Well first off, THANKS for your help and quick response.
here are the logfiles you need
hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 12:26:10 PM, on 1/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\Program Files\FBM Software\ZeroSpyware Limited Edition\FileDeleter.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\todd\My Documents\phone other\HijackThis.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Contribute 4\contributeieplugin.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Contribute 4\contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Spea&k It! - C:\WINDOWS\WEB\speakit.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) -
http://dlmanager.akamaitools.com.edgesuite...vex-2.0.6.0.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {317153FE-B7FB-419B-AC87-0B2EC97D7A04} (VB2S ActiveX Control) -
http://www.subdo.com/activex/vb2s.cabO16 - DPF: {819EDD4C-7EB6-4D97-B831-D68B57E7D3ED} (Wyncs Control) -
http://www.thezonelive.com/zone/Wyncs.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) -
http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cabO16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) -
http://a532.g.akamai.net/f/532/6712/5m/vir...0/installer.exeO18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ZeroSpyware FileDeleter (FileDeleter) - FBM Software - C:\Program Files\FBM Software\ZeroSpyware Limited Edition\FileDeleter.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
combofix log
"todd" - 07-01-14 12:01:05 Service Pack 2
ComboFix 07-01-14.2 - Running from: "C:\Documents and Settings\todd\My Documents\drivers"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\INSTALL.LOG
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43
((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))
2007-01-14 11:49 <DIR> d-------- C:\avenger
2007-01-14 11:44 16 --a------ C:\chdir.bat
2007-01-14 11:44 <DIR> d-------- C:\Rustbfix
2007-01-04 21:37 <DIR> d-------- C:\Program Files\New Folder
2007-01-03 01:01 <DIR> d-------- C:\Program Files\Borland
2007-01-03 01:01 <DIR> d-------- C:\Program Files\Bell & Howell
2007-01-02 21:39 <DIR> d-------- C:\Shopman32
2007-01-01 23:11 <DIR> d-------- C:\DOCUME~1\todd\QuasarConfig
2007-01-01 00:03 <DIR> d-------- C:\D drive
2006-12-31 21:36 <DIR> d-------- C:\Program Files\PowerQuest
2006-12-30 23:06 2,556 --a------ C:\WINDOWS\system32\tmp.reg
2006-12-30 23:00 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2006-12-30 23:00 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-12-30 23:00 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2006-12-30 23:00 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-12-30 23:00 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-12-30 23:00 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-12-30 22:53 <DIR> d--hs---- C:\WINDOWS\CSC
2006-12-30 22:07 <DIR> d-------- C:\WINDOWS\system32\zslfiles
2006-12-30 22:06 <DIR> d-------- C:\WINDOWS\system32\ZeroSpyware Limited Edition
2006-12-30 22:02 <DIR> d-------- C:\Program Files\FBM Software
2006-12-30 21:55 <DIR> d-------- C:\Program Files\Enigma Software Group
2006-12-24 11:15 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2006-12-24 11:15 <DIR> d-------- C:\WINDOWS\system32\en-us
2006-12-24 11:14 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2006-12-24 11:14 <DIR> d-------- C:\Program Files\Reference Assemblies
2006-12-24 10:59 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2006-12-24 10:59 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2006-12-24 10:59 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2006-12-24 10:59 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2006-12-24 10:58 <DIR> d-------- C:\Program Files\MSBuild
2006-12-23 06:18 <DIR> d-------- C:\Program Files\DevComponents BubbleBar
2006-12-23 06:16 <DIR> d-------- C:\Program Files\ComponentScience
2006-12-22 09:08 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2006-12-20 21:23 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2006-12-20 21:23 <DIR> d-------- C:\Program Files\MSECACHE
2006-12-20 10:38 <DIR> d--hs---- C:\WINDOWS\system32\wsnpoem
2006-12-19 21:44 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2006-12-19 21:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Microsoft Help
2006-12-17 21:27 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2006-12-17 21:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\FLEXnet
2006-12-16 23:09 <DIR> d-------- C:\Inetpub
2006-12-16 22:54 <DIR> d-------- C:\DOCUME~1\tank\Application Data\Ipswitch
2006-12-16 22:53 <DIR> d-------- C:\DOCUME~1\tank\Application Data\Real
2006-12-16 22:53 <DIR> d-------- C:\DOCUME~1\tank\Application Data\HotSync
2006-12-16 22:53 <DIR> d-------- C:\DOCUME~1\tank\Application Data\ATI
2006-12-16 21:43 <DIR> d-------- C:\Program Files\Winedt
2006-12-16 20:38 <DIR> d-------- C:\Program Files\Softick
2006-12-16 20:31 286,720 --a------ C:\WINDOWS\mpppuninstall.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-14 11:59 -------- d-------- C:\Program Files\mozilla firefox
2007-01-14 11:30 -------- d-------- C:\Program Files\ypops
