Tech Support Forum banner
Cancel
Create thread New Forums
Status
Not open for further replies.

Rundll32.exe - Bad Image error on start up

Jump to Latest
1.3K views 1 reply 1 participant last post by  Jaccals  
J
#1 ·
RUNDLL.exe - Bad image error

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-04-21 12:31:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
118: 2008-04-21 10:31:59 UTC - RP118 - Deckard's System Scanner Restore Point
117: 2008-04-21 09:10:30 UTC - RP117 - Removed Safari
116: 2008-04-20 10:16:39 UTC - RP116 - Software Distribution Service 3.0
115: 2008-04-20 10:15:41 UTC - RP115 - Removed SUPERAntiSpyware Free Edition
114: 2008-04-20 10:10:08 UTC - RP114 - Restore Operation


-- First Restore Point --
1: 2008-04-16 20:02:40 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-21 12:35:44
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.20733)
Boot mode: Normal

Running processes:
D:\WINDOWS\system32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\sttray.exe
D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
D:\Program Files\Ahead\InCD\InCD.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Alwil Software\Avast4\ashDisp.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\D-Tools\daemon.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
D:\Program Files\WordWeb\wweb32.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
D:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
D:\Documents and Settings\Administrator\Desktop\dss.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {36B5B879-B652-41E2-B37C-161E15053D60} - D:\WINDOWS\system32\hggdabya.dll
O2 - BHO: nextads browser optimizer - {6dd616d4-9eb7-4536-def1-9575131a0635} - D:\WINDOWS\system32\{487a7664-9b69-1923-b5da-c022652d0f23}.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {A57A2B9D-65D3-4858-9E31-0876161EF4D1} - D:\WINDOWS\system32\yayaabxu.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {B48AEA7E-67A0-4B3C-8C56-E9F7350E247C} - D:\WINDOWS\system32\ssqroopp.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] D:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LSA Shellu] D:\Documents and Settings\Administrator\lsass.exe
O4 - HKLM\..\Run: [spa_start] D:\WINDOWS\System32\Rundll32.exe "D:\WINDOWS\system32\{487a7664-9b69-1923-b5da-c022652d0f23}.dll" DllInit
O4 - HKLM\..\Run: [307948c1] rundll32.exe "D:\WINDOWS\system32\qbiprcsb.dll",b
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "D:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [iLike] D:\Program Files\iLike\1.1.35\ilikesidebar.exe /checkforupdate (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [iLike] D:\Program Files\iLike\1.1.35\ilikesidebar.exe /checkforupdate (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: WordWeb.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options Group: [TABS] Tabbed Browsing
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/fhg.CAB
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file:///E:/Player/noflash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{0A9C77E4-843A-43D0-B230-389E84FEABF4}: NameServer = 10.10.11.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: hggdabya - D:\WINDOWS\system32\hggdabya.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - D:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - D:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe


--
End of file - 14621 bytes

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "D:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "D:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 Haspnt - d:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R2 Sentinel - d:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>

S1 SASDIFSV - d:\program files\superantispyware\sasdifsv.sys (file missing)
S1 SASKUTIL - d:\program files\superantispyware\saskutil.sys (file missing)
S2 DS1410D - d:\windows\system32\drivers\ds1410d.sys (file missing)
S3 94487a45-c157-423d-a2de-34240896cd6d - e:\player\cds300.dll (file missing)
S3 PciCon - e:\pcicon.sys (file missing)
S3 SASENUM - d:\program files\superantispyware\sasenum.sys (file missing)
S3 Sntnlusb (Rainbow USB SuperPro) - d:\windows\system32\drivers\sntnlusb.sys <Not Verified; Rainbow Technologies Inc.; Rainbow Technologies USB Security Device Driver>
S3 wlanndi5 (wlanndi5 NDIS Protocol Driver) - d:\windows\system32\wlanndi5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "d:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "d:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 STacSV (SigmaTel Audio Service) - d:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
R3 FLEXnet Licensing Service - "d:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
R3 ServiceLayer - "d:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 82566DC Gigabit Network Connection
Device ID: PCI\VEN_8086&DEV_104B&SUBSYS_00018086&REV_02\3&61AAA01&0&C8
Manufacturer: Intel
Name: Intel(R) 82566DC Gigabit Network Connection
PNP Device ID: PCI\VEN_8086&DEV_104B&SUBSYS_00018086&REV_02\3&61AAA01&0&C8
Service: e1express

