1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need help reviewing Hijackthis log.

Discussion in 'Windows - Virus and spyware problems' started by melanieG, Jul 12, 2007.

  1. melanieG

    melanieG Member

    Joined:
    Jul 12, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    11
    I have been having trouble with my computer for a while now. It is getting worse and worse. I have run several online virus scanners and of course my personal one and to no avail. My computer is getting slower and slower, IE 6.0 won't load properly, I had to install firefox, it created an administrator account for me and can no longer just go directly to my desktop at startup and I receive an error when using msconfig that I don't have administrator rights although I am an administrator. It will make the changes but it gives me the warning anyway. Let's see, what else... It turned off my virus protection and I can not turn it back on, it won't allow Pandasoftware to download it's scanner anymore and removed it's files, my mouse and keyboard start freaking out and doing their own thing, if it idles for a while, my mouse locks up and I have to hit control-alt-delete to get it working again, plus more that I can't think of right now. Because I am no expert, I can really use the help of someone who is. If you can help me decipher my hijack this log, I would greatly appreciate it. It's all chinese to me :(. Thanks in advance for any help you can provide!!!!

    My computer is getting slower and slower. Internet explorer doesn't load properly, my keyboard and mouse work periodically, my virus detection has been turn off and I can't turn it back on. And various other things. Here is my Hikack log. If anyone can help me, I would greatly appreciate it. Thanks so much!!!

    Logfile of HijackThis v1.99.1
    Scan saved at 1:09:38 PM, on 7/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {6A07A1D6-5024-E8E1-9B50-DEE3FB919FFE} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\NORTON~1\NORTON~2\QDCSFS.exe /scheduler
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
    O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_5.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183096465625
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183096419671
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
    O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.sandlotgames.com/w4/slgwebinstall.cab
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/install/gtdownls.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio.../qdiagh.cab?326
    O17 - HKLM\System\CCS\Services\Tcpip\..\{724C7420-F180-476A-8941-3D731DC9ED93}: NameServer = 68.94.156.1,68.94.157.1
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


    Forum: HijackThis™ Logs and Malware Removal · Post Previe
     
  2. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    I'm on it. I will get back to you in a few minutes.

    Thank you :)
     
  3. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    Let's get a close look at your system. Please download Deckard's System Scanner (formerly ComboScan) from the link provided. Save it to your Desktop.

    Note: This program will clear your temporary files.

    Please do a scan with dss.exe. It will only take about five minutes. If it cannot find HijackThis on your computer, it will prompt you to look for it. Please press "yes" and tell the scanner where it is located. If the scanner asks you to download HijackThis, please answer "yes" to that as well. During the scan, your firewall may warn you about a .exe file attempting to connect to the Internet; please allow it. Your antivirus may also detect Deckard's System Scanner as a Possible Threat or RiskTool; it may be better for you to temporarily disable your antivirus.

    Once the scan is done, it will produce two logfiles for you: a "main.txt" (which you see) and an "extra.txt" (which is minimized). Please copy the contents of both these logfiles into your next reply.
     
  4. 07anto07

    07anto07 Regular member

    Joined:
    May 21, 2007
    Messages:
    3,511
    Likes Received:
    0
    Trophy Points:
    46
    really sorry to but in Fredil can u have a look at my tread please
     
  5. melanieG

    melanieG Member

    Joined:
    Jul 12, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    11
    I hope I'm replying correctly. Here are the log files that you asked for from dss.

    Deckard's System Scanner v20070711.54
    Run by MelG on 2007-07-12 at 22:05:36
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    16: 2007-07-13 05:05:41 UTC - RP16 - Deckard's System Scanner Restore Point
    15: 2007-07-12 17:54:21 UTC - RP15 - Removed Norton AntiVirus
    14: 2007-07-12 02:11:27 UTC - RP14 - System Checkpoint
    13: 2007-07-11 01:41:48 UTC - RP13 - System Checkpoint
    12: 2007-07-09 23:11:49 UTC - RP12 - System Checkpoint


    -- First Restore Point --
    1: 2007-06-26 02:40:02 UTC - RP1 - System Checkpoint


    Backed up registry hives.

    Performed disk cleanup.


    -- HijackThis (run as MelG.exe) ------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 10:07:13 PM, on 7/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Documents and Settings\Melanie\Desktop\dss.exe
    C:\PROGRA~1\HIJACK~1\MelG.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {6A07A1D6-5024-E8E1-9B50-DEE3FB919FFE} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\NORTON~1\NORTON~2\QDCSFS.exe /scheduler
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1183096465625
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1183096419671
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.sandlotgames.com/w4/slgwebinstall.cab
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/install/gtdownls.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
    O17 - HKLM\System\CCS\Services\Tcpip\..\{724C7420-F180-476A-8941-3D731DC9ED93}: NameServer = 68.94.156.1,68.94.157.1
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe


    -- File Associations -----------------------------------------------------------

    .txt - CorelDRAW.Graphic.13 - DefaultIcon - unable to read value
    .txt - CorelDRAW.Graphic.13 - shell\open\command - notepad.exe %1


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 ATMhelpr - c:\windows\system32\drivers\atmhelpr.sys <Not Verified; Adobe Systems Incorporated; Adobe Type Manager Deluxe>
    R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
    R1 VETFDDNT (VET Floppy Boot Sector Monitor) - c:\windows\system32\drivers\vetfddnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
    R1 VET-FILT (VET File System Filter) - c:\windows\system32\drivers\vet-filt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
    R1 VETMONNT (VET File Monitor) - c:\windows\system32\drivers\vetmonnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
    R1 VET-REC (VET File System Recognizer) - c:\windows\system32\drivers\vet-rec.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
    R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

