Main.txt file as follows:
Deckard's System Scanner v20070826.66
Run by HP_Administrator on 2007-09-03 20:49:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
-- Last 5 Restore Point(s) --
36: 2007-09-03 18:58:58 UTC - RP365 - Deckard's System Scanner Restore Point
35: 2007-09-02 19:31:22 UTC - RP364 - Removed SpyZooka
34: 2007-09-01 20:25:29 UTC - RP363 - System Checkpoint
33: 2007-08-31 19:25:23 UTC - RP362 - System Checkpoint
32: 2007-08-30 19:10:36 UTC - RP361 - Installed Nokia PC Suite
-- First Restore Point --
1: 2007-07-27 09:09:20 UTC - RP330 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as HP_Administrator.exe) ------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:53:11, on 03/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~2\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~2\avgupsvc.exe
C:\PROGRA~1\COSIDS1\BIN\TbMux32.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\PROGRA~1\Grisoft\AVGFRE~2\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Documents and Settings\HP_Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Administrator.exe
F1 - win.ini: load=c:\01comm32\bin\01comm32.exe
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~2\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~2\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &eBay Search -
res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Append to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {37309153-EBDD-43BC-9993-0465005041F0} (BIWViewer Class) -
http://cwcl.mybiw.com/classes/4.1.0.3/BIWViewer_40.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 4359811696
O16 - DPF: {AD5F3C4B-BD73-11D5-838B-0050042DF1E4} (HOOPS 3D Stream Control Class) -
http://www.hoops3d.com/downloads/hoopsatlcontrol.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
https://fpdownload.macromedia.com/get/s ... wflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -
https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~2\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~2\avgupsvc.exe
O23 - Service: COSIDS_TB - TransAction Software, D 81737 Munich - C:\PROGRA~1\COSIDS1\BIN\TbMux32.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 13920 bytes
-- File Associations -----------------------------------------------------------
.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 ELhid - c:\windows\system32\drivers\elhid.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 ELkbd - c:\windows\system32\drivers\elkbd.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 ELmon - c:\windows\system32\drivers\elmon.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 ELmou - c:\windows\system32\drivers\elmou.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 vcdrom (Virtual CD-ROM Device Driver) - c:\windows\system32\drivers\vcdrom.sys <Not Verified; Microsoft Corporation; VirtualCdRom>
R2 DgiVecp - c:\windows\system32\drivers\dgivecp.sys <Not Verified; Samsung Electronics Co., Ltd.; Samsung Electronics Co., Ltd. VECP for Windows 2000, XP>
R2 WinDriver - c:\windows\system32\drivers\windrvr.sys <Not Verified; KRFTech; WinDriver Device Driver>
S0 ftsata2 - c:\windows\system32\drivers\ftsata2.sys (file missing)
S3 EraserUtilRebootDrv - c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys (file missing)
S3 F5U103BD (Belkin F5U103 USB-RS232 Bus Driver) - c:\windows\system32\drivers\f5u103bd.sys <Not Verified; Belkin Components; Belkin USB Serial Converter>
S3 F5U103UD (Belkin F5U103 USB-RS232 Port Driver) - c:\windows\system32\drivers\f5u103ud.sys <Not Verified; Belkin Components; Belkin USB Serial Converter>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 AdobeActiveFileMonitor5.0 (Adobe Active File Monitor V5) - c:\program files\adobe\photoshop elements 5.0\photoshopelementsfileagent.exe
R2 COSIDS_TB - c:\progra~1\cosids1\bin\tbmux32.exe <Not Verified; TransAction Software, D 81737 Munich; TransBase/CD DataBase System>
R2 ELService (Intel® Quick Resume Technology Drivers) - "c:\program files\intel\inteldh\intel(r) quick resume technology\elservice.exe" <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
R3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Wireless LAN PCI 802.11 b/g adapter WN5301A
Device ID: PCI\VEN_168C&DEV_001B&SUBSYS_500111AD&REV_01\4&1AF1648C&0&18F0
Manufacturer: Liteon
Name: Wireless LAN PCI 802.11 b/g adapter WN5301A
PNP Device ID: PCI\VEN_168C&DEV_001B&SUBSYS_500111AD&REV_01\4&1AF1648C&0&18F0
Service: WN5301
-- Files created between 2007-08-03 and 2007-09-03 -----------------------------