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1B9663F902700
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\1B9663F902700
Service: NIC1394

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nope foon
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nope foon
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Scheduled Tasks -------------------------------------------------------------

2008-04-21 10:57:27 330 --ah----- D:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-04-17 19:51:01 284 --a------ D:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-21 and 2008-04-21 -----------------------------

2008-04-21 12:14:39 0 d-------- D:\Program Files\SpywareBlaster
2008-04-20 13:52:54 0 d-------- D:\Program Files\EA SPORTS
2008-04-18 01:32:36 237568 --a------ D:\Documents and Settings\LocalService\ntuser.dat
2008-04-18 01:32:36 6553600 --a------ D:\Documents and Settings\Administrator\ntuser.dat
2008-04-18 01:14:46 88128 --a------ D:\WINDOWS\system32\qbiprcsb.dll
2008-04-18 01:14:01 212632 --ahs---- D:\WINDOWS\system32\uxbaayay.ini2
2008-04-18 01:13:48 272896 --a------ D:\WINDOWS\system32\yayaabxu.dll
2008-04-16 22:02:30 189048 --ahs---- D:\WINDOWS\system32\ppoorqss.ini2
2008-04-16 22:02:16 270336 --a------ D:\WINDOWS\system32\ssqroopp.dll
2008-04-16 20:58:39 0 d-------- D:\WINDOWS\system32\em3
2008-04-16 20:58:11 0 d-------- D:\WINDOWS\system32\gwm7
2008-04-16 20:58:01 0 d-------- D:\WINDOWS\system32\pID2
2008-04-16 20:57:42 0 d-------- D:\WINDOWS\system32\xcsDd18
2008-04-16 20:57:09 30720 --a------ D:\WINDOWS\system32\hggdabya.dll
2008-04-16 20:57:04 10240 --a------ D:\Documents and Settings\Administrator\services.exe
2008-04-16 20:56:40 29696 ---hs---- D:\Documents and Settings\Administrator\lsass.exe
2008-04-16 20:27:26 0 d-------- D:\Documents and Settings\Administrator\Application Data\fretsonfire
2008-04-16 20:27:15 0 d-------- D:\Program Files\Frets on Fire
2008-04-15 12:52:19 0 d-------- D:\Program Files\Common Files\PCSuite
2008-04-15 12:52:18 0 d-------- D:\Program Files\Common Files\Nokia
2008-04-15 12:51:17 0 d-------- D:\Program Files\PC Connectivity Solution
2008-04-14 12:49:37 0 d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-14 12:49:29 0 d-------- D:\Program Files\SUPERAntiSpyware
2008-04-14 12:49:29 0 d-------- D:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-08 17:29:36 0 d-------- D:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-07 14:32:27 0 d-------- D:\Documents and Settings\Administrator\Application Data\Nokia Multimedia Player
2008-04-04 14:35:02 329728 --a------ D:\WINDOWS\system32\{487a7664-9b69-1923-b5da-c022652d0f23}.dll
2008-04-04 13:39:10 0 d-------- D:\Program Files\Total Video Converter
2008-04-03 20:21:21 0 d-------- D:\Program Files\iPod
2008-04-03 13:32:06 0 d-------- D:\Documents and Settings\Administrator\Application Data\iLike
2008-04-03 13:31:43 0 d-------- D:\Program Files\iLike
2008-03-31 14:28:47 0 d-------- D:\Program Files\CamStudio
2008-03-30 23:20:27 0 d-------- D:\Program Files\iTunes
2008-03-30 23:19:54 0 d-------- D:\Program Files\Apple Software Update
2008-03-30 23:19:30 0 d-------- D:\Program Files\Common Files\Apple
2008-03-30 23:19:29 0 d-------- D:\Documents and Settings\All Users\Application Data\Apple


