Tech Support Forum - View Single Post - Trojan Loosky, First Hi-jack-this user.

Evilcookie · 10-03-2007, 07:22 AM

Hi, first time user for Hi Jack This, Tryed getting rid of this maleware, got it to stop spaming me with pop ups but can't stop it to infected files i healed.

Deckard's System Scanner v20070905.67
Run by Ali on 2007-10-03 09:19:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Ali.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:15 AM, on 10/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\ASUS\Ai Booster\OverClk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\TEMP\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ali.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 80.69.94.166 gameguard.mapleglobal.com
O1 - Hosts: 80.69.94.166 63.251.217.184
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Hotplug] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe
O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE /FU "C:\WINDOWS\TEMP\E_S1A1.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1168700121033
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1168700109924
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 6918 bytes

-- Files created between 2007-09-03 and 2007-10-03 -----------------------------

2007-10-02 22:42:37 0 d-------- C:\Documents and Settings\***\Application Data\AVG7
2007-10-02 22:42:35 0 d-------- C:\Documents and Settings\***\Application Data\Real
2007-10-02 22:42:24 0 d-------- C:\Documents and Settings\***\Application Data\Identities
2007-10-02 22:42:08 0 dr------- C:\Documents and Settings\***\Favorites
2007-10-02 22:42:08 0 d-------- C:\Documents and Settings\***\Desktop
2007-10-02 22:42:08 0 d--hs---- C:\Documents and Settings\***\Cookies
2007-10-02 22:42:08 0 dr-h----- C:\Documents and Settings\***\Application Data
2007-10-02 22:42:08 0 d---s---- C:\Documents and Settings\***\Application Data\Microsoft
2007-10-02 22:42:07 0 d--h----- C:\Documents and Settings\***\Templates
2007-10-02 22:42:07 0 dr------- C:\Documents and Settings\***\Start Menu
2007-10-02 22:42:07 0 dr-h----- C:\Documents and Settings\***\SendTo
2007-10-02 22:42:07 0 dr-h----- C:\Documents and Settings\***\Recent
2007-10-02 22:42:07 0 d--h----- C:\Documents and Settings\***\PrintHood
2007-10-02 22:42:07 786432 --ah----- C:\Documents and Settings\***\NTUSER.DAT
2007-10-02 22:42:07 0 d--h----- C:\Documents and Settings\***\NetHood
2007-10-02 22:42:07 0 dr------- C:\Documents and Settings\***\My Documents
2007-10-02 22:42:07 0 d--h----- C:\Documents and Settings\***\Local Settings
2007-10-02 20:12:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-02 20:12:53 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-02 19:46:01 0 d-------- C:\Documents and Settings\TEMP\Application Data\AVG7
2007-10-02 19:45:50 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-02 19:43:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-02 19:43:35 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-10-02 19:01:22 2126 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-02 19:00:32 25088 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-02 19:00:32 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-10-02 19:00:32 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-10-02 19:00:32 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-10-02 19:00:32 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-02 18:58:16 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-10-02 18:58:16 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-10-02 18:58:16 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-10-02 18:58:16 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-10-02 18:58:16 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-10-02 18:58:16 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-10-02 18:58:16 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-10-02 18:58:16 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-10-02 18:58:16 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-10-02 18:58:16 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-10-02 18:58:16 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-10-02 18:58:16 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-10-02 18:58:16 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-10-02 18:58:15 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-10-02 18:21:51 0 d-------- C:\Program Files\Trend Micro
2007-10-02 16:33:34 0 dr-h----- C:\Documents and Settings\TEMP\Recent
2007-10-02 14:11:42 0 dr-h----- C:\$VAULT$.AVG
2007-10-02 01:21:29 315392 --a------ C:\WINDOWS\sysdx.dll
2007-10-02 01:21:29 274432 --a------ C:\WINDOWS\msvb.dll
2007-09-28 17:40:11 0 d-------- C:\Documents and Settings\TEMP\Application Data\Xfire
2007-09-28 15:03:31 0 d-------- C:\Program Files\Flagship Studios
2007-09-26 07:30:26 0 d-------- C:\Documents and Settings\TEMP\Application Data\Download Manager
2007-09-25 16:13:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2007-09-25 15:21:22 0 d-------- C:\Program Files\Microsoft Games
2007-09-17 22:09:06 163840 --a------ C:\WINDOWS\system32\unrar.dll
2007-09-17 22:09:04 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-09-17 22:09:03 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-09-15 02:21:13 0 d-------- C:\WINDOWS\system32\windows media
2007-09-15 02:21:03 0 d--h----- C:\WINDOWS\msdownld.tmp
2007-09-15 02:20:54 0 d-------- C:\Program Files\Windows Media Components

