|
Registered User
Join Date: Feb 2007
Posts: 18
OS: xp pro
|
Requested Info
Hello,
Thanks for the instructions and point taken regarding P2P..
I have followed your instructions and have attached the log files and screen shots as seperate files.
I could not run VirusTotal, tried several times, it shut down the window and explorer each time.. seemed to do this after reaching this file: SW01068_q uig
also now after re-boot's i have a few windows open with alerts and issues.. I have attached a screenshot of this for your info..
Cheers, Steve
SDFix: Version 1.68
Run by Steve Byars - 27-Feb-07 @ 14:03:07.98
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
Path:
Restoring Windows Registry Entries
Restoring Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found...
ADS Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\winjews16.exe"="C:\\WINDOWS\\system32\\winjews16.exe:*:Enabled:Windows Systems16"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
Checking For Files with Hidden Attributes :
C:\WINDOWS\system32\vturs.dll
C:\WINDOWS\system32\ihkmp.tmp
Add/Remove Programs List:
Ad-Aware SE Professional
Adobe Acrobat 7.0 Professional
Adobe InDesign CS2
Adobe PageMaker 7.0
Adobe Photoshop CS2
AVG Anti-Spyware 7.5
AVI Codec Pack
BitComet 0.84
CloneDVD 3.9.1
Creative PC-CAM Center
Creative WebCam NX Ultra Driver (1.01.03.0112)
Creative WebCam Monitor
Creative WebCam NX Ultra User's Guide (English)
Canon Utilities Digital Photo Professional 2.2
DVD Ripper Platinum 4
EPSON Printer Software
FrontLook Java Effects
HijackThis 1.99.1
HP Officejet Pro K550 Series
Microsoft Internationalized Domain Names Mitigation APIs
Wave Support Software
Private Information Manager
Document Manager Lite
Avery Wizard 3.0
ETS Upgrade
Canon Utilities EOS Viewer Utility 1.1
Secure Update
Canon Utilities Digital Photo Professional 2.0
ETS Launch Pad
Security Wizards
Canon EOS 20D WIA Driver
EMBASSY Security Center
High Definition Audio Driver Package - KB835221
McAfee Uninstaller
Microsoft .NET Framework 1.1
Mozilla Firefox (2.0.0.1)
McAfee SecurityCenter
MSN Music Assistant
MWSnap 3
Microsoft National Language Support Downlevel APIs
NVIDIA Drivers
PowerISO
RealPlayer
Registry Mechanic 6.0
Adobe Flash Player 9 ActiveX
River Past Video Cleaner Pro
VideoLAN VLC media player 0.8.5
WinRAR archiver
Olympus ES-10 Film Scanner driver 2.02 and Mask 0.80 beta
Broadcom ASF Management Applications
Roxio RecordNow Data
Wave Support Software
ColorPort 1.0.1.1
Private Information Manager
NTRU Hybrid TSS v2.0.25
Roxio DLA
Paragon Partition Manager 7.0
Adobe Photoshop CS2
Acronis˙True˙Image˙Workstation
Broadcom Advanced Control Suite
Logitech SetPoint
Sonic Update Manager
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
iTunes
EPSON LFP Remote Panel
QuickTime
Document Manager Lite
APC PowerChute Personal Edition
Roxio Express Labeler
PowerDVD 5.7
MonacoOPTIX 2.0
Avery Wizard 3.0
ETS Upgrade
Callserve Internet Telephone
Windows Live Messenger
Nero 7 Premium
Adobe InDesign CS2
Preboot Manager
Adobe Common File Installer
Logitech Desktop Messenger
Microsoft Office XP Professional with FrontPage
Intel Matrix Storage Manager
ICC Profiles
Microsoft Office XP Small Business
Microsoft Office Basic Edition 2003
Microsoft Office FrontPage 2003
Apple Software Update
Roxio RecordNow Audio
Dell Embassy Trust Suite by Wave Systems
UGuide
Adobe Acrobat 7.0 Professional
Adobe Reader 7.0.8
Roxio RecordNow Copy
Spy Sweeper
Adobe Bridge 1.0
Misc
Atmel TPM Driver Installer 3.0.3.15
ColorShop X 1.5
Microsoft .NET Framework 1.1
EOS Viewer Utility 1.1
Secure Update
MCU
upekmsi
Canon Utilities Digital Photo Professional 2.0
ETS Launch Pad
Adobe Help Center 1.0
Security Wizards
Canon Camera WIA Driver
Adobe Stock Photos 1.0
EMBASSY Security Center
Genuine Fractals PrintPro Trial
EMBASSY Trust Suite by Wave Systems
Toolbox
PULSE ColorElite
Wave Infrastructure Installer
Windows Live Sign-in Assistant
ACE Mega CoDecS Pack
Finished
ComboScan v20070226.18 run by Steve Byars on 2007-02-27 at 15:02:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Steve Byars.exe) ------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 3:02:09 PM, on 27-Feb-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
