Thread: Pop-ups Pop-ups Pop-ups
View Single Post
Old 02-16-2007, 03:12 PM   #1 (permalink)
Musquie
Registered User
 
Join Date: Feb 2007
Posts: 6
OS: XP


Pop-ups Pop-ups Pop-ups
Hi guys. I thought the 5 step process got rid of this but unfortunately not. I am getting pop-ups from partyfriends.com 888.com etc as soon as I open my internet explorer and sporatically after that. They don't seem to pop-up when I clode my browser.

I have attached the supplementary.txt file as well as the activescan.txt (from Panda Activescan) as requested in step 2.

The ComboScan.txt file is as follows:

ComboScan v20070212.14 run by MYERSWS on 2007-02-17 at 17:49:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis log (run as MYERSWS.com) ------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:51:50 PM, on 2007-02-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\WINDOWS\System32\NALNTSRV.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\Program Files\WinFax\WFXMOD32.EXE
C:\WINDOWS\System32\wm.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\NOVELL\ZENRC\WUOLService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\EXSHOW95.EXE
C:\WINDOWS\System32\dpmw32.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\MYERSWS\Local Settings\Temporary Internet Files\Content.IE5\IFVP0O0Y\comboscan[1].exe
C:\WINDOWS\Temp\~cyklltv.tmp\MYERSWS.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] zentray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB(VGA) Camera
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [\\WELDON-HP\EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P42 "\\WELDON-HP\EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on WELDON-HP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P48 "Auto EPSON Stylus Photo R200 Series on WELDON-HP" /O20 "\\WELDON-HP\Printer5" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Flap coal sign less] C:\Documents and Settings\All Users\Application Data\Proxy Support Flap Coal\Hearteggs.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [HP Mobile Printing] C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [beep mpeg] C:\DOCUME~1\MYERSWS\APPLIC~1\BALMTH~1\Hold Second Bait.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} (Nyoko Downloader Class) - http://www.gamingclubpoker.com/downl...lper/Nyoko.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1111516712270
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1140128956597
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.gov.ns.ca/fina/rescsu/tsweb/msrdp.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINDOWS\msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLhel...7/dlhelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.24.24/ttinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Insight Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Insight Web Agent (cpqWebDmi) - Hewlett-Packard Company - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\System32\cusrvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett-Packard - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\WINDOWS\System32\NALNTSRV.EXE
O23 - Service: Remote management (Novell WUser Agent) - Novell, Inc. - C:\NOVELL\ZENRC\wuser32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
O23 - Service: Novell Workstation Manager (WM) - Novell, Inc. - C:\WINDOWS\System32\wm.exe
O23 - Service: WUOLservice (WUOLService) - Novell, Inc. - C:\NOVELL\ZENRC\WUOLService.exe


