Tech Support Forum - View Single Post - random pop ups tried spybot and kaspersky still get pop ups

MyDingo21 · 03-05-2007, 12:10 PM

ok here's the new combo scan:

ComboScan v20070226.18 run by Admin on 2007-03-05 at 13:07:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Admin.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:08:01 PM, on 3/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\unBlackList.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\Admin\Desktop\comboscan.exe
C:\DOCUME~1\Admin\Desktop\Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Surf the Web at your own risk!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [RaidTool] "C:\Program Files\VIA\RAID\raid_tool.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µnBlackList] "C:\Program Files\SlySoft\AnyDVD\unBlackList.exe"
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1134841150578
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

-- Files created between 2007-02-05 and 2007-03-05 ------------------------------

2007-03-04 15:45:37 0 d-------- C:\WINDOWS\LastGood
2007-03-02 18:36:39 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1>
2007-03-02 16:40:27 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-02 16:40:18 0 d-------- C:\Program Files\Grisoft
2007-02-28 18:10:31 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-02-28 18:10:31 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-02-28 18:10:31 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-02-28 18:10:29 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-02-28 18:10:29 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-02-28 18:10:26 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-02-27 16:55:53 0 d-------- C:\CloneDVDTemp<CLONED~1>
2007-02-27 16:53:11 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Elaborate Bytes<ELABOR~1>
2007-02-27 16:53:04 0 d-------- C:\Documents and Settings\Admin\Application Data\SlySoft
2007-02-26 18

05 1826 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-26 16:49:31 0 d-------- C:\Documents and Settings\Administrator.USER-856C1D9BFD\Application Data\Webroot
2007-02-26 16:47:51 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Webroot
2007-02-26 16:22:59 21056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-02-26 16:22:59 144448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-02-26 16:22:59 22080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-02-26 16:22:59 20544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-02-26 16:21:58 0 d-------- C:\Program Files\Webroot
2007-02-26 16:21:58 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Webroot
2007-02-26 16:19:32 0 d-------- C:\Documents and Settings\Admin\Application Data\Webroot
2007-02-19 16:23:55 0 d-------- C:\Program Files\Acoustica Beatcraft<ACOUST~1>
2007-02-19 14:05:40 0 d-------- C:\Documents and Settings\Admin\Application Data\Media Player Classic<MEDIAP~1>
2007-02-19 14:03:57 0 d-------- C:\Program Files\Media Player Classic<MEDIAP~1>
2007-02-19 14:03:55 0 d-------- C:\Program Files\Real Alternative<REALAL~1>
2007-02-19 14:03:55 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Real
2007-02-19 14:03:55 0 d-------- C:\Documents and Settings\Admin\Application Data\Real
2007-02-19 13:02:12 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound<NCHSWI~1>
2007-02-18 17:29:46 225280 --a------ C:\WINDOWS\system32\rewire.dll
2007-02-18 17:29:46 0 d-------- C:\Program Files\VstPlugins<VSTPLU~1>
2007-02-18 11:57:05 0 d-------- C:\Documents and Settings\Admin\Application Data\NCH Swift Sound<NCHSWI~1>
2007-02-18 11:56:07 0 d-------- C:\Program Files\NCH Swift Sound<NCHSWI~1>
2007-02-16 18:05:41 0 d-------- C:\Documents and Settings\Admin\Application Data\Azureus
2007-02-16 18:05:21 0 d-------- C:\Program Files\Azureus
2007-02-13 20:52:01 86016 --a------ C:\WINDOWS\unvise32.exe
2007-02-12 19:09:44 0 d-------- C:\Program Files\Avi2Dvd
2007-02-07 17:27:19 0 d-------- C:\My Downloads<MYDOWN~1>

-- Find3M Report ----------------------------------------------------------------

