RTurner

Hello, I have used this forum in the past to help me solve some virus issues. It is unbelievable how well you guys were able to help me. I was very impressed. But here I am again with similar problems. My computer is running rather slow and it takes extremely long to open up Internet Explorer. Last evening I received a notification my computer was infected. I believe the file was called "SpySheriff" but I am not one hundred percent sure. In addition to this I noticed an overall slower performance than I had a couple weeks ago. I apologize if this comes off as sounding vague.

I have since completed your recommended 5 step process before posting a log. Here is my ComboScan log with attached Supplementary:

ComboScan v20070212.14 run by Ryan Turner on 2007-02-16 at 11:43:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis log (run as Ryan Turner.com) --------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:45:13 AM, on 2/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Ryan Turner\Local Settings\Temporary Internet Files\Content.IE5\7V9JZH4W\comboscan[1].exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\RYANTU~1\LOCALS~1\Temp\~zeoniqp.tmp\Ryan Turner.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ferrarichat.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.monash.edu.au:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O1 - Hosts: 144.126.1.35 avupdate.loyola.edu
O1 - Hosts: 144.126.1.15 susserver.loyola.edu
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrPanelICON] C:\Program Files\Launch Manager\PanelICON.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {276595D9-1388-512A-F24E-B6B3DE32B732} (MNPerformer Class) - http://media.cdigix.com/Performer/do...ormerSetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} (First American Res MapActiveX Control) - http://www.realquest.com/mapviewer/mapviewer.cab
O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

0 ACPIEC (Microsoft Embedded Controller Driver) - System32\DRIVERS\ACPIEC.sys
3 AgereSoftModem (Agere Systems Soft Modem) - System32\DRIVERS\AGRSM.sys
3 ALCXSENS (Service for WDM 3D Audio Driver) - system32\drivers\ALCXSENS.SYS
3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - system32\drivers\ALCXWDM.SYS
3 Arp1394 (1394 ARP Client Protocol) - System32\DRIVERS\arp1394.sys
3 ati2mtag - System32\DRIVERS\ati2mtag.sys
2 BBFat.VxD (BlueBird DSP API) - \SystemRoot\System32\Drivers\BBFat.sys
1 eeCtrl (Symantec Eraser Control driver) - \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
3 EraserUtilDrv10710 - \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10710.sys
3 GEARAspiWDM (GEAR CDRom Filter) - SYSTEM32\DRIVERS\GEARAspiWDM.sys
3 gv3 (Intel GV3 Processor Driver) - System32\DRIVERS\gv3.sys
3 HidUsb (Microsoft HID Class Driver) - System32\DRIVERS\hidusb.sys
3 HPZid412 (IEEE-1284.4 Driver HPZid412) - System32\DRIVERS\HPZid412.sys
3 HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - System32\DRIVERS\HPZipr12.sys
3 HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - System32\DRIVERS\HPZius12.sys
1 InCDPass - System32\DRIVERS\InCDPass.sys
1 intelppm (Intel Processor Driver) - System32\DRIVERS\intelppm.sys
3 mouhid (Mouse HID Driver) - System32\DRIVERS\mouhid.sys