2007-09-02 20:17:37 0 d-------- C:\Program Files\CCleaner
2007-09-02 09:32:06 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Nokia Multimedia Player
2007-08-30 20:23:18 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Nokia
2007-08-30 20:22:35 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Datalayer
2007-08-30 20:18:42 0 d-------- C:\Documents and Settings\HP_Administrator\Phone Browser
2007-08-30 20:11:07 0 d-------- C:\Program Files\DIFX
2007-08-30 20:10:40 0 d-------- C:\Program Files\Common Files\Nokia
2007-08-30 20:10:25 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\PC Suite
2007-08-30 20:10:24 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-08-30 20:10:18 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-08-30 20:10:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-08-30 20:09:43 0 d-------- C:\Program Files\Nokia
2007-08-30 20:09:43 0 d-------- C:\Program Files\Common Files\PCSuite
2007-08-30 18:22:59 0 d-------- C:\Program Files\Trend Micro
2007-08-30 17:40:59 0 d-------- C:\WINDOWS\pss
2007-08-30 12:36:58 4764 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-30 12:36:38 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-08-30 12:36:38 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2007-08-30 12:36:38 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-21 06:25:35 0 d-------- C:\Program Files\SpyZooka
2007-08-16 09:07:36 0 d-------- C:\Program Files\MSXML 6.0
2007-08-06 08:33:00 0 d-------- C:\Program Files\Common Files\KORG
2007-08-06 08:32:57 0 d-------- C:\Program Files\KORG
2007-08-06 08:19:17 8576 --a------ C:\WINDOWS\system32\drivers\VCdRom.sys <Not Verified; Microsoft Corporation; VirtualCdRom>
2007-08-06 08:17:34 0 d-------- C:\dst2
2007-08-06 08:09:44 0 d-------- C:\Korg
-- Find3M Report ---------------------------------------------------------------
2007-09-02 20:37:37 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-02 07:56:23 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Skype
2007-08-30 23:19:33 356942 --a------ C:\Documents and Settings\HP_Administrator\Application Data\NMM-MetaData.db
2007-08-30 20:10:40 0 d-------- C:\Program Files\Common Files
2007-08-30 10:59:31 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\AVG7
2007-08-16 19:35:25 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2007-08-12 16:18:54 196 --a------ C:\Documents and Settings\HP_Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
2007-08-10 17:48:00 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\ProjectPoint-7
2007-08-05 14:41:20 0 d-------- C:\Program Files\Autodesk Architectural Desktop 2006
2007-08-05 14:40:54 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2007-08-05 14:40:13 0 d-------- C:\Program Files\AnswerWorks 4.0
2007-07-31 09:51:49 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\WinBatch
2007-07-30 21:21:51 0 d-------- C:\Program Files\Skype
2007-07-30 21:21:49 0 d-------- C:\Program Files\Common Files\Skype
2007-07-19 09:45:22 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Ahead
2007-07-19 09:32:19 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-19 09:31:02 0 d-------- C:\Program Files\Nero
2007-07-19 09:22:38 0 d-------- C:\Program Files\Ahead
2007-06-27 14:04:01 12246223 -----n--- C:\AVG7QT.DAT
2007-06-27 08:00:07 12246223 --a------ C:\avg7qt(2).dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [05/08/2005 13:56]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [12/10/2005 12:30]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [31/10/2006 14:35]
"nwiz"="nwiz.exe" [31/10/2006 14:35 C:\WINDOWS\system32\nwiz.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [02/06/2005 00:35]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [22/07/2005 15:14]
"PCDrProfiler"="" []
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [13/12/2004 19:23]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [15/12/2005 11:18]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 17:44]
"RegistryMechanic"="" []
"Startup Manager Scanner"="C:\Program Files\Startup Mechanic\StartupMonitor.exe" [05/09/2004 19:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/06/2006 06:33]
"LogMeIn GUI"="C:\Program Files\LogMeIn\LogMeInSystray.exe" [06/10/2006 20:55]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [21/11/2006 18:38]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [22/10/2006 23:24]
"@"="" []
