Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Saturday 6.9.2025 / 18:59
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > need help reviewing hijackthis log.
Show topics
 
Forums
Forums
Need help reviewing Hijackthis log.
  Jump to:
 
Posted Message
Page:12Next >
melanieG
Newbie
_ 		12. July 2007 @ 08:46 _ Link to this message    Send private message to this user   
I have been having trouble with my computer for a while now. It is getting worse and worse. I have run several online virus scanners and of course my personal one and to no avail. My computer is getting slower and slower, IE 6.0 won't load properly, I had to install firefox, it created an administrator account for me and can no longer just go directly to my desktop at startup and I receive an error when using msconfig that I don't have administrator rights although I am an administrator. It will make the changes but it gives me the warning anyway. Let's see, what else... It turned off my virus protection and I can not turn it back on, it won't allow Pandasoftware to download it's scanner anymore and removed it's files, my mouse and keyboard start freaking out and doing their own thing, if it idles for a while, my mouse locks up and I have to hit control-alt-delete to get it working again, plus more that I can't think of right now. Because I am no expert, I can really use the help of someone who is. If you can help me decipher my hijack this log, I would greatly appreciate it. It's all chinese to me :(. Thanks in advance for any help you can provide!!!!

My computer is getting slower and slower. Internet explorer doesn't load properly, my keyboard and mouse work periodically, my virus detection has been turn off and I can't turn it back on. And various other things. Here is my Hikack log. If anyone can help me, I would greatly appreciate it. Thanks so much!!!

Logfile of HijackThis v1.99.1
Scan saved at 1:09:38 PM, on 7/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6A07A1D6-5024-E8E1-9B50-DEE3FB919FFE} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\NORTON~1\NORTON~2\QDCSFS.exe /scheduler
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183096465625
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183096419671
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.sandlotgames.com/w4/slgwebinstall.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/install/gtdownls.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio.../qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{724C7420-F180-476A-8941-3D731DC9ED93}: NameServer = 68.94.156.1,68.94.157.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Forum: HijackThis? Logs and Malware Removal · Post Previe
[ + quote]
Advertisement
_ 		__
Fredil
Member
_ 		12. July 2007 @ 10:57 _ Link to this message    Send private message to this user   
I'm on it. I will get back to you in a few minutes.

Thank you :)
[ + quote]
Geeks to Go - Trusted Helper

Please do not PM for help - please post on the forums.
Fredil
Member
_ 		12. July 2007 @ 11:00 _ Link to this message    Send private message to this user   
Let's get a close look at your system. Please download Deckard's System Scanner (formerly ComboScan) from the link provided. Save it to your Desktop.

Note: This program will clear your temporary files.

Please do a scan with dss.exe. It will only take about five minutes. If it cannot find HijackThis on your computer, it will prompt you to look for it. Please press "yes" and tell the scanner where it is located. If the scanner asks you to download HijackThis, please answer "yes" to that as well. During the scan, your firewall may warn you about a .exe file attempting to connect to the Internet; please allow it. Your antivirus may also detect Deckard's System Scanner as a Possible Threat or RiskTool; it may be better for you to temporarily disable your antivirus.

Once the scan is done, it will produce two logfiles for you: a "main.txt" (which you see) and an "extra.txt" (which is minimized). Please copy the contents of both these logfiles into your next reply.
[ + quote]
Geeks to Go - Trusted Helper

Please do not PM for help - please post on the forums.
07anto07
AfterDawn Addict
_ 		12. July 2007 @ 12:23 _ Link to this message    Send private message to this user   
really sorry to but in Fredil can u have a look at my tread please
[ + quote]


250gb ps3 non modded and 60gb launch model 3.55cfw
melanieG
Newbie
_ 		12. July 2007 @ 21:14 _ Link to this message    Send private message to this user   
Originally posted by Fredil:
 Let's get a close look at your system. Please download Deckard's System Scanner (formerly ComboScan) from the link provided. Save it to your Desktop.

Note: This program will clear your temporary files.

Please do a scan with dss.exe. It will only take about five minutes. If it cannot find HijackThis on your computer, it will prompt you to look for it. Please press "yes" and tell the scanner where it is located. If the scanner asks you to download HijackThis, please answer "yes" to that as well. During the scan, your firewall may warn you about a .exe file attempting to connect to the Internet; please allow it. Your antivirus may also detect Deckard's System Scanner as a Possible Threat or RiskTool; it may be better for you to temporarily disable your antivirus.

Once the scan is done, it will produce two logfiles for you: a "main.txt" (which you see) and an "extra.txt" (which is minimized). Please copy the contents of both these logfiles into your next reply.
I hope I'm replying correctly. Here are the log files that you asked for from dss.

Deckard's System Scanner v20070711.54
Run by MelG on 2007-07-12 at 22:05:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
16: 2007-07-13 05:05:41 UTC - RP16 - Deckard's System Scanner Restore Point
15: 2007-07-12 17:54:21 UTC - RP15 - Removed Norton AntiVirus
14: 2007-07-12 02:11:27 UTC - RP14 - System Checkpoint
13: 2007-07-11 01:41:48 UTC - RP13 - System Checkpoint
12: 2007-07-09 23:11:49 UTC - RP12 - System Checkpoint


-- First Restore Point --
1: 2007-06-26 02:40:02 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as MelG.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:07:13 PM, on 7/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Documents and Settings\Melanie\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\MelG.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6A07A1D6-5024-E8E1-9B50-DEE3FB919FFE} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\NORTON~1\NORTON~2\QDCSFS.exe /scheduler
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/ins...staller_gmn.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housec...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Share...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/inst...llMgr_v01_5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsof...b?1183096465625
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Share...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1183096419671
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housec...ivex/hcImpl.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.sandlotgames.com/w4/slgwebinstall.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/install/gtdownls.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/a.../qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{724C7420-F180-476A-8941-3D731DC9ED93}: NameServer = 68.94.156.1,68.94.157.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe


-- File Associations -----------------------------------------------------------

.txt - CorelDRAW.Graphic.13 - DefaultIcon - unable to read value
.txt - CorelDRAW.Graphic.13 - shell\open\command - notepad.exe %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ATMhelpr - c:\windows\system32\drivers\atmhelpr.sys
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys
R1 VETFDDNT (VET Floppy Boot Sector Monitor) - c:\windows\system32\drivers\vetfddnt.sys
R1 VET-FILT (VET File System Filter) - c:\windows\system32\drivers\vet-filt.sys
R1 VETMONNT (VET File Monitor) - c:\windows\system32\drivers\vetmonnt.sys
R1 VET-REC (VET File System Recognizer) - c:\windows\system32\drivers\vet-rec.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys

S2 SVKP - c:\windows\system32\svkp.sys (file missing)
S2 UWADECT (Cygnion DECT Protocol Stack) - c:\windows\system32\drivers\uwadect.sys
S2 UWARFP (Cygnion Radio Fixed Part) - c:\windows\system32\drivers\uwarfp.sys
S2 UWASWIT (Cygnion Isochronous Device) - c:\windows\system32\drivers\uwaswit.sys
S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 GMSIPCI - e:\install\gmsipci.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Speed Disk service - c:\progra~1\norton~1\speedd~1\nopdb.exe

S2 npkcsvc - c:\windows\system32\npkcsvc.exe
S3 SNDSrvc (Symantec Network Drivers Service) - "c:\program files\common files\symantec shared\sndsrvc.exe" (file missing)


-- Scheduled Tasks -------------------------------------------------------------

2007-07-12 21:21:06 416 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-07-09 08:29:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-07-06 20:51:30 284 --a------ C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
2007-07-06 20:51:29 450 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job