    S2 SVKP - c:\windows\system32\svkp.sys (file missing)
    S2 UWADECT (Cygnion DECT Protocol Stack) - c:\windows\system32\drivers\uwadect.sys <Not Verified; Cygnion Corporation; CyberGenie@Work>
    S2 UWARFP (Cygnion Radio Fixed Part) - c:\windows\system32\drivers\uwarfp.sys <Not Verified; Cygnion Corporation; CyberGenie@Work>
    S2 UWASWIT (Cygnion Isochronous Device) - c:\windows\system32\drivers\uwaswit.sys <Not Verified; Cygnion Corporation; CyberGenie@Work>
    S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
    S3 GMSIPCI - e:\install\gmsipci.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 Speed Disk service - c:\progra~1\norton~1\speedd~1\nopdb.exe <Not Verified; Symantec Corporation; Norton Speed Disk>

    S2 npkcsvc - c:\windows\system32\npkcsvc.exe <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Service>
    S3 SNDSrvc (Symantec Network Drivers Service) - "c:\program files\common files\symantec shared\sndsrvc.exe" (file missing)


    -- Scheduled Tasks -------------------------------------------------------------

    2007-07-12 21:21:06 416 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
    2007-07-09 08:29:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2007-07-06 20:51:30 284 --a------ C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
    2007-07-06 20:51:29 450 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job


    -- Files created between 2007-06-12 and 2007-07-12 -----------------------------

    2007-07-12 11:07:56 0 d-------- C:\WINDOWS\CAVTemp
    2007-07-12 11:01:51 26787 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
    2007-07-12 11:01:51 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
    2007-07-12 11:01:19 15478 --a------ C:\WINDOWS\system32\drivers\Vet-Rec.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
    2007-07-12 11:01:19 21031 --a------ C:\WINDOWS\system32\drivers\Vet-Filt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
    2007-07-12 11:01:19 15735 --a------ C:\WINDOWS\system32\drivers\VetFDDNT.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
    2007-07-12 10:49:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2007-07-12 10:08:10 0 dr-h----- C:\Documents and Settings\Melanie\Recent
    2007-07-12 09:56:42 0 d-------- C:\Program Files\CCleaner
    2007-07-09 10:01:00 0 d-------- C:\WINDOWS\system32\ASPRO
    2007-07-07 23:22:12 1156 --a------ C:\WINDOWS\mozver.dat
    2007-07-03 06:36:57 0 d-------- C:\Documents and Settings\Melanie.MEL\Application Data\Help
    2007-07-02 08:32:10 0 d-------- C:\Program Files\QuickTime
    2007-07-01 10:10:15 0 --a------ C:\WINDOWS\nsreg.dat
    2007-07-01 10:09:47 0 d-------- C:\Documents and Settings\Melanie\Application Data\Mozilla
    2007-06-28 12:17:31 0 d-------- C:\Documents and Settings\Melanie\Application Data\Uniblue
    2007-06-27 10:32:44 69632 --a------ C:\WINDOWS\system32\asprouni.exe <Not Verified; Panda Software; Panda Software ASPRODesinstalador>
    2007-06-22 21:42:11 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
    2007-06-22 19:23:05 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
    2007-06-22 14:59:53 0 d-------- C:\Documents and Settings\LocalService\Desktop
    2007-06-22 09:14:46 0 d-------- C:\WINDOWS\system32\drivers\AU_Backup
    2007-06-21 19:47:26 0 d-------- C:\info
    2007-06-21 19:08:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
    2007-06-20 14:30:23 0 d-------- C:\Documents and Settings\Melanie.MEL\Application Data\Identities
    2007-06-20 14:29:28 0 d--h----- C:\Documents and Settings\Melanie.MEL\Templates <TEMPLA~1>
    2007-06-20 14:29:28 0 dr------- C:\Documents and Settings\Melanie.MEL\Start Menu
    2007-06-20 14:29:28 0 dr-h----- C:\Documents and Settings\Melanie.MEL\SendTo
    2007-06-20 14:29:28 0 dr-h----- C:\Documents and Settings\Melanie.MEL\Recent
    2007-06-20 14:29:28 0 d--h----- C:\Documents and Settings\Melanie.MEL\PrintHood
    2007-06-20 14:29:28 0 d--h----- C:\Documents and Settings\Melanie.MEL\NetHood
    2007-06-20 14:29:28 0 dr------- C:\Documents and Settings\Melanie.MEL\My Documents
    2007-06-20 14:29:28 0 d--h----- C:\Documents and Settings\Melanie.MEL\Local Settings
    2007-06-20 14:29:28 0 dr------- C:\Documents and Settings\Melanie.MEL\Favorites
    2007-06-20 14:29:28 0 d-------- C:\Documents and Settings\Melanie.MEL\Desktop
    2007-06-20 14:29:28 0 d---s---- C:\Documents and Settings\Melanie.MEL\Cookies
    2007-06-20 14:29:28 0 dr-h----- C:\Documents and Settings\Melanie.MEL\Application Data
    2007-06-20 14:29:28 0 d---s---- C:\Documents and Settings\Melanie.MEL\Application Data\Microsoft
    2007-06-20 14:29:27 1310720 --ah----- C:\Documents and Settings\Melanie.MEL\NTUSER.DAT
    2007-06-19 17:08:42 0 d-------- C:\Program Files\Kaspersky Lab
    2007-06-19 17:08:16 0 d-------- C:\KAV
    2007-06-14 18:57:31 26768 --a------ C:\WINDOWS\system\ctl3d.dll <Not Verified; Microsoft Corporation; 3D Windows Control>
    2007-06-14 18:57:21 0 d-------- C:\WINDOWS\MVUNINST
    2007-06-14 18:57:14 0 d-------- C:\Program Files\3M
    2007-06-13 19:52:58 0 d-------- C:\Documents and Settings\Melanie\.housecall6.6