2007-01-13 01:08 2508 --a------ C:\DOCUME~1\todd\Application Data\$_hpcst$.hpc
2007-01-13 00:10 -------- d-------- C:\Program Files\palmone
2007-01-12 23:57 -------- d---s---- C:\DOCUME~1\todd\Application Data\microsoft
2007-01-11 09:01 -------- d-------- C:\Program Files\documents to go
2007-01-10 23:25 -------- d-------- C:\DOCUME~1\todd\Application Data\adobe
2007-01-04 00:13 -------- d-------- C:\DOCUME~1\todd\Application Data\u3
2006-12-30 22:06 -------- d--h----- C:\Program Files\installshield installation information
2006-12-20 21:05 520192 --------- C:\WINDOWS\system32\ati2sgag.exe
2006-12-17 21:21 -------- d-------- C:\Program Files\Common Files\adobe
2006-12-17 09:23 -------- d-------- C:\DOCUME~1\todd\Application Data\adobeum
2006-12-17 00:42 -------- d-------- C:\Program Files\mozilla thunderbird
2006-12-17 00:15 -------- d-------- C:\Program Files\google
2006-12-17 00:11 -------- d-------- C:\DOCUME~1\todd\Application Data\azureus
2006-12-17 00:05 -------- d-------- C:\Program Files\azureus
2006-12-17 00:03 -------- d-------- C:\Program Files\a4desk
2006-12-16 23:59 -------- d-------- C:\Program Files\metty
2006-12-16 23:52 -------- d-------- C:\Program Files\yahoo!
2006-12-16 23:51 -------- d-------- C:\Program Files\amaya
2006-12-16 23:46 -------- d-------- C:\Program Files\timewhiz
2006-12-16 23:45 -------- d-------- C:\Program Files\postcast server
2006-12-16 23:42 -------- d-------- C:\Program Files\myworkorders
2006-12-16 23:41 -------- d-------- C:\Program Files\mail enable
2006-12-16 23:40 -------- d-------- C:\Program Files\Common Files\macromedia shared
2006-12-16 23:40 -------- d-------- C:\Program Files\Common Files\macromedia
2006-12-16 23:40 -------- d-------- C:\DOCUME~1\todd\Application Data\macromedia
2006-12-16 23:34 -------- d-------- C:\Program Files\Common Files\ati
2006-12-16 21:50 263168 --a------ C:\WINDOWS\system32\ati2dvag.dll
2006-12-16 21:50 1918464 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-12-16 21:44 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2006-12-16 21:44 26112 --a------ C:\WINDOWS\system32\ati2mdxx.exe
2006-12-16 21:44 118784 --a------ C:\WINDOWS\system32\atipdlxx.dll
2006-12-16 21:44 110592 --a------ C:\WINDOWS\system32\ati2evxx.dll
2006-12-16 21:44 102400 --a------ C:\WINDOWS\system32\oemdspif.dll
2006-12-16 21:42 53248 --a------ C:\WINDOWS\system32\atiddc.dll
2006-12-16 21:42 434176 --a------ C:\WINDOWS\system32\ati2evxx.exe
2006-12-16 21:41 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2006-12-16 21:35 2676672 --a------ C:\WINDOWS\system32\ati3duag.dll
2006-12-16 21:30 1289472 --a------ C:\WINDOWS\system32\ativvaxx.dll
2006-12-16 21:23 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-12-16 21:21 5304320 --a------ C:\WINDOWS\system32\atioglxx.dll
2006-12-16 21:17 241664 --a------ C:\WINDOWS\system32\atikvmag.dll
2006-12-16 21:16 303104 --a------ C:\WINDOWS\system32\atidemgr.dll
2006-12-16 21:16 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-12-16 21:10 315392 --a------ C:\WINDOWS\system32\ati2cqag.dll
2006-12-13 23:48 -------- d-------- C:\Program Files\dbviewerplus
2006-12-11 01:44 -------- d-------- C:\Program Files\project url snooper
2006-12-11 01:15 -------- d-------- C:\Program Files\xi
2006-12-11 01:03 -------- d-------- C:\Program Files\winpcap
2006-12-10 22:23 -------- d-------- C:\Program Files\dv ts
2006-12-10 14:05 502272 --a------ C:\WINDOWS\system32\winlogon.exe
2006-12-10 00:10 -------- d-------- C:\Program Files\bhelpuri
2006-12-07 00:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-05 19:35 -------- d-------- C:\Program Files\virtools web player 3.0
2006-12-02 21:26 -------- d-------- C:\Program Files\autodesk
2006-12-02 21:24 -------- d-------- C:\Program Files\Common Files\autodesk shared
2006-12-02 14:44 -------- d-------- C:\Program Files\macromedia
2006-11-16 22:03 -------- d-------- C:\Program Files\ipswitch
2006-11-16 22:03 -------- d-------- C:\DOCUME~1\todd\Application Data\ipswitch
2006-11-16 21:56 -------- d-------- C:\Program Files\netobjects
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-01 11:27 53248 --a------ C:\WINDOWS\siuninst.exe
2006-10-30 03:33 9480 --a------ C:\WINDOWS\system32\icardres.dll
2006-10-30 03:33 83968 --a------ C:\WINDOWS\system32\infocardapi.dll
2006-10-30 03:33 556296 --a------ C:\WINDOWS\system32\icardagt.exe
2006-10-28 17:41 36864 --a------ C:\WINDOWS\system32\cfperfmon_mx.dll
2006-10-26 14:10 33088 --a------ C:\WINDOWS\system32\fm20enu.dll
2006-10-26 14:10 1190688 --a------ C:\WINDOWS\system32\fm20.dll
2006-10-24 12:30 716288 --------- C:\WINDOWS\system32\windowscodecs.dll
2006-10-24 12:30 412160 --------- C:\WINDOWS\system32\photometadatahandler.dll
2006-10-24 12:30 276992 --------- C:\WINDOWS\system32\wmphoto.dll
2006-10-24 12:29 352256 --------- C:\WINDOWS\system32\windowscodecsext.dll
2006-10-20 21:30 769312 --a------ C:\WINDOWS\system32\presentationnative_v0300.dll
2006-10-20 21:30 478496 --a------ C:\WINDOWS\system32\evr.dll
2006-10-20 21:30 1980704 --a------ C:\WINDOWS\system32\milcore.dll
2006-10-20 21:29 69408 --a------ C:\WINDOWS\system32\dxva2.dll
2006-10-20 21:29 344352 --a------ C:\WINDOWS\system32\presentationhost.exe
