Thread: website redirected
View Single Post
Old 02-24-2007, 04:10 PM   #1 (permalink)
sirius
Registered User
 
Join Date: Feb 2007
Posts: 6
OS: Win XP


website redirected
Hi,
I have been having this trouble for quite sometime. Only a handful of websites are getting redirected to ads and porn sites. Also, I get the feeling that my computer has become slow. I have actively run symantec anti-virus, spybot and adware, but nothing seem to catch this problem. Also, I am unable to get windows updates. I went through the five steps that was posted in a thread in this forum:
1. Ran PandaScan - Report attached
2. Downloaded SpywareBlaster and Spyware Guard
3. Downloaded IE-Spyad
4. Unable to download windows updates - [Error number: 0x80072EFD]
5. Ran Comboscan - Report attached below

Can someone please help me to figure out whats going on?

PandaScan Report:
-------------------

Incident Status Location

Adware:adware/superspider Not disinfected c:\windows\system32\a.exe
Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Adware:adware/wintools Not disinfected c:\windows\downloaded program files\QDow.dll
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\
Adware:adware/searchexe Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.linksynergy.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.overture.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.com.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.statse.webtrendslive.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.server.iad.liveperson.net/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.server.iad.liveperson.net/hc/25151352]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.bfast.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j9dzm91n.default\cookies.txt[server.iad.liveperson.net/hc/64571240]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Dad\Cookies\dad@burstnet[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Dad\Cookies\dad@did-it[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Dad\Cookies\dad@target[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Dad\Local Settings\Temp\Cookies\dad@searchportal.information[1].txt
Adware:Adware/FlashTrack Not disinfected C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\CN5RA2BX\channels_02[1].gif
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\aiyappan@earthlink.net\Cookies\owner@112.2o7[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\aiyappan@earthlink.net\Cookies\owner@atwola[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\aiyappan@earthlink.net\Cookies\owner@ccbill[1].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\aiyappan@earthlink.net\Cookies\owner@kinghost[1].txt
Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\aiyappan@earthlink.net\Cookies\owner@kount[1].txt
Spyware:Cookie/WegCash Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\aiyappan@earthlink.net\Cookies\owner@programs.wegcash[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\aiyappan@earthlink.net\Cookies\owner@xiti[1].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu4fzj03.Nandini\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu4fzj03.Nandini\cookies.txt[.2o7.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu4fzj03.Nandini\cookies.txt[statse.webtrendslive.com/]
Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
Virus:Trj/Downloader.FG Disinfected C:\WINDOWS\Downloaded Program Files\f12802.exe