    -- Find3M Report ---------------------------------------------------------------

    2007-07-12 13:09:00 0 d-------- C:\Program Files\Yahoo!
    2007-07-12 11:01:07 0 d-------- C:\Program Files\Common Files\Scanner
    2007-07-12 10:55:55 0 d-------- C:\Program Files\Norton SystemWorks
    2007-07-12 10:54:46 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2007-07-09 10:35:57 0 d-------- C:\Program Files\Apple Software Update
    2007-07-06 15:00:01 0 d-------- C:\Program Files\Norton Security Scan
    2007-07-02 08:47:51 0 d-------- C:\Program Files\Trend Micro
    2007-06-28 12:13:51 0 d-------- C:\Program Files\Common Files\Sandlot Shared
    2007-06-25 13:29:17 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-06-21 10:23:17 0 d-------- C:\Documents and Settings\Melanie\Application Data\Symantec
    2007-06-21 07:29:09 0 d-------- C:\Program Files\Windows NT
    2007-06-19 22:53:24 0 d-------- C:\Program Files\101 AVI MPEG WMV Converter
    2007-06-19 15:03:34 0 d-------- C:\Program Files\Messenger
    2007-06-15 13:53:16 0 d-------- C:\Program Files\Offline Course Player
    2007-06-15 13:52:13 0 d-------- C:\Program Files\iPod
    2007-06-14 10:54:33 0 d-------- C:\Program Files\Common Files\Adobe
    2007-06-06 21:36:18 0 d-------- C:\Documents and Settings\Melanie\Application Data\Image Zone Express
    2007-05-29 14:04:04 0 d-------- C:\Documents and Settings\Melanie\Application Data\Adobe
    2007-05-23 07:58:23 0 d-------- C:\Program Files\InterVideo
    2007-05-21 06:52:49 11096 --a------ C:\Documents and Settings\Melanie\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
    2007-05-20 19:50:55 0 d-------- C:\Program Files\Bradford
    2007-05-20 19:49:48 0 d-------- C:\Program Files\TaxCut06
    2007-05-20 15:34:49 117015 --a------ C:\WINDOWS\hpoins11.dat
    2007-05-20 15:34:19 0 d-------- C:\Program Files\Common Files\Sonic Shared
    2007-05-20 15:33:08 0 d-------- C:\Program Files\Common Files\HP
    2007-05-20 15:32:34 0 d-------- C:\Program Files\Hewlett-Packard
    2007-05-20 13:46:47 0 d-------- C:\Program Files\Common Files\Download Manager
    2007-05-20 13:38:45 0 d-------- C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD
    2007-05-20 13:29:23 0 d-------- C:\Program Files\Avex
    2007-05-15 10:48:47 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
    2007-05-15 07:55:36 0 d-------- C:\Program Files\Advanced Registry Optimizer


    -- Registry Dump ---------------------------------------------------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    {AE84A6AA-A333-4B92-B276-C11E2212E4FE} C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "QD FastAndSafe"="C:\\PROGRA~1\\NORTON~1\\NORTON~2\\QDCSFS.exe /scheduler"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
    "CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
    "YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "disableregistrytools"=dword:00000000
    "disabletaskmgr"=dword:00000000

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages REG_MULTI_SZ msv1_0\0\0
    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages REG_MULTI_SZ scecli\0\0


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
    "backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
    "item"="Adobe Gamma Loader"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
    "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
    "item"="Adobe Reader Speed Launch"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
    "backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
    "item"="Adobe Reader Synchronizer"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AT&T Self Support Tool.lnk"
    "backup"="C:\\WINDOWS\\pss\\AT&T Self Support Tool.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\SBCSEL~1\\bin\\matcli.exe -boot"
    "item"="AT&T Self Support Tool"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Google Updater.lnk"
    "backup"="C:\\WINDOWS\\pss\\Google Updater.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Google\\GOOGLE~2\\GOOGLE~1.EXE -systray -startup"
    "item"="Google Updater"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
    "backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
    "item"="HP Digital Imaging Monitor"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Image Zone Fast Start.lnk"
    "backup"="C:\\WINDOWS\\pss\\HP Image Zone Fast Start.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe -s"
    "item"="HP Image Zone Fast Start"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\InterVideo WinCinema Manager.lnk"
    "backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
    "item"="InterVideo WinCinema Manager"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
    "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\MICROS~3\\Office\\OSA9.EXE -b -l"
    "item"="Microsoft Office"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Post-it® Software Notes Lite.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Post-it® Software Notes Lite.lnk"
    "backup"="C:\\WINDOWS\\pss\\Post-it® Software Notes Lite.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\3M\\PSN2Lite\\Psn2Lite.exe -RegRun"
    "item"="Post-it® Software Notes Lite"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\QuickBooks Update Agent.lnk"
    "backup"="C:\\WINDOWS\\pss\\QuickBooks Update Agent.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\COMMON~1\\Intuit\\QUICKB~1\\QBUpdate\\qbupdate.exe "
    "item"="QuickBooks Update Agent"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Service Manager.lnk"
    "backup"="C:\\WINDOWS\\pss\\Service Manager.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\MI6841~1\\80\\Tools\\Binn\\sqlmangr.exe /n"
    "item"="Service Manager"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk"
    "backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
    "item"="WinZip Quick Pick"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Melanie^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    "path"="C:\\Documents and Settings\\Melanie\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
    "backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
    "location"="Startup"
    "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
    "item"="Adobe Gamma"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKCU"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="apdproxy"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Reader_sl"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ARO"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Advanced Registry Optimizer\\ARO.exe -rem"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AuthConsoleStart]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKLM"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="avp"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="CFD"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTCLiveUpdate]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="LiveUpdate"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\LiveUpdate\\LiveUpdate.exe\" /autostart"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ccApp"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ccRegVfy"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="eBayTBDaemon"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="FileZilla Server Interface"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\FileZilla Server\\FileZilla Server Interface.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GoogleDesktop"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gramburn]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="readme chin"
    "hkey"="HKCU"
    "command"="C:\\DOCUME~1\\Melanie\\APPLIC~1\\CASHST~1\\readme chin.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="HPWuSchd2"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ICQLite"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\ICQLite\\ICQLite.exe -minimize"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ISUSPM"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -startup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="issch"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="iTunesHelper"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dumprep 0 -k"
    "hkey"="HKLM"
    "command"="%systemroot%\\system32\\dumprep 0 -k"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MotiveSB"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\SBCSEL~1\\SMARTB~1\\MotiveSB.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NvCpl"
    "hkey"="HKLM"
    "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NvMcTray"
    "hkey"="HKLM"
    "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="nvraidservice"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\nvraidservice.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OLPSYNCH]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="OlpSynch"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Offline Course Player\\OlpSynch.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qttask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Toolkit]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="RegToolkit"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Registry Toolkit\\RegToolkit.exe /scan"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SDTrayApp"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\site ford roam vc]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Eggs 1"
    "hkey"="HKLM"
    "command"="C:\\Documents and Settings\\All Users\\Application Data\\DEBUGFLAPSITEFORD\\Eggs 1.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SOUNDMAN"
    "hkey"="HKLM"
    "command"="SOUNDMAN.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="jusched"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mobsync"
    "hkey"="HKLM"
    "command"="%SystemRoot%\\system32\\mobsync.exe /logon"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trend Micro AntiVirus 2007]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="tavui"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Trend Micro\\AntiVirus 2007\\tavui.exe -1 --delay 15"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="RegistryBooster"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Uniblue\\RegistryBooster 2\\RegistryBooster.exe /S"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="FotomatDeviceConnect"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Common Files\\Viewpoint\\Toolbar Runtime\\3.7.0\\FotomatDeviceConnect.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="YahooMessenger"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SQLAgent$MICROSOFTSMLBIZ"=dword:00000003
    "iPodService"=dword:00000003

