Tech Support Forum - View Single Post

markb0007 · 04-30-2007, 11:03 PM

Thank you tetonbob,
One of the scans knocked out my Norton Antivirus so I will uninstall and reinstall Norton System Works.
Here are the results in the order you have advised:

Rapport Text
SmitFraudFix v2.171

Scan done at 16:43:43.71, Mon 04/30/2007
Run from C:\Documents and Settings\Mark Brewster\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{C470884F-5FAB-409A-9050-60A034B9FC78}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C470884F-5FAB-409A-9050-60A034B9FC78}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C470884F-5FAB-409A-9050-60A034B9FC78}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

AVG Anti Spyware Log
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:46:48 PM 4/30/2007

+ Scan result:

C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP144\A0081058.exe -> Downloader.Zlob.ava : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP144\A0081129.exe -> Downloader.Zlob.ava : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP144\A0081260.exe -> Downloader.Zlob.ava : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP144\A0081313.exe -> Downloader.Zlob.ava : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP145\A0081420.exe -> Downloader.Zlob.ava : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP145\A0081471.exe -> Downloader.Zlob.ava : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP145\A0081526.exe -> Downloader.Zlob.ava : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP146\A0081639.exe -> Downloader.Zlob.ava : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP146\A0081704.exe -> Downloader.Zlob.ava : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP146\A0081756.exe -> Downloader.Zlob.ava : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP146\A0082755.exe -> Downloader.Zlob.ava : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP146\A0082826.exe -> Downloader.Zlob.ava : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP146\A0082903.exe -> Downloader.Zlob.ava : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP148\A0084935.exe -> Downloader.Zlob.ava : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP149\A0086033.exe -> Downloader.Zlob.avb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP144\A0081065.exe -> Downloader.Zlob.avd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP144\A0081066.exe -> Downloader.Zlob.avd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP148\A0084934.dll -> Downloader.Zlob.avd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP149\A0086030.exe -> Downloader.Zlob.avd : Cleaned with backup (quarantined).
C:\Documents and Settings\Mark Brewster\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-51952e84/Gummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).

::Report end

Panda Active Scan

Incident Status Location

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mark Brewster\Desktop\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\Mark Brewster\Desktop\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\NPROTECT\00001884.exe

DSS Log
Deckard's System Scanner v20070426.43
Run by Mark Brewster on 2007-04-30 at 18:51:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Mark Brewster.exe) ---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:51:43 PM, on 4/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NETGEAR\WPNT511\wpnt511.exe
C:\Program Files\Belkin\Wireless Mouse Driver\MOUSE32A.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\SB Performance Utility\CTPowUti.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Mark Brewster\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\MARKBR~1.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PtiuPbmd] "Rundll32.exe" ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [WPNT511] "C:\Program Files\NETGEAR\WPNT511\wpnt511.exe"
O4 - HKLM\..\Run: [LWBMOUSE] "C:\Program Files\Belkin\Wireless Mouse Driver\MOUSE32A.EXE"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTPerformanceUtility] "C:\Program Files\Creative\Sound Blaster Audigy 2\SB Performance Utility\CTPowUti.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Startup: Shortcut to speedfan.exe.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Startup: Shortcut to TempsBeGone.bat.lnk = C:\WINDOWS\system\Bat\TempsBeGone.bat
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

-- Files created between 2007-03-30 and 2007-04-30 -----------------------------

2007-04-30 17:58:44 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-04-30 17:58:42 0 d-------- C:\WINDOWS\LastGood
2007-04-30 16:33:20 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-04-29 19:20:08 5502 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-28 09:57:01 0 d-------- C:\Program Files\Norton AntiVirus
2007-04-23 19:44:56 0 d-------- C:\Program Files\DynGate
2007-04-23 19:44:39 0 d-------- C:\Documents and Settings\Mark Brewster\temp
2007-04-23 19:44:31 0 d-------- C:\Program Files\TeamViewer