-- Files created between 2007-06-12 and 2007-07-12 -----------------------------

2007-07-12 11:07:56 0 d-------- C:\WINDOWS\CAVTemp
2007-07-12 11:01:51 26787 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-07-12 11:01:51 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2007-07-12 11:01:19 15478 --a------ C:\WINDOWS\system32\drivers\Vet-Rec.sys
2007-07-12 11:01:19 21031 --a------ C:\WINDOWS\system32\drivers\Vet-Filt.sys
2007-07-12 11:01:19 15735 --a------ C:\WINDOWS\system32\drivers\VetFDDNT.sys
2007-07-12 10:49:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-07-12 10:08:10 0 dr-h----- C:\Documents and Settings\Melanie\Recent
2007-07-12 09:56:42 0 d-------- C:\Program Files\CCleaner
2007-07-09 10:01:00 0 d-------- C:\WINDOWS\system32\ASPRO
2007-07-07 23:22:12 1156 --a------ C:\WINDOWS\mozver.dat
2007-07-03 06:36:57 0 d-------- C:\Documents and Settings\Melanie.MEL\Application Data\Help
2007-07-02 08:32:10 0 d-------- C:\Program Files\QuickTime
2007-07-01 10:10:15 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-01 10:09:47 0 d-------- C:\Documents and Settings\Melanie\Application Data\Mozilla
2007-06-28 12:17:31 0 d-------- C:\Documents and Settings\Melanie\Application Data\Uniblue
2007-06-27 10:32:44 69632 --a------ C:\WINDOWS\system32\asprouni.exe
2007-06-22 21:42:11 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2007-06-22 19:23:05 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-22 14:59:53 0 d-------- C:\Documents and Settings\LocalService\Desktop
2007-06-22 09:14:46 0 d-------- C:\WINDOWS\system32\drivers\AU_Backup
2007-06-21 19:47:26 0 d-------- C:\info
2007-06-21 19:08:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-06-20 14:30:23 0 d-------- C:\Documents and Settings\Melanie.MEL\Application Data\Identities
2007-06-20 14:29:28 0 d--h----- C:\Documents and Settings\Melanie.MEL\Templates
2007-06-20 14:29:28 0 dr------- C:\Documents and Settings\Melanie.MEL\Start Menu
2007-06-20 14:29:28 0 dr-h----- C:\Documents and Settings\Melanie.MEL\SendTo
2007-06-20 14:29:28 0 dr-h----- C:\Documents and Settings\Melanie.MEL\Recent
2007-06-20 14:29:28 0 d--h----- C:\Documents and Settings\Melanie.MEL\PrintHood
2007-06-20 14:29:28 0 d--h----- C:\Documents and Settings\Melanie.MEL\NetHood
2007-06-20 14:29:28 0 dr------- C:\Documents and Settings\Melanie.MEL\My Documents
2007-06-20 14:29:28 0 d--h----- C:\Documents and Settings\Melanie.MEL\Local Settings
2007-06-20 14:29:28 0 dr------- C:\Documents and Settings\Melanie.MEL\Favorites
2007-06-20 14:29:28 0 d-------- C:\Documents and Settings\Melanie.MEL\Desktop
2007-06-20 14:29:28 0 d---s---- C:\Documents and Settings\Melanie.MEL\Cookies
2007-06-20 14:29:28 0 dr-h----- C:\Documents and Settings\Melanie.MEL\Application Data
2007-06-20 14:29:28 0 d---s---- C:\Documents and Settings\Melanie.MEL\Application Data\Microsoft
2007-06-20 14:29:27 1310720 --ah----- C:\Documents and Settings\Melanie.MEL\NTUSER.DAT
2007-06-19 17:08:42 0 d-------- C:\Program Files\Kaspersky Lab
2007-06-19 17:08:16 0 d-------- C:\KAV
2007-06-14 18:57:31 26768 --a------ C:\WINDOWS\system\ctl3d.dll
2007-06-14 18:57:21 0 d-------- C:\WINDOWS\MVUNINST
2007-06-14 18:57:14 0 d-------- C:\Program Files\3M
2007-06-13 19:52:58 0 d-------- C:\Documents and Settings\Melanie\.housecall6.6


-- Find3M Report ---------------------------------------------------------------

2007-07-12 13:09:00 0 d-------- C:\Program Files\Yahoo!
2007-07-12 11:01:07 0 d-------- C:\Program Files\Common Files\Scanner
2007-07-12 10:55:55 0 d-------- C:\Program Files\Norton SystemWorks
2007-07-12 10:54:46 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-09 10:35:57 0 d-------- C:\Program Files\Apple Software Update
2007-07-06 15:00:01 0 d-------- C:\Program Files\Norton Security Scan
2007-07-02 08:47:51 0 d-------- C:\Program Files\Trend Micro
2007-06-28 12:13:51 0 d-------- C:\Program Files\Common Files\Sandlot Shared
2007-06-25 13:29:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-21 10:23:17 0 d-------- C:\Documents and Settings\Melanie\Application Data\Symantec
2007-06-21 07:29:09 0 d-------- C:\Program Files\Windows NT
2007-06-19 22:53:24 0 d-------- C:\Program Files\101 AVI MPEG WMV Converter
2007-06-19 15:03:34 0 d-------- C:\Program Files\Messenger
2007-06-15 13:53:16 0 d-------- C:\Program Files\Offline Course Player
2007-06-15 13:52:13 0 d-------- C:\Program Files\iPod
2007-06-14 10:54:33 0 d-------- C:\Program Files\Common Files\Adobe
2007-06-06 21:36:18 0 d-------- C:\Documents and Settings\Melanie\Application Data\Image Zone Express
2007-05-29 14:04:04 0 d-------- C:\Documents and Settings\Melanie\Application Data\Adobe
2007-05-23 07:58:23 0 d-------- C:\Program Files\InterVideo
2007-05-21 06:52:49 11096 --a------ C:\Documents and Settings\Melanie\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
2007-05-20 19:50:55 0 d-------- C:\Program Files\Bradford
2007-05-20 19:49:48 0 d-------- C:\Program Files\TaxCut06
2007-05-20 15:34:49 117015 --a------ C:\WINDOWS\hpoins11.dat
2007-05-20 15:34:19 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-05-20 15:33:08 0 d-------- C:\Program Files\Common Files\HP
2007-05-20 15:32:34 0 d-------- C:\Program Files\Hewlett-Packard
2007-05-20 13:46:47 0 d-------- C:\Program Files\Common Files\Download Manager
2007-05-20 13:38:45 0 d-------- C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD
2007-05-20 13:29:23 0 d-------- C:\Program Files\Avex
2007-05-15 10:48:47 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2007-05-15 07:55:36 0 d-------- C:\Program Files\Advanced Registry Optimizer


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
{AE84A6AA-A333-4B92-B276-C11E2212E4FE} C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"QD FastAndSafe"="C:\\PROGRA~1\\NORTON~1\\NORTON~2\\QDCSFS.exe /scheduler"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
"YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=dword:00000000
"disabletaskmgr"=dword:00000000