-- Find3M Report ---------------------------------------------------------------

2007-10-02 19:36:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-02 02:30:12 0 d-------- C:\Program Files\Fraps
2007-10-01 12:45:32 0 d-------- C:\Program Files\Warcraft III
2007-09-28 17:57:17 0 d---s---- C:\Program Files\Xfire
2007-09-28 17:30:19 0 d-------- C:\Program Files\LimeWire
2007-09-28 17:28:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-28 17:27:13 2542 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2007-09-28 17:26:13 0 d-------- C:\Program Files\Common Files\AOL
2007-09-28 15:00:15 0 d-------- C:\Program Files\QuickTime
2007-09-28 14:57:09 0 d-------- C:\Program Files\Diablo II
2007-09-27 17:07:15 0 d-------- C:\Documents and Settings\TEMP\Application Data\OpenOffice.org2
2007-09-26 17:58:56 0 d-------- C:\Program Files\XoftSpySE
2007-09-26 16:02:43 134629 --a------ C:\Documents and Settings\TEMP\Application Data\Cosmos Prefs
2007-09-25 17:57:11 0 d-------- C:\Program Files\World of Warcraft
2007-09-24 12:34:51 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-09-21 12:28:47 0 d-------- C:\Documents and Settings\TEMP\Application Data\LimeWire
2007-09-04 00:05:56 0 d-------- C:\Program Files\Project64 1.6
2007-09-02 00:35:18 0 d-------- C:\Documents and Settings\TEMP\Application Data\Viewpoint
2007-09-01 15:36:48 0 d-------- C:\Program Files\Viewpoint
2007-09-01 15:36:26 0 d-------- C:\Program Files\Common Files
2007-08-31 04:14:30 0 d-------- C:\Program Files\Steam
2007-08-27 23:50:53 0 d-------- C:\Program Files\The Sir. Community
2007-08-27 23:49:24 0 d-------- C:\Program Files\BitTorrent
2007-08-27 23:46:36 0 d-------- C:\Documents and Settings\TEMP\Application Data\DMCache
2007-08-27 21:24:16 0 d-------- C:\Documents and Settings\TEMP\Application Data\Leadertech
2007-08-27 21:23:53 0 d-------- C:\Program Files\epson
2007-08-27 21:22:27 0 d-------- C:\Program Files\ArcSoft
2007-08-25 03:01:37 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-24 20:15:13 36864 --a------ C:\WINDOWS\system32\dxinputdll.dll
2007-08-24 20:15:13 0 d-------- C:\Documents and Settings\TEMP\Application Data\KALiNKOsoft
2007-08-12 13:22:50 0 d-------- C:\Program Files\Common Files\Logitech
2007-08-12 13:22:42 0 d-------- C:\Program Files\Logitech
2007-08-09 14:25:51 0 d-------- C:\Documents and Settings\TEMP\Application Data\teamspeak2
2007-08-07 01:20:49 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-07-30 12:42:31 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-07-12 00:12:42 81920 --a------ C:\WINDOWS\system32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>
2007-07-04 22:54:25 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hotplug"="C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe" [05/05/2005 09:10 PM]
"SiSRaid"="C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [05/18/2005 03:44 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [10/14/2004 11:11 AM]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [11/18/2004 11:16 AM]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [07/16/2005 02:09 AM]
"nwiz"="nwiz.exe" [07/16/2005 02:09 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [07/16/2005 02:09 AM]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [06/03/2004 01:51 AM]
"Launch Ai Booster"="C:\Program Files\ASUS\Ai Booster\OverClk.exe" [08/04/2005 03:24 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/11/2007 04:14 PM]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" [09/23/2004 02:41 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [01/12/2006 04:40 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [10/02/2007 07:45 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"EPSON Stylus CX6000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.exe" [10/18/2006 04:01 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []

C:\Documents and Settings\TEMP\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [9/12/2007 3:24:32 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 12/20/2005 12:57 PM 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^TEMP^Start Menu^Programs^Startup^OpenOffice.org 2.1.lnk]
path=C:\Documents and Settings\TEMP\Start Menu\Programs\Startup\OpenOffice.org 2.1.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
"C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

-- End of Deckard's System Scanner: finished at 2007-10-03 09:20:08 ------------