-- Find3M Report ---------------------------------------------------------------

2007-04-30 18:32:08 0 d-------- C:\Program Files\SpeedFan
2007-04-30 18:31:59 0 d-------- C:\Program Files\QuickTime
2007-04-30 18:31:37 0 d-------- C:\Program Files\Norton SystemWorks
2007-04-30 18:27:08 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-04-29 20:19:56 0 d-------- C:\Documents and Settings\Mark Brewster\Application Data\Adobe
2007-04-28 10:08:23 0 d-------- C:\Program Files\Symantec
2007-04-15 14:03:07 0 d-------- C:\Documents and Settings\Mark Brewster\Application Data\AdobeUM
2007-04-11 23:23:52 0 d-------- C:\Program Files\Java
2007-03-26 19:14:13 0 d-------- C:\Program Files\ColorVision
2007-03-26 09:20:52 0 d-------- C:\Documents and Settings\Mark Brewster\Application Data\Symantec
2007-03-25 10:39:58 0 d-------- C:\Documents and Settings\Mark Brewster\Application Data\Real
2007-03-25 10:30:34 0 d-------- C:\Program Files\Common Files\xing shared
2007-03-25 10:30:33 0 d-------- C:\Program Files\Common Files\Real
2007-03-25 10:30:22 0 d-------- C:\Program Files\Real
2007-03-12 22:20:12 0 d-------- C:\Program Files\Total Training
2007-03-12 21:40:45 20 --ahs---- C:\ArcDeviceInfo
2007-03-12 21:39:42 0 d-------- C:\Documents and Settings\Mark Brewster\Application Data\ArcSoft
2007-03-12 21:27:10 0 d-------- C:\Program Files\Common Files\ArcSoft
2007-03-12 21:27:09 0 d-------- C:\Program Files\My Book
2007-03-12 21:27:09 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-03-12 21:17:33 339968 -----n--- C:\WINDOWS\system32\WDBtnMgr.exe <Not Verified; Western Digital Technologies, Inc.; WD Button Manager>
2007-03-12 21:17:33 0 d-------- C:\Program Files\Western Digital Technologies
2007-03-11 20:09:14 164 -----n--- C:\install.dat
2007-01-31 08:38:46 238 -----n--- C:\WINDOWS\fnerr.dat

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{AE7CD045-E861-484f-8273-0445EE161910} C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"PtiuPbmd"="\"Rundll32.exe\" ptipbm.dll,SetWriteBack"
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="\"nwiz.exe\" /install"
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"SynTPLpr"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\""
"SynTPEnh"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\""
"WPNT511"="\"C:\\Program Files\\NETGEAR\\WPNT511\\wpnt511.exe\""
"LWBMOUSE"="\"C:\\Program Files\\Belkin\\Wireless Mouse Driver\\MOUSE32A.EXE\""
"CTDVDDET"="\"C:\\Program Files\\Creative\\Sound Blaster Audigy 2\\DVDAudio\\CTDVDDET.EXE\""
"CTSysVol"="\"C:\\Program Files\\Creative\\Sound Blaster Audigy 2\\Surround Mixer\\CTSysVol.exe\" /r"
"CTPerformanceUtility"="\"C:\\Program Files\\Creative\\Sound Blaster Audigy 2\\SB Performance Utility\\CTPowUti.exe\""
"CTHelper"="CTHELPER.EXE"
"AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"Adobe Version Cue CS2"="\"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\ControlPanel\\VersionCueCS2Tray.exe\""
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Adobe Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SetDefaultMIDI"="MIDIDef.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Backup Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\WD Backup Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\WD Backup Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MYBOOK~1\\WDBACK~1\\UBBMON~1.EXE "
"item"="WD Backup Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mHotkey"
"hkey"="HKLM"
"command"="mHotkey.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Language"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Norton Ghost\\Agent\\GhostTray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpySweeperUI"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"inimapping"="0"
"hkey"="HKLM"
"command"="WDBtnMgr.exe"
"item"="WDBtnMgr"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