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AT&T Self Support Tool.lnk"
"backup"="C:\\WINDOWS\\pss\\AT&T Self Support Tool.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SBCSEL~1\\bin\\matcli.exe -boot"
"item"="AT&T Self Support Tool"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Google Updater.lnk"
"backup"="C:\\WINDOWS\\pss\\Google Updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Google\\GOOGLE~2\\GOOGLE~1.EXE -systray -startup"
"item"="Google Updater"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Image Zone Fast Start.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Image Zone Fast Start.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe -s"
"item"="HP Image Zone Fast Start"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~3\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Post-it® Software Notes Lite.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Post-it® Software Notes Lite.lnk"
"backup"="C:\\WINDOWS\\pss\\Post-it® Software Notes Lite.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\3M\\PSN2Lite\\Psn2Lite.exe -RegRun"
"item"="Post-it® Software Notes Lite"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\QuickBooks Update Agent.lnk"
"backup"="C:\\WINDOWS\\pss\\QuickBooks Update Agent.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Intuit\\QUICKB~1\\QBUpdate\\qbupdate.exe "
"item"="QuickBooks Update Agent"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Service Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\Service Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MI6841~1\\80\\Tools\\Binn\\sqlmangr.exe /n"
"item"="Service Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk"
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Melanie^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path"="C:\\Documents and Settings\\Melanie\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Reader_sl"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ARO"
"hkey"="HKCU"
"command"="C:\\Program Files\\Advanced Registry Optimizer\\ARO.exe -rem"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AuthConsoleStart]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CFD"
"hkey"="HKLM"
"command"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTCLiveUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LiveUpdate"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\LiveUpdate\\LiveUpdate.exe\" /autostart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccRegVfy"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eBayTBDaemon"
"hkey"="HKLM"
"command"="C:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FileZilla Server Interface"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\FileZilla Server\\FileZilla Server Interface.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleDesktop"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gramburn]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="readme chin"
"hkey"="HKCU"
"command"="C:\\DOCUME~1\\Melanie\\APPLIC~1\\CASHST~1\\readme chin.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="C:\\Program Files\\ICQLite\\ICQLite.exe -minimize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISUSPM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="issch"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MotiveSB"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SBCSEL~1\\SMARTB~1\\MotiveSB.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nvraidservice"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\nvraidservice.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OLPSYNCH]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OlpSynch"
"hkey"="HKLM"
"command"="C:\\Program Files\\Offline Course Player\\OlpSynch.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Toolkit]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RegToolkit"
"hkey"="HKLM"
"command"="C:\\Program Files\\Registry Toolkit\\RegToolkit.exe /scan"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SDTrayApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\site ford roam vc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Eggs 1"
"hkey"="HKLM"
"command"="C:\\Documents and Settings\\All Users\\Application Data\\DEBUGFLAPSITEFORD\\Eggs 1.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mobsync"
"hkey"="HKLM"
"command"="%SystemRoot%\\system32\\mobsync.exe /logon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trend Micro AntiVirus 2007]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tavui"
"hkey"="HKLM"
"command"="C:\\Program Files\\Trend Micro\\AntiVirus 2007\\tavui.exe -1 --delay 15"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RegistryBooster"
"hkey"="HKCU"
"command"="C:\\Program Files\\Uniblue\\RegistryBooster 2\\RegistryBooster.exe /S"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FotomatDeviceConnect"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Viewpoint\\Toolbar Runtime\\3.7.0\\FotomatDeviceConnect.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SQLAgent$MICROSOFTSMLBIZ"=dword:00000003
"iPodService"=dword:00000003

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- Hosts -----------------------------------------------------------------------

192.168.1.104 HP000D9D0DC4A7


-- End of Deckard's System Scanner: finished at 2007-07-12 at 22:08:00 ---------

Deckard's System Scanner v20070711.54
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 3700+
Percentage of Memory in Use: 18%
Physical Memory (total/avail): 2047.47 MiB / 1660.34 MiB
Pagefile Memory (total/avail): 3941.68 MiB / 3735.08 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1971.18 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 114.48 GiB total, 79.87 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 153.38 GiB total, 147.11 GiB free.
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirewallDisableNotify is set.
AntivirusOverride is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
AV: Anti-Virus - SBC Yahoo! Online Protection v7.0.7.4 (Computer Associates)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"="C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\Program Files\\Ipswitch\\WS_FTP Professional\\wsftpgui.exe"="C:\\Program Files\\Ipswitch\\WS_FTP Professional\\wsftpgui.exe:*:Disabled:WS_FTP Pro Application"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\\Program Files\\Macromedia\\HomeSite 5\\Homesite5.exe"="C:\\Program Files\\Macromedia\\HomeSite 5\\Homesite5.exe:*:Enabled:HomeSite"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe:*:Enabled:HP OfficeJet Settings Interface"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqiscfg.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqiscfg.exe:*:Enabled:HP Instant Share Setup"
"C:\\Program Files\\HP\\Product Assistant\\bin\\hprbui.exe"="C:\\Program Files\\HP\\Product Assistant\\bin\\hprbui.exe:*:Enabled:HP Product Assistant"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqthb08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqthb08.exe:*:Enabled:Image Zone "
"C:\\Program Files\\HP\\Digital Imaging\\HP Print Screen\\prnsys.exe"="C:\\Program Files\\HP\\Digital Imaging\\HP Print Screen\\prnsys.exe:*:Enabled:HP Print Screen"
"C:\\temp\\HP_WebRelease\\Setup\\HPZnet01.exe"="C:\\temp\\HP_WebRelease\\Setup\\HPZnet01.exe:*:Disabled:Install Consumer Experience Network Plug in"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Documents and Settings\\Melanie\\Desktop\\iexplore.exe"="C:\\Documents and Settings\\Melanie\\Desktop\\iexplore.exe:*:Enabled:Internet Explorer"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Melanie\Application Data
ASLOGDIR=C:\Program Files\Intuit\QuickBooks 2006\
CLASSPATH=C:\Program Files\PhotoDeluxe BE 1.1\AdobeConnectables;
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MEL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Melanie
LOGONSERVER=\\MEL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\C:\WINDOWS\LHSP;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 39 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2701
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Melanie\LOCALS~1\Temp
TMP=C:\DOCUME~1\Melanie\LOCALS~1\Temp
USERDOMAIN=MEL
USERNAME=MelG
USERPROFILE=C:\Documents and Settings\Melanie
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Melanie (admin)
Melanie.MEL (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
--> C:\WINDOWS\system32\msiuins.exe
--> C:\WINDOWS\UNINST.EXE -f"C:\Program Files\PhotoDeluxe BE 1.1\DeIsL1.isu"
--> MsiExec.exe /I{688A3383-3CE7-4094-9188-9C39D1E4FCB6}
--> MsiExec.exe /I{C8D79874-7F2B-4346-99F1-DAA8AABF9DCA}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3M Printscape(tm) Products --> C:\WINDOWS\MVUNINST\App1\unwise.exe C:\WINDOWS\MVUNINST\APP1\INSTALL.LOG "3M Printscape(tm) Products Uninstall"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe PageMaker 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\PageMaker 7.0 Tryout\Uninst.isu" -c"C:\Program Files\Adobe\PageMaker 7.0 Tryout\Uninst.dll"
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe Type Manager 4.0 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
Advanced Registry Optimizer --> "C:\Program Files\Advanced Registry Optimizer\unins000.exe" /silent
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
AT&T Self Support Tool --> C:\WINDOWS\Motive\SBC\MCCUninst.exe
AT&T Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
DeductionPro 2006 --> C:\Program Files\DeductionPro 2006\RemoveDPro.EXE C:\PROGRA~1\DEDUCT~1\INSTALL.LOG
Easy Text To HTML Converter --> C:\Program Files\Easy Text To HTML Converter\uninst.exe
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
HP Driver Diagnostics --> MsiExec.exe /X{6314D540-E3C1-4F30-AEEB-4154C93375C3}
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Smart Web Printing 1.0 --> MsiExec.exe /X{E3030F57-9E6B-4E36-95B6-F7B4DBDEB8FB}
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
InterVideo WinDVD Creator --> "C:\Program Files\InstallShield Installation Information\{9933F0EE-DFCD-4829-B979-3C56C367CB1A}\setup.exe" REMOVEALL
iPod for Windows 2006-06-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
LGUsbDriver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB866374-B705-4749-83D9-997AC77146B3}\setup.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia HomeSite 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74307C3F-EBD4-11D4-A4D9-0010A4C3AFF0}\Setup.exe"
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Small Business Management Edition 2006 CD 2 --> MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A63}
Microsoft Office Sounds --> MsiExec.exe /I{10CE1EA2-12E9-11D3-825E-00C04F6843FE}
Mozilla Firefox (2.0.0.4) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}
Norton SystemWorks 2003 --> MsiExec.exe /I{43C3D832-AC96-463A-2003-1B8D1BFA2523}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
Norton? Security Scan --> MsiExec.exe /I{666CF041-77BE-414E-9A9D-0A227E9B48F8}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Panda ActiveScan Pro --> C:\WINDOWS\system32\ASProUni.exe Panda ActiveScan Pro
Professor Answers --> C:\Documents and Settings\All Users\Application Data\Individual Software\Professor Answers\UNINSTALL.EXE C:\PROGRA~1\INDIVI~1\PROFES~3\INSTALL.LOG
Professor Teaches Business Planning --> C:\Documents and Settings\All Users\Application Data\Individual Software\Professor Teaches Business Planning\UNINSTALL.EXE C:\PROGRA~1\INDIVI~1\PROFES~1\INSTALL.LOG
Professor Teaches Excel 2003 --> C:\Documents and Settings\All Users\Application Data\Individual Software\Professor Teaches Excel 2003\UNINSTALL.EXE C:\PROGRA~1\INDIVI~1\PROFES~2\INSTALL.LOG
QuickBooks Pro 2006 --> msiexec.exe /I {688A3383-3CE7-4094-9188-9C39D1E4FCB6} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2006" ADDREMOVE=1
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Remove Hidden Data Tool --> MsiExec.exe /X{90F80409-6000-11D3-8CFE-0150048383C9}
Sandlot Connect Version 1.2.3 --> "C:\Program Files\Common Files\Sandlot Shared\unins002.exe"
Sandlot Games Client Services --> "C:\Program Files\Common Files\Sandlot Shared\unins001.exe"
SmartFTP Client 2.0 --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP Client 2.0 Setup Files (remove only) --> "C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
TaxCut Premium 2006 --> C:\PROGRA~1\TaxCut06\Program\removetc.exe
Update Manager --> MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
Windows NT Messaging --> RunDll32 setupapi.dll,InstallHinfSection Uninstall 4 MSMail.inf
Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
ZipItFast Pro 3.01 - A Free, Fast All in One Archive Utility! --> C:\WINDOWS\iun6002.exe "c:\zipitpro\irunin.ini"