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



    -- Hosts -----------------------------------------------------------------------

    192.168.1.104 HP000D9D0DC4A7


    -- End of Deckard's System Scanner: finished at 2007-07-12 at 22:08:00 ---------

    Deckard's System Scanner v20070711.54
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Professional (build 2600) SP 2.0
    Architecture: X86; Language: English

    CPU 0: AMD Athlon(tm) 64 Processor 3700+
    Percentage of Memory in Use: 18%
    Physical Memory (total/avail): 2047.47 MiB / 1660.34 MiB
    Pagefile Memory (total/avail): 3941.68 MiB / 3735.08 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1971.18 MiB

    A: is Removable (No Media)
    C: is Fixed (NTFS) - 114.48 GiB total, 79.87 GiB free.
    D: is CDROM (No Media)
    E: is CDROM (No Media)
    F: is Fixed (NTFS) - 153.38 GiB total, 147.11 GiB free.
    G: is Removable (No Media)
    H: is Removable (No Media)
    I: is Removable (No Media)


    -- Security Center -------------------------------------------------------------

    AUOptions is disabled.
    Windows Internal Firewall is enabled.

    FirewallDisableNotify is set.
    AntivirusOverride is set.

    FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
    AV: Anti-Virus - SBC Yahoo! Online Protection v7.0.7.4 (Computer Associates)

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
    "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
    "C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"="C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
    "C:\\Program Files\\Ipswitch\\WS_FTP Professional\\wsftpgui.exe"="C:\\Program Files\\Ipswitch\\WS_FTP Professional\\wsftpgui.exe:*:Disabled:WS_FTP Pro Application"
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Disabled:Yahoo! FT Server"
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
    "C:\\Program Files\\Macromedia\\HomeSite 5\\Homesite5.exe"="C:\\Program Files\\Macromedia\\HomeSite 5\\Homesite5.exe:*:Enabled:HomeSite"
    "C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
    "C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe:*:Enabled:HP OfficeJet Settings Interface"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqiscfg.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqiscfg.exe:*:Enabled:HP Instant Share Setup"
    "C:\\Program Files\\HP\\Product Assistant\\bin\\hprbui.exe"="C:\\Program Files\\HP\\Product Assistant\\bin\\hprbui.exe:*:Enabled:HP Product Assistant"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqthb08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqthb08.exe:*:Enabled:Image Zone "
    "C:\\Program Files\\HP\\Digital Imaging\\HP Print Screen\\prnsys.exe"="C:\\Program Files\\HP\\Digital Imaging\\HP Print Screen\\prnsys.exe:*:Enabled:HP Print Screen"
    "C:\\temp\\HP_WebRelease\\Setup\\HPZnet01.exe"="C:\\temp\\HP_WebRelease\\Setup\\HPZnet01.exe:*:Disabled:Install Consumer Experience Network Plug in"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
    "C:\\Documents and Settings\\Melanie\\Desktop\\iexplore.exe"="C:\\Documents and Settings\\Melanie\\Desktop\\iexplore.exe:*:Enabled:Internet Explorer"


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Melanie\Application Data
    ASLOGDIR=C:\Program Files\Intuit\QuickBooks 2006\
    CLASSPATH=C:\Program Files\PhotoDeluxe BE 1.1\AdobeConnectables;
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=MEL
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Melanie
    LOGONSERVER=\\MEL
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\C:\WINDOWS\LHSP;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 39 Stepping 1, AuthenticAMD
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=2701
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\Melanie\LOCALS~1\Temp
    TMP=C:\DOCUME~1\Melanie\LOCALS~1\Temp
    USERDOMAIN=MEL
    USERNAME=MelG
    USERPROFILE=C:\Documents and Settings\Melanie
    windir=C:\WINDOWS