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [04/05/2007 17:39]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~2\avgcc.exe" [17/08/2007 09:26]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [28/06/2007 10:45]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/03/2007 15:57]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe" [07/06/2006 12:25]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [28/11/2006 01:12]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [09/08/2004 22:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [17/06/2007 19:41]
"skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/07/2007 17:10]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [27/06/2006 16:21]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"WinAVX"=C:\WINDOWS\system32\WinAvXX.exe
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 20:16:50]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [26/10/2006 20:24:54]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [23/10/2006 00:01:50]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [05/03/2005 14:18:22]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [15/12/2005 11:40:44]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 02:01:04]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [26/10/2005 04:09:52]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [05/02/2007 15:40:46]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [24/11/2006 17:43:32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableCMD"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewContextMenu"=0 (0x0)
"NoFolderOptions"=0 (0x0)
"ForceClassicControlPanel"=1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05/02/2007 15:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d968e6e1-7a3c-11db-9497-001731c58ae0}]
AutoRun\command- H:\JDLightning\Windows\JDLightning.exe
-- Hosts -----------------------------------------------------------------------
192.168.200.3 ad.doubleclick.net
192.168.200.3 ad.fastclick.net
192.168.200.3 ads.fastclick.net
192.168.200.3 atdmt.com
192.168.200.3 awaps.net
192.168.200.3 banner.fastclick.net
192.168.200.3 banners.fastclick.net
192.168.200.3 click.atdmt.com
192.168.200.3 clicks.atdmt.com
192.168.200.3 engine.awaps.net
8 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2007-09-03 20:53:42 ------------
extra.txt file as follows:
Deckard's System Scanner v20070826.66
Run by HP_Administrator on 2007-09-03 20:49:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
-- Last 5 Restore Point(s) --
36: 2007-09-03 18:58:58 UTC - RP365 - Deckard's System Scanner Restore Point
35: 2007-09-02 19:31:22 UTC - RP364 - Removed SpyZooka
34: 2007-09-01 20:25:29 UTC - RP363 - System Checkpoint
33: 2007-08-31 19:25:23 UTC - RP362 - System Checkpoint
32: 2007-08-30 19:10:36 UTC - RP361 - Installed Nokia PC Suite
-- First Restore Point --
1: 2007-07-27 09:09:20 UTC - RP330 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as HP_Administrator.exe) ------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:53:11, on 03/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~2\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~2\avgupsvc.exe
C:\PROGRA~1\COSIDS1\BIN\TbMux32.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\PROGRA~1\Grisoft\AVGFRE~2\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Documents and Settings\HP_Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Administrator.exe
F1 - win.ini: load=c:\01comm32\bin\01comm32.exe
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~2\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~2\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &eBay Search -
res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Append to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {37309153-EBDD-43BC-9993-0465005041F0} (BIWViewer Class) -
http://cwcl.mybiw.com/classes/4.1.0.3/BIWViewer_40.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 4359811696
O16 - DPF: {AD5F3C4B-BD73-11D5-838B-0050042DF1E4} (HOOPS 3D Stream Control Class) -
http://www.hoops3d.com/downloads/hoopsatlcontrol.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
https://fpdownload.macromedia.com/get/s ... wflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -
https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~2\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~2\avgupsvc.exe
O23 - Service: COSIDS_TB - TransAction Software, D 81737 Munich - C:\PROGRA~1\COSIDS1\BIN\TbMux32.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 13920 bytes
-- File Associations -----------------------------------------------------------