-- Find3M Report ---------------------------------------------------------------

2008-04-21 10:54:33 8405015 --a------ D:\WINDOWS\TempFile
2008-04-20 12:15:46 0 d-------- D:\Program Files\Common Files
2008-04-15 22:10:57 0 d-------- D:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-15 12:52:18 0 d-------- D:\Program Files\Nokia
2008-04-05 17:16:14 0 d-------- D:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-05 16:25:02 0 d-------- D:\Documents and Settings\Administrator\Application Data\Nokia
2008-04-03 20:20:00 0 d-------- D:\Program Files\QuickTime
2008-03-30 23:20:16 0 d-------- D:\Program Files\Bonjour
2008-03-23 18:11:50 0 d-------- D:\Program Files\Java
2008-03-17 16:27:15 0 d-------- D:\Program Files\WordWeb
2008-03-17 15:41:39 0 d-------- D:\Program Files\Paprikari
2008-03-17 15:38:22 0 d-------- D:\Documents and Settings\Administrator\Application Data\LEGO Company
2008-03-17 15:38:14 0 d-------- D:\Program Files\LEGO Company
2008-03-13 00:24:47 102032 --a------ D:\WINDOWS\hpoins04.dat
2008-03-13 00:24:26 0 d-------- D:\Program Files\Common Files\Hewlett-Packard
2008-03-13 00:24:12 0 d-------- D:\Program Files\HP
2008-03-11 23:54:44 0 d-------- D:\Documents and Settings\Administrator\Application Data\PC Suite
2008-03-11 23:47:02 0 d-------- D:\Program Files\DIFX
2008-03-06 14:16:01 0 d-------- D:\Program Files\Common Files\Adobe
2008-03-06 14:14:11 0 d-------- D:\Program Files\Common Files\Control Panels
2008-03-06 13:40:26 0 d-------- D:\Program Files\Common Files\Macrovision Shared
2008-03-06 13:32:35 0 d-------- D:\Program Files\D-Tools
2008-03-05 22:15:04 2560 --a------ D:\WINDOWS\_MSRSTRT.EXE
2008-03-04 13:21:34 0 d-------- D:\Program Files\tamasoftware
2008-03-03 11:10:31 0 d-------- D:\Documents and Settings\Administrator\Application Data\DataLayer
2008-02-23 16:00:01 0 d-------- D:\Documents and Settings\Administrator\Application Data\CyberLink
2008-02-13 14:44:41 11270 --ahs---- D:\WINDOWS\system32\KGyGaAvL.sys
2008-02-13 14:44:41 56 -r-hs---- D:\WINDOWS\system32\5E340BA06B.sys
2008-02-08 13:26:55 0 --a------ D:\WINDOWS\nsreg.dat
2008-01-29 15:34:44 501 --a------ D:\WINDOWS\eReg.dat
2008-01-28 22:24:15 6656 --a------ D:\WINDOWS\system32\haspvdd.dll <Not Verified; Aladdin Knowledge Systems.; Windows NT HASP Virtual Device Driver>
2008-01-28 22:24:15 383 --a------ D:\WINDOWS\system32\haspdos.sys
2008-01-28 19:43:58 62 --ahs---- D:\Documents and Settings\Administrator\Application Data\desktop.ini
2008-01-28 17:51:24 21640 --a------ D:\WINDOWS\system32\emptyregdb.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36B5B879-B652-41E2-B37C-161E15053D60}]
2008/04/16 08:57 PM 30720 --a------ D:\WINDOWS\system32\hggdabya.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6dd616d4-9eb7-4536-def1-9575131a0635}]
2008/04/04 02:35 PM 329728 --a------ D:\WINDOWS\system32\{487a7664-9b69-1923-b5da-c022652d0f23}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A57A2B9D-65D3-4858-9E31-0876161EF4D1}]
2008/04/18 01:14 AM 272896 --a------ D:\WINDOWS\system32\yayaabxu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B48AEA7E-67A0-4B3C-8C56-E9F7350E247C}]
2008/04/16 10:02 PM 270336 --a------ D:\WINDOWS\system32\ssqroopp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" [2007/05/06 05:10 PM D:\WINDOWS\sttray.exe]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006/11/10 05:25 AM]
"RemoteControl"="D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004/11/02 08:24 PM]
"InCD"="D:\Program Files\Ahead\InCD\InCD.exe" [2006/07/12 11:58 AM]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001/07/09 11:50 AM]
"GrooveMonitor"="D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006/10/27 12:47 AM]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008/02/22 04:25 AM]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008/03/29 08:37 PM]
"Windows Defender"="D:\Program Files\Windows Defender\MSASCui.exe" [2006/11/03 06:20 PM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004/08/04 01:56 AM D:\WINDOWS\system32\bthprops.cpl]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2006/11/10 05:26 AM]
"DAEMON Tools-1033"="D:\Program Files\D-Tools\daemon.exe" [2004/08/22 05:05 PM]
"Acrobat Assistant 8.0"="D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008/01/11 07:54 PM]
"Adobe_ID0EYTHM"="D:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007/03/20 04:40 PM]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008/01/11 10:16 PM]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2008/03/28 11:37 PM]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008/03/30 10:36 AM]
"LSA Shellu"="D:\Documents and Settings\Administrator\lsass.exe" [2008/04/03 04:01 PM]
"spa_start"="D:\WINDOWS\system32\{487a7664-9b69-1923-b5da-c022652d0f23}.dll" [2008/04/04 02:35 PM]
"307948c1"="D:\WINDOWS\system32\qbiprcsb.dll" [2008/04/18 01:14 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008/04/12 10:13 AM]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004/08/04 01:56 AM]
"PC Suite Tray"="D:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008/03/28 11:20 AM]
"Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008/03/26 06:41 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"iLike"=D:\Program Files\iLike\1.1.35\ilikesidebar.exe /checkforupdate
"Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
"DWQueuedReporting"="D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

D:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006/10/26 08:24:54 PM]
WordWeb.lnk - D:\Program Files\WordWeb\wweb32.exe [2008/03/17 04:27:15 PM]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [2008/01/28 11:46:38 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{36B5B879-B652-41E2-B37C-161E15053D60}"= D:\WINDOWS\system32\hggdabya.dll [2008/04/16 08:57 PM 30720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggdabya]
hggdabya.dll 2008/04/16 08:57 PM 30720 D:\WINDOWS\system32\hggdabya.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 D:\WINDOWS\system32\yayaabxu

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22ad4001-cdd4-11dc-bf62-0013f723f520}]
Auto\command- G:\Start.exe
AutoRun\command- D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7795382c-d499-11dc-bf73-0013f723f520}]
AutoRun\command- ntdelect.com
explore\Command- utdetect.com
open\Command- utdetect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c84f217a-f5b9-11dc-9864-001060b1cc99}]
AutoRun\command- b.com
explore\Command- b.com
open\Command- b.com




-- End of Deckard's System Scanner: finished at 2008-04-21 12:36:08 ------------
 

Attachments

See less See more
J
#2 ·
When starting up windows XP an error window pops up:

"Rundll.exe - Bad Image.

The error inside the window refers to: "The application or DLL C:\WINDOWS\system32\{487a7664-9b69-1923-b5da-c022652d0f23}.dll is not a valid Windows image. Please check this against your installation diskette."

After I click 'OK' the following message appears: "Error Loading D:\Windows\system32\{487a7664-9b69-1923-b5da-c022652d0f23}.dll %1 is not a valid WIN32 application.

AND THEN:

When I click Mozilla or IE Explorer this error message appears: 'The application or dll D:\Windows\system32\hggdabaya.dll is not a valid windows image. Please check this against your installation diskette.'

I am not sure how better to describe this topic title since I don't know what type of problem this is. I did try XP system restores (i.e. prior to when the problem starting occurring), but XP informs me that the restores were unsuccessful after restarting the system.

Any guidance would be greatly appreciated.

