Run by Kelly on 2008-08-04 13:27:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Kelly.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:27:38, on 8/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\Kelly\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kelly.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r
O4 - HKLM\..\Run: [PCDrSmartMonitor] "C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" -r
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PwrUpTweakMe] C:\WINDOWS\system32\PuXpTwks.exe /TWEAK
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [HostsMan] "C:\Program Files\HostsMan\hm.exe" -s
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {127CE7BA-AD89-4108-A913-C52EFC037C36} (OMN Player Support) - http://kdx.omn.org/s...ayerSupport.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {2776DDE9-D4B2-4BF7-9F98-ADC1A1B80AF5} (OMN Media Publisher) - http://kdx.omn.org/s...iaPublisher.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave...h2.1.0.0.67.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1165348971449
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
--
End of file - 9239 bytes
-- Files created between 2008-07-04 and 2008-08-04 -----------------------------
2008-08-04 13:18:29 135168 --a------ C:\zip.exe
2008-08-04 13:18:29 19286 --a------ C:\cleanup.exe
2008-08-04 13:18:29 574 --a------ C:\cleanup.bat
2008-07-30 21:01:29 466502 --a------ C:\HaxFix.exe <Not Verified; Marckie; >
2008-07-29 14:12:12 0 d-------- C:\Program Files\Common Files\Motive
2008-07-29 14:11:25 0 d-------- C:\Program Files\ATT
2008-07-29 10:20:28 492 --a------ C:\Documents and Settings\Kelly\Application Data\wklnhst.dat
2008-07-26 13:43:17 0 d-------- C:\Program Files\Trillian
2008-07-26 13:24:31 0 d-------- C:\Program Files\InterMute
2008-07-26 00:01:16 0 d-------- C:\Program Files\PC-Doctor 5 for Windows
2008-07-24 18:19:26 68096 --a------ C:\WINDOWS\zip.exe
2008-07-24 18:19:26 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-24 18:19:26 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-24 18:19:26 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-24 18:19:26 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-24 18:19:26 98816 --a------ C:\WINDOWS\sed.exe
2008-07-24 18:19:26 80412 --a------ C:\WINDOWS\grep.exe
2008-07-24 18:19:26 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-22 20:51:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-07-17 21:50:47 0 d-------- C:\Program Files\FlySim
2008-07-15 09:08:46 96559 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-07-15 09:08:46 87855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-07-15 09:08:03 250912 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-15 09:08:03 35737888 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-15 09:08:03 0 d-------- C:\Program Files\Kaspersky Lab
2008-07-15 09:08:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-15 09:06:33 0 d-------- C:\kav
2008-07-11 10:24:46 0 d-------- C:\Documents and Settings\Kelly\Application Data\abelhadigital.com
2008-07-11 10:24:46 0 d-------- C:\Documents and Settings\All Users\Application Data\abelhadigital.com
2008-07-11 10:21:50 6735942 --a------ C:\backup.reg
2008-07-09 18:45:48 0 d-------- C:\Documents and Settings\Kelly\Application Data\OnlineArmor
2008-07-09 18:45:48 0 d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-07-09 18:45:34 28872 --a------ C:\WINDOWS\system32\drivers\oanet.sys
2008-07-09 18:45:34 25600 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
2008-07-09 18:45:34 75776 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
2008-07-09 18:45:34 0 d-------- C:\Program Files\Tall Emu
2008-07-04 14:02:01 0 d-------- C:\Program Files\HostsMan
-- Find3M Report ---------------------------------------------------------------
2008-08-04 12:35:00 0 d-------- C:\Program Files\Lavasoft
2008-08-04 12:32:38 0 d-------- C:\Program Files\SpywareBlaster
2008-08-02 13:06:37 0 d-------- C:\Program Files\Paltalk Messenger
2008-07-31 18:00:01 0 d-------- C:\Program Files\Java
2008-07-31 17:50:26 0 d-------- C:\Program Files\Common Files\Real
2008-07-31 17:50:03 0 d-------- C:\Program Files\Common Files
2008-07-31 17:49:18 0 d-------- C:\Documents and Settings\Kelly\Application Data\Real
2008-07-31 13:15:02 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-31 13:12:43 0 d-------- C:\Program Files\SpywareGuard
2008-07-28 15:17:09 0 d-------- C:\Program Files\TVK - CoolText Extreme
2008-07-25 22:13:48 0 d-------- C:\Program Files\SpeedFan
2008-07-25 16:04:28 0 d-------- C:\Program Files\OpenTalk
2008-07-16 05:29:52 118784 --a------ C:\WINDOWS\SeaMonkeyUninstall.exe
2008-07-16 05:29:50 16267 --a------ C:\WINDOWS\mozver.dat
2008-07-16 05:29:21 118784 --a------ C:\WINDOWS\GREUninstall.exe
2008-07-09 21:00:44 0 d-------- C:\Program Files\HP
2008-07-09 20:52:11 0 d-------- C:\Program Files\kontiki
2008-07-09 14:19:25 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-07-03 22:34:19 0 d-------- C:\Program Files\HD Tune
2008-07-01 01:04:47 0 d-------- C:\Program Files\Messenger
2008-07-01 01:04:23 0 d-------- C:\Program Files\Movie Maker
2008-07-01 01:02:15 0 d-------- C:\Program Files\Windows NT
2008-06-29 18:15:35 0 d-------- C:\Program Files\Napster
2008-06-29 10:55:37 0 d-------- C:\Program Files\MSECache
2008-06-28 17:03:27 0 d-------- C:\Program Files\Yahoo!