3 NAVENG - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070215.033\naveng.sys
3 NAVEX15 - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070215.033\navex15.sys
3 NIC1394 (1394 Net Driver) - System32\DRIVERS\nic1394.sys
2 NwlnkIpx (NWLink IPX/SPX/NetBIOS Compatible Transport Protocol) - System32\DRIVERS\nwlnkipx.sys
2 NwlnkNb (NWLink NetBIOS) - System32\DRIVERS\nwlnknb.sys
2 NwlnkSpx (NWLink SPX/SPXII Protocol) - System32\DRIVERS\nwlnkspx.sys
3 NWRDR (NetWare Rdr) - System32\DRIVERS\nwrdr.sys
0 ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - System32\DRIVERS\ohci1394.sys
0 PCIIde - System32\DRIVERS\pciide.sys
0 Pcmcia - System32\DRIVERS\pcmcia.sys
3 rtl8139 (Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver) - System32\DRIVERS\R8139n51.SYS
1 SAVRT - \??\C:\Program Files\Symantec AntiVirus\savrt.sys
1 SAVRTPEL - \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
0 sbp2port (SBP-2 Transport/Protocol Bus Driver) - System32\DRIVERS\sbp2port.sys
3 SPBBCDrv - \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
3 SymEvent - \??\C:\Program Files\Symantec\SYMEVENT.SYS
3 SYMREDRV - \SystemRoot\System32\Drivers\SYMREDRV.SYS
1 SYMTDI - \SystemRoot\System32\Drivers\SYMTDI.SYS
3 SynTP (Synaptics TouchPad Driver) - System32\DRIVERS\SynTP.sys
3 usbccgp (Microsoft USB Generic Parent Driver) - System32\DRIVERS\usbccgp.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - System32\DRIVERS\usbehci.sys
3 usbprint (Microsoft USB PRINTER Class) - System32\DRIVERS\usbprint.sys
3 usbscan (USB Scanner Driver) - System32\DRIVERS\usbscan.sys
3 USBSTOR (USB Mass Storage Driver) - System32\DRIVERS\USBSTOR.SYS
3 w70n51 (Intel(R) PRO/Wireless 7100 Adapter Driver) - System32\DRIVERS\w70n51.sys
1 Wbutton - \SystemRoot\system32\drivers\Wbutton.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2 Ati HotKey Poller - %SystemRoot%\System32\Ati2evxx.exe
2 ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
3 ccPwdSvc (Symantec Password Validation) - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
2 ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
3 clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2 DefWatch (Symantec AntiVirus Definition Watcher) - "C:\Program Files\Symantec AntiVirus\DefWatch.exe"
2 ewido security suite control - C:\Program Files\ewido anti-malware\ewidoctrl.exe
3 gusvc (Google Updater Service) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
3 IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
2 InCDsrv (InCD Helper) - C:\Program Files\Ahead\InCD\InCDsrv.exe
3 iPodService - C:\Program Files\iPod\bin\iPodService.exe
2 NWCWorkstation (Client Service for NetWare) - %SystemRoot%\System32\svchost.exe -k netsvcs
3 Pml Driver HPZ12 - C:\WINDOWS\System32\HPZipm12.exe
2 PrismXL - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
3 SavRoam - "C:\Program Files\Symantec AntiVirus\SavRoam.exe"
3 SNDSrvc (Symantec Network Drivers Service) - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
3 SPBBCSvc (Symantec SPBBCSvc) - "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
2 Symantec AntiVirus - "C:\Program Files\Symantec AntiVirus\Rtvscan.exe"
2 UserAccess7 (SecuROM User Access Service (V7)) - C:\WINDOWS\system32\UAService7.exe
2 Viewpoint Manager Service - "C:\Program Files\Viewpoint\Common\ViewpointService.exe"