-- End of Deckard's System Scanner: finished at 2007-07-12 at 22:08:00 ---------

Thank you very much for your assistance!
[ + quote]
anari11
Suspended permanently
_ 		13. July 2007 @ 07:17 _ Link to this message    Send private message to this user   
delete O2 - BHO: (no name) - {6A07A1D6-5024-E8E1-9B50-DEE3FB919FFE} - (no file)

this is definitely a malicious program.

then delete O2 - BHO: (no name) - {6A07A1D6-5024-E8E1-9B50-DEE3FB919FFE} - (no file),this is just unneccesary.

and this one is nasty O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe.fix it.
[ + quote]
melanieG
Newbie
_ 		13. July 2007 @ 07:37 _ Link to this message    Send private message to this user   
Hi. Thanks so much for you assistance. I have a question for you and please forgive my ignorance. Where you say: this one is nasty O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe.fix it. I see that file in Hijack this but not exactly. I do not have the file extension with the Fix it. I just says npkcsvc.exe. I'm assuming that I need to delete it under hijack this and then go into windows explorer to do the same or look for that file with the fix it? I just want to be sure that I don't make things worse. This is all foreign to me. Thanks again for your help.
[ + quote]
Fredil
Member
_ 		13. July 2007 @ 07:41 _ Link to this message    Send private message to this user   
When an O2 or O3 says (no file), you can always fix it. However, that's only true for O2s and O3s.

Currently looking over your DSS log; will get back to you soon.
[ + quote]
Geeks to Go - Trusted Helper

Please do not PM for help - please post on the forums.
Auttaja
Suspended permanently
_ 		13. July 2007 @ 07:54 _ Link to this message    Send private message to this user   
Hi Fredil, you can´t just fix 023 lines

Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it Fix.bat Please save it on your desktop.

Quote:
Quote:
@echo off
sc stop npkcsvc
sc stop npkcsvc

Double click Fix.bat A window will open and close. This is normal.

This is way to remove that entry
[ + quote]
Don´t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list
Fredil
Member
_ 		13. July 2007 @ 07:58 _ Link to this message    Send private message to this user   
*ahem*. Check usernames - I didn't say fix the O23 line...

I'm still working on that fix - sorry about the time.
[ + quote]
Geeks to Go - Trusted Helper

Please do not PM for help - please post on the forums.
Fredil
Member
_ 		13. July 2007 @ 08:07 _ Link to this message    Send private message to this user   
Quote:
-- Last 5 Restore Point(s) --
16: 2007-07-13 05:05:41 UTC - RP16 - Deckard's System Scanner Restore Point
15: 2007-07-12 17:54:21 UTC - RP15 - Removed Norton AntiVirus
14: 2007-07-12 02:11:27 UTC - RP14 - System Checkpoint
13: 2007-07-11 01:41:48 UTC - RP13 - System Checkpoint
12: 2007-07-09 23:11:49 UTC - RP12 - System Checkpoint
Hmm... first let's make sure you removed Norton completely. Open Start > Control Panel > Add or Remove Programs. Scroll down the alphabetical list and remove all instances of Norton or Symantec. Next, please copy the contents of the quotebox below into a blank Notepad document (NOT Wordpad):

Quote:
REGEDIT4

[-HKEY_CURRENT_USER\Software\Symantec]
[-HKEY_LOCAL_MACHINE\Software\Symantec]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NAV"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NAV"=-
Click File > Save As. Under "Save as Type", select "All Files" from the dropdown. Save the name as KillNorton.reg the last four characters have to be .reg). Double-click on KillNorton.reg and when asked to merge the information with the registry press Yes.

Next, do what this guy said (but I didn't tell you to fix the O23, for the record):

Originally posted by Auttaja:
 Hi Fredil, you can´t just fix 023 lines

Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it Fix.bat Please save it on your desktop.

Quote:
Quote:
@echo off
sc stop npkcsvc
sc delete npkcsvc

Double click Fix.bat A window will open and close. This is normal.

This is way to remove that entry

Please reboot your computer into Safe Mode:

1. Reboot your computer.
2. As soon as it starts booting, press the F8 key. You may get an error if this is done too soon, just reboot and try again.
3. You may get a message about boot drivers, just press ESC and keep tapping F8.
4. At the Advanced Options menu, use the arrow keys and navigate to Safe Mode. Press Enter and log in as you usually would.

Delete this file:

C:\WINDOWS\system32\npkcsvc.exe

Reboot back into Normal Mode and post a fresh HijackThis.

@Auttaja - Why did you put sc stop twice? That doesn't do anything, you need sc delete :P
[ + quote]
Geeks to Go - Trusted Helper

Please do not PM for help - please post on the forums.
melanieG
Newbie
_ 		13. July 2007 @ 08:32 _ Link to this message    Send private message to this user   
I received an error when trying to perform your regedit4 fix:

It says that I cannot import it because it's not a registry script. You can only import binary files from within the registry editor.