2007-03-02 21:19:20 0 d-------- C:\Program Files\Java
2007-03-02 20:27:22 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-01 18:13:56 0 d-------- C:\Program Files\Yahoo!
2007-03-01 18:13:25 0 d-------- C:\Program Files\XviD
2007-03-01 18:13:15 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-03-01 18:13:09 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-03-01 18:12:35 0 d-------- C:\Program Files\SuperTux
2007-03-01 18:10:04 0 d-------- C:\Program Files\SBC Self Support Tool<SBCSEL~1>
2007-03-01 18:09:53 0 d-------- C:\Program Files\Realtek AC97<REALTE~2>
2007-03-01 18:09:38 0 d-------- C:\Program Files\Online Services<ONLINE~1>
2007-03-01 18:09:38 0 d-------- C:\Program Files\OfficeUpdate11<OFFICE~1>
2007-03-01 18:09:00 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-03-01 18:04:40 0 d-------- C:\Program Files\Microsoft ActiveSync<MICROS~3>
2007-03-01 18:04:39 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-01 18:04:36 0 d-------- C:\Program Files\LimeWire
2007-03-01 18:04:25 0 d-------- C:\Program Files\LexmarkX63<LEXMAR~1>
2007-03-01 18:00:49 0 d-------- C:\Program Files\Hijackthis<HIJACK~1>
2007-03-01 18:00:35 0 d-------- C:\Program Files\DVD Shrink<DVDSHR~1>
2007-03-01 18:00:34 0 d-------- C:\Program Files\DVD Decrypter<DVDDEC~1>
2007-03-01 18:00:33 0 d-------- C:\Program Files\DV TS<DVTS~1>
2007-03-01 18:00:27 0 d-------- C:\Program Files\DivX
2007-03-01 18:00:18 0 d-------- C:\Program Files\DAMN NFO Viewer<DAMNNF~1>
2007-03-01 17:56:36 0 d-------- C:\Program Files\Common Files\Motive
2007-03-01 17:55:24 0 d-------- C:\Program Files\Common Files\Kaspersky Lab<KASPER~1>
2007-03-01 17:54:55 0 d-------- C:\Program Files\CCleaner
2007-03-01 17:53:54 0 d-------- C:\Program Files\AvRack
2007-03-01 17:53:53 0 d-------- C:\Program Files\AviSynth 2.5<AVISYN~1.5>
2007-03-01 17:52:38 0 d-------- C:\Program Files\AOD
2007-03-01 17:52:37 0 d-------- C:\Program Files\AIM6
2007-03-01 17:51:20 0 d-------- C:\Program Files\AIM
2007-03-01 17:50:59 0 d-------- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter<ACE-HI~1>
2007-03-01 17:31:37 0 d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2007-03-01 17:31:33 0 d-------- C:\Documents and Settings\Admin\Application Data\MSNInstaller<MSNINS~1>
2007-03-01 17:31:33 0 d-------- C:\Documents and Settings\Admin\Application Data\Mozilla
2007-03-01 17:31:05 0 d-------- C:\Documents and Settings\Admin\Application Data\LimeWire
2007-03-01 17:30:33 0 d-------- C:\Documents and Settings\Admin\Application Data\AdobeUM
2007-02-23 16:43:28 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-18 18:19:23 56314 --a------ C:\Documents and Settings\Admin\Application Data\speech.wav
2007-02-03 15:14:24 335 --a------ C:\WINDOWS\mozregistry.dat<MOZREG~1.DAT>
2007-02-02 21:30:31 0 d-------- C:\Program Files\Common Files\SWF Studio<SWFSTU~1>
2007-01-29 02:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-21 19:47:39 0 d-------- C:\Program Files\Elaborate Bytes<ELABOR~1>
2007-01-21 19:46:31 0 d-------- C:\Program Files\SlySoft
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-08 19:38:04 0 d---s---- C:\Documents and Settings\Admin\Application Data\Microsoft<MICROS~1>
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-12-27 10:46:06 126976 --a------ C:\WINDOWS\system32\iavlsp.dll
2006-12-19 15:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 12:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-13 14:24:42 89296 --a------ C:\WINDOWS\system32\ElbyCDIO.dll
2006-12-12 14:15:08 845312 --a------ C:\WINDOWS\system32\Smab.dll