-- Scheduled Tasks --------------------------------------------------------------

2007-02-15 20:10:07 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job<SYMANT~1.JOB>
2004-12-01 19:26:23 354 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1093908375.job<FRUTAS~1.JOB>


-- Files created between 2007-01-16 and 2007-02-16 ------------------------------

2007-02-16 11:02:03 0 d-------- C:\ie-spyad
2007-02-16 10:55:41 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-02-16 10:25:10 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-16 10:25:02 0 d-------- C:\WINDOWS\LastGood
2007-02-15 19:37:50 0 d-------- C:\WINDOWS\system32\bak
2007-02-03 12:18:23 0 d-------- C:\BSM_demoinstall<BSM_DE~1>
2007-02-01 18:01:51 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google


-- Find3M Report ----------------------------------------------------------------

2007-02-16 10:37:45 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-02-16 10:37:20 0 d-------- C:\Program Files\Google
2007-02-15 22:12:58 0 d-------- C:\Program Files\Symantec AntiVirus<SYMANT~1>
2007-02-15 22:10:04 0 d-------- C:\Program Files\AIM
2007-02-15 22:09:46 0 d-------- C:\Documents and Settings\Ryan Turner\Application Data\Aim
2007-02-15 20:10:06 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-15 20:10:05 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-15 20:10:04 0 d-------- C:\Program Files\iTunes
2007-02-15 20:10:02 0 d-------- C:\Program Files\Gateway Utilities<GATEWA~1>
2007-02-15 20:10:00 0 d-------- C:\Program Files\Launch Manager<LAUNCH~1>
2007-02-15 20:07:56 23564 --a------ C:\WINDOWS\system32\NeroCheck.exe<NEROCH~1.EXE><Unsigned: n/a>
2007-02-12 11:12:39 0 d-------- C:\Documents and Settings\Ryan Turner\Application Data\AdobeUM
2007-02-05 10:30:19 0 d-------- C:\Program Files\DC++<DC__~1>
2007-02-03 15:36:30 0 d---s---- C:\Documents and Settings\Ryan Turner\Application Data\Microsoft<MICROS~1>
2007-02-03 14:09:51 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll<CMDLIN~1.DLL><Signed: Sony DADC Austria AG.>
2007-01-11 10:27:11 0 d-------- C:\Program Files\Viewpoint<VIEWPO~1>
2007-01-03 16:07:40 0 d-------- C:\Program Files\ICSC2006
2007-01-02 09:59:45 0 d-------- C:\Program Files\Virtual Earth 3D<VIRTUA~1>


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SoundMan"="SOUNDMAN.EXE"
"LaunchAp"="C:\\Program Files\\Launch Manager\\LaunchAp.exe"
"HotkeyApp"="C:\\Program Files\\Launch Manager\\HotkeyApp.exe"
"CtrlVol"="C:\\Program Files\\Launch Manager\\CtrlVol.exe"
"LMgrPanelICON"="C:\\Program Files\\Launch Manager\\PanelICON.exe"
"Wbutton"="\"C:\\Program Files\\Launch Manager\\Wbutton.exe\""
"AGRSMMSG"="AGRSMMSG.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Gateway Ink Monitor"="\"C:\\Program Files\\Gateway Utilities\\GWInkMonitor.exe\""
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ERASERUTILDRV10710


-- End of ComboScan: finished at 2007-02-16 at 11:45:40 -------------------------

Attached Files

Supplementary.txt (10.9 KB, 2 views)

RTurner

i am still having some slow running issues and it has been 48 hours since i have first posted. thank you!

bump

RTurner

i am still having some major issues

bump

help please!

Ried

Hello RTurner,

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click smitfraudfix.exe to start the tool.

• Select option #1 - Search by typing 1 and press "Enter"
• A text file will appear which lists infected files (if present).
• Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!

__________________

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

RTurner

Thank you very much for helping me. Here is the log from running the SmitFraudFix. I just did #1 as you requested. What should I do now?

SmitFraudFix v2.144

Scan done at 9:05:57.96, Wed 02/21/2007
Run from C:\Documents and Settings\Ryan Turner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ryan Turner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ryan Turner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\RYANTU~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Ried

Hiya,

You had mentioned SpySheriff, yet the SFF log is not revealing it's presence on your system. Now we go digging...we'll run a few tools and see if any malware is revealed.



Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

******************************************************

I see you have Ewido installed. Ewido has recently been purchased by Grisoft, makers of AVG Antivirus, and the program is now known as AVG Anti-Spyware. Ewido currently can still be updated to the newest definitions, but this support will likely not last forever. I recommend you uninstall Ewido, restart your system, then download and install AVG Anti-Spyware. Update it's definitions as directed below, and run a scan where I have it placed in this fix.

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

• Install AVG Anti Spyware
• Double-click the icon on Desktop to launch AVG
• On the top of the main screen click Shield
• Click the word active to change it to inactive
• On the top of the main screen click Update.
• Then click on Start Update. The update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

--------------------------------------------------------------------

Download and install CleanUp! but do not run it yet. (Not Recommended for XP64).

(Alternate Link if main link doesn't work - http://www.greyknight17.com/spy/CleanUp.exe )

--------------------------------------------------------------------

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! or move them to a permanent location.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
• Cleanup! All Users
• Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it's checked.

Click OK
Press the CleanUp! button to start the program. Do NOT reboot/logoff when prompted.

--------------------------------------------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan

1. Click on located at the bottom of the page.
2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

Run a new scan with comboscan.exe. (I do not need the Supplementary.txt again.)

--------------------------------------------------------------------

Please include the following in your next reply:

AVG Anti-Spyware results
Panda results
ComboScan.txt

__________________

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

RTurner

I followed your latest directions and have copied and pasted the reports below in order. I guess it is also worth mentioning the my computer is running a little bit slower than usual overall. But my main issues come from when I attempt to open up internet explorer. It takes about 5 minutes to finally open. Once the internet is open, that particular window seems to work fine, if not alittle bit slower than usual.