.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 ELhid - c:\windows\system32\drivers\elhid.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 ELkbd - c:\windows\system32\drivers\elkbd.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 ELmon - c:\windows\system32\drivers\elmon.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 ELmou - c:\windows\system32\drivers\elmou.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 vcdrom (Virtual CD-ROM Device Driver) - c:\windows\system32\drivers\vcdrom.sys <Not Verified; Microsoft Corporation; VirtualCdRom>
R2 DgiVecp - c:\windows\system32\drivers\dgivecp.sys <Not Verified; Samsung Electronics Co., Ltd.; Samsung Electronics Co., Ltd. VECP for Windows 2000, XP>
R2 WinDriver - c:\windows\system32\drivers\windrvr.sys <Not Verified; KRFTech; WinDriver Device Driver>
S0 ftsata2 - c:\windows\system32\drivers\ftsata2.sys (file missing)
S3 EraserUtilRebootDrv - c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys (file missing)
S3 F5U103BD (Belkin F5U103 USB-RS232 Bus Driver) - c:\windows\system32\drivers\f5u103bd.sys <Not Verified; Belkin Components; Belkin USB Serial Converter>
S3 F5U103UD (Belkin F5U103 USB-RS232 Port Driver) - c:\windows\system32\drivers\f5u103ud.sys <Not Verified; Belkin Components; Belkin USB Serial Converter>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 AdobeActiveFileMonitor5.0 (Adobe Active File Monitor V5) - c:\program files\adobe\photoshop elements 5.0\photoshopelementsfileagent.exe
R2 COSIDS_TB - c:\progra~1\cosids1\bin\tbmux32.exe <Not Verified; TransAction Software, D 81737 Munich; TransBase/CD DataBase System>
R2 ELService (Intel® Quick Resume Technology Drivers) - "c:\program files\intel\inteldh\intel(r) quick resume technology\elservice.exe" <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
R3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Wireless LAN PCI 802.11 b/g adapter WN5301A
Device ID: PCI\VEN_168C&DEV_001B&SUBSYS_500111AD&REV_01\4&1AF1648C&0&18F0
Manufacturer: Liteon
Name: Wireless LAN PCI 802.11 b/g adapter WN5301A
PNP Device ID: PCI\VEN_168C&DEV_001B&SUBSYS_500111AD&REV_01\4&1AF1648C&0&18F0
Service: WN5301
-- Files created between 2007-08-03 and 2007-09-03 -----------------------------
2007-09-02 20:17:37 0 d-------- C:\Program Files\CCleaner
2007-09-02 09:32:06 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Nokia Multimedia Player
2007-08-30 20:23:18 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Nokia
2007-08-30 20:22:35 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Datalayer
2007-08-30 20:18:42 0 d-------- C:\Documents and Settings\HP_Administrator\Phone Browser
2007-08-30 20:11:07 0 d-------- C:\Program Files\DIFX
2007-08-30 20:10:40 0 d-------- C:\Program Files\Common Files\Nokia
2007-08-30 20:10:25 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\PC Suite
2007-08-30 20:10:24 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-08-30 20:10:18 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-08-30 20:10:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-08-30 20:09:43 0 d-------- C:\Program Files\Nokia
2007-08-30 20:09:43 0 d-------- C:\Program Files\Common Files\PCSuite
2007-08-30 18:22:59 0 d-------- C:\Program Files\Trend Micro
2007-08-30 17:40:59 0 d-------- C:\WINDOWS\pss
2007-08-30 12:36:58 4764 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-30 12:36:38 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-08-30 12:36:38 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2007-08-30 12:36:38 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-21 06:25:35 0 d-------- C:\Program Files\SpyZooka
2007-08-16 09:07:36 0 d-------- C:\Program Files\MSXML 6.0
2007-08-06 08:33:00 0 d-------- C:\Program Files\Common Files\KORG
2007-08-06 08:32:57 0 d-------- C:\Program Files\KORG
2007-08-06 08:19:17 8576 --a------ C:\WINDOWS\system32\drivers\VCdRom.sys <Not Verified; Microsoft Corporation; VirtualCdRom>
2007-08-06 08:17:34 0 d-------- C:\dst2
2007-08-06 08:09:44 0 d-------- C:\Korg
-- Find3M Report ---------------------------------------------------------------
2007-09-02 20:37:37 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-02 07:56:23 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Skype
2007-08-30 23:19:33 356942 --a------ C:\Documents and Settings\HP_Administrator\Application Data\NMM-MetaData.db
2007-08-30 20:10:40 0 d-------- C:\Program Files\Common Files
2007-08-30 10:59:31 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\AVG7