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"µnBlackList"="\"C:\\Program Files\\SlySoft\\AnyDVD\\unBlackList.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RaidTool"="\"C:\\Program Files\\VIA\\RAID\\raid_tool.exe\""
"KAVPersonal50"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kav.exe\" /minimize"
"PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe"
"lxamsp32.exe"="lxamsp32.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Monitor.lnk]
"backup"="C:\\WINDOWS\\pss\\Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\ArcSoft\\MEDIAC~1\\MCCMON~1.EXE -r"
"item"="Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Language"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexStart]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mavenapp://maven.net/nike/jogatv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NikeJogaTV"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero DriveSpeed]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DRIVES~1"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"inimapping"="0"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SMSystemAnalyzer"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swdoctor"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="1"
"hkey"="HKCU"
"command"="1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C47A9554-195A-4769-9B13-04F15B450A39}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
Shell\AutoRun\command G:\LaunchU3.exe -a

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac442ae2-864e-11db-82f5-00508d79493f}]
Shell\AutoRun\command G:\LaunchU3.exe -a

-- End of ComboScan: finished at 2007-03-05 at 13:08:41 -------------------------

03-05-2007, 12:10 PM	#23 (permalink)
MyDingo21 Registered User Join Date: Jan 2006 Location: Chi- city Posts: 91 OS: XP pro sp2	ok here's the new combo scan: ComboScan v20070226.18 run by Admin on 2007-03-05 at 13:07:48 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Admin.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 1:08:01 PM, on 3/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SlySoft\AnyDVD\unBlackList.exe C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe C:\Program Files\LexmarkX63\ACMonitor_X63.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Documents and Settings\Admin\Desktop\comboscan.exe C:\DOCUME~1\Admin\Desktop\Admin.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Surf the Web at your own risk! R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [RaidTool] "C:\Program Files\VIA\RAID\raid_tool.exe" O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [µnBlackList] "C:\Program Files\SlySoft\AnyDVD\unBlackList.exe" O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1134841150578 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- Files created between 2007-02-05 and 2007-03-05 ------------------------------ 2007-03-04 15:45:37 0 d-------- C:\WINDOWS\LastGood 2007-03-02 18:36:39 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1> 2007-03-02 16:40:27 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-03-02 16:40:18 0 d-------- C:\Program Files\Grisoft 2007-02-28 18:10:31 79360 --a------ C:\WINDOWS\system32\swxcacls.exe 2007-02-28 18:10:31 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-02-28 18:10:31 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-02-28 18:10:29 40960 --a------ C:\WINDOWS\system32\swsc.exe 2007-02-28 18:10:29 135168 --a------ C:\WINDOWS\system32\swreg.exe 2007-02-28 18:10:26 53248 --a------ C:\WINDOWS\system32\Process.exe 2007-02-27 16:55:53 0 d-------- C:\CloneDVDTemp<CLONED~1> 2007-02-27 16:53:11 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Elaborate Bytes<ELABOR~1> 2007-02-27 16:53:04 0 d-------- C:\Documents and Settings\Admin\Application Data\SlySoft 2007-02-26 1805 1826 --a------ C:\WINDOWS\system32\tmp.reg 2007-02-26 16:49:31 0 d-------- C:\Documents and Settings\Administrator.USER-856C1D9BFD\Application Data\Webroot 2007-02-26 16:47:51 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Webroot 2007-02-26 16:22:59 21056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2007-02-26 16:22:59 144448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys 2007-02-26 