- C:\Windows\Prefetch
2008-05-31 00:06:50 0 d-------- C:\Program Files\Trend Micro
2008-05-30 23:11:11 0 --a------ C:\Windows\nsreg.dat
2008-05-30 23:10:48 0 d-------- C:\VundoFix Backups
2008-05-30 22:49:04 0 d-------- C:\Users\Jathesan\Bluetooth Software
2008-05-30 22:48:44 0 dr------- C:\Users\Jathesan\Searches
2008-05-30 22:48:31 0 dr------- C:\Users\Jathesan\Contacts
2008-05-30 22:46:52 229376 --a------ C:\Windows\system32\BtwRSupport.dll <Not Verified; Broadcom Corporation.; Bluetooth Software>
2008-05-30 22:46:42 0 d-------- C:\Windows\system32\es-MX
2008-05-30 22:46:42 0 d-------- C:\Windows\system32\es-AR
2008-05-30 22:46:37 0 d-------- C:\Program Files\WIDCOMM
2008-05-30 22:44:29 44 --a------ C:\Windows\system\hpsysdrv.dat
2008-05-30 22:41:27 81 --a------ C:\Windows\system32\LOG
2008-05-30 22:41:23 0 d--hs---- C:\Users\Jathesan\Templates
2008-05-30 22:41:23 0 d--hs---- C:\Users\Jathesan\Start Menu
2008-05-30 22:41:23 0 d--hs---- C:\Users\Jathesan\SendTo
2008-05-30 22:41:23 0 d--hs---- C:\Users\Jathesan\Recent
2008-05-30 22:41:23 0 d--hs---- C:\Users\Jathesan\PrintHood
2008-05-30 22:41:23 0 d--hs---- C:\Users\Jathesan\NetHood
2008-05-30 22:41:23 0 d--hs---- C:\Users\Jathesan\My Documents
2008-05-30 22:41:23 0 d--hs---- C:\Users\Jathesan\Local Settings
2008-05-30 22:41:23 0 d--hs---- C:\Users\Jathesan\Cookies
2008-05-30 22:41:23 0 d--hs---- C:\Users\Jathesan\Application Data
2008-05-30 22:41:22 0 dr------- C:\Users\Jathesan\Videos
2008-05-30 22:41:22 0 dr------- C:\Users\Jathesan\Saved Games
2008-05-30 22:41:22 0 dr------- C:\Users\Jathesan\Pictures
2008-05-30 22:41:22 1048576 --ahs---- C:\Users\Jathesan\NTUSER.DAT
2008-05-30 22:41:22 0 dr------- C:\Users\Jathesan\Music
2008-05-30 22:41:22 0 dr------- C:\Users\Jathesan\Links
2008-05-30 22:41:22 0 dr------- C:\Users\Jathesan\Favorites
2008-05-30 22:41:22 0 dr------- C:\Users\Jathesan\Downloads
2008-05-30 22:41:22 0 dr------- C:\Users\Jathesan\Documents
2008-05-30 22:41:22 0 dr------- C:\Users\Jathesan\Desktop
2008-05-30 22:41:22 0 d--h----- C:\Users\Jathesan\AppData
2008-05-30 22:34:47 0 d--hs---- C:\Users\Default\Templates
2008-05-30 22:34:47 0 d--hs---- C:\Users\Default\Start Menu
2008-05-30 22:34:47 0 d--hs---- C:\Users\Default\SendTo
2008-05-30 22:34:47 0 d--hs---- C:\Users\Default\Recent
2008-05-30 22:34:47 0 d--hs---- C:\Users\Default\PrintHood
2008-05-30 22:34:47 0 d--hs---- C:\Users\Default\NetHood
2008-05-30 22:34:47 0 d--hs---- C:\Users\Default\My Documents
2008-05-30 22:34:47 0 d--hs---- C:\Users\Default\Local Settings
2008-05-30 22:34:47 0 d--hs---- C:\Users\Default\Cookies
2008-05-30 22:34:47 0 d--hs---- C:\Users\Default\Application Data
2008-05-30 22:34:47 0 d--hs---- C:\Users\All Users\Templates
2008-05-30 22:34:47 0 d--hs---- C:\Users\All Users\Start Menu
2008-05-30 22:34:47 0 d--hs---- C:\Users\All Users\Favorites
2008-05-30 22:34:47 0 d--hs---- C:\Users\All Users\Documents
2008-05-30 22:34:47 0 d--hs---- C:\Users\All Users\Desktop
2008-05-30 22:34:47 0 d--hs---- C:\Users\All Users\Application Data
2008-05-30 22:34:47 0 d--hs---- C:\Documents and Settings
-- Find3M Report ---------------------------------------------------------------
2008-05-31 22:17:48 27620 --a------ C:\Users\Jathesan\AppData\Roaming\nvModes.dat
2008-05-31 22:17:48 27620 --a------ C:\Users\Jathesan\AppData\Roaming\nvModes.001
2008-05-31 21:45:24 0 d-------- C:\Users\Jathesan\AppData\Roaming\uTorrent
2008-05-31 20:58:25 0 d-------- C:\Users\Jathesan\AppData\Roaming\Adobe
2008-05-31 20:56:16 0 d-------- C:\Program Files\Common Files
2008-05-31 16:22:36 0 d-------- C:\Users\Jathesan\AppData\Roaming\DAEMON Tools
2008-05-31 03:48:30 174 --ahs---- C:\Program Files\desktop.ini
2008-05-31 03:41:24 0 d-------- C:\Program Files\Windows Calendar
2008-05-31 03:41:23 0 d-------- C:\Program Files\Windows Mail
2008-05-31 03:41:17 0 d-------- C:\Program Files\Windows Sidebar
2008-05-31 00:50:01 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-30 23:34:35 0 d-------- C:\Program Files\Norton Internet Security
2008-05-30 23:12:16 0 d-------- C:\Program Files\Symantec
2008-05-30 23:10:57 0 d-------- C:\Users\Jathesan\AppData\Roaming\Mozilla
2008-05-30 22:48:34 0 d-------- C:\Users\Jathesan\AppData\Roaming\Identities
2008-05-30 22:44:02 0 d-------- C:\Users\Jathesan\AppData\Roaming\Macromedia
2008-05-30 22:43:48 0 d-------- C:\Users\Jathesan\AppData\Roaming\Hewlett-Packard
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [05/08/2007 12:16 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [12/01/2007 11:36 PM]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/01/2007 07:59 AM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [23/04/2007 09:11 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [13/02/2007 02:38 PM]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [12/03/2007 02:54 PM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [08/07/2007 10:57 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [08/07/2007 10:57 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [08/07/2007 10:57 PM]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [01/03/2007 04:18 PM]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [10/01/2007 07:12 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [17/02/2005 02:11 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [05/08/2007 01:46 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29/01/2008 05:38 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [31/05/2008 03:10 AM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [19/04/2007 04:26 PM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [01/04/2008 05:39 AM]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [23/10/2006 4:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [23/10/2006 3:01:50 AM]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [29/03/2007 1:11:50 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d41ee704-2eba-11dd-915a-001e37600012}]
Auto\command- PegeFile.pif
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL PegeFile.pif
*Newly Created Service* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- End of Deckard's System Scanner: finished at 2008-05-31 22:33:44 ------------