I already removed the file that was suggested to me before you responded. Could that be why? I will refrain from doing that from now on. I ran a fresh hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 9:34:50 AM, on 7/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\NORTON~1\NORTON~2\QDCSFS.exe /scheduler
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/ins...staller_gmn.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housec...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Share...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/inst...llMgr_v01_5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsof...b?1183096465625
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Share...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1183096419671
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housec...ivex/hcImpl.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.sandlotgames.com/w4/slgwebinstall.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/install/gtdownls.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/a.../qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{724C7420-F180-476A-8941-3D731DC9ED93}: NameServer = 68.94.156.1,68.94.157.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
[ + quote]
Fredil
Member
_ 		13. July 2007 @ 08:38 _ Link to this message    Send private message to this user   
Humph... remove the space after the REGEDIT4 and put it before the REGEDIT4. Try it again.
[ + quote]
Geeks to Go - Trusted Helper

Please do not PM for help - please post on the forums.
Auttaja
Suspended permanently
_ 		13. July 2007 @ 08:39 _ Link to this message    Send private message to this user   
Yes, there was my fault x2, sorry about that, that could happen when I make things too fast.
[ + quote]
Don´t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list
Fredil
Member
_ 		13. July 2007 @ 08:41 _ Link to this message    Send private message to this user   
Hehehe. No problem at all :)
[ + quote]
Geeks to Go - Trusted Helper

Please do not PM for help - please post on the forums.
melanieG
Newbie
_ 		13. July 2007 @ 08:48 _ Link to this message    Send private message to this user   
I tried what you said and I get the same error message :(
[ + quote]
Fredil
Member
_ 		13. July 2007 @ 09:49 _ Link to this message    Send private message to this user   
BLEARGH!

Can you try this:

Quote:
REGEDIT4
[-HKEY_CURRENT_USER\Software\Symantec]

[-HKEY_LOCAL_MACHINE\Software\Symantec]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NAV"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NAV"=-
If you get an error, hit the Print Screen button to get a screenshot, paste it into Paint, save it on your computer, and email it to me as (mods, don't remove this as this is an email I created solely for this purpose) wikipedia.crusader@gmail.com. If not, then all will go well.
[ + quote]
Geeks to Go - Trusted Helper

Please do not PM for help - please post on the forums.
melanieG
Newbie
_ 		13. July 2007 @ 10:21 _ Link to this message    Send private message to this user   
It worked. Here's the new log:

Logfile of HijackThis v1.99.1
Scan saved at 11:22:53 AM, on 7/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\NORTON~1\NORTON~2\QDCSFS.exe /scheduler
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/ins...staller_gmn.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housec...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Share...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/inst...llMgr_v01_5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsof...b?1183096465625
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Share...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1183096419671
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housec...ivex/hcImpl.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.sandlotgames.com/w4/slgwebinstall.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/install/gtdownls.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/a.../qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{724C7420-F180-476A-8941-3D731DC9ED93}: NameServer = 68.94.156.1,68.94.157.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
[ + quote]
Fredil
Member
_ 		13. July 2007 @ 12:19 _ Link to this message    Send private message to this user   
Hmm... do the Deckard's scan again and post both logs. I want to see if there's anything crawling in places undetectable by HijackThis *laughs*

Quote:
..can no longer just go directly to my desktop at startup and I receive an error when using msconfig that I don't have administrator rights although I am an administrator. It will make the changes but it gives me the warning anyway...
Can you uninstall all components of Norton please, and uninstall Yahoo! Antivirus? Sygate doesn't seem to be a problem.

If you don't go to the desktop at startup, where do you go to? Do you have the "Run" command in your Start Menu, and do you have Folder Options in your Control Panel?

Just one more scan - do a scan with F-Secure Blacklight. It will download a file, save it to your desktop. Double-click on fsbl.exe to start the program. It will give you a license agreement, accept that. Click "Scan" to start the scan. Once the scan is done, you should be told if there are any hidden items. If there are, a log called fsbl-##############.txt (the # is a number) is made on your desktop. Copy and paste the contents of that log into your reply.

I lied about just one more scan :) Please pay a visit to http://www.virustotal.com to upload a file. In the textbox at the top, next to the "Browse" button, copy and paste the following text:

C:\WINDOWS\system32\npkcsvc.exe

Hit "Send". You may have to wait for quite a while due to the queue. When scanning of the file begins, don't interrupt it! It may take up to ten minutes to scan a large file. When the scan is done, the "status box" at the top should say "STATUS: FINISHED". Your file will be scanned with more than 30 antivirus engines for a comprehensive result. When the scan is done, there will be two tables - one with your results and one with information like the MD5 Checksum. Ignore the smaller table - just copy all the text in the larger one and paste it into your reply.
[ + quote]
Geeks to Go - Trusted Helper

Please do not PM for help - please post on the forums.
melanieG
Newbie
_ 		13. July 2007 @ 12:57 _ Link to this message    Send private message to this user   
Here's part of what you asked for:

From the Virustotal I received: 0 bytes size received / Se ha recibido un archivo vacio

From DSS I received only one file, the first flashed and then it was gone. This is all I get now:

Deckard's System Scanner v20070711.54
Run by MelG on 2007-07-13 at 13:55:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as MelG.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:55:49 PM, on 7/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Melanie\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\MelG.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\NORTON~1\NORTON~2\QDCSFS.exe /scheduler
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/ins...staller_gmn.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housec...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Share...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/inst...llMgr_v01_5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsof...b?1183096465625
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Share...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1183096419671
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housec...ivex/hcImpl.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.sandlotgames.com/w4/slgwebinstall.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/install/gtdownls.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/a.../qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{724C7420-F180-476A-8941-3D731DC9ED93}: NameServer = 68.94.156.1,68.94.157.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe


-- Files created between 2007-06-13 and 2007-07-13 -----------------------------

2007-07-12 11:07:56 0 d-------- C:\WINDOWS\CAVTemp
2007-07-12 11:01:51 26787 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-07-12 11:01:51 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2007-07-12 11:01:19 15478 --a------ C:\WINDOWS\system32\drivers\Vet-Rec.sys
2007-07-12 11:01:19 21031 --a------ C:\WINDOWS\system32\drivers\Vet-Filt.sys
2007-07-12 11:01:19 15735 --a------ C:\WINDOWS\system32\drivers\VetFDDNT.sys
2007-07-12 10:49:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-07-12 10:08:10 0 dr-h----- C:\Documents and Settings\Melanie\Recent
2007-07-12 09:56:42 0 d-------- C:\Program Files\CCleaner
2007-07-09 10:01:00 0 d-------- C:\WINDOWS\system32\ASPRO
2007-07-07 23:22:12 1156 --a------ C:\WINDOWS\mozver.dat
2007-07-03 06:36:57 0 d-------- C:\Documents and Settings\Melanie.MEL\Application Data\Help
2007-07-02 08:32:10 0 d-------- C:\Program Files\QuickTime
2007-07-01 10:10:15 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-01 10:09:47 0 d-------- C:\Documents and Settings\Melanie\Application Data\Mozilla
2007-06-28 12:17:31 0 d-------- C:\Documents and Settings\Melanie\Application Data\Uniblue
2007-06-27 10:32:44 69632 --a------ C:\WINDOWS\system32\asprouni.exe
2007-06-22 21:42:11 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2007-06-22 19:23:05 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-22 14:59:53 0 d-------- C:\Documents and Settings\LocalService\Desktop
2007-06-22 09:14:46 0 d-------- C:\WINDOWS\system32\drivers\AU_Backup
2007-06-21 19:47:26 0 d-------- C:\info
2007-06-21 19:08:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-06-20 14:30:23 0 d-------- C:\Documents and Settings\Melanie.MEL\Application Data\Identities
2007-06-20 14:29:28 0 d--h----- C:\Documents and Settings\Melanie.MEL\Templates
2007-06-20 14:29:28 0 dr------- C:\Documents and Settings\Melanie.MEL\Start Menu
2007-06-20 14:29:28 0 dr-h----- C:\Documents and Settings\Melanie.MEL\SendTo
2007-06-20 14:29:28 0 dr-h----- C:\Documents and Settings\Melanie.MEL\Recent
2007-06-20 14:29:28 0 d--h----- C:\Documents and Settings\Melanie.MEL\PrintHood
2007-06-20 14:29:28 0 d--h----- C:\Documents and Settings\Melanie.MEL\NetHood
2007-06-20 14:29:28 0 dr------- C:\Documents and Settings\Melanie.MEL\My Documents
2007-06-20 14:29:28 0 d--h----- C:\Documents and Settings\Melanie.MEL\Local Settings
2007-06-20 14:29:28 0 dr------- C:\Documents and Settings\Melanie.MEL\Favorites
2007-06-20 14:29:28 0 d-------- C:\Documents and Settings\Melanie.MEL\Desktop
2007-06-20 14:29:28 0 d---s---- C:\Documents and Settings\Melanie.MEL\Cookies
2007-06-20 14:29:28 0 dr-h----- C:\Documents and Settings\Melanie.MEL\Application Data
2007-06-20 14:29:28 0 d---s---- C:\Documents and Settings\Melanie.MEL\Application Data\Microsoft
2007-06-20 14:29:27 1310720 --ah----- C:\Documents and Settings\Melanie.MEL\NTUSER.DAT
2007-06-19 17:08:42 0 d-------- C:\Program Files\Kaspersky Lab
2007-06-19 17:08:16 0 d-------- C:\KAV
2007-06-14 18:57:31 26768 --a------ C:\WINDOWS\system\ctl3d.dll
2007-06-14 18:57:21 0 d-------- C:\WINDOWS\MVUNINST
2007-06-14 18:57:14 0 d-------- C:\Program Files\3M
2007-06-13 19:52:58 0 d-------- C:\Documents and Settings\Melanie\.housecall6.6