16:22:59 22080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys 2007-02-26 16:22:59 20544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys 2007-02-26 16:21:58 0 d-------- C:\Program Files\Webroot 2007-02-26 16:21:58 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Webroot 2007-02-26 16:19:32 0 d-------- C:\Documents and Settings\Admin\Application Data\Webroot 2007-02-19 16:23:55 0 d-------- C:\Program Files\Acoustica Beatcraft<ACOUST~1> 2007-02-19 14:05:40 0 d-------- C:\Documents and Settings\Admin\Application Data\Media Player Classic<MEDIAP~1> 2007-02-19 14:03:57 0 d-------- C:\Program Files\Media Player Classic<MEDIAP~1> 2007-02-19 14:03:55 0 d-------- C:\Program Files\Real Alternative<REALAL~1> 2007-02-19 14:03:55 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Real 2007-02-19 14:03:55 0 d-------- C:\Documents and Settings\Admin\Application Data\Real 2007-02-19 13:02:12 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound<NCHSWI~1> 2007-02-18 17:29:46 225280 --a------ C:\WINDOWS\system32\rewire.dll 2007-02-18 17:29:46 0 d-------- C:\Program Files\VstPlugins<VSTPLU~1> 2007-02-18 11:57:05 0 d-------- C:\Documents and Settings\Admin\Application Data\NCH Swift Sound<NCHSWI~1> 2007-02-18 11:56:07 0 d-------- C:\Program Files\NCH Swift Sound<NCHSWI~1> 2007-02-16 18:05:41 0 d-------- C:\Documents and Settings\Admin\Application Data\Azureus 2007-02-16 18:05:21 0 d-------- C:\Program Files\Azureus 2007-02-13 20:52:01 86016 --a------ C:\WINDOWS\unvise32.exe 2007-02-12 19:09:44 0 d-------- C:\Program Files\Avi2Dvd 2007-02-07 17:27:19 0 d-------- C:\My Downloads<MYDOWN~1> -- Find3M Report ---------------------------------------------------------------- 2007-03-02 21:19:20 0 d-------- C:\Program Files\Java 2007-03-02 20:27:22 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1> 2007-03-01 18:13:56 0 d-------- C:\Program Files\Yahoo! 2007-03-01 18:13:25 0 d-------- C:\Program Files\XviD 2007-03-01 18:13:15 0 d-------- C:\Program Files\Windows NT<WINDOW~1> 2007-03-01 18:13:09 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4> 2007-03-01 18:12:35 0 d-------- C:\Program Files\SuperTux 2007-03-01 18:10:04 0 d-------- C:\Program Files\SBC Self Support Tool<SBCSEL~1> 2007-03-01 18:09:53 0 d-------- C:\Program Files\Realtek AC97<REALTE~2> 2007-03-01 18:09:38 0 d-------- C:\Program Files\Online Services<ONLINE~1> 2007-03-01 18:09:38 0 d-------- C:\Program Files\OfficeUpdate11<OFFICE~1> 2007-03-01 18:09:00 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1> 2007-03-01 18:04:40 0 d-------- C:\Program Files\Microsoft ActiveSync<MICROS~3> 2007-03-01 18:04:39 0 d-------- C:\Program Files\Messenger<MESSEN~1> 2007-03-01 18:04:36 0 d-------- C:\Program Files\LimeWire 2007-03-01 18:04:25 0 d-------- C:\Program Files\LexmarkX63<LEXMAR~1> 2007-03-01 18:00:49 0 d-------- C:\Program Files\Hijackthis<HIJACK~1> 2007-03-01 18:00:35 0 d-------- C:\Program Files\DVD Shrink<DVDSHR~1> 2007-03-01 18:00:34 0 d-------- C:\Program Files\DVD Decrypter<DVDDEC~1> 2007-03-01 18:00:33 0 d-------- C:\Program Files\DV TS<DVTS~1> 2007-03-01 18:00:27 0 d-------- C:\Program Files\DivX 2007-03-01 18:00:18 0 d-------- C:\Program Files\DAMN NFO Viewer<DAMNNF~1> 2007-03-01 17:56:36 0 d-------- C:\Program Files\Common Files\Motive 2007-03-01 17:55:24 0 d-------- C:\Program Files\Common Files\Kaspersky Lab<KASPER~1> 2007-03-01 17:54:55 0 d-------- C:\Program Files\CCleaner 2007-03-01 17:53:54 0 d-------- C:\Program Files\AvRack 2007-03-01 17:53:53 0 d-------- C:\Program Files\AviSynth 2.5<AVISYN~1.5> 2007-03-01 17:52:38 0 d-------- C:\Program Files\AOD 2007-03-01 17:52:37 0 d-------- C:\Program Files\AIM6 2007-03-01 17:51:20 0 d-------- C:\Program Files\AIM 2007-03-01 17:50:59 0 d-------- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter<ACE-HI~1> 2007-03-01 17:31:37 0 d-------- C:\Documents and Settings\Admin\Application Data\uTorrent 2007-03-01 17:31:33 0 d-------- C:\Documents and Settings\Admin\Application Data\MSNInstaller<MSNINS~1> 2007-03-01 17:31:33 0 d-------- C:\Documents and Settings\Admin\Application Data\Mozilla 2007-03-01 17:31:05 0 d-------- C:\Documents and Settings\Admin\Application Data\LimeWire 2007-03-01 17:30:33 0 