Thread: Trojan can't be removed, Task Manager gone
View Single Post
Old 02-11-2007, 04:49 PM   #3 (permalink)
greyrocker
Registered User
 
Join Date: Feb 2007
Posts: 26
OS: xp


ComboScan v20070210.13 run by Lee on 2007-02-11 at 21:56:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis log (run as Lee.com) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 21:57:07, on 11/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchosts.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\ScrubXP\scrubxp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Lee\Desktop\comboscan.exe
C:\DOCUME~1\Lee\LOCALS~1\Temp\~zpythit.tmp\Lee.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link.../?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [sc] C:\Program Files\ScrubXP\scrubxp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ServiceHost] "C:\Program Files\Java\jre1.5.0_06\bin\svchost.exe" ""
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\Run: [Temporary] C:\i386\svchost.exe
O4 - HKLM\..\Run: [1234567] C:\WINDOWS\system32\svcost.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\scvhost.exe
O4 - HKCU\..\Run: [1234567] C:\WINDOWS\system32\svcost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Startup: Pika Backup.lnk = C:\Program Files\PikaOne Software\FlyCASE\PikaBackup.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Fantastic Flame Agent.lnk = C:\Program Files\Fantastic Flame Screensaver\FantasticFlameAgent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/tech...a/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1134934287140
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

4 abp480n5 - \SystemRoot\system32\DRIVERS\ABP480N5.SYS
4 adpu160m - \SystemRoot\system32\DRIVERS\adpu160m.sys
4 agpCPQ (Compaq AGP Bus Filter) - \SystemRoot\system32\DRIVERS\agpCPQ.sys
4 Aha154x - \SystemRoot\system32\DRIVERS\aha154x.sys
4 aic78u2 - \SystemRoot\system32\DRIVERS\aic78u2.sys
4 aic78xx - \SystemRoot\system32\DRIVERS\aic78xx.sys
4 AliIde - \SystemRoot\system32\DRIVERS\aliide.sys
4 alim1541 (ALI AGP Bus Filter) - \SystemRoot\system32\DRIVERS\alim1541.sys
4 amdagp (AMD AGP Bus Filter Driver) - \SystemRoot\system32\DRIVERS\amdagp.sys
4 amsint - \SystemRoot\system32\DRIVERS\amsint.sys
4 asc - \SystemRoot\system32\DRIVERS\asc.sys
4 asc3350p - \SystemRoot\system32\DRIVERS\asc3350p.sys
4 asc3550 - \SystemRoot\system32\DRIVERS\asc3550.sys
3 ati2mtag - system32\DRIVERS\ati2mtag.sys
1 AVG Anti-Spyware Driver - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1 AvgAsCln (AVG Anti-Spyware Clean Driver) - System32\DRIVERS\AvgAsCln.sys
3 BlueletAudio (Bluetooth Audio Service) - system32\DRIVERS\blueletaudio.sys
3 BT (Bluetooth PAN Network Adapter) - system32\DRIVERS\btnetdrv.sys
3 Btcsrusb (Bluetooth USB For Bluetooth Service) - System32\Drivers\btcusb.sys
3 BthEnum (Bluetooth Request Block Driver) - system32\DRIVERS\BthEnum.sys
3 BTHidEnum (Bluetooth HID Enumerator) - system32\DRIVERS\vbtenum.sys
0 BTHidMgr (Bluetooth HID Manager Service) - System32\Drivers\BTHidMgr.sys
3 BthPan (Bluetooth Device (Personal Area Network)) - system32\DRIVERS\bthpan.sys
3 BTHPORT (Bluetooth Port Driver) - System32\Drivers\BTHport.sys
3 BTHUSB (Bluetooth Radio USB Driver) - System32\Drivers\BTHUSB.sys
4 cbidf - \SystemRoot\system32\DRIVERS\cbidf2k.sys
3 CCDECODE (Closed Caption Decoder) - system32\DRIVERS\CCDECODE.sys
4 cd20xrnt - \SystemRoot\system32\DRIVERS\cd20xrnt.sys
4 CmdIde - \SystemRoot\system32\DRIVERS\cmdide.sys
4 Cpqarray - \SystemRoot\system32\DRIVERS\cpqarray.sys
3 ctsfm2k (Creative SoundFont Management Device Driver) - system32\DRIVERS\ctsfm2k.sys