C:\Program Files\ImagePrint\spool\mux\muxd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Downloads\comboscan.exe
C:\PROGRA~1\HIJACK~1\STEVEB~1.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: (no name) - {38605018-0D69-4458-842B-9185938459B4} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {4C9A6BF9-BCC2-461B-9C11-AA0F3983866A} - C:\WINDOWS\system32\pmkhi.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E0D0D24-256A-4C5E-A96B-FAA826870311} - C:\WINDOWS\system32\vturs.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: (no name) - {D7B374C3-8DED-4CB1-820B-413FF0C71FC6} - C:\WINDOWS\system32\qomkijk.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\mhtqxhhb.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [EPSON Stylus Pro 9800 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S5I0P2.EXE /P30 "EPSON Stylus Pro 9800 (Copy 1)" /O6 "USB002" /M "Stylus Pro 9800"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CBSpoolDaemon] "C:\Program Files\ImagePrint\spool\mux\muxd.exe"
O4 - HKLM\..\Run: [Windows Systems16] C:\WINDOWS\system32\winjews16.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\vebbamba.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Windows Systems16] C:\WINDOWS\system32\winjews16.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: MonacoGamma.lnk = C:\Program Files\X-Rite\Tools\MonacoGamma\MonacoGamma.exe
O4 - Global Startup: MonacoReminder.lnk = ?
O4 - Global Startup: Monitor Reminder.lnk = ?
O4 - Global Startup: Printer Watcher.lnk = C:\Program Files\EPSON\EPSON LFP Remote Panel\Printer Watcher\Printer Watcher.exe
O4 - Global Startup: PULSELaunch.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...66/mcfscan.cab
O18 - Protocol: bw+0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: wxvault.dll
O20 - Winlogon Notify: vturs - C:\WINDOWS\system32\vturs.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: McAfee Application Installer Cleanup (0082331172587804) (0082331172587804mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\008233~1.EXE (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Unknown owner - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
-- Files created between 2007-01-27 and 2007-02-27 ------------------------------
2007-02-27 14:24:36 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-27 14:24:33 0 d-------- C:\WINDOWS\LastGood
2007-02-27 14:02:09 0 d-------- C:\SDFix
2007-02-27 12:47:34 282164 ---hs---- C:\WINDOWS\system32\vturs.dll
2007-02-27 12:45:31 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-27 12:45:26 0 d-------- C:\Program Files\Grisoft
2007-02-27 12:27:47 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-02-27 10:11:46 0 d-------- C:\Program Files\HijackThis<HIJACK~1>
2007-02-24 14:25:48 162 --a------ C:\install.dat
2007-02-24 14:04:55 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-02-24 14:02:58 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-02-24 14:02:52 21056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-02-24 14:02:52 144448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-02-24 14:02:52 22080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-02-24 14:02:52 20544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-02-24 14:02:30 0 d-------- C:\Program Files\Webroot
2007-02-24 14:02:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-02-24 14:01:47 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\Webroot
2007-02-22 16:51:06 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-02-22 16:51:06 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-02-22 16:51:06 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-02-22 16:51:06 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-02-22 16:51:06 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-02-21 12:44:20 975434 ---hs---- C:\WINDOWS\system32\ihkmp.ini2<IHKMP~1.INI>
2007-02-20 13:41:12 6206 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-20 12:37:11 0 d-------- C:\WINDOWS\McAfee.com
2007-02-20 12:18:11 0 d-------- C:\WINDOWS\system32\Dell
2007-02-20 11:38:47 66048 --a------ C:\WINDOWS\ieResetIcons.exe<IERESE~1.EXE>