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

0 ACPIEC (Microsoft Embedded Controller Driver) - System32\DRIVERS\ACPIEC.sys
3 aeaudio - system32\drivers\aeaudio.sys
3 AgereSoftModem (Agere Systems Soft Modem) - system32\DRIVERS\AGRSM.sys
3 AnyDVD - System32\Drivers\AnyDVD.sys
3 Arp1394 (1394 ARP Client Protocol) - System32\DRIVERS\arp1394.sys
3 ati2mtag - System32\DRIVERS\ati2mtag.sys
3 b57w2k (Broadcom NetXtreme Gigabit Ethernet) - System32\DRIVERS\b57xp32.sys
0 BTKRNL (Bluetooth Protocol Stack) - System32\drivers\btkrnl.sys
3 BTWUSB (WIDCOMM USB Bluetooth Driver) - System32\Drivers\btwusb.sys
3 CCDECODE (Closed Caption Decoder) - System32\DRIVERS\CCDECODE.sys
1 ClntMgmt (HP Client Management Driver) - System32\Drivers\ClntMgmt.sys
3 CONAN - system32\drivers\o2mmb.sys
2 cpqdfw (Diagnostics Driver) - \??\C:\WINDOWS\System32\drivers\cpqdfw.sys
2 cqcpu (Diagnostics CPU Driver) - \??\C:\WINDOWS\System32\drivers\cqcpu.sys
2 cq_mem (Diagnostics Memory Driver) - \??\C:\WINDOWS\System32\drivers\cq_mem.sys
2 DgiVecp (Team MFP Comm Driver) - System32\Drivers\DgiVecp.sys
1 eabfiltr - \??\C:\WINDOWS\System32\drivers\EABFiltr.sys
3 eabusb - \??\C:\WINDOWS\system32\drivers\eabusb.sys
2 ElbyCDIO (ElbyCDIO Driver) - System32\Drivers\ElbyCDIO.sys
3 ElbyDelay - System32\Drivers\ElbyDelay.sys
3 GEARAspiWDM - System32\Drivers\GEARAspiWDM.sys
3 giveio - \??\C:\WINDOWS\system32\giveio.sys
3 hidusb (Microsoft HID Class Driver) - System32\DRIVERS\hidusb.sys
3 IFXTPM - system32\DRIVERS\IFXTPM.SYS
1 intelppm (Intel Processor Driver) - System32\DRIVERS\intelppm.sys
2 irda (IrDA Protocol) - System32\DRIVERS\irda.sys
1 kbdhid (Keyboard HID Driver) - system32\DRIVERS\kbdhid.sys
3 KID_USB (Kensington Input Devices USB filter driver) - System32\DRIVERS\KID_USB.sys
3 KMW_SYS (Kensington MouseWorks Mouse filter driver) - System32\DRIVERS\KMW_SYS.sys
3 LHidUsbK (Logitech SetPoint USB Receiver device driver) - System32\Drivers\LHidUsbK.Sys
3 LMouKE (Logitech SetPoint Mouse Filter Driver) - system32\DRIVERS\LMouKE.Sys
3 LVUSBSta (Logitech USB Monitor Filter) - system32\drivers\lvusbsta.sys
3 MbxStby - system32\drivers\MbxStby.sys
2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.2.1.0) - System32\DRIVERS\mdc8021x.sys
3 mouhid (Mouse HID Driver) - System32\DRIVERS\mouhid.sys
3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - system32\drivers\MSTEE.sys
3 NABTSFEC (NABTS/FEC VBI Codec) - System32\DRIVERS\NABTSFEC.sys
3 NAVENG - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070214.020\naveng.sys
3 NAVEX15 - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070214.020\navex15.sys
3 NdisIP (Microsoft TV/Video Connection) - System32\DRIVERS\NdisIP.sys
2 NetwareWorkstation (Novell Client for Windows) - System32\NetWare\nwfs.sys
3 NIC1394 (1394 Net Driver) - System32\DRIVERS\nic1394.sys
0 NICM (Novell InterService Communication Driver) - System32\drivers\nicm.sys
1 NPPTNT2 - \??\C:\WINDOWS\system32\npptNT2.sys
2 NWDHCP (Novell DHCP Inform Client) - System32\NetWare\nwdhcp.sys
3 NWDNS (Novell DNS Name Space Service Provider) - System32\NetWare\nwdns.sys
0 NWFILTER (Novell UNC Path Filter) - System32\NetWare\nwfilter.sys
3 NWHOST (Novell Host File Name Space Service Provider) - System32\NetWare\NWHOST.sys
3 NWSAP (Novell SAP Name Space Provider) - System32\NetWare\NWSAP.sys
2 NWSIPX32 (Novell NetWare IPX/SPX Transport Interface) - System32\NetWare\nwsipx32.sys
3 NWSLP (Novell SLP Name Space Service Provider) - System32\NetWare\nwslp.sys
3 NWSNS (Novell Simple Naming Services) - System32\NetWare\NWSNS.sys
0 ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - System32\DRIVERS\ohci1394.sys
0 PCIIde - System32\DRIVERS\pciide.sys
0 Pcmcia - System32\DRIVERS\pcmcia.sys
3 Pcouffin (Low level access layer for CD devices) - System32\Drivers\Pcouffin.sys
2 PMEM - \??\C:\WINDOWS\System32\drivers\pmemnt.sys
3 Point32 (Microsoft IntelliPoint Filter Driver) - system32\DRIVERS\point32.sys
3 QCMerced (Logitech QuickCam Communicate) - system32\DRIVERS\LVCM.sys
3 Rasirda (WAN Miniport (IrDA)) - System32\DRIVERS\rasirda.sys
2 RESMGR (Novell NetWare Resource Manager) - System32\NetWare\resmgr.sys
3 RimSerPort (RIM Virtual Serial Port) - system32\DRIVERS\RimSerial.sys
3 RimUsb (BlackBerry Device) - System32\Drivers\RimUsb.sys