4 dac2w2k - \SystemRoot\system32\DRIVERS\dac2w2k.sys
4 dac960nt - \SystemRoot\system32\DRIVERS\dac960nt.sys
4 dpti2o - \SystemRoot\system32\DRIVERS\dpti2o.sys
3 E100B (Intel(R) PRO Network Connection Driver) - system32\DRIVERS\e100b325.sys
3 GEARAspiWDM - System32\Drivers\GEARAspiWDM.sys
3 HidUsb (Microsoft HID Class Driver) - system32\DRIVERS\hidusb.sys
4 hpn - \SystemRoot\system32\DRIVERS\hpn.sys
3 HSFHWBS2 - system32\DRIVERS\HSFHWBS2.sys
3 HSF_DP - system32\DRIVERS\HSF_DP.sys
4 i2omp - \SystemRoot\system32\DRIVERS\i2omp.sys
1 InCDPass - System32\DRIVERS\InCDPass.sys
4 ini910u - \SystemRoot\system32\DRIVERS\ini910u.sys
1 intelppm (Intel Processor Driver) - system32\DRIVERS\intelppm.sys
1 kbdhid (Keyboard HID Driver) - system32\DRIVERS\kbdhid.sys
3 LLUSBFLT - system32\drivers\llusbflt.sys
2 LXARScan (Lexmark X73 MFP Scanner) - System32\Drivers\Lxarscan.sys
2 mdmxsdk - system32\DRIVERS\mdmxsdk.sys
3 MODEMCSA (Unimodem Streaming Filter Device) - system32\drivers\MODEMCSA.sys
3 mouhid (Mouse HID Driver) - system32\DRIVERS\mouhid.sys
4 mraid35x - \SystemRoot\system32\DRIVERS\mraid35x.sys
3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - system32\drivers\MSTEE.sys
3 NABTSFEC (NABTS/FEC VBI Codec) - system32\DRIVERS\NABTSFEC.sys
3 NAVENG - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070207.017\NAVENG.Sys
3 NAVEX15 - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070207.017\NavEx15.Sys
3 ndiscm (Motorola SURFboard USB Cable Modem Windows Driver) - system32\DRIVERS\NetMotCM.sys
3 NdisIP (Microsoft TV/Video Connection) - system32\DRIVERS\NdisIP.sys
3 NPDriver (Norton Unerase Protection Driver) - \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
3 nv - system32\DRIVERS\nv4_mini.sys
1 oreans32 - \??\C:\WINDOWS\system32\drivers\oreans32.sys
3 ossrv (Creative OS Services Driver) - system32\DRIVERS\ctoss2k.sys
3 ovt519 (D-Link VGA Webcam) - System32\Drivers\ov519vid.sys
3 P17 (Sound Blaster Live! 24-bit) - system32\drivers\P17.sys
0 PCIIde - system32\DRIVERS\pciide.sys
3 Pcouffin (Low level access layer for CD devices) - System32\Drivers\Pcouffin.sys
4 perc2 - \SystemRoot\system32\DRIVERS\perc2.sys
4 perc2hib - \SystemRoot\system32\DRIVERS\perc2hib.sys
2 PfModNT - \??\C:\WINDOWS\system32\drivers\PfModNT.sys
3 PLUsbbc2 (High-Speed USB Bridge Cable Driver) - System32\Drivers\usbbc2.sys
0 PxHelp20 - System32\Drivers\PxHelp20.sys
4 ql1080 - \SystemRoot\system32\DRIVERS\ql1080.sys
4 Ql10wnt - \SystemRoot\system32\DRIVERS\ql10wnt.sys
4 ql12160 - \SystemRoot\system32\DRIVERS\ql12160.sys
4 ql1240 - \SystemRoot\system32\DRIVERS\ql1240.sys
4 ql1280 - \SystemRoot\system32\DRIVERS\ql1280.sys
3 QV2KUX (Casio Digital Camera) - system32\DRIVERS\qv2kux.sys
3 RFCOMM (Bluetooth Device (RFCOMM Protocol TDI)) - system32\DRIVERS\rfcomm.sys
3 ROOTMODEM (Microsoft Legacy Modem Driver) - System32\Drivers\RootMdm.sys
3 SAVRT - \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS
1 SAVRTPEL - \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS
4 sisagp (SIS AGP Bus Filter) - \SystemRoot\system32\DRIVERS\sisagp.sys
3 SLIP (BDA Slip De-Framer) - system32\DRIVERS\SLIP.sys
0 snapman (Acronis Snapshots Manager) - system32\DRIVERS\snapman.sys
4 Sparrow - \SystemRoot\system32\DRIVERS\sparrow.sys
1 SPBBCDrv - \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0 sptd - System32\Drivers\sptd.sys
3 streamip (BDA IPSink) - system32\DRIVERS\StreamIP.sys
4 symc810 - \SystemRoot\system32\DRIVERS\symc810.sys
4 symc8xx - \SystemRoot\system32\DRIVERS\symc8xx.sys
3 SYMDNS - \SystemRoot\System32\Drivers\SYMDNS.SYS
3 SymEvent - \??\C:\Program Files\Symantec\SYMEVENT.SYS
