"Lorraine Happy" - 07-01-25 13:04:53 Service Pack 2 ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Lorraine Happy\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-12-25 to 2007-01-25 )))))))))))))))))))))))))))))))))) 2007-01-25 13:03 618 --a------ C:\Combo.bat 2007-01-25 12:50 d-------- C:\Program Files\CCleaner 2007-01-23 15:00 d-------- C:\DOCUME~1\LORRAI~1\Application Data\Viewpoint 2007-01-13 03:06 d-------- C:\WINDOWS\ie7updates 2007-01-07 10:18 dr------- C:\DOCUME~1\LORRAI~1\Application Data\Brother 2007-01-04 19:33 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-25 12:51 -------- d-------- C:\Program Files\yahoo! 2007-01-23 19:34 -------- d-------- C:\Program Files\aol pictures 2007-01-21 19:48 -------- d-------- C:\DOCUME~1\LORRAI~1\Application Data\msn6 2007-01-19 14:13 -------- d-------- C:\Program Files\aol 2007-01-16 15:06 -------- d-------- C:\Program Files\aol pictures screensaver 2007-01-12 19:34 -------- d-------- C:\DOCUME~1\LORRAI~1\Application Data\funkitron 2006-12-30 13:28 -------- d-------- C:\Program Files\grisoft 2006-12-29 21:49 -------- d-------- C:\DOCUME~1\LORRAI~1\Application Data\adobeum 2006-12-22 22:06 -------- d-------- C:\Program Files\aim 2006-12-22 22:05 -------- d-------- C:\Program Files\aod 2006-12-18 11:17 -------- d-------- C:\Program Files\america online 9.0a 2006-12-15 16:35 -------- d-------- C:\Program Files\Common Files\scanner 2006-12-15 16:31 -------- d-------- C:\Program Files\ca 2006-12-15 16:26 -------- d-------- C:\DOCUME~1\LORRAI~1\Application Data\aol 2006-12-12 19:35 -------- d-------- C:\Program Files\popcap games 2006-12-12 16:11 -------- d-------- C:\Program Files\yahoo! games 2006-12-07 01:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll 2006-11-30 21:22 -------- d-------- C:\DOCUME~1\LORRAI~1\Application Data\msninstaller 2006-11-16 11:44 103984 --a------ C:\WINDOWS\system32\aoldial.dll 2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll 2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll 2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll 2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll 2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll 2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll 2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll 2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll 2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll 2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll 2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll 2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe 2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll 2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll 2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll 2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll 2006-10-02 13:58 1840 --a------ C:\DOCUME~1\LORRAI~1\Application Data\adobedlm.log 2006-10-02 13:58 0 --a--c--- C:\DOCUME~1\LORRAI~1\Application Data\dm.ini (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Yahoo! Pager"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet" "DW4"="\"C:\\Program Files\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe\"" "PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\WALGRE~1\\WALGRE~1\\data\\Xtras\\mssysmgr.exe" "updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1" "AOL Fast Start"="\"C:\\Program Files\\America Online 9.0a\\AOL.EXE\" -b" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "HostManager"="C:\\Program Files\\Common Files\\AOL\\1108764012\\ee\\AOLSoftware.exe" "ezShieldProtector for Px"="C:\\WINDOWS\\system32\\ezSP_Px.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\"" "TkBellExe"="C:\\Program Files\\Common Files\\Real\\Update_OB\\evntsvc.exe -osboot" "AOLSPScheduler"="C:\\Program Files\\Common Files\\AOL\\1108764012\\ee\\services\\safetyCore\\ver210_5_2_1\\AOLSP Scheduler.exe" "sscRun"="C:\\Program Files\\Common Files\\AOL\\1108764012\\ee\\SSCRun.exe" "OASClnt"="C:\\Program Files\\mcafee.com\\antivirus\\oasclnt.exe" "EmailScan"="C:\\Program Files\\mcafee.com\\antivirus\\mcvsescn.exe" "MPFExe"="C:\\Program Files\\mcafee.com\\personal firewall\\MPfTray.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "ASM"="\"C:\\Program Files\\AOL\\Active Security Monitor\\ASMonitor.exe\"" "SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot" "PaperPort PTD"="C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe" "IndexSearch"="C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe" "SetDefPrt"="C:\\Program Files\\Brother\\Brmfl04a\\BrStDvPt.exe" "ControlCenter2.0"="C:\\Program Files\\Brother\\ControlCenter2\\brctrcen.exe /autorun" "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.exe.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.exe.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE " "item"="Adobe Gamma Loader.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 9.0 Tray Icon.lnk" "backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\AMERIC~1.0A\\aoltray.exe -check" "item"="America Online 9.0 Tray Icon" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AOL Companion.lnk" "backup"="C:\\WINDOWS\\pss\\AOL Companion.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\AOLCOM~1\\COMPAN~1.EXE /s" "item"="AOL Companion" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Exif Launcher.lnk" "backup"="C:\\WINDOWS\\pss\\Exif Launcher.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\FINEPI~1\\QuickDCF.exe " "item"="Exif Launcher" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\MyWebSearch Email Plugin.lnk" "backup"="C:\\WINDOWS\\pss\\MyWebSearch Email Plugin.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\MWSOEMON.EXE " "item"="MyWebSearch Email Plugin" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VAIO Action Setup (Server).lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\VAIO Action Setup (Server).lnk" "backup"="C:\\WINDOWS\\pss\\VAIO Action Setup (Server).lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Sony\\VAIOAC~1\\VAServ.exe " "item"="VAIO Action Setup (Server)" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Verizon Online Support Center.lnk" "backup"="C:\\WINDOWS\\pss\\Verizon Online Support Center.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\VERIZO~1\\SUPPOR~1\\bin\\matcli.exe -boot" "item"="Verizon Online Support Center" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lorraine Happy^Start Menu^Programs^Startup^HP C200 Camera Fdbk.lnk] "path"="C:\\Documents and Settings\\Lorraine Happy\\Start Menu\\Programs\\Startup\\HP C200 Camera Fdbk.lnk" "backup"="C:\\WINDOWS\\pss\\HP C200 Camera Fdbk.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\HPPHOT~1\\C200CA~1\\REGIST~1\\Remind32.exe " "item"="HP C200 Camera Fdbk" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lorraine Happy^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk] "path"="C:\\Documents and Settings\\Lorraine Happy\\Start Menu\\Programs\\Startup\\MyWebSearch Email Plugin.lnk" "backup"="C:\\WINDOWS\\pss\\MyWebSearch Email Plugin.