2006-10-20 21:29 20768 --a------ C:\WINDOWS\system32\presentationhostproxy.dll
2006-10-20 21:29 159008 --a------ C:\WINDOWS\system32\uiautomationcore.dll
2006-10-20 21:29 104224 --a------ C:\WINDOWS\system32\presentationcffrasterizernative_v0300.dll
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-16 16:10 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-10-15 19:05 53248 --a------ C:\WINDOWS\palmdevc.dll
2006-10-14 20:22 1698048 --------- C:\WINDOWS\system32\xpssvcs.dll
2006-10-14 20:21 580352 --------- C:\WINDOWS\system32\xpsshhdr.dll
2006-10-14 20:09 422 --a------ C:\WINDOWS\system32\msst42.dll
2006-10-14 16:43 124416 --------- C:\WINDOWS\system32\prntvpt.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\1564]
"rdgrjvbs"=hex(1):22,43,3a,5c,52,75,73,74,62,66,69,78,5c,32,72,75,6e,2e,62,61,\
74,22
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Acrobat Speed Launcher.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Acrobat Speed Launcher.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\Installer\\{AC76BA86-1033-F400-7760-000000000003}\\_SC_Acrobat.exe "
"item"="Adobe Acrobat Speed Launcher"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Acrobat Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Acrobat Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~3.0\\Acrobat\\ADOBEC~1.EXE "
"item"="Adobe Acrobat Synchronizer"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Bluetooth.lnk"
"backup"="C:\\WINDOWS\\pss\\Bluetooth.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\IOGEAR\\BLUETO~1\\BTTray.exe "
"item"="Bluetooth"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Browser Mouse 1.0.lnk]
"backup"="C:\\WINDOWS\\pss\\Browser Mouse 1.0.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BROWSE~1\\BROWSE~1\\1.0\\LwbWheel.exe "
"item"="Browser Mouse 1.0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HotSync Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\HotSync Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\palmOne\\Hotsync.exe -logon"
"item"="HotSync Manager"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HOTSYNCSHORTCUTNAME.lnk"
"backup"="C:\\WINDOWS\\pss\\HOTSYNCSHORTCUTNAME.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\palmOne\\Hotsync.exe -logon"
"item"="HOTSYNCSHORTCUTNAME"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
"backup"="C:\\WINDOWS\\pss\\HP Image Zone Fast Start.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe -s"
"item"="HP Image Zone Fast Start"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTracker Pro.lnk]
"backup"="C:\\WINDOWS\\pss\\VersionTracker Pro.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\Installer\\{2A9AD464-DB2E-42A3-A3AA-71BFC065F982}\\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe /hide"
"item"="VersionTracker Pro"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^YPOPs!.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\YPOPs!.lnk"
"backup"="C:\\WINDOWS\\pss\\YPOPs!.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\YPOPs\\ypops.exe "
"item"="YPOPs!"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^yProxy.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\yProxy.lnk"
"backup"="C:\\WINDOWS\\pss\\yProxy.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\yProxy\\yProxy.exe "
"item"="yProxy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^todd^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path"="C:\\Documents and Settings\\todd\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^todd^Start Menu^Programs^Startup^HotSync Manager.LNK]
"path"="C:\\Documents and Settings\\todd\\Start Menu\\Programs\\Startup\\HotSync Manager.LNK"
"backup"="C:\\WINDOWS\\pss\\HotSync Manager.LNKStartup"
"location"="Startup"
"command"="C:\\Program Files\\palmOne\\Hotsync.exe "
"item"="HotSync Manager"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^todd^Start Menu^Programs^Startup^palmOne Registration.lnk]
"path"="C:\\Documents and Settings\\todd\\Start Menu\\Programs\\Startup\\palmOne Registration.lnk"
"backup"="C:\\WINDOWS\\pss\\palmOne Registration.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\palmOne\\register.exe /remind /language=EN /PRNM=\"palmOne\""
"item"="palmOne Registration"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^todd^Start Menu^Programs^Startup^YPOPs.lnk]
"path"="C:\\Documents and Settings\\todd\\Start Menu\\Programs\\Startup\\YPOPs.lnk"
"backup"="C:\\WINDOWS\\pss\\YPOPs.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\YPOPs\\YPOPs.exe "
"item"="YPOPs"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Acrotray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Acrotray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AnyDVD"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ATIDtct"
"hkey"="HKCU"
"command"="C:\\Program Files\\ATI Multimedia\\main\\ATIDtct.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="launchpd"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\ATI Multimedia\\main\\launchpd.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Remote Control]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ATIRW"
"hkey"="HKCU"