3 SYMFW - \SystemRoot\System32\Drivers\SYMFW.SYS
3 SYMIDS - \SystemRoot\System32\Drivers\SYMIDS.SYS
3 SYMIDSCO - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20070124.003\symidsco.sys
0 symlcbrd - system32\drivers\symlcbrd.sys
3 SYMNDIS - \SystemRoot\System32\Drivers\SYMNDIS.SYS
3 SYMREDRV - \SystemRoot\System32\Drivers\SYMREDRV.SYS
1 SYMTDI - \SystemRoot\System32\Drivers\SYMTDI.SYS
4 sym_hi - \SystemRoot\system32\DRIVERS\sym_hi.sys
4 sym_u3 - \SystemRoot\system32\DRIVERS\sym_u3.sys
2 tifsfilter (Acronis True Image FS Filter) - system32\DRIVERS\tifsfilt.sys
0 timounter (Acronis True Image Backup Archive Explorer) - system32\DRIVERS\timntr.sys
4 TosIde - \SystemRoot\system32\DRIVERS\toside.sys
4 ultra - \SystemRoot\system32\DRIVERS\ultra.sys
3 usbaudio (USB Audio Driver (WDM)) - system32\drivers\usbaudio.sys
3 usbccgp (Microsoft USB Generic Parent Driver) - system32\DRIVERS\usbccgp.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - system32\DRIVERS\usbehci.sys
3 usbprint (Microsoft USB PRINTER Class) - system32\DRIVERS\usbprint.sys
3 USBSTOR (USB Mass Storage Driver) - system32\DRIVERS\USBSTOR.SYS
3 VComm (Virtual Serial port driver) - system32\DRIVERS\VComm.sys
3 VcommMgr (Bluetooth VComm Manager Service) - System32\Drivers\VcommMgr.sys
4 viaagp (VIA AGP Bus Filter) - \SystemRoot\system32\DRIVERS\viaagp.sys
4 ViaIde - \SystemRoot\system32\DRIVERS\viaide.sys
3 wanatw (WAN Miniport (ATW)) - system32\DRIVERS\wanatw4.sys
3 winachsf - system32\DRIVERS\HSF_CNXT.sys
4 WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - \SystemRoot\System32\drivers\ws2ifsl.sys
3 WSTCODEC (World Standard Teletext Codec) - system32\DRIVERS\WSTCODEC.SYS
3 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - system32\DRIVERS\WudfPf.sys
3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - system32\DRIVERS\wudfrd.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2 AcrSch2Svc (Acronis Scheduler2 Service) - "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe"
3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2 Ati HotKey Poller - %SystemRoot%\system32\Ati2evxx.exe
2 Automatic LiveUpdate Scheduler - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
2 AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2 BlueSoleil Hid Service - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
2 BthServ (Bluetooth Support Service) - %SystemRoot%\system32\svchost.exe -k bthsvcs
2 ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
2 ccProxy (Symantec Network Proxy) - "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
3 ccPwdSvc (Symantec Password Validation) - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
2 ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
2 Creative Service for CDROM Access - C:\WINDOWS\system32\CTsvcCDA.EXE
2 Fax - %systemroot%\system32\fxssvc.exe
3 gusvc (Google Updater Service) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
3 IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
2 InCDsrv (InCD Helper) - C:\Program Files\Ahead\InCD\InCDsrv.exe
3 iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2 ISSVC - "C:\Program Files\Norton Internet Security\ISSVC.exe"
2 LexBceS (LexBce Server) - C:\WINDOWS\system32\LEXBCES.EXE
3 LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
2 navapsvc (Norton AntiVirus Auto-Protect Service) - "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"
3 NetSvc (Intel NCS NetService) - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
2 NProtectService (Norton Unerase Protection) - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