2007-02-20 10:11:24 77824 --a------ C:\WINDOWS\system32\IPPTAMon.dll
2007-02-20 10:09:35 0 d-------- C:\Program Files\ImagePrint<IMAGEP~1>
2007-02-15 16:46:21 0 d-------- C:\epson
2007-02-15 10:47:14 0 d-------- C:\WINDOWS\system32\appmgmt
2007-02-15 10:11:26 22749 -----n--- C:\WINDOWS\system32\qomkijk.dll
2007-02-14 15:23:54 44165 --a------ C:\WINDOWS\system32\nybdnxsi.dll
2007-02-14 09:53:47 44165 --a------ C:\WINDOWS\system32\pqcreysq.dll
2007-02-14 09:53:03 44060 --a------ C:\WINDOWS\system32\ukjdpmmq.dll
2007-02-13 13:08:57 44165 --a------ C:\WINDOWS\system32\dkamlvtg.dll
2007-02-09 10:59:50 1238 -----n--- C:\WINDOWS\hpwmdl03.dat
2007-02-09 10:59:50 60701 --a------ C:\WINDOWS\hpwins03.dat
2007-02-09 09:53:55 44060 --a------ C:\WINDOWS\system32\btyquldm.dll
2007-02-06 16:59:59 44165 --a------ C:\WINDOWS\system32\minglxkv.dll
2007-02-06 10:18:18 3567 --a------ C:\WINDOWS\system32\drivers\PortTalk.sys
2007-02-06 10:18:18 0 d-------- C:\Program Files\Olympus ES-10 Film Scanner<OLYMPU~1>
2007-02-03 12:51:00 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-02-03 12:51:00 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-02-03 12:38:20 0 d-------- C:\Program Files\Downloaded Installations<DOWNLO~1>
2007-01-31 10:27:44 4142592 --a------ C:\WINDOWS\system32\qtintf.dll
2007-01-31 10:27:43 0 d-------- C:\Program Files\APC
2007-01-31 10:26:45 9344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2007-01-31 10:26:43 19200 --a------ C:\WINDOWS\system32\drivers\hidbatt.sys
2007-01-31 10:26:42 14080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2007-01-31 09:44:28 44060 --a------ C:\WINDOWS\system32\vdktxdlr.dll
2007-01-29 03:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
-- Find3M Report ----------------------------------------------------------------
2007-02-27 14:48:11 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-27 14:48:11 0 d-------- C:\Program Files\iTunes
2007-02-27 14:48:07 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-02-27 13:01:33 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\U3
2007-02-27 10:38:07 969925 ---hs---- C:\WINDOWS\system32\ihkmp.bak2<IHKMP~2.BAK>
2007-02-27 09:56:03 0 d-------- C:\Program Files\Java
2007-02-27 09:49:58 0 d-------- C:\Program Files\McAfee
2007-02-27 09:48:06 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\Wave Systems Corp<WAVESY~1>
2007-02-24 14:28:26 970482 ---hs---- C:\WINDOWS\system32\ihkmp.bak1<IHKMP~1.BAK>
2007-02-23 12:39:33 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-23 11:23:12 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-20 14:53:00 376832 --a------ C:\WINDOWS\system32\MPIWIN32.DLL
2007-02-20 14:53:00 43520 --a------ C:\WINDOWS\system32\CBNDLL.DLL
2007-02-20 14:52:55 44544 --a------ C:\WINDOWS\system32\ZEUS.DLL
2007-02-20 14:52:55 27136 --a------ C:\WINDOWS\system32\VNSERVER.DLL
2007-02-20 14:52:55 40960 --a------ C:\WINDOWS\system32\LMLIBEX.DLL
2007-02-20 13:11:23 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\SiteAdvisor<SITEAD~1>
2007-02-16 11:01:34 2766 --a------ C:\Documents and Settings\Steve Byars\Application Data\com.icctools.ColorShop.plist<COMICC~1.PLI>
2007-02-16 10:59:19 8 --a------ C:\Documents and Settings\Steve Byars\Application Data\_.ini
2007-02-15 13:31:25 0 d-------- C:\Program Files\BitComet
2007-02-15 11:29:55 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-14 14:25:32 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll<BITCOM~1.DLL>
2007-02-13 10:37:21 0 d-------- C:\Program Files\SiteAdvisor<SITEAD~1>
2007-02-13 10:04:15 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-09 11:10:52 0 d-------- C:\Program Files\HP
2007-01-26 15:19:00 0 d-------- C:\Program Files\Avery Wizard 3.0<AVERYW~1.0>
2007-01-26 14:43:14 0 d-------- C:\Program Files\Common Files\Avery
2007-01-24 10:54:49 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\Adobe
2007-01-23 12:51:14 0 d-------- C:\Program Files\Registry Mechanic<REGIST~1>
2007-01-19 15:02:42 0 d-------- C:\Program Files\X-Rite
2007-01-19 14:44:59 1350 --a------ C:\Documents and Settings\Steve Byars\Application Data\ColorPort.xml<COLORP~1.XML>