-- Find3M Report ---------------------------------------------------------------

2007-07-13 12:39:08 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-13 12:38:37 0 d-------- C:\Program Files\Norton SystemWorks
2007-07-12 13:09:00 0 d-------- C:\Program Files\Yahoo!
2007-07-12 11:01:07 0 d-------- C:\Program Files\Common Files\Scanner
2007-07-09 10:35:57 0 d-------- C:\Program Files\Apple Software Update
2007-07-06 15:00:01 0 d-------- C:\Program Files\Norton Security Scan
2007-07-02 08:47:51 0 d-------- C:\Program Files\Trend Micro
2007-06-28 12:13:51 0 d-------- C:\Program Files\Common Files\Sandlot Shared
2007-06-25 13:29:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-21 10:23:17 0 d-------- C:\Documents and Settings\Melanie\Application Data\Symantec
2007-06-21 07:29:09 0 d-------- C:\Program Files\Windows NT
2007-06-19 22:53:24 0 d-------- C:\Program Files\101 AVI MPEG WMV Converter
2007-06-19 15:03:34 0 d-------- C:\Program Files\Messenger
2007-06-15 13:53:16 0 d-------- C:\Program Files\Offline Course Player
2007-06-15 13:52:13 0 d-------- C:\Program Files\iPod
2007-06-14 10:54:33 0 d-------- C:\Program Files\Common Files\Adobe
2007-06-06 21:36:18 0 d-------- C:\Documents and Settings\Melanie\Application Data\Image Zone Express
2007-05-29 14:04:04 0 d-------- C:\Documents and Settings\Melanie\Application Data\Adobe
2007-05-23 07:58:23 0 d-------- C:\Program Files\InterVideo
2007-05-21 06:52:49 11096 --a------ C:\Documents and Settings\Melanie\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
2007-05-20 19:50:55 0 d-------- C:\Program Files\Bradford
2007-05-20 19:49:48 0 d-------- C:\Program Files\TaxCut06
2007-05-20 15:34:19 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-05-20 15:33:08 0 d-------- C:\Program Files\Common Files\HP
2007-05-20 15:32:34 0 d-------- C:\Program Files\Hewlett-Packard
2007-05-20 13:46:47 0 d-------- C:\Program Files\Common Files\Download Manager
2007-05-20 13:38:45 0 d-------- C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD
2007-05-20 13:29:23 0 d-------- C:\Program Files\Avex
2007-05-15 10:48:47 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2007-05-15 07:55:36 0 d-------- C:\Program Files\Advanced Registry Optimizer


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
{AE84A6AA-A333-4B92-B276-C11E2212E4FE} C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"QD FastAndSafe"="C:\\PROGRA~1\\NORTON~1\\NORTON~2\\QDCSFS.exe /scheduler"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
"YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=dword:00000000
"disabletaskmgr"=dword:00000000

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AT&T Self Support Tool.lnk"
"backup"="C:\\WINDOWS\\pss\\AT&T Self Support Tool.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SBCSEL~1\\bin\\matcli.exe -boot"
"item"="AT&T Self Support Tool"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Google Updater.lnk"
"backup"="C:\\WINDOWS\\pss\\Google Updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Google\\GOOGLE~2\\GOOGLE~1.EXE -systray -startup"
"item"="Google Updater"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Image Zone Fast Start.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Image Zone Fast Start.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe -s"
"item"="HP Image Zone Fast Start"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~3\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Post-it® Software Notes Lite.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Post-it® Software Notes Lite.lnk"
"backup"="C:\\WINDOWS\\pss\\Post-it® Software Notes Lite.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\3M\\PSN2Lite\\Psn2Lite.exe -RegRun"
"item"="Post-it® Software Notes Lite"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\QuickBooks Update Agent.lnk"
"backup"="C:\\WINDOWS\\pss\\QuickBooks Update Agent.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Intuit\\QUICKB~1\\QBUpdate\\qbupdate.exe "
"item"="QuickBooks Update Agent"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Service Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\Service Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MI6841~1\\80\\Tools\\Binn\\sqlmangr.exe /n"
"item"="Service Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk"
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Melanie^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path"="C:\\Documents and Settings\\Melanie\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Reader_sl"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ARO"
"hkey"="HKCU"
"command"="C:\\Program Files\\Advanced Registry Optimizer\\ARO.exe -rem"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AuthConsoleStart]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CFD"
"hkey"="HKLM"
"command"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTCLiveUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LiveUpdate"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\LiveUpdate\\LiveUpdate.exe\" /autostart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccRegVfy"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eBayTBDaemon"
"hkey"="HKLM"
"command"="C:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FileZilla Server Interface"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\FileZilla Server\\FileZilla Server Interface.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleDesktop"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gramburn]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="readme chin"
"hkey"="HKCU"
"command"="C:\\DOCUME~1\\Melanie\\APPLIC~1\\CASHST~1\\readme chin.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="C:\\Program Files\\ICQLite\\ICQLite.exe -minimize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISUSPM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="issch"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MotiveSB"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SBCSEL~1\\SMARTB~1\\MotiveSB.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nvraidservice"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\nvraidservice.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OLPSYNCH]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OlpSynch"
"hkey"="HKLM"
"command"="C:\\Program Files\\Offline Course Player\\OlpSynch.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Toolkit]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RegToolkit"
"hkey"="HKLM"
"command"="C:\\Program Files\\Registry Toolkit\\RegToolkit.exe /scan"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SDTrayApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\site ford roam vc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Eggs 1"
"hkey"="HKLM"
"command"="C:\\Documents and Settings\\All Users\\Application Data\\DEBUGFLAPSITEFORD\\Eggs 1.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mobsync"
"hkey"="HKLM"
"command"="%SystemRoot%\\system32\\mobsync.exe /logon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trend Micro AntiVirus 2007]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tavui"
"hkey"="HKLM"
"command"="C:\\Program Files\\Trend Micro\\AntiVirus 2007\\tavui.exe -1 --delay 15"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RegistryBooster"
"hkey"="HKCU"
"command"="C:\\Program Files\\Uniblue\\RegistryBooster 2\\RegistryBooster.exe /S"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FotomatDeviceConnect"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Viewpoint\\Toolbar Runtime\\3.7.0\\FotomatDeviceConnect.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SQLAgent$MICROSOFTSMLBIZ"=dword:00000003
"iPodService"=dword:00000003