2007-08-16 19:35:25 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2007-08-12 16:18:54 196 --a------ C:\Documents and Settings\HP_Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
2007-08-10 17:48:00 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\ProjectPoint-7
2007-08-05 14:41:20 0 d-------- C:\Program Files\Autodesk Architectural Desktop 2006
2007-08-05 14:40:54 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2007-08-05 14:40:13 0 d-------- C:\Program Files\AnswerWorks 4.0
2007-07-31 09:51:49 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\WinBatch
2007-07-30 21:21:51 0 d-------- C:\Program Files\Skype
2007-07-30 21:21:49 0 d-------- C:\Program Files\Common Files\Skype
2007-07-19 09:45:22 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Ahead
2007-07-19 09:32:19 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-19 09:31:02 0 d-------- C:\Program Files\Nero
2007-07-19 09:22:38 0 d-------- C:\Program Files\Ahead
2007-06-27 14:04:01 12246223 -----n--- C:\AVG7QT.DAT
2007-06-27 08:00:07 12246223 --a------ C:\avg7qt(2).dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [05/08/2005 13:56]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [12/10/2005 12:30]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [31/10/2006 14:35]
"nwiz"="nwiz.exe" [31/10/2006 14:35 C:\WINDOWS\system32\nwiz.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [02/06/2005 00:35]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [22/07/2005 15:14]
"PCDrProfiler"="" []
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [13/12/2004 19:23]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [15/12/2005 11:18]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 17:44]
"RegistryMechanic"="" []
"Startup Manager Scanner"="C:\Program Files\Startup Mechanic\StartupMonitor.exe" [05/09/2004 19:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/06/2006 06:33]
"LogMeIn GUI"="C:\Program Files\LogMeIn\LogMeInSystray.exe" [06/10/2006 20:55]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [21/11/2006 18:38]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [22/10/2006 23:24]
"@"="" []
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [04/05/2007 17:39]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~2\avgcc.exe" [17/08/2007 09:26]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [28/06/2007 10:45]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/03/2007 15:57]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe" [07/06/2006 12:25]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [28/11/2006 01:12]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [09/08/2004 22:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [17/06/2007 19:41]
"skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/07/2007 17:10]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [27/06/2006 16:21]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"WinAVX"=C:\WINDOWS\system32\WinAvXX.exe
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 20:16:50]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [26/10/2006 20:24:54]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [23/10/2006 00:01:50]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [05/03/2005 14:18:22]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [15/12/2005 11:40:44]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 02:01:04]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [26/10/2005 04:09:52]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [05/02/2007 15:40:46]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [24/11/2006 17:43:32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableCMD"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewContextMenu"=0 (0x0)
"NoFolderOptions"=0 (0x0)
"ForceClassicControlPanel"=1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05/02/2007 15:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d968e6e1-7a3c-11db-9497-001731c58ae0}]
AutoRun\command- H:\JDLightning\Windows\JDLightning.exe
-- Hosts -----------------------------------------------------------------------
192.168.200.3 ad.doubleclick.net
192.168.200.3 ad.fastclick.net
192.168.200.3 ads.fastclick.net
192.168.200.3 atdmt.com
192.168.200.3 awaps.net
192.168.200.3 banner.fastclick.net
192.168.200.3 banners.fastclick.net
192.168.200.3 click.atdmt.com
192.168.200.3 clicks.atdmt.com
192.168.200.3 engine.awaps.net
8 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2007-09-03 20:53:42 ------------