Once again thank you!!!


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:21:28 AM 2/22/2007

+ Scan result:



Nothing found.


::Report end


Panda Results:


Incident Status Location

Adware:Adware/SpySheriff Not disinfected c:\progra~1\symant~1\vptray.exe
Adware:Adware/SpySheriff Not disinfected c:\program files\common files\symantec shared\ccapp.exe
Adware:Adware/SpySheriff Not disinfected c:\program files\quicktime\qttask.exe
Adware:Adware/SpySheriff Not disinfected c:\program files\itunes\ituneshelper.exe
Adware:Adware/SpySheriff Not disinfected c:\windows\system32\nerocheck.exe
Adware:Adware/SpySheriff Not disinfected c:\program files\gateway utilities\gwinkmonitor.exe
Adware:Adware/SpySheriff Not disinfected c:\program files\launch manager\wbutton.exe
Adware:Adware/SpySheriff Not disinfected C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe




ComboScan v20070221.16 run by Ryan Turner on 2007-02-22 at 12:07:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis (run as Ryan Turner.exe) ------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:10:30 PM, on 2/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Documents and Settings\Ryan Turner\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Documents and Settings\Ryan Turner\Desktop\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Ryan Turner\Local Settings\Temporary Internet Files\Content.IE5\CX6ZWX6N\comboscan[1].exe
C:\Program Files\HijackThis\Ryan Turner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ferrarichat.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.monash.edu.au:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O1 - Hosts: 144.126.1.35 avupdate.loyola.edu
O1 - Hosts: 144.126.1.15 susserver.loyola.edu
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrPanelICON] C:\Program Files\Launch Manager\PanelICON.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Ryan Turner\Desktop\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {276595D9-1388-512A-F24E-B6B3DE32B732} (MNPerformer Class) - http://media.cdigix.com/Performer/do...ormerSetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} (First American Res MapActiveX Control) - http://www.realquest.com/mapviewer/mapviewer.cab
O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Ryan Turner\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

1R AFS2K - C:\WINDOWS\system32\drivers\AFS2K.SYS
3R AgereSoftModem (Agere Systems Soft Modem) - C:\WINDOWS\system32\drivers\AGRSM.sys
3R ALCXSENS (Service for WDM 3D Audio Driver) - C:\WINDOWS\system32\drivers\ALCXSENS.SYS
3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
3S Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys
1R AVG Anti-Spyware Driver - C:\Documents and Settings\Ryan Turner\Desktop\AVG Anti-Spyware 7.5\guard.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys
2R BBFat.VxD (BlueBird DSP API) - C:\WINDOWS\system32\drivers\BBFat.sys
1R eeCtrl (Symantec Eraser Control driver) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
3R GEARAspiWDM (GEAR CDRom Filter) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3S gv3 (Intel GV3 Processor Driver) - C:\WINDOWS\system32\drivers\gv3.sys
3R HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
1R Hotkey - C:\WINDOWS\system32\drivers\HOTKEY.sys
3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\system32\drivers\hpzid412.sys
3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\system32\drivers\HPZipr12.sys
3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\system32\drivers\HPZius12.sys
4R InCDfs (InCD File System) - C:\WINDOWS\system32\drivers\incdfs.sys
1R InCDPass - C:\WINDOWS\system32\drivers\incdpass.sys
1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
3R mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3R NAVENG - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070216.019\NAVENG.SYS
3R NAVEX15 - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070216.019\NAVEX15.SYS
3S NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
2R NwlnkIpx (NWLink IPX/SPX/NetBIOS Compatible Transport Protocol) - C:\WINDOWS\system32\drivers\nwlnkipx.sys
2R NwlnkNb (NWLink NetBIOS) - C:\WINDOWS\system32\drivers\nwlnknb.sys
2R NwlnkSpx (NWLink SPX/SPXII Protocol) - C:\WINDOWS\system32\drivers\nwlnkspx.sys
3R NWRDR (NetWare Rdr) - C:\WINDOWS\system32\drivers\nwrdr.sys
0R ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
3R rtl8139 (Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver) - C:\WINDOWS\system32\drivers\R8139n51.sys
1R SAVRT - C:\Program Files\Symantec AntiVirus\savrt.sys
1R SAVRTPEL - C:\Program Files\Symantec AntiVirus\Savrtpel.sys
0R sbp2port (SBP-2 Transport/Protocol Bus Driver) - C:\WINDOWS\system32\drivers\sbp2port.sys
3S SPBBCDrv - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
3R SymEvent - C:\Program Files\Symantec\SYMEVENT.SYS
3S SYMREDRV - C:\WINDOWS\system32\drivers\symredrv.sys
1R SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys
3R SynTP (Synaptics TouchPad Driver) - C:\WINDOWS\system32\drivers\SynTP.sys
3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3S usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys
3R w70n51 (Intel(R) PRO/Wireless 7100 Adapter Driver) - C:\WINDOWS\system32\drivers\w70n51.sys
1S Wbutton - C:\WINDOWS\system32\drivers\Wbutton.sys (not found)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