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-07-13 at 13:56:26 ---------
[ + quote]
melanieG
Newbie
_ 		13. July 2007 @ 13:30 _ Link to this message    Send private message to this user   
I ran F-Secure and it didn't find anything but it gave me this:07/13/07 14:01:34 [Info]: BlackLight Engine 1.0.64 initialized
07/13/07 14:01:34 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/13/07 14:01:34 [Note]: 7019 4
07/13/07 14:01:34 [Note]: 7005 0
07/13/07 14:01:36 [Note]: 7006 0
07/13/07 14:01:37 [Note]: 7011 400
07/13/07 14:01:37 [Note]: 7026 0
07/13/07 14:01:37 [Note]: 7026 0
07/13/07 14:01:39 [Note]: FSRAW library version 1.7.1022
07/13/07 14:08:00 [Note]: 2000 1012
07/13/07 14:08:00 [Note]: 2000 1012
07/13/07 14:12:15 [Note]: 7007 0

I do have the RUN option under start and all options under control panel.
When I startup my computer, I get to the welcome screen where I have to select a user. Windows created an administrator account for me although I was already the administrator. Now, I have two user accounts. I can't delete the one that windows created so I disabled it. You're not supposed to be able to do that but it allowed me to. I receive a message that it's disabled, I have to click ok, then I have to click on my user account for it to load my settings. Is there any way to merge my setting to the other so that I don't have to do that? Back to the task at hand...

I uninstalled all norton and Yahoo security. I should have waited to run the dss, I apologize. I'm not sure why I only get one list now. The other is just a blur.

Here is a new one:
Deckard's System Scanner v20070711.54
Run by MelG on 2007-07-13 at 14:22:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as MelG.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:22:19 PM, on 7/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Documents and Settings\Melanie\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\MelG.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\NORTON~1\NORTON~2\QDCSFS.exe /scheduler
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/ins...staller_gmn.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housec...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Share...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/inst...llMgr_v01_5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsof...b?1183096465625
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Share...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1183096419671
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housec...ivex/hcImpl.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.sandlotgames.com/w4/slgwebinstall.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/install/gtdownls.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/a.../qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{724C7420-F180-476A-8941-3D731DC9ED93}: NameServer = 68.94.156.1,68.94.157.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe


-- Files created between 2007-06-13 and 2007-07-13 -----------------------------

2007-07-12 11:07:56 0 d-------- C:\WINDOWS\CAVTemp
2007-07-12 11:01:51 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2007-07-12 10:08:10 0 dr-h----- C:\Documents and Settings\Melanie\Recent
2007-07-12 09:56:42 0 d-------- C:\Program Files\CCleaner
2007-07-09 10:01:00 0 d-------- C:\WINDOWS\system32\ASPRO
2007-07-07 23:22:12 1156 --a------ C:\WINDOWS\mozver.dat
2007-07-03 06:36:57 0 d-------- C:\Documents and Settings\Melanie.MEL\Application Data\Help
2007-07-02 08:32:10 0 d-------- C:\Program Files\QuickTime
2007-07-01 10:10:15 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-01 10:09:47 0 d-------- C:\Documents and Settings\Melanie\Application Data\Mozilla
2007-06-28 12:17:31 0 d-------- C:\Documents and Settings\Melanie\Application Data\Uniblue
2007-06-27 10:32:44 69632 --a------ C:\WINDOWS\system32\asprouni.exe
2007-06-22 21:42:11 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2007-06-22 19:23:05 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-22 14:59:53 0 d-------- C:\Documents and Settings\LocalService\Desktop
2007-06-22 09:14:46 0 d-------- C:\WINDOWS\system32\drivers\AU_Backup
2007-06-21 19:47:26 0 d-------- C:\info
2007-06-21 19:08:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-06-20 14:30:23 0 d-------- C:\Documents and Settings\Melanie.MEL\Application Data\Identities
2007-06-20 14:29:28 0 d--h----- C:\Documents and Settings\Melanie.MEL\Templates
2007-06-20 14:29:28 0 dr------- C:\Documents and Settings\Melanie.MEL\Start Menu
2007-06-20 14:29:28 0 dr-h----- C:\Documents and Settings\Melanie.MEL\SendTo
2007-06-20 14:29:28 0 dr-h----- C:\Documents and Settings\Melanie.MEL\Recent
2007-06-20 14:29:28 0 d--h----- C:\Documents and Settings\Melanie.MEL\PrintHood
2007-06-20 14:29:28 0 d--h----- C:\Documents and Settings\Melanie.MEL\NetHood
2007-06-20 14:29:28 0 dr------- C:\Documents and Settings\Melanie.MEL\My Documents
2007-06-20 14:29:28 0 d--h----- C:\Documents and Settings\Melanie.MEL\Local Settings
2007-06-20 14:29:28 0 dr------- C:\Documents and Settings\Melanie.MEL\Favorites
2007-06-20 14:29:28 0 d-------- C:\Documents and Settings\Melanie.MEL\Desktop
2007-06-20 14:29:28 0 d---s---- C:\Documents and Settings\Melanie.MEL\Cookies
2007-06-20 14:29:28 0 dr-h----- C:\Documents and Settings\Melanie.MEL\Application Data
2007-06-20 14:29:28 0 d---s---- C:\Documents and Settings\Melanie.MEL\Application Data\Microsoft
2007-06-20 14:29:27 1310720 --ah----- C:\Documents and Settings\Melanie.MEL\NTUSER.DAT
2007-06-19 17:08:42 0 d-------- C:\Program Files\Kaspersky Lab
2007-06-19 17:08:16 0 d-------- C:\KAV
2007-06-14 18:57:31 26768 --a------ C:\WINDOWS\system\ctl3d.dll
2007-06-14 18:57:21 0 d-------- C:\WINDOWS\MVUNINST
2007-06-14 18:57:14 0 d-------- C:\Program Files\3M
2007-06-13 19:52:58 0 d-------- C:\Documents and Settings\Melanie\.housecall6.6


-- Find3M Report ---------------------------------------------------------------

2007-07-13 14:14:36 0 d-------- C:\Program Files\Yahoo!
2007-07-13 14:14:13 0 d-------- C:\Program Files\Common Files\Scanner
2007-07-13 12:39:08 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-13 12:38:37 0 d-------- C:\Program Files\Norton SystemWorks
2007-07-09 10:35:57 0 d-------- C:\Program Files\Apple Software Update
2007-07-02 08:47:51 0 d-------- C:\Program Files\Trend Micro
2007-06-28 12:13:51 0 d-------- C:\Program Files\Common Files\Sandlot Shared
2007-06-25 13:29:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-21 10:23:17 0 d-------- C:\Documents and Settings\Melanie\Application Data\Symantec
2007-06-21 07:29:09 0 d-------- C:\Program Files\Windows NT
2007-06-19 22:53:24 0 d-------- C:\Program Files\101 AVI MPEG WMV Converter
2007-06-19 15:03:34 0 d-------- C:\Program Files\Messenger
2007-06-15 13:53:16 0 d-------- C:\Program Files\Offline Course Player
2007-06-15 13:52:13 0 d-------- C:\Program Files\iPod
2007-06-14 10:54:33 0 d-------- C:\Program Files\Common Files\Adobe
2007-06-06 21:36:18 0 d-------- C:\Documents and Settings\Melanie\Application Data\Image Zone Express
2007-05-29 14:04:04 0 d-------- C:\Documents and Settings\Melanie\Application Data\Adobe
2007-05-23 07:58:23 0 d-------- C:\Program Files\InterVideo
2007-05-21 06:52:49 11096 --a------ C:\Documents and Settings\Melanie\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
2007-05-20 19:50:55 0 d-------- C:\Program Files\Bradford
2007-05-20 19:49:48 0 d-------- C:\Program Files\TaxCut06
2007-05-20 15:34:19 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-05-20 15:33:08 0 d-------- C:\Program Files\Common Files\HP
2007-05-20 15:32:34 0 d-------- C:\Program Files\Hewlett-Packard
2007-05-20 13:46:47 0 d-------- C:\Program Files\Common Files\Download Manager
2007-05-20 13:38:45 0 d-------- C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD
2007-05-20 13:29:23 0 d-------- C:\Program Files\Avex
2007-05-15 10:48:47 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2007-05-15 07:55:36 0 d-------- C:\Program Files\Advanced Registry Optimizer