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\MWSOEMON.EXE " "item"="MyWebSearch Email Plugin" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AGRSMMSG" "hkey"="HKLM" "command"="AGRSMMSG.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="aim" "hkey"="HKCU" "command"="C:\\PROGRA~1\\AIM95\\aim.exe -cnetwait.odl" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AJ5030 Print to Desktop] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SPDTMONX" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\SPDTMONX.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOL" "hkey"="HKCU" "command"="\"C:\\Program Files\\America Online 9.0a\\AOL.EXE\" -b" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOLSP Scheduler" "hkey"="HKLM" "command"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLCC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ACCAgnt" "hkey"="HKCU" "command"="\"C:\\Program Files\\AOL Computer Check-Up\\ACCAgnt.exe\" /startup" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOLDial" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ezSP_Px" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\ezSP_Px.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\frsk] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="frsk" "hkey"="HKLM" "command"="C:\\WINDOWS\\frsk.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hotbar] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HbInst" "hkey"="HKLM" "command"="C:\\Program Files\\Hotbar\\bin\\4.3.5.0\\HbInst.exe /Upgrade" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="C:\\Program Files\\iTunes\\iTunesHelper.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dumprep 0 -k" "hkey"="HKLM" "command"="%systemroot%\\system32\\dumprep 0 -k" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lfimg10n] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="lfimg10n" "hkey"="HKCU" "command"="C:\\WINDOWS\\System32\\lfimg10n.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTSMMSG] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LTSMMSG" "hkey"="HKLM" "command"="LTSMMSG.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WkUFind" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MotiveSB" "hkey"="HKLM" "command"="C:\\PROGRA~1\\VERIZO~1\\SUPPOR~1\\SMARTB~1\\MotiveSB.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mscnt] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mscnt" "hkey"="HKLM" "command"="c:\\windows\\system32\\mscnt.exe /noconnect" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Msmon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmon" "hkey"="HKLM" "command"="c:\\windows\\system32\\msmon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mwsoemon" "hkey"="HKLM" "command"="C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\mwsoemon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nsdlua] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nsdlua" "hkey"="HKLM" "command"="c:\\program files\\dialers\\nsdlua\\nsdlua.exe /noconnect" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RUNDLL32" "hkey"="HKLM" "command"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCCClient.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PCCClient" "hkey"="HKLM" "command"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2002\\PCCClient.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="pccguide" "hkey"="HKLM" "command"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2002\\pccguide.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="InstallStub" "hkey"="HKCU" "command"="C:\\WINDOWS\\Plaxo\\1.3.1.72\\InstallStub.exe -a" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop3trap.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Pop3trap" "hkey"="HKLM" "command"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2002\\Pop3trap.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PortAOL" "hkey"="HKLM" "command"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QFSCHD100" "hkey"="HKLM" "command"="\"C:\\Program Files\\Corel\\WordPerfect Office 2002\\Programs\\QFSCHD100.EXE\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RapidBlaster] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="rb32" "hkey"="HKLM" "command"="C:\\Program Files\\RapidBlaster\\rb32.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="REGSHAVE" "hkey"="HKLM" "command"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] "key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows" "item"="msmon" "hkey"="HKCU" "command"="c:\\windows\\system32\\msmon.exe" "inimapping"="1" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="bridge" "hkey"="HKLM" "command"="rundll32.exe \"C:\\WINDOWS\\System32\\bridge.dll\",Load" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SHARP Email Assistant] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SPEMAI~1" "hkey"="HKLM" "command"="C:\\PROGRA~1\\SHARP\\AJ5030\\SPEMAI~1.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SHARP SetupPrinter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RunDLL32 INST32" "hkey"="HKLM" "command"="RunDLL32 INST32.DLL,RunDll_SetDefaultPrinter AJ5030 PDP" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="khooker" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\khooker.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Tray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SiSUSBrg" "hkey"="HKLM" "command"="C:\\WINDOWS\\SiSUSBrg.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPPDPSRV] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SPPDPSRV" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\SPPDPSRV.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="evntsvc" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Real\\Update_OB\\evntsvc.exe -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ViewMgr" "hkey"="HKLM" "command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="wcmdmgrl" "hkey"="HKLM" "command"="C:\\WINDOWS\\wt\\updater\\wcmdmgrl.exe -launch" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Weather" "hkey"="HKCU" "command"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe 1" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="cdaEngine0400" "hkey"="HKLM" "command"="RUNDLL32.exe \"C:\\Program Files\\WildTangent\\Apps\\CDA\\cdaEngine0400.dll\",cdaEngineMain" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ypager" "hkey"="HKCU" "command"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="server" "hkey"="HKLM" "command"="c:\\program files\\support.com\\client\\lserver\\server.vbs" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] Source REG_SZ http://active.ieplugin.com/active/?17101726 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job Completion time: 07-01-25 13:08:13 C:\ComboFix2.txt ... 07-01-25 13:03