3 ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
3 SAVScan - "C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe"
2 SBService (ScriptBlocking Service) - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
2 SNDSrvc (Symantec Network Drivers Service) - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
2 SPBBCSvc (Symantec SPBBCSvc) - "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
2 Speed Disk service - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
2 Symantec Core LC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
2 WinDefend (Windows Defender) - "C:\Program Files\Windows Defender\MsMpEng.exe"
2 WMDM PMSP Service - C:\WINDOWS\system32\MsPMSPSv.exe
3 WMPNetworkSvc (Windows Media Player Network Sharing Service) - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
3 WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - %SystemRoot%\system32\svchost.exe -k WudfServiceGroup


-- Scheduled Tasks --------------------------------------------------------------

2007-02-11 01:57:13 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>
2007-02-06 18:38:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>


-- Files created between 2007-01-11 and 2007-02-11 ------------------------------



-- Find3M Report ----------------------------------------------------------------

2007-02-11 21:55:49 0 d-------- C:\Documents and Settings\Lee\Application Data\uTorrent
2007-02-11 12:40:38 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-09 16:47:59 0 d-------- C:\Documents and Settings\Lee\Application Data\dvdcss
2007-02-09 13:49:37 0 d-------- C:\Program Files\Grisoft
2007-02-09 12:15:12 0 d-------- C:\Program Files\HijackThis<HIJACK~1>
2007-02-09 10:58:22 0 d-------- C:\Program Files\Norton Internet Security<NORTON~2>
2007-02-08 1811 0 d-------- C:\Program Files\Common Files\{F0A8A7BD-0BB0-1033-1013-05050622002c}<{F0A8A~1>
2007-02-08 13:37:49 0 d-------- C:\Documents and Settings\Lee\Application Data\GetRightToGo<GETRIG~1>
2007-02-08 13:37:30 0 d-------- C:\Program Files\FLVPlayer<FLVPLA~1>
2007-02-03 11:38:25 0 d-------- C:\Program Files\Guild Wars<GUILDW~1>
2007-02-03 08:05:31 0 d-------- C:\Program Files\ToniArts
2007-02-03 08:05:31 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-30 09:24:27 0 d-------- C:\Program Files\On2 Technologies<ON2TEC~1>
2007-01-26 23:17:03 0 d-------- C:\Program Files\Google
2007-01-24 20:54:46 0 d-------- C:\Program Files\LexmarkX73<LEXMAR~2>
2007-01-23 09:45:19 51733 --a------ C:\WINDOWS\system32\plugin1.dat
2007-01-17 17:23:57 36864 --a------ C:\WINDOWS\system32\svchosts.exe<Unsigned: n/a>
2007-01-17 17:23:56 2560 --a------ C:\WINDOWS\system32\unsvchosts.exe<UNSVCH~1.EXE><Unsigned: n/a>
2007-01-15 12:36:06 0 d-------- C:\Documents and Settings\Lee\Application Data\AdobeUM
2007-01-14 12:31:54 0 d-------- C:\Program Files\Common Files\{30A8A7BD-0BB0-1033-1013-05050622002c}<{30A8A~1>
2007-01-14 12:23:05 0 d--h----- C:\Program Files\Common Files\Uninstall Information<UNINST~1>
2007-01-14 11:05:07 51733 --a------ C:\WINDOWS\system32\scarddlg.dat
2007-01-05 01:56:53 0 --a------ C:\WINDOWS\system32\winlogin.exe<Unsigned: n/a>
2007-01-03 08:10:46 0 d-------- C:\Documents and Settings\Lee\Application Data\Adobe
2006-12-30 17:42:14 0 d---s---- C:\Documents and Settings\Lee\Application Data\Microsoft<MICROS~1>
2006-12-30 16:32:01 0 d-------- C:\Program Files\Bethesda Softworks<BETHES~1>
2006-12-28 08:58:54 0 d-------- C:\Program Files\AFT software<AFTSOF~1>
2006-12-28 08:55:37 796672 --a------ C:\WINDOWS\GPInstall.exe<GPINST~1.EXE><Unsigned: Qsc>