4S Alerter - C:\WINDOWS\System32\svchost.exe -k LocalService
3R ALG (Application Layer Gateway Service) - C:\WINDOWS\System32\alg.exe
3S AppMgmt (Application Management) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2R Ati HotKey Poller - C:\WINDOWS\System32\Ati2evxx.exe
2R AudioSrv (Windows Audio) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R AVG Anti-Spyware Guard - C:\Documents and Settings\Ryan Turner\Desktop\AVG Anti-Spyware 7.5\guard.exe
3S BITS (Background Intelligent Transfer Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Browser (Computer Browser) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
3S ccPwdSvc (Symantec Password Validation) - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
2R ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
3S CiSvc (Indexing Service) - C:\WINDOWS\system32\cisvc.exe
4S ClipSrv (ClipBook) - C:\WINDOWS\system32\clipsrv.exe
3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
3S COMSysApp (COM+ System Application) - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
2R CryptSvc (Cryptographic Services) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R DcomLaunch (DCOM Server Process Launcher) - C:\WINDOWS\system32\svchost -k DcomLaunch
2R DefWatch (Symantec AntiVirus Definition Watcher) - "C:\Program Files\Symantec AntiVirus\DefWatch.exe"
2R Dhcp (DHCP Client) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S dmadmin (Logical Disk Manager Administrative Service) - C:\WINDOWS\System32\dmadmin.exe /com
2R dmserver (Logical Disk Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Dnscache (DNS Client) - C:\WINDOWS\System32\svchost.exe -k NetworkService
2R ERSvc (Error Reporting Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Eventlog (Event Log) - C:\WINDOWS\system32\services.exe
3R EventSystem (COM+ Event System) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S FastUserSwitchingCompatibility (Fast User Switching Compatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S gusvc (Google Updater Service) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
2R helpsvc (Help and Support) - C:\WINDOWS\System32\svchost.exe -k netsvcs
4S HidServ (Human Interface Device Access) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S HTTPFilter (HTTP SSL) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
3S ImapiService (IMAPI CD-Burning COM Service) - C:\WINDOWS\System32\imapi.exe
2R InCDsrv (InCD Helper) - C:\Program Files\Ahead\InCD\InCDsrv.exe
3S iPodService - C:\Program Files\iPod\bin\iPodService.exe
2R lanmanserver (Server) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R lanmanworkstation (Workstation) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R LmHosts (TCP/IP NetBIOS Helper) - C:\WINDOWS\System32\svchost.exe -k LocalService
4S Messenger - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S mnmsrvc (NetMeeting Remote Desktop Sharing) - C:\WINDOWS\System32\mnmsrvc.exe
3S MSDTC (Distributed Transaction Coordinator) - C:\WINDOWS\System32\msdtc.exe
3S MSIServer (Windows Installer) - C:\WINDOWS\System32\msiexec.exe /V
4S NetDDE (Network DDE) - C:\WINDOWS\system32\netdde.exe
4S NetDDEdsdm (Network DDE DSDM) - C:\WINDOWS\system32\netdde.exe
3S Netlogon (Net Logon) - C:\WINDOWS\System32\lsass.exe
3R Netman (Network Connections) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R Nla (Network Location Awareness (NLA)) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S NtLmSsp (NT LM Security Support Provider) - C:\WINDOWS\System32\lsass.exe
3S NtmsSvc (Removable Storage) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R NWCWorkstation (Client Service for NetWare) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R PlugPlay (Plug and Play) - C:\WINDOWS\system32\services.exe
3S Pml Driver HPZ12 - C:\WINDOWS\System32\HPZipm12.exe
2R PolicyAgent (IPSEC Services) - C:\WINDOWS\System32\lsass.exe