    -- User Profiles ---------------------------------------------------------------

    Melanie (admin)
    Melanie.MEL (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
    --> C:\WINDOWS\system32\msiuins.exe
    --> C:\WINDOWS\UNINST.EXE -f"C:\Program Files\PhotoDeluxe BE 1.1\DeIsL1.isu"
    --> MsiExec.exe /I{688A3383-3CE7-4094-9188-9C39D1E4FCB6}
    --> MsiExec.exe /I{C8D79874-7F2B-4346-99F1-DAA8AABF9DCA}
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    3M Printscape(tm) Products --> C:\WINDOWS\MVUNINST\App1\unwise.exe C:\WINDOWS\MVUNINST\APP1\INSTALL.LOG "3M Printscape(tm) Products Uninstall"
    Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
    Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
    Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
    Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
    Adobe PageMaker 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\PageMaker 7.0 Tryout\Uninst.isu" -c"C:\Program Files\Adobe\PageMaker 7.0 Tryout\Uninst.dll"
    Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
    Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
    Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
    Adobe Type Manager 4.0 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
    Advanced Registry Optimizer --> "C:\Program Files\Advanced Registry Optimizer\unins000.exe" /silent
    Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
    AT&T Self Support Tool --> C:\WINDOWS\Motive\SBC\MCCUninst.exe
    AT&T Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
    BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
    CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
    DeductionPro 2006 --> C:\Program Files\DeductionPro 2006\RemoveDPro.EXE C:\PROGRA~1\DEDUCT~1\INSTALL.LOG
    Easy Text To HTML Converter --> C:\Program Files\Easy Text To HTML Converter\uninst.exe
    GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
    Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
    HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
    HP Driver Diagnostics --> MsiExec.exe /X{6314D540-E3C1-4F30-AEEB-4154C93375C3}
    HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
    HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
    HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
    HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
    HP Smart Web Printing 1.0 --> MsiExec.exe /X{E3030F57-9E6B-4E36-95B6-F7B4DBDEB8FB}
    HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
    InterVideo WinDVD Creator --> "C:\Program Files\InstallShield Installation Information\{9933F0EE-DFCD-4829-B979-3C56C367CB1A}\setup.exe" REMOVEALL
    iPod for Windows 2006-06-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
    iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
    J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
    J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    LGUsbDriver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB866374-B705-4749-83D9-997AC77146B3}\setup.exe"
    LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
    LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
    Macromedia HomeSite 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74307C3F-EBD4-11D4-A4D9-0010A4C3AFF0}\Setup.exe"
    Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Small Business Management Edition 2006 CD 2 --> MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A63}
    Microsoft Office Sounds --> MsiExec.exe /I{10CE1EA2-12E9-11D3-825E-00C04F6843FE}
    Mozilla Firefox (2.0.0.4) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
    Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    Norton PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}
    Norton SystemWorks 2003 --> MsiExec.exe /I{43C3D832-AC96-463A-2003-1B8D1BFA2523}
    Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
    Norton™ Security Scan --> MsiExec.exe /I{666CF041-77BE-414E-9A9D-0A227E9B48F8}
    NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    Panda ActiveScan Pro --> C:\WINDOWS\system32\ASProUni.exe Panda ActiveScan Pro
    Professor Answers --> C:\Documents and Settings\All Users\Application Data\Individual Software\Professor Answers\UNINSTALL.EXE C:\PROGRA~1\INDIVI~1\PROFES~3\INSTALL.LOG
    Professor Teaches Business Planning --> C:\Documents and Settings\All Users\Application Data\Individual Software\Professor Teaches Business Planning\UNINSTALL.EXE C:\PROGRA~1\INDIVI~1\PROFES~1\INSTALL.LOG
    Professor Teaches Excel 2003 --> C:\Documents and Settings\All Users\Application Data\Individual Software\Professor Teaches Excel 2003\UNINSTALL.EXE C:\PROGRA~1\INDIVI~1\PROFES~2\INSTALL.LOG
    QuickBooks Pro 2006 --> msiexec.exe /I {688A3383-3CE7-4094-9188-9C39D1E4FCB6} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2006" ADDREMOVE=1
    QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
    RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
    Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
    Remove Hidden Data Tool --> MsiExec.exe /X{90F80409-6000-11D3-8CFE-0150048383C9}
    Sandlot Connect Version 1.2.3 --> "C:\Program Files\Common Files\Sandlot Shared\unins002.exe"
    Sandlot Games Client Services --> "C:\Program Files\Common Files\Sandlot Shared\unins001.exe"
    SmartFTP Client 2.0 --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
    SmartFTP Client 2.0 Setup Files (remove only) --> "C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
    TaxCut Premium 2006 --> C:\PROGRA~1\TaxCut06\Program\removetc.exe
    Update Manager --> MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
    Windows NT Messaging --> RunDll32 setupapi.dll,InstallHinfSection Uninstall 4 MSMail.inf
    Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
    Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
    WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
    WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
    ZipItFast Pro 3.01 - A Free, Fast All in One Archive Utility! --> C:\WINDOWS\iun6002.exe "c:\zipitpro\irunin.ini"


    -- End of Deckard's System Scanner: finished at 2007-07-12 at 22:08:00 ---------

    Thank you very much for your assistance!
     
  6. anari11

    anari11 Guest

    delete O2 - BHO: (no name) - {6A07A1D6-5024-E8E1-9B50-DEE3FB919FFE} - (no file)

    this is definitely a malicious program.

    then delete O2 - BHO: (no name) - {6A07A1D6-5024-E8E1-9B50-DEE3FB919FFE} - (no file),this is just unneccesary.

    and this one is nasty O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe.fix it.
     
  7. melanieG

    melanieG Member

    Joined:
    Jul 12, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    11
    Hi. Thanks so much for you assistance. I have a question for you and please forgive my ignorance. Where you say: this one is nasty O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe.fix it. I see that file in Hijack this but not exactly. I do not have the file extension with the Fix it. I just says npkcsvc.exe. I'm assuming that I need to delete it under hijack this and then go into windows explorer to do the same or look for that file with the fix it? I just want to be sure that I don't make things worse. This is all foreign to me. Thanks again for your help.
     
  8. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    When an O2 or O3 says (no file), you can always fix it. However, that's only true for O2s and O3s.

    Currently looking over your DSS log; will get back to you soon.
     
  9. Auttaja

    Auttaja Guest

    Hi Fredil, you can´t just fix 023 lines

    Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it Fix.bat Please save it on your desktop.

    Quote:

    Double click Fix.bat A window will open and close. This is normal.

    This is way to remove that entry
     
  10. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    *ahem*. Check usernames - I didn't say fix the O23 line...

    I'm still working on that fix - sorry about the time.
     