2008-06-28 17:03:24 0 d-------- C:\Program Files\SureThing
2008-06-28 17:03:01 0 d-------- C:\Program Files\QuickTime
2008-06-28 17:02:26 0 d-------- C:\Program Files\Logitech
2008-06-28 17:02:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-28 17:02:22 0 d-------- C:\Program Files\Hewlett-Packard
2008-06-28 17:02:17 0 d-------- C:\Program Files\GemMaster
2008-06-28 17:02:12 0 d-------- C:\Program Files\Common Files\aolshare
2008-06-28 17:02:11 0 d-------- C:\Program Files\Common Files\AOL
2008-06-28 17:02:04 0 d-------- C:\Program Files\CD to MP3 Freeware
2008-06-28 17:02:04 0 d-------- C:\Program Files\BitComet
2008-06-28 17:02:04 0 d-------- C:\Program Files\Audible
2008-06-28 14:34:28 0 d-------- C:\Documents and Settings\Kelly\Application Data\SUPERAntiSpyware.com
2008-06-28 14:24:33 0 d-------- C:\Program Files\DrWeb
2008-06-28 12:09:39 0 d-------- C:\Program Files\WinUpdatesList
2008-06-28 11:59:58 39424 --a------ C:\WINDOWS\zipinst.exe <Not Verified; NirSoft; ZipInstaller>
2008-06-28 00:19:13 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-27 23:32:13 0 d-------- C:\Program Files\Common Files\Java
2008-06-24 18:57:59 0 d-------- C:\Program Files\Shockwave.com
2008-06-15 21:31:43 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-12 15:36:36 0 d-------- C:\Documents and Settings\Kelly\Application Data\Apple Computer
2008-06-12 15:36:26 0 d-------- C:\Program Files\iTunes
2008-06-12 15:35:16 0 d-------- C:\Program Files\iPod
2008-06-12 15:29:35 0 d-------- C:\Program Files\Apple Software Update
2008-06-08 16:20:06 0 d-------- C:\Documents and Settings\Kelly\Application Data\Adobe
2008-06-06 08:57:39 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-05 23:32:44 0 d-------- C:\Documents and Settings\Kelly\Application Data\Malwarebytes
2008-06-04 19:37:15 0 d-------- C:\Program Files\Trend Micro
2008-06-04 19:25:50 0 d-------- C:\Program Files\7-Zip
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/09/2006 17:50]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [04/17/2008 05:22]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [02/08/2008 18:36]
"PCDrProfiler"="C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" [04/06/2006 13:17]
"PCDrSmartMonitor"="C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" [05/10/2006 17:44]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [04/17/2008 14:51]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [05/08/2007 16:24]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [07/23/2005 00:14]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50]
"PwrUpTweakMe"="C:\WINDOWS\system32\PuXpTwks.exe" [09/12/2005 11:36]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/16/2006 00:34]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [08/03/2005 01:19 C:\WINDOWS\arpwrmsg.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostsMan"="C:\Program Files\HostsMan\hm.exe" [06/16/2008 04:19]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [11/28/2006 12:47]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [11/23/2006 17:12]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
C:\Documents and Settings\Kelly\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [04/17/2008 05:22 671432]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
backup=C:\WINDOWS\pss\Updates From HP.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
-- End of Deckard's System Scanner: finished at 2008-08-04 13:32:40 ------------