3 ROOTMODEM (Microsoft Legacy Modem Driver) - System32\Drivers\RootMdm.sys
2 s24trans (WLAN Transport) - System32\DRIVERS\s24trans.sys
1 SAVRT - \??\C:\Program Files\Symantec AntiVirus\savrt.sys
2 SAVRTPEL - \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
3 SLIP (BDA Slip De-Framer) - System32\DRIVERS\SLIP.sys
3 SMCIRDA (SMC IrCC Miniport Device Driver) - System32\DRIVERS\smcirda.sys
3 smwdm - system32\drivers\smwdm.sys
2 SRVLOC (Novell Service Location) - System32\NetWare\srvloc.sys
3 sscdbus (SAMSUNG USB Composite Device driver (WDM)) - system32\DRIVERS\sscdbus.sys
3 sscdmdm (SAMSUNG CDMA Modem Drivers) - system32\DRIVERS\sscdmdm.sys
3 streamip (BDA IPSink) - System32\DRIVERS\StreamIP.sys
3 SymEvent - \??\C:\Program Files\Symantec\SYMEVENT.SYS
3 SYMREDRV - \SystemRoot\System32\Drivers\SYMREDRV.SYS
1 SYMTDI - \SystemRoot\System32\Drivers\SYMTDI.SYS
3 usbaudio (USB Audio Driver (WDM)) - system32\drivers\usbaudio.sys
3 usbccgp (Microsoft USB Generic Parent Driver) - System32\DRIVERS\usbccgp.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - System32\DRIVERS\usbehci.sys
3 usbprint (Microsoft USB PRINTER Class) - system32\DRIVERS\usbprint.sys
3 usbser (Motorola USB Modem Driver) - system32\DRIVERS\usbser.sys
3 USBSTOR (USB Mass Storage Driver) - System32\DRIVERS\USBSTOR.SYS
3 w22n51 (Intel(R) PRO/Wireless 2200 Adapter Driver) - System32\DRIVERS\w22n51.sys
2 windrvNT - \??\C:\WINDOWS\system32\windrvNT.sys
3 WmBEnum (Logitech Virtual Bus Enumerator Driver) - system32\drivers\WmBEnum.sys
3 WmFilter (Logitech WingMan HID Filter Driver) - system32\drivers\WmFilter.sys
1 WmiAcpi (Microsoft Windows Management Interface for ACPI) - System32\DRIVERS\wmiacpi.sys
3 WmVirHid (Logitech Virtual Hid Device Driver) - system32\drivers\WmVirHid.sys
3 WmXlCore (Logitech WingMan Translation Layer Driver) - system32\drivers\WmXlCore.sys
3 WSTCODEC (World Standard Teletext Codec) - System32\DRIVERS\WSTCODEC.SYS
3 ZSMC302 (USB(VGA) Camera) - System32\Drivers\usbvm302.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2 Ati HotKey Poller - %SystemRoot%\System32\Ati2evxx.exe
2 btwdins (Bluetooth Service) - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
2 ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
3 ccPwdSvc (Symantec Password Validation) - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
2 ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
3 clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2 CPQALERT (Insight Local Alerter) - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
2 cpqdmi - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
2 cpqWebDmi (Insight Web Agent) - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
2 cusrvc (Client Update Service for Novell) - C:\WINDOWS\System32\cusrvc.exe
2 DefWatch (Symantec AntiVirus Definition Watcher) - "C:\Program Files\Symantec AntiVirus\DefWatch.exe"
2 DfwWebAgent (Remote Diagnostics Enabling Agent) - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
3 hpqwmi (HP WMI Interface) - C:\Program Files\HPQ\SHARED\HPQWMI.exe
3 IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
2 Irmon (Infrared Monitor) - %SystemRoot%\System32\svchost.exe -k netsvcs
2 NALNTSERVICE (Novell Application Launcher) - C:\WINDOWS\System32\NALNTSRV.EXE
2 Novell WUser Agent (Remote management) - C:\NOVELL\ZENRC\wuser32.exe
3 ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
2 RegSrvc - C:\WINDOWS\System32\RegSrvc.exe
2 S24EventMonitor (Spectrum24 Event Monitor) - C:\WINDOWS\System32\S24EvMon.exe
3 SavRoam - "C:\Program Files\Symantec AntiVirus\SavRoam.exe"
3 SNDSrvc (Symantec Network Drivers Service) - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
2 SoundMAX Agent Service (default) (SoundMAX Agent Service) - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
2 Symantec AntiVirus - "C:\Program Files\Symantec AntiVirus\Rtvscan.exe"
2 UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\System32\wdfmgr.exe
3 usprserv (User Privilege Service) - %SystemRoot%\System32\svchost.exe -k netsvcs
2 wfxsvc (WinFax PRO) - C:\WINDOWS\system32\WFXSVC.EXE
2 WIN32SL - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
2 WM (Novell Workstation Manager) - %SystemRoot%\System32\wm.exe
2 WMDM PMSP Service - C:\WINDOWS\System32\MsPMSPSv.exe
2 WUOLService - C:\NOVELL\ZENRC\WUOLService.exe