d-------- C:\Documents and Settings\Admin\Application Data\AdobeUM 2007-02-23 16:43:28 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-02-18 18:19:23 56314 --a------ C:\Documents and Settings\Admin\Application Data\speech.wav 2007-02-03 15:14:24 335 --a------ C:\WINDOWS\mozregistry.dat<MOZREG~1.DAT> 2007-02-02 21:30:31 0 d-------- C:\Program Files\Common Files\SWF Studio<SWFSTU~1> 2007-01-29 02:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe 2007-01-21 19:47:39 0 d-------- C:\Program Files\Elaborate Bytes<ELABOR~1> 2007-01-21 19:46:31 0 d-------- C:\Program Files\SlySoft 2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll 2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL> 2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll 2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll 2007-01-08 19:38:04 0 d---s---- C:\Documents and Settings\Admin\Application Data\Microsoft<MICROS~1> 2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll 2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll 2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll 2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll 2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll 2007-01-08 19:02:02 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll 2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll 2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll 2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll 2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll 2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe 2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-12-27 10:46:06 126976 --a------ C:\WINDOWS\system32\iavlsp.dll 2006-12-19 15:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll 2006-12-19 12:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll 2006-12-13 14:24:42 89296 --a------ C:\WINDOWS\system32\ElbyCDIO.dll 2006-12-12 14:15:08 845312 --a------ C:\WINDOWS\system32\Smab.dll -- Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "µnBlackList"="\"C:\\Program Files\\SlySoft\\AnyDVD\\unBlackList.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "RaidTool"="\"C:\\Program Files\\VIA\\RAID\\raid_tool.exe\"" "KAVPersonal50"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kav.exe\" /minimize" "PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe" "lxamsp32.exe"="lxamsp32.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Monitor.lnk] "backup"="C:\\WINDOWS\\pss\\Monitor.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\ArcSoft\\MEDIAC~1\\MCCMON~1.EXE -r" "item"="Monitor" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="aim" "hkey"="HKCU" "command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOLSoftware" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Language" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexStart] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mavenapp://maven.net/nike/jogatv] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NikeJogaTV" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero DriveSpeed] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DRIVES~1" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "inimapping"="0" "command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVDServ" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SMSystemAnalyzer" "hkey"="HKCU" "command"="\"C:\\Program Files\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swdoctor" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeUpdateManager" "hkey"="HKCU" "command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ViewMgr" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winampa" "hkey"="HKLM" "command"="C:\\Program Files\\Winamp\\winampa.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="1" "hkey"="HKCU" "command"="1" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{C47A9554-195A-4769-9B13-04F15B450A39}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G] Shell\AutoRun\command G:\LaunchU3.exe -a [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac442ae2-864e-11db-82f5-00508d79493f}] Shell\AutoRun\command G:\LaunchU3.exe -a -- End of ComboScan: finished at 2007-03-05 at 13:08:41 -------------------------