Thank you
Jaccals

Log file:
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-04-21 13:54:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:54:34 PM, on 2008/04/21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\sttray.exe
D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
D:\Program Files\Ahead\InCD\InCD.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\D-Tools\daemon.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
D:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
D:\Program Files\WordWeb\wweb32.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
D:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Administrator\Desktop\dss.exe
D:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {36B5B879-B652-41E2-B37C-161E15053D60} - D:\WINDOWS\system32\hggdabya.dll
O2 - BHO: nextads browser optimizer - {6dd616d4-9eb7-4536-def1-9575131a0635} - D:\WINDOWS\system32\{487a7664-9b69-1923-b5da-c022652d0f23}.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {A57A2B9D-65D3-4858-9E31-0876161EF4D1} - D:\WINDOWS\system32\yayaabxu.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {B48AEA7E-67A0-4B3C-8C56-E9F7350E247C} - D:\WINDOWS\system32\ssqroopp.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] D:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LSA Shellu] D:\Documents and Settings\Administrator\lsass.exe
O4 - HKLM\..\Run: [spa_start] D:\WINDOWS\System32\Rundll32.exe "D:\WINDOWS\system32\{487a7664-9b69-1923-b5da-c022652d0f23}.dll" DllInit
O4 - HKLM\..\Run: [307948c1] rundll32.exe "D:\WINDOWS\system32\qbiprcsb.dll",b
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "D:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: WordWeb.lnk = D:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file:///E:/Player/noflash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A9C77E4-843A-43D0-B230-389E84FEABF4}: NameServer = 10.10.11.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A9C77E4-843A-43D0-B230-389E84FEABF4}: NameServer = 10.10.11.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A9C77E4-843A-43D0-B230-389E84FEABF4}: NameServer = 10.10.11.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: hggdabya - D:\WINDOWS\SYSTEM32\hggdabya.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - D:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - D:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

--
End of file - 13191 bytes

-- Files created between 2008-03-21 and 2008-04-21 -----------------------------

2008-04-21 13:34:52 0 d-------- D:\Program Files\Trend Micro
2008-04-21 12:14:39 0 d-------- D:\Program Files\SpywareBlaster
2008-04-20 13:52:54 0 d-------- D:\Program Files\EA SPORTS
2008-04-18 01:32:36 237568 --a------ D:\Documents and Settings\LocalService\ntuser.dat
2008-04-18 01:32:36 6553600 --a------ D:\Documents and Settings\Administrator\ntuser.dat
2008-04-18 01:14:46 88128 --a------ D:\WINDOWS\system32\qbiprcsb.dll
2008-04-18 01:14:01 212632 --ahs---- D:\WINDOWS\system32\uxbaayay.ini2
2008-04-18 01:13:48 272896 --a------ D:\WINDOWS\system32\yayaabxu.dll
2008-04-16 22:02:30 189048 --ahs---- D:\WINDOWS\system32\ppoorqss.ini2
2008-04-16 22:02:16 270336 --a------ D:\WINDOWS\system32\ssqroopp.dll
2008-04-16 20:58:39 0 d-------- D:\WINDOWS\system32\em3
2008-04-16 20:58:11 0 d-------- D:\WINDOWS\system32\gwm7
2008-04-16 20:58:01 0 d-------- D:\WINDOWS\system32\pID2
2008-04-16 20:57:42 0 d-------- D:\WINDOWS\system32\xcsDd18
2008-04-16 20:57:09 30720 --a------ D:\WINDOWS\system32\hggdabya.dll
2008-04-16 20:57:04 10240 --a------ D:\Documents and Settings\Administrator\services.exe
2008-04-16 20:56:40 29696 ---hs---- D:\Documents and Settings\Administrator\lsass.exe
2008-04-16 20:27:26 0 d-------- D:\Documents and Settings\Administrator\Application Data\fretsonfire
2008-04-16 20:27:15 0 d-------- D:\Program Files\Frets on Fire
2008-04-15 12:52:19 0 d-------- D:\Program Files\Common Files\PCSuite
2008-04-15 12:52:18 0 d-------- D:\Program Files\Common Files\Nokia
2008-04-15 12:51:17 0 d-------- D:\Program Files\PC Connectivity Solution
2008-04-14 12:49:37 0 d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-14 12:49:29 0 d-------- D:\Program Files\SUPERAntiSpyware
2008-04-14 12:49:29 0 d-------- D:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-08 17:29:36 0 d-------- D:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-07 14:32:27 0 d-------- D:\Documents and Settings\Administrator\Application Data\Nokia Multimedia Player
2008-04-04 14:35:02 329728 --a------ D:\WINDOWS\system32\{487a7664-9b69-1923-b5da-c022652d0f23}.dll
2008-04-04 13:39:10 0 d-------- D:\Program Files\Total Video Converter
2008-04-03 20:21:21 0 d-------- D:\Program Files\iPod
2008-04-03 13:32:06 0 d-------- D:\Documents and Settings\Administrator\Application Data\iLike
2008-04-03 13:31:43 0 d-------- D:\Program Files\iLike
2008-03-31 14:28:47 0 d-------- D:\Program Files\CamStudio
2008-03-30 23:20:27 0 d-------- D:\Program Files\iTunes
2008-03-30 23:19:54 0 d-------- D:\Program Files\Apple Software Update
2008-03-30 23:19:30 0 d-------- D:\Program Files\Common Files\Apple
2008-03-30 23:19:29 0 d-------- D:\Documents and Settings\All Users\Application Data\Apple