2007-01-18 10:13:59 0 d-------- C:\Program Files\McAfee.com
2007-01-18 10:11:24 0 d-------- C:\Program Files\Common Files\McAfee
2007-01-18 10:09:11 44060 --a------ C:\WINDOWS\system32\oiurnexi.dll
2007-01-18 10:09:05 969851 ---hs---- C:\WINDOWS\system32\mlnmp.bak1<MLNMP~1.BAK>
2007-01-17 10:46:16 263963 --a------ C:\WINDOWS\system32\jkhhh.dll
2007-01-17 10:42:44 266883 --a------ C:\WINDOWS\system32\ddcya.dll
2007-01-16 15:23:57 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\Lavasoft
2007-01-16 15:23:34 0 d-------- C:\Program Files\Lavasoft
2007-01-10 15:31:57 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\dvdcss
2007-01-10 14:23:18 0 d-------- C:\Program Files\Xilisoft
2007-01-10 12:02:18 0 d-------- C:\Program Files\CloneDVD
2007-01-10 10:43:07 14545 --a------ C:\WINDOWS\system32\exec1.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2007-01-04 15:41:04 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\Help
2007-01-03 13 46 164568 --a------ C:\WINDOWS\Video Cleaner Pro Uninstaller.exe<VIDEOC~1.EXE>
2007-01-03 1345 0 d-------- C:\Program Files\River Past<RIVERP~1>
2007-01-03 1345 0 d-------- C:\Program Files\Common Files\River Past<RIVERP~1>
2007-01-03 1345 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\River Past G5<RIVERP~1>
2007-01-02 16:01:19 0 d-------- C:\Program Files\Common Files\Ahead
2006-12-19 16:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 13:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-07 01:40:49 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-27 09:54:06 433152 --a------ C:\WINDOWS\system32\riched20.dll
2006-11-27 09:54:06 539136 --a------ C:\WINDOWS\system32\msftedit.dll
-- Registry Dump ----------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"AWMON"="\"C:\\Program Files\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe\""
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"SigmatelSysTrayApp"="stsystra.exe"
"Document Manager"="C:\\Program Files\\Wave Systems Corp\\Services Manager\\DocMgr\\bin\\docmgr.exe"
"IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"EPSON Stylus Pro 9800 (Copy 1)"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S5I0P2.EXE /P30 \"EPSON Stylus Pro 9800 (Copy 1)\" /O6 \"USB002\" /M \"Stylus Pro 9800\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"TrueImageMonitor.exe"="C:\\Program Files\\Acronis\\TrueImageWorkstation\\TrueImageMonitor.exe"
"AcronisTimounterMonitor"="C:\\Program Files\\Acronis\\TrueImageWorkstation\\TimounterMonitor.exe"
"Acronis Scheduler2 Service"="\"C:\\Program Files\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"HPWUTOOLBOX"="C:\\Program Files\\HP\\HP Officejet Pro K550 Series\\Toolbox\\HPWUTBX.exe \"-i\""
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"RegistryMechanic"=""
"NWEReboot"=""
"CBSpoolDaemon"="\"C:\\Program Files\\ImagePrint\\spool\\mux\\muxd.exe\""
"Windows Systems16"="C:\\WINDOWS\\system32\\winjews16.exe"
"DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\vebbamba.dll\",setvm"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Systems16"="C:\\WINDOWS\\system32\\winjews16.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CBSpoolDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="muxd"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ImagePrint\\spool\\mux\\muxd.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DllRunning]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"hkey"="HKLM"
"inimapping"="0"
"item"="vebbamba"
"command"="rundll32.exe \"C:\\WINDOWS\\system32\\vebbamba.dll\",setvm"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KHALMNPR"
"hkey"="HKLM"
"command"="KHALMNPR.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"tcsd_win32.exe"=dword:00000002
"DataSvr2"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wxvault.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{D7B374C3-8DED-4CB1-820B-413FF0C71FC6}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturs
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L]
Shell\AutoRun\command L:\LaunchU3.exe -a
-- End of ComboScan: finished at 2007-02-27 at 15:02:43 -------------------------
Last edited by tetonbob; 02-27-2007 at 01:29 PM.
|