2006-12-27 14:45:43 0 d-------- C:\Program Files\Ricochet Lost Worlds Recharged<RICOCH~1>
2006-12-27 14:37:06 0 d-------- C:\Program Files\galaxian
2006-12-26 22:33:27 0 d-------- C:\Program Files\TvInternet<TVINTE~1>
2006-12-26 09:45:46 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1>
2006-12-26 09:25:01 0 d-------- C:\Program Files\iTunes
2006-12-26 09:24:55 0 d-------- C:\Program Files\iPod
2006-12-26 09:24:18 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2006-12-26 09:22:00 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2006-12-24 08:52:28 0 d-------- C:\Program Files\Java
2006-12-12 23:19:26 33952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys<Unsigned: n/a>


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"startkey"="C:\\WINDOWS\\system32\\scvhost.exe"
"1234567"="C:\\WINDOWS\\system32\\svcost.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"P17Helper"="Rundll32 P17.dll,P17Helper"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"PC Booster"="C:\\Program Files\\inKline Global\\PC Booster\\pcbooster.exe"
"PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe"
"sc"="C:\\Program Files\\ScrubXP\\scrubxp.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"ServiceHost"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\svchost.exe\" \"\""
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"
"startkey"="C:\\WINDOWS\\system32\\scvhost.exe"
"Temporary"="C:\\i386\\svchost.exe"
"1234567"="C:\\WINDOWS\\system32\\svcost.exe"
"TrueImageMonitor.exe"="C:\\Program Files\\Acronis\\TrueImage\\TrueImageMonitor.exe"
"AcronisTimounterMonitor"="C:\\Program Files\\Acronis\\TrueImage\\TimounterMonitor.exe"
"Acronis Scheduler2 Service"="\"C:\\Program Files\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~3.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
"location"="Common Startup"
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ATI CATALYST System Tray.lnk"
"backup"="C:\\WINDOWS\\pss\\ATI CATALYST System Tray.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\ATITEC~1\\ATI.ACE\\CLI.exe SystemTray"
"item"="ATI CATALYST System Tray"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Digital Line Detect.lnk"
"backup"="C:\\WINDOWS\\pss\\Digital Line Detect.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\DIGITA~1\\DLG.exe "
"item"="Digital Line Detect"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"
"location"="Common Startup"
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\InterVideo WinCinema Manager.lnk"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lee^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
"backup"="C:\\WINDOWS\\pss\\PowerReg Scheduler V3.exeStartup"
"item"="PowerReg Scheduler V3"
"location"="Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lee^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
"backup"="C:\\WINDOWS\\pss\\PowerReg Scheduler.exeStartup"
"item"="PowerReg Scheduler"
"location"="Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^blueyonder Instant Support Tool.lnk]
"backup"="C:\\WINDOWS\\pss\\blueyonder Instant Support Tool.lnkCommon Startup"
"command"="C:\\PROGRA~1\\BLUEYO~1\\bin\\matcli.exe -boot"
"item"="blueyonder Instant Support Tool"
"location"="Common Startup"
"path"="C:\\DOCUME~1\\ALLUSE~1\\Start Menu\\Programs\\Startup\\blueyonder Instant Support Tool.lnk"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQ3HelperStartUp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AQ3HEL~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\AQUATI~1\\AQ3HEL~1.EXE /partner AQ3"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTSysVol"
"hkey"="HKLM"