-- Find3M Report ---------------------------------------------------------------

2008-04-21 13:37:46 8405015 --a------ D:\WINDOWS\TempFile
2008-04-20 12:15:46 0 d-------- D:\Program Files\Common Files
2008-04-15 22:10:57 0 d-------- D:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-15 12:52:18 0 d-------- D:\Program Files\Nokia
2008-04-05 17:16:14 0 d-------- D:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-05 16:25:02 0 d-------- D:\Documents and Settings\Administrator\Application Data\Nokia
2008-04-03 20:20:00 0 d-------- D:\Program Files\QuickTime
2008-03-30 23:20:16 0 d-------- D:\Program Files\Bonjour
2008-03-23 18:11:50 0 d-------- D:\Program Files\Java
2008-03-17 16:27:15 0 d-------- D:\Program Files\WordWeb
2008-03-17 15:41:39 0 d-------- D:\Program Files\Paprikari
2008-03-17 15:38:22 0 d-------- D:\Documents and Settings\Administrator\Application Data\LEGO Company
2008-03-17 15:38:14 0 d-------- D:\Program Files\LEGO Company
2008-03-13 00:24:47 102032 --a------ D:\WINDOWS\hpoins04.dat
2008-03-13 00:24:26 0 d-------- D:\Program Files\Common Files\Hewlett-Packard
2008-03-13 00:24:12 0 d-------- D:\Program Files\HP
2008-03-11 23:54:44 0 d-------- D:\Documents and Settings\Administrator\Application Data\PC Suite
2008-03-11 23:47:02 0 d-------- D:\Program Files\DIFX
2008-03-06 14:16:01 0 d-------- D:\Program Files\Common Files\Adobe
2008-03-06 14:14:11 0 d-------- D:\Program Files\Common Files\Control Panels
2008-03-06 13:40:26 0 d-------- D:\Program Files\Common Files\Macrovision Shared
2008-03-06 13:32:35 0 d-------- D:\Program Files\D-Tools
2008-03-05 22:15:04 2560 --a------ D:\WINDOWS\_MSRSTRT.EXE
2008-03-04 13:21:34 0 d-------- D:\Program Files\tamasoftware
2008-03-03 11:10:31 0 d-------- D:\Documents and Settings\Administrator\Application Data\DataLayer
2008-02-23 16:00:01 0 d-------- D:\Documents and Settings\Administrator\Application Data\CyberLink
2008-02-13 14:44:41 11270 --ahs---- D:\WINDOWS\system32\KGyGaAvL.sys
2008-02-13 14:44:41 56 -r-hs---- D:\WINDOWS\system32\5E340BA06B.sys
2008-02-08 13:26:55 0 --a------ D:\WINDOWS\nsreg.dat
2008-01-29 15:34:44 501 --a------ D:\WINDOWS\eReg.dat
2008-01-28 22:24:15 6656 --a------ D:\WINDOWS\system32\haspvdd.dll <Not Verified; Aladdin Knowledge Systems.; Windows NT HASP Virtual Device Driver>
2008-01-28 22:24:15 383 --a------ D:\WINDOWS\system32\haspdos.sys
2008-01-28 19:43:58 62 --ahs---- D:\Documents and Settings\Administrator\Application Data\desktop.ini
2008-01-28 17:51:24 21640 --a------ D:\WINDOWS\system32\emptyregdb.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36B5B879-B652-41E2-B37C-161E15053D60}]
2008/04/16 08:57 PM 30720 --a------ D:\WINDOWS\system32\hggdabya.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6dd616d4-9eb7-4536-def1-9575131a0635}]
2008/04/04 02:35 PM 329728 --a------ D:\WINDOWS\system32\{487a7664-9b69-1923-b5da-c022652d0f23}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A57A2B9D-65D3-4858-9E31-0876161EF4D1}]
2008/04/18 01:14 AM 272896 --a------ D:\WINDOWS\system32\yayaabxu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B48AEA7E-67A0-4B3C-8C56-E9F7350E247C}]
2008/04/16 10:02 PM 270336 --a------ D:\WINDOWS\system32\ssqroopp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" [2007/05/06 05:10 PM D:\WINDOWS\sttray.exe]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006/11/10 05:25 AM]