ComboScan Report:
-----------------------
ComboScan v20070221.16 run by Owner on 2007-02-24 at 00:37:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis (run as Owner.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:38:43 AM, on 2/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4H2VWDU7\comboscan[1].exe
C:\Documents and Settings\Owner\Desktop\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hewlett-packard\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: SimHID.lnk.disabled
O4 - Global Startup: VPN Client.lnk.disabled
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZUxdm265YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/27058876...p/RdxIE601.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6AD5F335-3F35-41D8-8B8E-06A9B512784E}: NameServer = 85.255.115.22,85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAB11F66-D748-43A0-8A8E-0A9089F6EBF3}: NameServer = 85.255.115.22,85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\..\{C14A0D00-1AFE-4279-9DC6-FE9B13616A14}: NameServer = 85.255.115.22,85.255.112.101
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.22 85.255.112.101
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.22 85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.22 85.255.112.101
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3R Afc (PPdus ASPI Shell) - C:\WINDOWS\system32\drivers\afc.sys
1R AFS2K - C:\WINDOWS\system32\drivers\AFS2K.SYS
3S ALCXSENS (Service for WDM 3D Audio Driver) - C:\WINDOWS\system32\drivers\ALCXSENS.SYS
3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
1R AmdK7 (AMD K7 Processor Driver) - C:\WINDOWS\system32\drivers\amdk7.sys
3S APLMp50 (APLMp50 NDIS Protocol Driver) - C:\WINDOWS\system32\Drivers\APLMp50.sys (not found)
3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
3S Bridge (MAC Bridge) - C:\WINDOWS\system32\drivers\bridge.sys
3S BridgeMP (MAC Bridge Miniport) - C:\WINDOWS\system32\drivers\bridge.sys
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\ccdecode.sys
3S CVirtA (Cisco Systems VPN Adapter) - C:\WINDOWS\system32\drivers\CVirtA.sys
2R CVPNDRVA (Cisco Systems Inc. IPSec Driver) - C:\WINDOWS\system32\drivers\CVPNDRVA.sys
3R DNE (Deterministic Network Enhancer Miniport) - C:\WINDOWS\system32\drivers\dne2000.sys
3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3S ialm - C:\WINDOWS\system32\drivers\ialmnt5.sys
3S iComp (XtremeTV USB TV Tuner) - C:\WINDOWS\system32\drivers\p2usbwdm.sys
3R L8042pr2 (Logitech PS/2 Mouse Filter Driver) - C:\WINDOWS\system32\drivers\L8042pr2.Sys
3S LHidFlt2 (Logitech HID/USB Mouse Filter Driver) - C:\WINDOWS\system32\drivers\LHIDFLT2.SYS
3S LHidUsb (Logitech USB Receiver device driver) - C:\WINDOWS\system32\drivers\LHIDUSB.SYS
3R LMouFlt2 (Logitech Mouse Class Filter Driver) - C:\WINDOWS\system32\drivers\LMouFlt2.Sys
3R ltmodem5 (Lucent Modem Driver) - C:\WINDOWS\system32\drivers\ltmdmnt.sys
3S mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\mstee.sys
3R MxlW2k - C:\WINDOWS\system32\drivers\MxlW2k.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\nabtsfec.sys
3R NAVENG - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070221.018\NAVENG.SYS
3R NAVEX15 - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070221.018\NAVEX15.SYS
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\ndisip.sys
3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
3S nm (Network Monitor Driver) - C:\WINDOWS\system32\drivers\nmnt.sys
3S NPF (NetGroup Packet Filter Driver) - C:\WINDOWS\system32\drivers\npf.sys (not found)
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
3S nvax (Service for NVIDIA(R) nForce(TM) Audio Enumerator) - C:\WINDOWS\system32\drivers\nvax.sys
3R NVENET (NVIDIA nForce MCP Networking Controller Driver) - C:\WINDOWS\system32\drivers\NVENET.sys
3S nvnforce (Service for NVIDIA(R) nForce(TM) Audio) - C:\WINDOWS\system32\drivers\nvapu.sys
0R nv_agp (NVIDIA nForce AGP Bus Filter) - C:\WINDOWS\system32\drivers\nv_agp.SYS
2R NwlnkIpx (NWLink IPX/SPX/NetBIOS Compatible Transport Protocol) - C:\WINDOWS\system32\drivers\nwlnkipx.sys
2R NwlnkNb (NWLink NetBIOS) - C:\WINDOWS\system32\drivers\nwlnknb.sys
2R NwlnkSpx (NWLink SPX/SPXII Protocol) - C:\WINDOWS\system32\drivers\nwlnkspx.sys
0R ohci1394 (OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
3S OMVA (VPN-1 SecureClient Adapter) - C:\WINDOWS\system32\drivers\OMVA.sys
3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys
3R Ps2 - C:\WINDOWS\system32\drivers\PS2.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
3S QCMerced (Logitech QuickCam Express) - C:\WINDOWS\system32\drivers\lvcm.sys
3S rtl8139 (Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver) - C:\WINDOWS\system32\drivers\R8139n51.sys
3S S3Psddr - C:\WINDOWS\system32\drivers\s3gnbm.sys
1R SAVRT - C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys
2R SAVRTPEL - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys
3S SiS315 - C:\WINDOWS\system32\drivers\sisgrp.sys
0R SISAGP (SiS AGP Filter) - C:\WINDOWS\system32\drivers\SISAGPX.SYS
1R SiSkp - C:\WINDOWS\system32\drivers\srvkp.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\streamip.sys
3R SYMDNS - C:\WINDOWS\system32\drivers\symdns.sys
3R SymEvent - C:\Program Files\Symantec\SYMEVENT.SYS
3R SYMFW - C:\WINDOWS\system32\drivers\symfw.sys
3R SYMIDS - C:\WINDOWS\system32\drivers\symids.sys
3R SYMIDSCO - C:\WINDOWS\system32\drivers\SymIDSCo.sys
3R SYMNDIS - C:\WINDOWS\system32\drivers\symndis.sys
3R SYMREDRV - C:\WINDOWS\system32\drivers\symredrv.sys
1R SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys
2R tmcomm - C:\WINDOWS\system32\drivers\tmcomm.sys
3S usbaudio (USB Audio Driver (WDM)) - C:\WINDOWS\system32\drivers\usbaudio.sys
3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys
3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3R usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys
3S usbser (Motorola USB Modem Driver) - C:\WINDOWS\system32\drivers\usbser.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys
0S viaagp1 (VIA AGP Filter) - C:\WINDOWS\system32\DRIVERS\viaagp1.sys (not found)
3S vsdatant - C:\WINDOWS\system32\vsdatant.sys
1R WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\wstcodec.sys
3S {6080A529-897E-4629-A488-ABA0C29B635E} (Intel(R) Graphics Platform (SoftBIOS) Driver) - C:\WINDOWS\system32\drivers\ialmsbw.sys
3S {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (Intel(R) Graphics Chipset (KCH) Driver) - C:\WINDOWS\system32\drivers\ialmkchw.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