"command"="C:\\Program Files\\Creative\\Sound Blaster Live! 24-bit\\Surround Mixer\\CTSysVol.exe /r"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DVDLauncher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"command"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"hkey"="HKLM"
"inimapping"="0"
"item"="InCD"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"hkey"="HKLM"
"inimapping"="0"
"item"="iTunesHelper"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X73 Button Manager]
"hkey"="HKLM"
"inimapping"="0"
"item"="ACBTNM~1"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"command"="C:\\PROGRA~1\\LEXMAR~2\\ACBTNM~1.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X73 Button Monitor]
"hkey"="HKLM"
"inimapping"="0"
"item"="ACMONI~1"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"command"="C:\\PROGRA~1\\LEXMAR~2\\ACMONI~1.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBLKsk]
"hkey"="HKLM"
"inimapping"="0"
"item"="LXBLKsk"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAGIXautostart]
"command"="G:\\Content\\Software\\Full_Programs\\Music Maker Silver 2005\\mm2005_silver_upgrade_UK.EXE"
"hkey"="HKLM"
"inimapping"="0"
"item"="mm2005_silver_upgrade_UK"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McafWelcome]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcwelcom"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcagent"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcupdate"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
"command"="C:\\Program Files\\Lexmark\\Lexmark Photo Center\\MemoryCardManager.exe -startup"
"hkey"="HKLM"
"inimapping"="0"
"item"="MemoryCardManager"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSKDetct"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"hkey"="HKCU"
"inimapping"="0"
"item"="msmsgs"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"hkey"="HKLM"
"inimapping"="0"
"item"="qttask"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"command"="soundman.exe"
"hkey"="HKLM"
"inimapping"="0"
"item"="soundman"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcvsshld"
"hkey"="HKLM"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000001
"DisableRegistryTools"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000001
"NoDispAppearancePage"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"DisableTaskMgr"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=dword:00000000
"HideClock"=dword:00000000
"NoCDBurning"=dword:00000000
"NoClose"=dword:00000000
"NoCommonGroups"=dword:00000000
"NoFileAssociate"=dword:00000000
"NoFileMenu"=dword:00000000
"NoFind"=dword:00000000
"NoFolderOptions"=dword:00000000
"NoLowDiskSpaceChecks"=dword:00000001
"NoRecentDocsHistory"=dword:00000001
"NoRun"=dword:00000000
"NoShellSearchButton"=dword:00000000
"NoSimpleStartMenu"=dword:00000000
"NoSMHelp"=dword:00000000
"NoToolbarsOnTaskbar"=dword:00000000
"NoTrayContextMenu"=dword:00000000
"NoTrayItemsDisplay"=dword:00000000
"NoViewContextMenu"=dword:00000000
"NoWinKeys"=dword:00000000
"StartMenuLogoff"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{F0A8A7BD-0BB0-1033-1013-05050622002c}"="\"C:\\Program Files\\Common Files\\{F0A8A7BD-0BB0-1033-1013-05050622002c}\\Update.exe\" mc-110-12-0001377"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVG_ANTI-SPYWARE_DRIVER
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVG_ANTI-SPYWARE_GUARD
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_GUSVC


-- End of ComboScan: finished at 2007-02-11 at 21:57:40 -------------------------
Attached Files
File Type: txt Supplementary.txt (26.9 KB, 3 views)
greyrocker is offline