  11. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    Hmm... first let's make sure you removed Norton completely. Open Start > Control Panel > Add or Remove Programs. Scroll down the alphabetical list and remove all instances of Norton or Symantec. Next, please copy the contents of the quotebox below into a blank Notepad document (NOT Wordpad):

    Click File > Save As. Under "Save as Type", select "All Files" from the dropdown. Save the name as KillNorton.reg the last four characters have to be .reg). Double-click on KillNorton.reg and when asked to merge the information with the registry press Yes.

    Next, do what this guy said (but I didn't tell you to fix the O23, for the record):

    Please reboot your computer into Safe Mode:

    1. Reboot your computer.
    2. As soon as it starts booting, press the F8 key. You may get an error if this is done too soon, just reboot and try again.
    3. You may get a message about boot drivers, just press ESC and keep tapping F8.
    4. At the Advanced Options menu, use the arrow keys and navigate to Safe Mode. Press Enter and log in as you usually would.

    Delete this file:

    C:\WINDOWS\system32\npkcsvc.exe

    Reboot back into Normal Mode and post a fresh HijackThis.

    @Auttaja - Why did you put sc stop twice? That doesn't do anything, you need sc delete :p
     
  12. melanieG

    melanieG Member

    Joined:
    Jul 12, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    11
    I received an error when trying to perform your regedit4 fix:

    It says that I cannot import it because it's not a registry script. You can only import binary files from within the registry editor.

    I already removed the file that was suggested to me before you responded. Could that be why? I will refrain from doing that from now on. I ran a fresh hijack log:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:34:50 AM, on 7/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\NORTON~1\NORTON~2\QDCSFS.exe /scheduler
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1183096465625
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1183096419671
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.sandlotgames.com/w4/slgwebinstall.cab
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/install/gtdownls.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
    O17 - HKLM\System\CCS\Services\Tcpip\..\{724C7420-F180-476A-8941-3D731DC9ED93}: NameServer = 68.94.156.1,68.94.157.1
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

     
  13. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    Humph... remove the space after the REGEDIT4 and put it before the REGEDIT4. Try it again.
     
  14. Auttaja

    Auttaja Guest

    Yes, there was my fault x2, sorry about that, that could happen when I make things too fast.
     
  15. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    Hehehe. No problem at all :)
     
  16. melanieG

    melanieG Member

    Joined:
    Jul 12, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    11
    I tried what you said and I get the same error message :(
     
  17. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    BLEARGH!

    Can you try this:

    If you get an error, hit the Print Screen button to get a screenshot, paste it into Paint, save it on your computer, and email it to me as (mods, don't remove this as this is an email I created solely for this purpose) wikipedia.crusader@gmail.com. If not, then all will go well.
     
  18. melanieG

    melanieG Member

    Joined:
    Jul 12, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    11
    It worked. Here's the new log:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:22:53 AM, on 7/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\NORTON~1\NORTON~2\QDCSFS.exe /scheduler
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1183096465625
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1183096419671
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.sandlotgames.com/w4/slgwebinstall.cab
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/install/gtdownls.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
    O17 - HKLM\System\CCS\Services\Tcpip\..\{724C7420-F180-476A-8941-3D731DC9ED93}: NameServer = 68.94.156.1,68.94.157.1
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

     
  19. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    Hmm... do the Deckard's scan again and post both logs. I want to see if there's anything crawling in places undetectable by HijackThis *laughs*

    Can you uninstall all components of Norton please, and uninstall Yahoo! Antivirus? Sygate doesn't seem to be a problem.

    If you don't go to the desktop at startup, where do you go to? Do you have the "Run" command in your Start Menu, and do you have Folder Options in your Control Panel?

    Just one more scan - do a scan with F-Secure Blacklight. It will download a file, save it to your desktop. Double-click on fsbl.exe to start the program. It will give you a license agreement, accept that. Click "Scan" to start the scan. Once the scan is done, you should be told if there are any hidden items. If there are, a log called fsbl-##############.txt (the # is a number) is made on your desktop. Copy and paste the contents of that log into your reply.

    I lied about just one more scan :) Please pay a visit to http://www.virustotal.com to upload a file. In the textbox at the top, next to the "Browse" button, copy and paste the following text:

    C:\WINDOWS\system32\npkcsvc.exe

    Hit "Send". You may have to wait for quite a while due to the queue. When scanning of the file begins, don't interrupt it! It may take up to ten minutes to scan a large file. When the scan is done, the "status box" at the top should say "STATUS: FINISHED". Your file will be scanned with more than 30 antivirus engines for a comprehensive result. When the scan is done, there will be two tables - one with your results and one with information like the MD5 Checksum. Ignore the smaller table - just copy all the text in the larger one and paste it into your reply.
     
  20. melanieG

    melanieG Member

    Joined:
    Jul 12, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    11
    Here's part of what you asked for:

    From the Virustotal I received: 0 bytes size received / Se ha recibido un archivo vacio

    From DSS I received only one file, the first flashed and then it was gone. This is all I get now:

    Deckard's System Scanner v20070711.54
    Run by MelG on 2007-07-13 at 13:55:41
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as MelG.exe) ------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 1:55:49 PM, on 7/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Documents and Settings\Melanie\Desktop\dss.exe
    C:\PROGRA~1\HIJACK~1\MelG.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\NORTON~1\NORTON~2\QDCSFS.exe /scheduler
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1183096465625
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1183096419671
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.sandlotgames.com/w4/slgwebinstall.cab
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/install/gtdownls.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
    O17 - HKLM\System\CCS\Services\Tcpip\..\{724C7420-F180-476A-8941-3D731DC9ED93}: NameServer = 68.94.156.1,68.94.157.1
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe


    -- Files created between 2007-06-13 and 2007-07-13 -----------------------------

    2007-07-12 11:07:56 0 d-------- C:\WINDOWS\CAVTemp
    2007-07-12 11:01:51 26787 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
    2007-07-12 11:01:51 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
    2007-07-12 11:01:19 15478 --a------ C:\WINDOWS\system32\drivers\Vet-Rec.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
    2007-07-12 11:01:19 21031 --a------ C:\WINDOWS\system32\drivers\Vet-Filt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
    2007-07-12 11:01:19 15735 --a------ C:\WINDOWS\system32\drivers\VetFDDNT.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
    2007-07-12 10:49:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2007-07-12 10:08:10 0 dr-h----- C:\Documents and Settings\Melanie\Recent
    2007-07-12 09:56:42 0 d-------- C:\Program Files\CCleaner
    2007-07-09 10:01:00 0 d-------- C:\WINDOWS\system32\ASPRO
    2007-07-07 23:22:12 1156 --a------ C:\WINDOWS\mozver.dat
    2007-07-03 06:36:57 0 d-------- C:\Documents and Settings\Melanie.MEL\Application Data\Help
    2007-07-02 08:32:10 0 d-------- C:\Program Files\QuickTime
    2007-07-01 10:10:15 0 --a------ C:\WINDOWS\nsreg.dat
    2007-07-01 10:09:47 0 d-------- C:\Documents and Settings\Melanie\Application Data\Mozilla
    2007-06-28 12:17:31 0 d-------- C:\Documents and Settings\Melanie\Application Data\Uniblue
    2007-06-27 10:32:44 69632 --a------ C:\WINDOWS\system32\asprouni.exe <Not Verified; Panda Software; Panda Software ASPRODesinstalador>
    2007-06-22 21:42:11 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
    2007-06-22 19:23:05 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
    2007-06-22 14:59:53 0 d-------- C:\Documents and Settings\LocalService\Desktop
    2007-06-22 09:14:46 0 d-------- C:\WINDOWS\system32\drivers\AU_Backup
    2007-06-21 19:47:26 0 d-------- C:\info
    2007-06-21 19:08:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
    2007-06-20 14:30:23 0 d-------- C:\Documents and Settings\Melanie.MEL\Application Data\Identities
    2007-06-20 14:29:28 0 d--h----- C:\Documents and Settings\Melanie.MEL\Templates <TEMPLA~1>
    2007-06-20 14:29:28 0 dr------- C:\Documents and Settings\Melanie.MEL\Start Menu
    2007-06-20 14:29:28 0 dr-h----- C:\Documents and Settings\Melanie.MEL\SendTo
    2007-06-20 14:29:28 0 dr-h----- C:\Documents and Settings\Melanie.MEL\Recent
    2007-06-20 14:29:28 0 d--h----- C:\Documents and Settings\Melanie.MEL\PrintHood
    2007-06-20 14:29:28 0 d--h----- C:\Documents and Settings\Melanie.MEL\NetHood
    2007-06-20 14:29:28 0 dr------- C:\Documents and Settings\Melanie.MEL\My Documents
    2007-06-20 14:29:28 0 d--h----- C:\Documents and Settings\Melanie.MEL\Local Settings
    2007-06-20 14:29:28 0 dr------- C:\Documents and Settings\Melanie.MEL\Favorites
    2007-06-20 14:29:28 0 d-------- C:\Documents and Settings\Melanie.MEL\Desktop
    2007-06-20 14:29:28 0 d---s---- C:\Documents and Settings\Melanie.MEL\Cookies
    2007-06-20 14:29:28 0 dr-h----- C:\Documents and Settings\Melanie.MEL\Application Data
    2007-06-20 14:29:28 0 d---s---- C:\Documents and Settings\Melanie.MEL\Application Data\Microsoft
    2007-06-20 14:29:27 1310720 --ah----- C:\Documents and Settings\Melanie.MEL\NTUSER.DAT
    2007-06-19 17:08:42 0 d-------- C:\Program Files\Kaspersky Lab
    2007-06-19 17:08:16 0 d-------- C:\KAV
    2007-06-14 18:57:31 26768 --a------ C:\WINDOWS\system\ctl3d.dll <Not Verified; Microsoft Corporation; 3D Windows Control>
    2007-06-14 18:57:21 0 d-------- C:\WINDOWS\MVUNINST
    2007-06-14 18:57:14 0 d-------- C:\Program Files\3M
    2007-06-13 19:52:58 0 d-------- C:\Documents and Settings\Melanie\.housecall6.6


    -- Find3M Report ---------------------------------------------------------------

    2007-07-13 12:39:08 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2007-07-13 12:38:37 0 d-------- C:\Program Files\Norton SystemWorks
    2007-07-12 13:09:00 0 d-------- C:\Program Files\Yahoo!
    2007-07-12 11:01:07 0 d-------- C:\Program Files\Common Files\Scanner
    2007-07-09 10:35:57 0 d-------- C:\Program Files\Apple Software Update
    2007-07-06 15:00:01 0 d-------- C:\Program Files\Norton Security Scan
    2007-07-02 08:47:51 0 d-------- C:\Program Files\Trend Micro
    2007-06-28 12:13:51 0 d-------- C:\Program Files\Common Files\Sandlot Shared
    2007-06-25 13:29:17 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-06-21 10:23:17 0 d-------- C:\Documents and Settings\Melanie\Application Data\Symantec
    2007-06-21 07:29:09 0 d-------- C:\Program Files\Windows NT
    2007-06-19 22:53:24 0 d-------- C:\Program Files\101 AVI MPEG WMV Converter
    2007-06-19 15:03:34 0 d-------- C:\Program Files\Messenger
    2007-06-15 13:53:16 0 d-------- C:\Program Files\Offline Course Player
    2007-06-15 13:52:13 0 d-------- C:\Program Files\iPod
    2007-06-14 10:54:33 0 d-------- C:\Program Files\Common Files\Adobe
    2007-06-06 21:36:18 0 d-------- C:\Documents and Settings\Melanie\Application Data\Image Zone Express
    2007-05-29 14:04:04 0 d-------- C:\Documents and Settings\Melanie\Application Data\Adobe
    2007-05-23 07:58:23 0 d-------- C:\Program Files\InterVideo
    2007-05-21 06:52:49 11096 --a------ C:\Documents and Settings\Melanie\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
    2007-05-20 19:50:55 0 d-------- C:\Program Files\Bradford
    2007-05-20 19:49:48 0 d-------- C:\Program Files\TaxCut06
    2007-05-20 15:34:19 0 d-------- C:\Program Files\Common Files\Sonic Shared
    2007-05-20 15:33:08 0 d-------- C:\Program Files\Common Files\HP
    2007-05-20 15:32:34 0 d-------- C:\Program Files\Hewlett-Packard
    2007-05-20 13:46:47 0 d-------- C:\Program Files\Common Files\Download Manager
    2007-05-20 13:38:45 0 d-------- C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD
    2007-05-20 13:29:23 0 d-------- C:\Program Files\Avex
    2007-05-15 10:48:47 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
    2007-05-15 07:55:36 0 d-------- C:\Program Files\Advanced Registry Optimizer