2R PrismXL - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
2R ProtectedStorage (Protected Storage) - C:\WINDOWS\system32\lsass.exe
3S RasAuto (Remote Access Auto Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R RasMan (Remote Access Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S RDSessMgr (Remote Desktop Help Session Manager) - C:\WINDOWS\system32\sessmgr.exe
4S RemoteAccess (Routing and Remote Access) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R RemoteRegistry (Remote Registry) - C:\WINDOWS\system32\svchost.exe -k LocalService
3S RpcLocator (Remote Procedure Call (RPC) Locator) - C:\WINDOWS\System32\locator.exe
2R RpcSs (Remote Procedure Call (RPC)) - C:\WINDOWS\system32\svchost -k rpcss
3S RSVP (QoS RSVP) - C:\WINDOWS\System32\rsvp.exe
2R SamSs (Security Accounts Manager) - C:\WINDOWS\system32\lsass.exe
3S SavRoam - "C:\Program Files\Symantec AntiVirus\SavRoam.exe"
3S SCardSvr (Smart Card) - C:\WINDOWS\System32\SCardSvr.exe
2R Schedule (Task Scheduler) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R seclogon (Secondary Logon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R SENS (System Event Notification) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R SharedAccess (Windows Firewall/Internet Connection Sharing (ICS)) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R ShellHWDetection (Shell Hardware Detection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S SNDSrvc (Symantec Network Drivers Service) - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
3S SPBBCSvc (Symantec SPBBCSvc) - "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
2R Spooler (Print Spooler) - C:\WINDOWS\system32\spoolsv.exe
2R srservice (System Restore Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R SSDPSRV (SSDP Discovery Service) - C:\WINDOWS\System32\svchost.exe -k LocalService
2R stisvc (Windows Image Acquisition (WIA)) - C:\WINDOWS\System32\svchost.exe -k imgsvc
3S SwPrv (MS Software Shadow Copy Provider) - C:\WINDOWS\System32\dllhost.exe /Processid:{5CA41FAE-342F-4DFE-85B1-51F5E9E79507}
2R Symantec AntiVirus - "C:\Program Files\Symantec AntiVirus\Rtvscan.exe"
3S SysmonLog (Performance Logs and Alerts) - C:\WINDOWS\system32\smlogsvc.exe
3R TapiSrv (Telephony) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R TermService (Terminal Services) - C:\WINDOWS\System32\svchost -k DComLaunch
2R Themes - C:\WINDOWS\System32\svchost.exe -k netsvcs
4S TlntSvr (Telnet) - C:\WINDOWS\System32\tlntsvr.exe
2R TrkWks (Distributed Link Tracking Client) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S upnphost (Universal Plug and Play Device Host) - C:\WINDOWS\System32\svchost.exe -k LocalService
3S UPS (Uninterruptible Power Supply) - C:\WINDOWS\System32\ups.exe
2R UserAccess7 (SecuROM User Access Service (V7)) - C:\WINDOWS\system32\UAService7.exe
2R Viewpoint Manager Service - "C:\Program Files\Viewpoint\Common\ViewpointService.exe"
3S VSS (Volume Shadow Copy) - C:\WINDOWS\System32\vssvc.exe
2R W32Time (Windows Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R WebClient - C:\WINDOWS\System32\svchost.exe -k LocalService
2R winmgmt (Windows Management Instrumentation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S WmdmPmSN (Portable Media Serial Number Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S Wmi (Windows Management Instrumentation Driver Extensions) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S WmiApSrv (WMI Performance Adapter) - C:\WINDOWS\System32\wbem\wmiapsrv.exe
2R wscsvc (Security Center) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R wuauserv (Automatic Updates) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R WZCSVC (Wireless Zero Configuration) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S xmlprov (Network Provisioning Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs


-- Scheduled Tasks --------------------------------------------------------------

2007-02-21 16:11:59 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job<SYMANT~1.JOB>
2004-12-01 19:26:23 354 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1093908375.job<FRUTAS~1.JOB>


-- Files created between 2007-01-22 and 2007-02-22 ------------------------------

2007-02-22 12:09:41 0 d-------- C:\Program Files\HijackThis<HIJACK~1>
2007-02-22 11:42:14 0 d-------- C:\WINDOWS\LastGood
2007-02-22 09:55:30 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-21 0900 3582 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-21 09:05:28 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-02-21 09:05:28 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-02-21 09:05:28 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-02-21 09:05:28 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-02-21 09:05:28 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-02-21 09:05:28 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-02-16 11:02:03 0 d-------- C:\ie-spyad
2007-02-16 10:55:41 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-02-16 10:25:10 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-15 19:37:50 0 d-------- C:\WINDOWS\system32\bak
2007-02-03 14:09:31 68888 --a------ C:\WINDOWS\system32\xinput1_3.dll<XINPUT~4.DLL>
2007-02-03 14:09:31 237848 --a------ C:\WINDOWS\system32\xactengine2_4.dll<XA3856~1.DLL>
2007-02-03 14:09:31 15128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll<X3DAUD~2.DLL>
2007-02-03 14:09:30 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll<XACTEN~4.DLL>
2007-02-03 14:09:30 2414360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-02-03 14:09:29 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll<XINPUT~3.DLL>
2007-02-03 14:09:10 2297552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-02-03 12:18:23 0 d-------- C:\BSM_demoinstall<BSM_DE~1>
2007-02-01 18:01:51 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google


-- Find3M Report ----------------------------------------------------------------

2007-02-22 11:48:40 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-22 11:48:07 0 d-------- C:\Program Files\Symantec AntiVirus<SYMANT~1>
2007-02-22 11:47:23 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-02-22 11:46:47 0 d-------- C:\Program Files\Google
2007-02-22 09:40:24 0 d-------- C:\Program Files\ewido anti-malware<EWIDOA~1>
2007-02-16 17:02:52 0 d-------- C:\Documents and Settings\Ryan Turner\Application Data\AdobeUM
2007-02-15 22:10:04 0 d-------- C:\Program Files\AIM
2007-02-15 22:09:46 0 d-------- C:\Documents and Settings\Ryan Turner\Application Data\Aim
2007-02-15 20:10:05 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-15 20:10:04 0 d-------- C:\Program Files\iTunes
2007-02-15 20:10:02 0 d-------- C:\Program Files\Gateway Utilities<GATEWA~1>
2007-02-15 20:10:00 0 d-------- C:\Program Files\Launch Manager<LAUNCH~1>
2007-02-15 20:07:56 23564 --a------ C:\WINDOWS\system32\NeroCheck.exe<NEROCH~1.EXE>
2007-02-05 10:30:19 0 d-------- C:\Program Files\DC++<DC__~1>
2007-02-03 15:36:30 0 d---s---- C:\Documents and Settings\Ryan Turner\Application Data\Microsoft<MICROS~1>
2007-02-03 14:09:51 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll<CMDLIN~1.DLL>
2007-01-11 10:27:11 0 d-------- C:\Program Files\Viewpoint<VIEWPO~1>
2007-01-03 16:07:40 0 d-------- C:\Program Files\ICSC2006
2007-01-02 09:59:45 0 d-------- C:\Program Files\Virtual Earth 3D<VIRTUA~1>


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SoundMan"="SOUNDMAN.EXE"
"LaunchAp"="C:\\Program Files\\Launch Manager\\LaunchAp.exe"
"HotkeyApp"="C:\\Program Files\\Launch Manager\\HotkeyApp.exe"
"CtrlVol"="C:\\Program Files\\Launch Manager\\CtrlVol.exe"
"LMgrPanelICON"="C:\\Program Files\\Launch Manager\\PanelICON.exe"
"Wbutton"="\"C:\\Program Files\\Launch Manager\\Wbutton.exe\""
"AGRSMMSG"="AGRSMMSG.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Gateway Ink Monitor"="\"C:\\Program Files\\Gateway Utilities\\GWInkMonitor.exe\""
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"!AVG Anti-Spyware"="\"C:\\Documents and Settings\\Ryan Turner\\Desktop\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ERASERUTILDRV10710


-- End of ComboScan: finished at 2007-02-22 at 12:10:56 -------------------------

Ried</