-- End of Deckard's System Scanner: finished at 2007-04-30 at 18:51:59 ---------

04-30-2007, 11:03 PM	#9 (permalink)
markb0007 Registered User Join Date: Apr 2007 Posts: 8 OS: XP	Re: IE Hijacked by Spyware advertisements Thank you tetonbob, One of the scans knocked out my Norton Antivirus so I will uninstall and reinstall Norton System Works. Here are the results in the order you have advised: Rapport Text SmitFraudFix v2.171 Scan done at 16:43:43.71, Mon 04/30/2007 Run from C:\Documents and Settings\Mark Brewster\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{C470884F-5FAB-409A-9050-60A034B9FC78}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{C470884F-5FAB-409A-9050-60A034B9FC78}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{C470884F-5FAB-409A-9050-60A034B9FC78}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End AVG Anti Spyware Log --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 5:46:48 PM 4/30/2007 + Scan result: C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP144\A0081058.exe -> Downloader.Zlob.ava : Cleaned with backup (quarantined). C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP144\A0081129.exe -> Downloader.Zlob.ava : Cleaned with backup (quarantined). C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP144\A0081260.exe -> Downloader.Zlob.ava : Cleaned with backup (quarantined). C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP144\A0081313.exe -> Downloader.Zlob.ava : Cleaned with backup (quarantined). C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP145\A0081420.exe -> Downloader.Zlob.ava : Cleaned with backup (quarantined). C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP145\A0081471.exe -> Downloader.Zlob.ava : Cleaned with backup (quarantined). C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP145\A0081526.exe -> Downloader.Zlob.ava : Cleaned with backup (quarantined). C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP146\A0081639.exe -> Downloader.Zlob.ava : Cleaned with backup (quarantined). C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP146\A0081704.exe -> Downloader.Zlob.ava : Cleaned with backup (quarantined). C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP146\A0081756.exe -> Downloader.Zlob.ava : Cleaned with backup (quarantined). C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP146\A0082755.exe -> Downloader.Zlob.ava : Cleaned with backup (quarantined). C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP146\A0082826.exe -> Downloader.Zlob.ava : Cleaned with backup (quarantined). C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP146\A0082903.exe -> Downloader.Zlob.ava : Cleaned with backup (quarantined). C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP148\A0084935.exe -> Downloader.Zlob.ava : Cleaned with backup (quarantined). C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP149\A0086033.exe -> Downloader.Zlob.avb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP144\A0081065.exe -> Downloader.Zlob.avd : Cleaned with backup (quarantined). C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP144\A0081066.exe -> Downloader.Zlob.avd : Cleaned with backup (quarantined). C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP148\A0084934.dll -> Downloader.Zlob.avd : Cleaned with backup (quarantined). C:\System Volume Information\_restore{3DB54E50-BE76-4BE0-AE45-E4CC1341BE71}\RP149\A0086030.exe -> Downloader.Zlob.avd : Cleaned with backup (quarantined). C:\Documents and Settings\Mark Brewster\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-51952e84/Gummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined). ::Report end Panda Active Scan Incident Status Location Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mark Brewster\Desktop\SmitfraudFix\Process.exe Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\Mark Brewster\Desktop\SmitfraudFix\restart.exe Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\NPROTECT\00001884.exe DSS Log Deckard's System Scanner v20070426.43 Run by Mark Brewster on 2007-04-30 at 18:51:40 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Mark Brewster.exe) --------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 6:51:43 PM, on 4/30/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\GEARSec.exe C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\slserv.exe C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\NETGEAR\WPNT511\wpnt511.exe C:\Program Files\Belkin\Wireless Mouse Driver\MOUSE32A.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\Sound Blaster Audigy 2\SB Performance Utility\CTPowUti.exe C:\WINDOWS\CTHELPER.EXE C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\SpeedFan\speedfan.exe C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Mark Brewster\Desktop\dss.exe C:\PROGRA~1\HIJACK~1\MARKBR~1.EXE O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [PtiuPbmd] "Rundll32.exe" ptipbm.dll,SetWriteBack O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [WPNT511] "C:\Program Files\NETGEAR\WPNT511\wpnt511.exe" O4 - HKLM\..\Run: [LWBMOUSE] "C:\Program Files\Belkin\Wireless Mouse Driver\MOUSE32A.EXE" O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe" /r O4 - HKLM\..\Run: [CTPerformanceUtility] "C:\Program Files\Creative\Sound Blaster Audigy 2\SB Performance Utility\CTPowUti.