"command"="C:\\Program Files\\ATI Multimedia\\RemCtrl\\ATIRW.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Scheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ATISched"
"hkey"="HKCU"
"command"="C:\\Program Files\\ATI Multimedia\\main\\ATISched.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cli"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fwewwqwe3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EB7069F0"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\TEMP\\EB7069F0.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleDesktop"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpcmpmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpztsb11"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb11.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hphmon06"
"hkey"="HKLM"
"inimapping"="0"
"command"="C:\\WINDOWS\\system32\\hphmon06.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hphupd06"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISUSPM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -startup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="issch"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lwbwheel"
"hkey"="HKLM"
"command"="C:\\Program Files\\Browser Mouse\\Browser Mouse\\1.0\\lwbwheel.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mimboot"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mimboot.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mm_server]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mm_server"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_server.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICO"
"hkey"="HKLM"
"command"="ICO.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsRemote]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PhilipsRemote"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\PhilipsRemote.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POEngine]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScreenPrint32]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ScreenPrint32"
"hkey"="HKLM"
"command"="C:\\Program Files\\ScreenPrint32 v3\\ScreenPrint32.exe -startup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smtpsrv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SMTPServer"
"hkey"="HKLM"
"command"="C:\\Program Files\\1st SMTP Server\\SMTPServer.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftickPPP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PPPGate"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Softick\\PPP\\Bin\\PPPGate.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Systweak Ad and Popup Blocker]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="adblock"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Advanced System Optimizer\\adblock.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TimeSink Ad Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TSAdBot"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\TimeSink\\AdGateway\\TSAdBot.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Search"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WhenUSearch\\Search.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="whse"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WhenUSearch\\whse.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winconf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="F3011816"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\TEMP\\F3011816.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMusicEngine"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe\" -preload"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSLEScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"="RunDll32.exe \"C:\\PROGRA~1\\FBMSOF~1\\ZEROSP~1\\ZSScheduler.dll\", runScheduler C:\\PROGRA~1\\FBMSOF~1\\ZEROSP~1\\"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=dword:00000003
"Macromedia Licensing Service"=dword:00000003
"mi-raysat_3dsmax8"=dword:00000002
"MESMTPCS"=dword:00000002
"MEPOPS"=dword:00000002
"MEPOCS"=dword:00000002
"MEMTAS"=dword:00000002
"MELCS"=dword:00000002
"Autodesk Licensing Service"=dword:00000002
"ose"=dword:00000003
"odserv"=dword:00000003
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"none"="C:\\Program Files\\Video ActiveX Object\\pmsngr.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
Shell\AutoRun\command E:\setup.exe
Completion time: 07-01-14 12:22:05
avenger log
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\sanovfwj
*******************
Script file located at: \??\C:\WINDOWS\nllduurl.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Driver PE386 unloaded successfully.
Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.
Completed script processing.
*******************
Finished! Terminate.
pelog log
************************* Rustock.b-fix -- By ejvindh *************************
Sun 01/14/2007 11:44:49.48
******************* Pre-run Status of system *******************
Rootkit driver PE386 is found. Starting the unload-procedure....
should i try to install activesysnc yet?
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
This topic is locked
Back to top