"RemoteControl"="D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004/11/02 08:24 PM]
"InCD"="D:\Program Files\Ahead\InCD\InCD.exe" [2006/07/12 11:58 AM]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001/07/09 11:50 AM]
"GrooveMonitor"="D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006/10/27 12:47 AM]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008/02/22 04:25 AM]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008/03/29 08:37 PM]
"Windows Defender"="D:\Program Files\Windows Defender\MSASCui.exe" [2006/11/03 06:20 PM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004/08/04 01:56 AM D:\WINDOWS\system32\bthprops.cpl]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2006/11/10 05:26 AM]
"DAEMON Tools-1033"="D:\Program Files\D-Tools\daemon.exe" [2004/08/22 05:05 PM]
"Acrobat Assistant 8.0"="D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008/01/11 07:54 PM]
"Adobe_ID0EYTHM"="D:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007/03/20 04:40 PM]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008/01/11 10:16 PM]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2008/03/28 11:37 PM]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008/03/30 10:36 AM]
"LSA Shellu"="D:\Documents and Settings\Administrator\lsass.exe" [2008/04/03 04:01 PM]
"spa_start"="D:\WINDOWS\system32\{487a7664-9b69-1923-b5da-c022652d0f23}.dll" [2008/04/04 02:35 PM]
"307948c1"="D:\WINDOWS\system32\qbiprcsb.dll" [2008/04/18 01:14 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008/04/12 10:13 AM]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004/08/04 01:56 AM]
"PC Suite Tray"="D:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008/03/28 11:20 AM]
"Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008/03/26 06:41 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"iLike"=D:\Program Files\iLike\1.1.35\ilikesidebar.exe /checkforupdate
"Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
"DWQueuedReporting"="D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

D:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006/10/26 08:24:54 PM]
WordWeb.lnk - D:\Program Files\WordWeb\wweb32.exe [2008/03/17 04:27:15 PM]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [2008/01/28 11:46:38 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{36B5B879-B652-41E2-B37C-161E15053D60}"= D:\WINDOWS\system32\hggdabya.dll [2008/04/16 08:57 PM 30720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggdabya]
hggdabya.dll 2008/04/16 08:57 PM 30720 D:\WINDOWS\system32\hggdabya.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 D:\WINDOWS\system32\yayaabxu

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22ad4001-cdd4-11dc-bf62-0013f723f520}]
Auto\command- G:\Start.exe
AutoRun\command- D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7795382c-d499-11dc-bf73-0013f723f520}]
AutoRun\command- ntdelect.com
explore\Command- utdetect.com
open\Command- utdetect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c84f217a-f5b9-11dc-9864-001060b1cc99}]
AutoRun\command- b.com
explore\Command- b.com
open\Command- b.com




-- End of Deckard's System Scanner: finished at 2008-04-21 13:54:51 ------------
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Tech Support Forum
  • 4.7M posts
  • 965K members
  • Since 2002
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support Video Card Support