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - Startup: Shortcut to speedfan.exe.lnk = C:\Program Files\SpeedFan\speedfan.exe O4 - Startup: Shortcut to TempsBeGone.bat.lnk = C:\WINDOWS\system\Bat\TempsBeGone.bat O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing) O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- Files created between 2007-03-30 and 2007-04-30 ----------------------------- 2007-04-30 17:58:44 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-04-30 17:58:42 0 d-------- C:\WINDOWS\LastGood 2007-04-30 16:33:20 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot 2007-04-29 19:20:08 5502 --a------ C:\WINDOWS\system32\tmp.reg 2007-04-28 09:57:01 0 d-------- C:\Program Files\Norton AntiVirus 2007-04-23 19:44:56 0 d-------- C:\Program Files\DynGate 2007-04-23 19:44:39 0 d-------- C:\Documents and Settings\Mark Brewster\temp 2007-04-23 19:44:31 0 d-------- C:\Program Files\TeamViewer -- Find3M Report --------------------------------------------------------------- 2007-04-30 18:32:08 0 d-------- C:\Program Files\SpeedFan 2007-04-30 18:31:59 0 d-------- C:\Program Files\QuickTime 2007-04-30 18:31:37 0 d-------- C:\Program Files\Norton SystemWorks 2007-04-30 18:27:08 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-04-29 20:19:56 0 d-------- C:\Documents and Settings\Mark Brewster\Application Data\Adobe 2007-04-28 10:08:23 0 d-------- C:\Program Files\Symantec 2007-04-15 14:03:07 0 d-------- C:\Documents and Settings\Mark Brewster\Application Data\AdobeUM 2007-04-11 23:23:52 0 d-------- C:\Program Files\Java 2007-03-26 19:14:13 0 d-------- C:\Program Files\ColorVision 2007-03-26 09:20:52 0 d-------- C:\Documents and Settings\Mark Brewster\Application Data\Symantec 2007-03-25 10:39:58 0 d-------- C:\Documents and Settings\Mark Brewster\Application Data\Real 2007-03-25 10:30:34 0 d-------- C:\Program Files\Common Files\xing shared 2007-03-25 10:30:33 0 d-------- C:\Program Files\Common Files\Real 2007-03-25 10:30:22 0 d-------- C:\Program Files\Real 2007-03-12 22:20:12 0 d-------- C:\Program Files\Total Training 2007-03-12 21:40:45 20 --ahs---- C:\ArcDeviceInfo 2007-03-12 21:39:42 0 d-------- C:\Documents and Settings\Mark Brewster\Application Data\ArcSoft 2007-03-12 21:27:10 0 d-------- C:\Program Files\Common Files\ArcSoft 2007-03-12 21:27:09 0 d-------- C:\Program Files\My Book 2007-03-12 21:27:09 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-03-12 21:17:33 339968 -----n--- C:\WINDOWS\system32\WDBtnMgr.exe <Not Verified; Western Digital Technologies, Inc.; WD Button Manager> 2007-03-12 21:17:33 0 d-------- C:\Program Files\Western Digital Technologies 2007-03-11 20:09:14 164 -----n--- C:\install.dat 2007-01-31 08:38:46 238 -----n--- C:\WINDOWS\fnerr.dat -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll {53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll {AE7CD045-E861-484f-8273-0445EE161910} C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "PtiuPbmd"="\"Rundll32.exe\" ptipbm.dll,SetWriteBack" "NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="\"nwiz.exe\" /install" "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" "SoundMan"="SOUNDMAN.EXE" "AlcWzrd"="ALCWZRD.EXE" "Alcmtr"="ALCMTR.EXE" "SynTPLpr"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\"" "SynTPEnh"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\"" "WPNT511"="\"C:\\Program Files\\NETGEAR\\WPNT511\\wpnt511.exe\"" "LWBMOUSE"="\"C:\\Program Files\\Belkin\\Wireless Mouse Driver\\MOUSE32A.EXE\"" "CTDVDDET"="\"C:\\Program Files\\Creative\\Sound Blaster Audigy 2\\DVDAudio\\CTDVDDET.EXE\"" "CTSysVol"="\"C:\\Program Files\\Creative\\Sound Blaster Audigy 2\\Surround Mixer\\CTSysVol.exe\" /r" "CTPerformanceUtility"="\"C:\\Program Files\\Creative\\Sound Blaster Audigy 2\\SB Performance Utility\\CTPowUti.exe\"" "CTHelper"="CTHELPER.EXE" "AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\"" "ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup" "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" "Adobe Version Cue CS2"="\"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\ControlPanel\\VersionCueCS2Tray.exe\"" "Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Adobe Acrobat 7.0\\Distillr\\Acrotray.exe\"" @="" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\"" "Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "SetDefaultMIDI"="MIDIDef.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE " "item"="Adobe Gamma" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Backup Monitor.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\WD Backup Monitor.lnk" "backup"="C:\\WINDOWS\\pss\\WD Backup Monitor.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MYBOOK~1\\WDBACK~1\\UBBMON~1.EXE " "item"="WD Backup Monitor" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mHotkey" "hkey"="HKLM" "command"="mHotkey.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Language" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GhostTray" "hkey"="HKLM" "command"="\"C:\\Program Files\\Norton Ghost\\Agent\\GhostTray.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SpySweeperUI" "hkey"="HKLM" "command"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "inimapping"="0" "hkey"="HKLM" "command"="WDBtnMgr.exe" "item"="WDBtnMgr" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 -- End of Deckard's System Scanner: finished at 2007-04-30 at 18:51:59 ---------