    -- Registry Dump ---------------------------------------------------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    {AE84A6AA-A333-4B92-B276-C11E2212E4FE} C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "QD FastAndSafe"="C:\\PROGRA~1\\NORTON~1\\NORTON~2\\QDCSFS.exe /scheduler"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
    "CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
    "YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "disableregistrytools"=dword:00000000
    "disabletaskmgr"=dword:00000000

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages REG_MULTI_SZ msv1_0\0\0
    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages REG_MULTI_SZ scecli\0\0


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
    "backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
    "item"="Adobe Gamma Loader"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
    "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
    "item"="Adobe Reader Speed Launch"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
    "backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
    "item"="Adobe Reader Synchronizer"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AT&T Self Support Tool.lnk"
    "backup"="C:\\WINDOWS\\pss\\AT&T Self Support Tool.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\SBCSEL~1\\bin\\matcli.exe -boot"
    "item"="AT&T Self Support Tool"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Google Updater.lnk"
    "backup"="C:\\WINDOWS\\pss\\Google Updater.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Google\\GOOGLE~2\\GOOGLE~1.EXE -systray -startup"
    "item"="Google Updater"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
    "backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
    "item"="HP Digital Imaging Monitor"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Image Zone Fast Start.lnk"
    "backup"="C:\\WINDOWS\\pss\\HP Image Zone Fast Start.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe -s"
    "item"="HP Image Zone Fast Start"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\InterVideo WinCinema Manager.lnk"
    "backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
    "item"="InterVideo WinCinema Manager"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
    "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\MICROS~3\\Office\\OSA9.EXE -b -l"
    "item"="Microsoft Office"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Post-it® Software Notes Lite.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Post-it® Software Notes Lite.lnk"
    "backup"="C:\\WINDOWS\\pss\\Post-it® Software Notes Lite.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\3M\\PSN2Lite\\Psn2Lite.exe -RegRun"
    "item"="Post-it® Software Notes Lite"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\QuickBooks Update Agent.lnk"
    "backup"="C:\\WINDOWS\\pss\\QuickBooks Update Agent.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\COMMON~1\\Intuit\\QUICKB~1\\QBUpdate\\qbupdate.exe "
    "item"="QuickBooks Update Agent"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Service Manager.lnk"
    "backup"="C:\\WINDOWS\\pss\\Service Manager.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\MI6841~1\\80\\Tools\\Binn\\sqlmangr.exe /n"
    "item"="Service Manager"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk"
    "backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
    "item"="WinZip Quick Pick"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Melanie^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    "path"="C:\\Documents and Settings\\Melanie\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
    "backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
    "location"="Startup"
    "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
    "item"="Adobe Gamma"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKCU"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="apdproxy"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Reader_sl"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ARO"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Advanced Registry Optimizer\\ARO.exe -rem"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AuthConsoleStart]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKLM"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="avp"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="CFD"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTCLiveUpdate]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="LiveUpdate"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\LiveUpdate\\LiveUpdate.exe\" /autostart"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ccApp"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ccRegVfy"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="eBayTBDaemon"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="FileZilla Server Interface"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\FileZilla Server\\FileZilla Server Interface.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GoogleDesktop"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gramburn]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="readme chin"
    "hkey"="HKCU"
    "command"="C:\\DOCUME~1\\Melanie\\APPLIC~1\\CASHST~1\\readme chin.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="HPWuSchd2"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ICQLite"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\ICQLite\\ICQLite.exe -minimize"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ISUSPM"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -startup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="issch"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="iTunesHelper"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dumprep 0 -k"
    "hkey"="HKLM"
    "command"="%systemroot%\\system32\\dumprep 0 -k"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MotiveSB"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\SBCSEL~1\\SMARTB~1\\MotiveSB.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NvCpl"
    "hkey"="HKLM"
    "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NvMcTray"
    "hkey"="HKLM"
    "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="nvraidservice"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\nvraidservice.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OLPSYNCH]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="OlpSynch"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Offline Course Player\\OlpSynch.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qttask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Toolkit]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="RegToolkit"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Registry Toolkit\\RegToolkit.exe /scan"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SDTrayApp"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\site ford roam vc]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Eggs 1"
    "hkey"="HKLM"
    "command"="C:\\Documents and Settings\\All Users\\Application Data\\DEBUGFLAPSITEFORD\\Eggs 1.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SOUNDMAN"
    "hkey"="HKLM"
    "command"="SOUNDMAN.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="jusched"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mobsync"
    "hkey"="HKLM"
    "command"="%SystemRoot%\\system32\\mobsync.exe /logon"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trend Micro AntiVirus 2007]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="tavui"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Trend Micro\\AntiVirus 2007\\tavui.exe -1 --delay 15"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="RegistryBooster"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Uniblue\\RegistryBooster 2\\RegistryBooster.exe /S"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="FotomatDeviceConnect"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Common Files\\Viewpoint\\Toolbar Runtime\\3.7.0\\FotomatDeviceConnect.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="YahooMessenger"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SQLAgent$MICROSOFTSMLBIZ"=dword:00000003
    "iPodService"=dword:00000003

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



    -- End of Deckard's System Scanner: finished at 2007-07-13 at 13:56:26 ---------

     

Share This Page