4S Alerter - C:\WINDOWS\System32\svchost.exe -k LocalService
3R ALG (Application Layer Gateway Service) - C:\WINDOWS\System32\alg.exe
3S AppMgmt (Application Management) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R AudioSrv (Windows Audio) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S BITS (Background Intelligent Transfer Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Browser (Computer Browser) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
2R ccProxy (Symantec Network Proxy) - "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
3S ccPwdSvc (Symantec Password Validation) - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
2R ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
3S CiSvc (Indexing Service) - C:\WINDOWS\system32\cisvc.exe
4S ClipSrv (ClipBook) - C:\WINDOWS\system32\clipsrv.exe
3S COMSysApp (COM+ System Application) - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
2R CryptSvc (Cryptographic Services) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R CVPND (Cisco Systems, Inc. VPN Service) - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
2R DcomLaunch (DCOM Server Process Launcher) - C:\WINDOWS\system32\svchost -k DcomLaunch
2R DefWatch (Symantec AntiVirus Definition Watcher) - "C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe"
2R Dhcp (DHCP Client) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S dmadmin (Logical Disk Manager Administrative Service) - C:\WINDOWS\System32\dmadmin.exe /com
2R dmserver (Logical Disk Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Dnscache (DNS Client) - C:\WINDOWS\System32\svchost.exe -k NetworkService
2R ERSvc (Error Reporting Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Eventlog (Event Log) - C:\WINDOWS\system32\services.exe
3R EventSystem (COM+ Event System) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S FastUserSwitchingCompatibility (Fast User Switching Compatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2S Fax - C:\WINDOWS\system32\fxssvc.exe
2R helpsvc (Help and Support) - C:\WINDOWS\System32\svchost.exe -k netsvcs
4S HidServ (Human Interface Device Access) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S HTTPFilter (HTTP SSL) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
3S IDriverT (InstallDriver Table Manager) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
3S ImapiService (IMAPI CD-Burning COM Service) - C:\WINDOWS\System32\imapi.exe
3S iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2R lanmanserver (Server) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R lanmanworkstation (Workstation) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R LmHosts (TCP/IP NetBIOS Helper) - C:\WINDOWS\System32\svchost.exe -k LocalService
2R MDM (Machine Debug Manager) - "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
4S Messenger - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S mnmsrvc (NetMeeting Remote Desktop Sharing) - C:\WINDOWS\System32\mnmsrvc.exe
3S MSDTC (Distributed Transaction Coordinator) - C:\WINDOWS\System32\msdtc.exe
3S MSIServer (Windows Installer) - C:\WINDOWS\System32\msiexec.exe /V
4S NetDDE (Network DDE) - C:\WINDOWS\system32\netdde.exe
4S NetDDEdsdm (Network DDE DSDM) - C:\WINDOWS\system32\netdde.exe
3S Netlogon (Net Logon) - C:\WINDOWS\System32\lsass.exe
3R Netman (Network Connections) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R Nla (Network Location Awareness (NLA)) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S NtLmSsp (NT LM Security Support Provider) - C:\WINDOWS\System32\lsass.exe
3S NtmsSvc (Removable Storage) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\System32\nvsvc32.exe
2R PlugPlay (Plug and Play) - C:\WINDOWS\system32\services.exe
2R PolicyAgent (IPSEC Services) - C:\WINDOWS\System32\lsass.exe
2R ProtectedStorage (Protected Storage) - C:\WINDOWS\system32\lsass.exe
4S RasAuto (Remote Access Auto Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R RasMan (Remote Access Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S RDSessMgr (Remote Desktop Help Session Manager) - C:\WINDOWS\system32\sessmgr.exe
4S RemoteAccess (Routing and Remote Access) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R RemoteRegistry (Remote Registry) - C:\WINDOWS\system32\svchost.exe -k LocalService
3S rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"
3S RpcLocator (Remote Procedure Call (RPC) Locator) - C:\WINDOWS\System32\locator.exe
2R RpcSs (Remote Procedure Call (RPC)) - C:\WINDOWS\system32\svchost -k rpcss
3S RSVP (QoS RSVP) - C:\WINDOWS\System32\rsvp.exe
2R SamSs (Security Accounts Manager) - C:\WINDOWS\system32\lsass.exe
3S SavRoam - "C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe"
3S SCardSvr (Smart Card) - C:\WINDOWS\System32\SCardSvr.exe
2R Schedule (Task Scheduler) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R seclogon (Secondary Logon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R SENS (System Event Notification) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R SharedAccess (Windows Firewall/Internet Connection Sharing (ICS)) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R ShellHWDetection (Shell Hardware Detection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R SNDSrvc (Symantec Network Drivers Service) - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
2R Spooler (Print Spooler) - C:\WINDOWS\system32\spoolsv.exe
2R srservice (System Restore Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R SSDPSRV (SSDP Discovery Service) - C:\WINDOWS\System32\svchost.exe -k LocalService
2R stisvc (Windows Image Acquisition (WIA)) - C:\WINDOWS\System32\svchost.exe -k imgsvc
3S SwPrv (MS Software Shadow Copy Provider) - C:\WINDOWS\System32\dllhost.exe /Processid:{19AB376E-4103-4666-BDD5-E5DCEC7A5AB9}
2R Symantec AntiVirus - "C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe"
2R SymSecurePort (Symantec SecurePort) - "C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe"
3S SysmonLog (Performance Logs and Alerts) - C:\WINDOWS\system32\smlogsvc.exe
3R TapiSrv (Telephony) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R TermService (Terminal Services) - C:\WINDOWS\System32\svchost -k DComLaunch
2R Themes - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S TlntSvr (Telnet) - C:\WINDOWS\System32\tlntsvr.exe
2R TrkWks (Distributed Link Tracking Client) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\System32\wdfmgr.exe
3S upnphost (Universal Plug and Play Device Host) - C:\WINDOWS\System32\svchost.exe -k LocalService
3S UPS (Uninterruptible Power Supply) - C:\WINDOWS\System32\ups.exe
3S usnsvc (Messenger Sharing USN Journal Reader service) - C:\WINDOWS\System32\svchost.exe -k usnsvc
3S VSS (Volume Shadow Copy) - C:\WINDOWS\System32\vssvc.exe
2R W32Time (Windows Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R WebClient - C:\WINDOWS\System32\svchost.exe -k LocalService
2R winmgmt (Windows Management Instrumentation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S WmdmPmSN (Portable Media Serial Number Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S Wmi (Windows Management Instrumentation Driver Extensions) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S WmiApSrv (WMI Performance Adapter) - C:\WINDOWS\System32\wbem\wmiapsrv.exe
2R wscsvc (Security Center) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R wuauserv (Automatic Updates) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R WZCSVC (Wireless Zero Configuration) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S xmlprov (Network Provisioning Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs


-- Scheduled Tasks --------------------------------------------------------------

2007-01-26 11:15:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
2004-11-29 22:12:54 414 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job<SYMANT~1.JOB>


-- Files created between 2007-01-24 and 2007-02-24 ------------------------------

2007-02-24 00:25:11 21312 --a------ C:\WINDOWS\choice.exe
2007-02-24 00:18:02 0 d-------- C:\ie-spyad
2007-02-24 00:01:39 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-02-23 23:59:58 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-02-23 22:41:50 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-22 19:53:13 0 d-------- C:\Program Files\Maxtor


-- Find3M Report ----------------------------------------------------------------

2007-02-24 00:12:44 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-23 23:29:37 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-23 18:20:28 0 d-------- C:\Program Files\Google
2007-02-22 22:29:03 0 d-------- C:\Program Files\Yahoo!
2007-02-22 22:28:16 0 d-a------ C:\Documents and Settings\Owner\Application Data\yahoo!
2007-02-22 19:53:13 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-20 23:27:14 34815 --a------ C:\WINDOWS\system32\a.exe
2007-01-18 21:16:37 0 d-------- C:\Program Files\Quicken
2007-01-18 20:59:17 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-01-15 23:18:53 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-01-12 18:00:59 0 d-------- C:\Program Files\mobile PhoneTools<MOBILE~1>
2007-01-12 18:00:46 0 d-------- C:\Program Files\LiveUpdate<LIVEUP~1>
2007-01-12 18:00:42 0 d-------- C:\Documents and Settings\Owner\Application Data\InstallShield<INSTAL~1>
2007-01-05 17:53:10 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BackupNotify"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\backupnotify.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"PVR"="C:\\Program Files\\XemiComputers\\Pocket Voice Recorder\\PVR.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"CLAUDIO"="C:\\Program Files\\XemiComputers\\Claudio\\Claudio.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~2\\VPTray.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"LogitechGalleryRepair"="C:\\Program Files\\Logitech\\ImageStudio\\ISStart.exe"
"LogitechImageStudioTray"="C:\\Program Files\\Logitech\\ImageStudio\\LogiTray.exe"
"LVCOMS"="C:\\Program Files\\Common Files\\Logitech\\QCDriver3\\LVCOMS.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\mwsoemon.exe"
"My Web Search Bar"="rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\MWSBAR.DLL,S"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"AlcxMonitor"="ALCXMNTR.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"="csurf.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{927e4e5e-14b8-11d8-b45b-806d6172696f}]
Shell\AutoRun\command D:\Info.exe folder.htt 480 480


-- End of ComboScan: finished at 2007-02-24 at 00:39:06 -------------------------
Thanks,
Sirius
sirius is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here