-- Scheduled Tasks --------------------------------------------------------------

2007-02-17 17:00:00 272 --ah----- C:\WINDOWS\Tasks\A2E4C77990F74341.job<A2E4C7~1.JOB>


-- Files created between 2007-01-17 and 2007-02-17 ------------------------------

2007-02-17 17:49:45 0 d-------- C:\Program Files\HijackThis<HIJACK~1>
2007-02-17 17:42:56 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-02-17 17:39:11 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-02-16 23:52:15 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-16 23:44:12 0 d-------- C:\WINDOWS\CSC
2007-02-12 16:35:37 0 d-------- C:\Documents and Settings\MYERSWS\.housecall6.6<HOUSEC~1.6>
2007-02-12 13:57:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-02-12 11:49:37 0 d-------- C:\WINDOWS\WBEM
2007-02-12 11:49:36 0 d-------- C:\WINDOWS\system32\en-US
2007-02-12 11:47:50 0 d--h---c- C:\WINDOWS\ie7
2007-02-12 11:45:17 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1>
2007-02-11 10:24:55 0 d-------- C:\Program Files\PartyGaming<PARTYG~1>
2007-02-11 01:29:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes<ELABOR~1>
2007-02-09 22:18:11 0 d-------- C:\My Downloads<MYDOWN~1>
2007-02-09 22:17:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Proxy Support Flap Coal<PROXYS~1>
2007-02-09 22:16:59 0 d-------- C:\Program Files\Balm That Ball<BALMTH~1>
2007-02-09 22:16:58 0 d-------- C:\Documents and Settings\MYERSWS\Application Data\Balm That Ball<BALMTH~1>
2007-02-09 22:16:49 0 d-------- C:\Program Files\BitGrabber<BITGRA~1>
2007-02-04 12:54:30 0 d-------- C:\Shared Folder Laptop1<SHARED~1>
2007-02-04 12:42:56 0 d-------- C:\Documents and Settings\MYERSWS\Application Data\U3
2007-02-01 00:13:18 0 d-------- C:\Program Files\mIRC
2007-01-31 19:51:47 0 d-------- C:\WINDOWS\Performance<PERFOR~1>
2007-01-31 19:51:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation<MICROS~2>
2007-01-31 19:51:12 0 d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor<MI3B3C~1>
2007-01-31 19:47:33 0 dr--s---- C:\WINDOWS\assembly
2007-01-31 19:46:45 0 d-------- C:\WINDOWS\Microsoft.NET<MICROS~1.NET>
2007-01-30 21:35:10 0 d-------- C:\Documents and Settings\MYERSWS\Application Data\BitTorrent<BITTOR~1>
2007-01-30 21:34:45 0 d-------- C:\Program Files\BitTorrent<BITTOR~1>
2007-01-24 12:05:35 41160 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys<Signed: SlySoft, Inc.>
2007-01-24 12:05:26 11984 --a------ C:\WINDOWS\system32\drivers\RegKill.sys<Signed: Elaborate Bytes AG>


-- Find3M Report ----------------------------------------------------------------

2007-02-17 16:19:52 0 d-------- C:\Program Files\Symantec AntiVirus<SYMANT~1>
2007-02-12 22:26:19 0 d-------- C:\Program Files\Diablo II<DIABLO~1>
2007-02-12 13:35:57 0 d-------- C:\Program Files\Ahead
2007-02-12 13:35:22 0 d-------- C:\Program Files\Logitech
2007-02-12 13:35:14 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-10 23:09:57 0 d-------- C:\Documents and Settings\MYERSWS\Application Data\Microgaming<MICROG~1>
2007-02-10 22:23:21 0 d-------- C:\Program Files\Noble Poker<NOBLEP~1>
2007-02-08 06:39:55 0 d-------- C:\Program Files\PokerStars<POKERS~1>
2007-02-05 22:54:27 0 d-------- C:\Program Files\UltimateBet<ULTIMA~1>
2007-02-03 0151 0 d-------- C:\Program Files\Elaborate Bytes<ELABOR~1>
2007-01-31 19:56:20 0 d---s---- C:\Documents and Settings\MYERSWS\Application Data\Microsoft<MICROS~1>
2007-01-30 23:08:30 0 d-------- C:\Program Files\SlySoft
2007-01-22 10:17:11 0 d-------- C:\Program Files\EA SPORTS<EASPOR~1>
2007-01-22 00:07:24 0 d-------- C:\Program Files\HollywoodPoker.com<HOLLYW~1.COM>
2007-01-21 22:25:54 0 d-------- C:\Program Files\Absolute Poker<ABSOLU~1>
2007-01-21 21:50:08 0 d-------- C:\Program Files\gamingclubMPP<GAMING~1>
2007-01-21 21:38:15 0 d-------- C:\Program Files\Diablo 2<DIABLO~2>
2007-01-21 20:38:13 0 d-------- C:\Program Files\Caribbean Sun Poker<CARIBB~1>
2007-01-21 19:38:10 0 d-------- C:\Program Files\WorldPx
2007-01-11 13:04:19 81920 --a------ C:\WINDOWS\system32\ElbyCDIO.dll<Unsigned: Elaborate Bytes AG>


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"HP Mobile Printing"="C:\\Program Files\\Hewlett-Packard\\HP Mobile Printing\\HPBMOBIL.EXE"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\Nero\\data\\Xtras\\mssysmgr.exe"
"beep mpeg"="C:\\DOCUME~1\\MYERSWS\\APPLIC~1\\BALMTH~1\\Hold Second Bait.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AGRSMMSG"="AGRSMMSG.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"ChkAdmin"="C:\\PROGRA~1\\Compaq\\COMPAQ~1\\CHKADMIN.EXE"
"PRONoMgr.exe"="c:\\Program Files\\Intel\\PROSetWireless\\NCS\\PROSet\\PRONoMgr.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"EXSHOW95.EXE"="EXSHOW95.EXE"
"NDPS"="C:\\WINDOWS\\System32\\dpmw32.exe"
"ZENRC Tray Icon"="zentray.exe"
"NWTRAY"="NWTRAY.EXE"
"BigDogPath"="C:\\WINDOWS\\VM_STI.EXE USB(VGA) Camera"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"WFXSwtch"="C:\\PROGRA~1\\WinFax\\WFXSWTCH.exe"
"WinFaxAppPortStarter"="wfxsnt40.exe"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"\\\\WELDON-HP\\EPSON Stylus Photo R200 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2H1.EXE /P42 \"\\\\WELDON-HP\\EPSON Stylus Photo R200 Series\" /O6 \"USB002\" /M \"Stylus Photo R200\""
"Auto EPSON Stylus Photo R200 Series on WELDON-HP"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2H1.EXE /P48 \"Auto EPSON Stylus Photo R200 Series on WELDON-HP\" /O20 \"\\\\WELDON-HP\\Printer5\" /M \"Stylus Photo R200\""
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"Flap coal sign less"="C:\\Documents and Settings\\All Users\\Application Data\\Proxy Support Flap Coal\\Hearteggs.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"CPQDFWAG"="C:\\WINDOWS\\Cpqdiag\\CpqDfwAg.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"="ziswin.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"=""
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=dword:00000000
"NoWindowsUpdate"=dword:00000001
"NoDevMgrUpdate"=dword:00000001

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
Shell\AutoRun\command E:\LaunchU3.exe -a

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f3295e0-b46a-11db-b517-001279bea07b}]
Shell\AutoRun\command E:\LaunchU3.exe -a


-- End of ComboScan: finished at 2007-02-17 at 17:52:27 -------------------------

Hope you can help,
Thanks,
Musquie
Attached Files
File Type: txt Activescan.txt (9.7 KB, 3 views)
File Type: txt Supplementary.txt (14.0 KB, 2 views)
Musquie is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here