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
{AE84A6AA-A333-4B92-B276-C11E2212E4FE} C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"QD FastAndSafe"="C:\\PROGRA~1\\NORTON~1\\NORTON~2\\QDCSFS.exe /scheduler"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=dword:00000000
"disabletaskmgr"=dword:00000000

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AT&T Self Support Tool.lnk"
"backup"="C:\\WINDOWS\\pss\\AT&T Self Support Tool.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SBCSEL~1\\bin\\matcli.exe -boot"
"item"="AT&T Self Support Tool"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Google Updater.lnk"
"backup"="C:\\WINDOWS\\pss\\Google Updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Google\\GOOGLE~2\\GOOGLE~1.EXE -systray -startup"
"item"="Google Updater"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Image Zone Fast Start.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Image Zone Fast Start.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe -s"
"item"="HP Image Zone Fast Start"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~3\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Post-it® Software Notes Lite.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Post-it® Software Notes Lite.lnk"
"backup"="C:\\WINDOWS\\pss\\Post-it® Software Notes Lite.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\3M\\PSN2Lite\\Psn2Lite.exe -RegRun"
"item"="Post-it® Software Notes Lite"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\QuickBooks Update Agent.lnk"
"backup"="C:\\WINDOWS\\pss\\QuickBooks Update Agent.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Intuit\\QUICKB~1\\QBUpdate\\qbupdate.exe "
"item"="QuickBooks Update Agent"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Service Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\Service Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MI6841~1\\80\\Tools\\Binn\\sqlmangr.exe /n"
"item"="Service Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk"
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Melanie^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path"="C:\\Documents and Settings\\Melanie\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Reader_sl"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ARO"
"hkey"="HKCU"
"command"="C:\\Program Files\\Advanced Registry Optimizer\\ARO.exe -rem"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AuthConsoleStart]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CFD"
"hkey"="HKLM"
"command"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTCLiveUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LiveUpdate"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\LiveUpdate\\LiveUpdate.exe\" /autostart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccRegVfy"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eBayTBDaemon"
"hkey"="HKLM"
"command"="C:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FileZilla Server Interface"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\FileZilla Server\\FileZilla Server Interface.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleDesktop"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gramburn]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="readme chin"
"hkey"="HKCU"
"command"="C:\\DOCUME~1\\Melanie\\APPLIC~1\\CASHST~1\\readme chin.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="C:\\Program Files\\ICQLite\\ICQLite.exe -minimize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISUSPM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="issch"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MotiveSB"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SBCSEL~1\\SMARTB~1\\MotiveSB.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nvraidservice"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\nvraidservice.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OLPSYNCH]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OlpSynch"
"hkey"="HKLM"
"command"="C:\\Program Files\\Offline Course Player\\OlpSynch.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Toolkit]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RegToolkit"
"hkey"="HKLM"
"command"="C:\\Program Files\\Registry Toolkit\\RegToolkit.exe /scan"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SDTrayApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\site ford roam vc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Eggs 1"
"hkey"="HKLM"
"command"="C:\\Documents and Settings\\All Users\\Application Data\\DEBUGFLAPSITEFORD\\Eggs 1.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mobsync"
"hkey"="HKLM"
"command"="%SystemRoot%\\system32\\mobsync.exe /logon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trend Micro AntiVirus 2007]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tavui"
"hkey"="HKLM"
"command"="C:\\Program Files\\Trend Micro\\AntiVirus 2007\\tavui.exe -1 --delay 15"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RegistryBooster"
"hkey"="HKCU"
"command"="C:\\Program Files\\Uniblue\\RegistryBooster 2\\RegistryBooster.exe /S"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FotomatDeviceConnect"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Viewpoint\\Toolbar Runtime\\3.7.0\\FotomatDeviceConnect.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SQLAgent$MICROSOFTSMLBIZ"=dword:00000003
"iPodService"=dword:00000003

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-07-13 at 14:22:39 ---------
[ + quote]
melanieG
Newbie
_ 		13. July 2007 @ 13:39 _ Link to this message    Send private message to this user   
I noticed that Norton is still listed. I went to programs and there is still stuff in there. I deleted them from my programs list, then went to windows explorer. I tried to delete the folder but it gets as far as NPComsrv.DLL and tells me I can't delete it, access is denied.
[ + quote]
Fredil
Member
_ 		14. July 2007 @ 07:51 _ Link to this message    Send private message to this user   
Please reboot your computer into Safe Mode:

1. Reboot your computer.
2. As soon as it starts booting, press the F8 key. You may get an error if this is done too soon, just reboot and try again.
3. You may get a message about boot drivers, just press ESC and keep tapping F8.
4. At the Advanced Options menu, use the arrow keys and navigate to Safe Mode. Press Enter and log in as you usually would.

Try to delete the Norton folder again. Then, reboot back to normal.

How's your computer? If there are still problems we will have to scan more thoroughly.
[ + quote]
Geeks to Go - Trusted Helper

Please do not PM for help - please post on the forums.
Auttaja
Suspended permanently
_ 		14. July 2007 @ 08:55 _ Link to this message    Send private message to this user   
[ + quote]
Don´t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list
Advertisement
_ 		__
 
_
melanieG
Newbie
_ 		14. July 2007 @ 10:33 _ Link to this message    Send private message to this user   
Fredl, I just finished deleting all of Norton and symantec files. I went through Windows explorer deleted the folder successfully, then went into regedit under HKEY CU & LM to remove Symantec. I see no change in my computer thus far. There is still something hiding somewhere. Or maybe it's the permanent damage that I have to live with? You mentioned scanning a little more in depth, fire away.
[ + quote]
 
Page:12Next >
Related links
Download the latest version of HijackThis now!
 
Related forum topics Posts Last post Forum room
HijackThis 101 1 11. September 2013 Windows - Virus and spyware problems
Had Department of Justice money pack virus. Now computer is acting strange. Could someone take a look at my hijackthis log? 64 6. January 2013 Windows - Virus and spyware problems
ComboFix/HIJackThis Log Help 9 10. April 2012 Windows - Virus and spyware problems
Please review HiJackThis log and help 1 11. November 2011 Windows - Virus and spyware problems
HijackThis Log File! 3 27. June 2011 Windows - Virus and spyware problems
please help read hijackthis log 1 7. April 2011 Windows - Virus and spyware problems
HijackThis Log, Please Help ! 5 4. April 2011 Windows - Virus and spyware problems
HiJackThis log...pls help 1 2. April 2011 Windows - Virus and spyware problems
My Hijackthis log file, please help 2 20. February 2011 Windows - Virus and spyware problems
Malware help! hijackthis log provided. 6 29. September 2010 Windows - Virus and spyware problems

 
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > need help reviewing hijackthis log.
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork