my guess is that explore.exe is still affected by the virus because the internet is slow and when i try turn up/down the music the song lags , but when i end process explore.exe internet is fast and sound doesn't lag
Affected area~
4 processes
iexplore.exe
rundll32.exe
iexplore.exe
rundll32.exe
(has it twice)
1 Service
DomainService
1 file
dyrmexgb.dll
160 Registry Entries
umm way too long for me to type
1 Browser cache
(it's empty)
norton has found this virus in lots of places here they are --------------------
system32/dyrmexgb.dll
system32/qxiwydfm.dll.vir - newest one
qoobox\quarantine\c\windows\system32\(random 6 letters) .dll.vir
there is more but i'm sure it doesn't really matter
i've downloaded a program that gets rid of vundo but it says i don't have and signs of vundo
i'm going to try another full/custom scan of Drive C again
Deckard's System Scanner v20071014.68
Run by Ruvim on 2008-07-30 00:58:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Total Physical Memory: 511 MiB (512 MiB recommended).-- HijackThis (run as Ruvim.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:00:54 AM, on 7/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Vuze\Azureus.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Downloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ruvim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zon...kr.cab31267.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zon...kr.cab56986.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) -
http://messenger.zon...wn.cab56986.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zon...1/GAME_UNO1.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1134433558717O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cabO16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) -
http://messenger.zon...ry/ZAxRcMgr.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zon...ro.cab32846.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab56907.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
https://fpdownload.m...ent/swflash.cabO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 6493 bytes
-- Files created between 2008-06-30 and 2008-07-30 -----------------------------
2008-07-30 00:55:24 0 d-------- C:\Documents and Settings\Ruvim\Application Data\AdobeUM
2008-07-28 23:30:11 0 d-------- C:\OutputFolder
2008-07-28 23:29:34 921600 --a------ C:\WINDOWS\system32\vorbisenc.dll
2008-07-28 23:29:34 188416 --a------ C:\WINDOWS\system32\vorbis.dll
2008-07-28 23:29:34 237568 --a------ C:\WINDOWS\system32\OggDS.dll <Not Verified; ; Ogg DirectShow Filter Collection>
2008-07-28 23:29:33 45056 --a------ C:\WINDOWS\system32\ogg.dll
2008-07-28 23:29:31 129024 --a------ C:\WINDOWS\system32\AVERM.dll
2008-07-28 23:29:30 28672 --a------ C:\WINDOWS\system32\AVEQT.dll
2008-07-28 23:29:26 0 d-------- C:\Program Files\Allok Video to MP4 Converter
2008-07-27 21:55:56 0 d-------- C:\Documents and Settings\Ruvim\Application Data\dvdcss
2008-07-24 22:52:53 0 d-------- C:\Documents and Settings\Ruvim\Application Data\Sun
2008-07-23 19:09:06 0 d-------- C:\Documents and Settings\Ruvim\Application Data\LimeWire
2008-07-23 19:02:30 64632 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-07-23 19:02:05 0 d-------- C:\Program Files\LimeWire
2008-07-23 17:55:05 0 d-------- C:\Documents and Settings\Ruvim\Application Data\Apple Computer
2008-07-23 11:30:55 0 d-------- C:\Program Files\Safari
2008-07-23 11:28:36 0 d-------- C:\Program Files\Bonjour
2008-07-23 11:09:03 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-23 11:08:50 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-07-23 11:08:47 0 d-------- C:\Program Files\SpywareBlaster
2008-07-23 10:42:12 0 d-------- C:\cmdcons
2008-07-23 01:42:48 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-07-23 01:42:36 0 d-------- C:\Program Files\Security Task Manager
2008-07-23 00:19:45 68096 --a------ C:\WINDOWS\zip.exe
2008-07-23 00:19:45 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-23 00:19:45 98816 --a------ C:\WINDOWS\sed.exe
2008-07-23 00:19:45 80412 --a------ C:\WINDOWS\grep.exe
2008-07-23 00:19:45 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-23 00:19:44 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-23 00:19:44 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-23 00:19:44 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-21 23:11:04 0 d-------- C:\Program Files\Trend Micro
2008-07-20 11:36:58 0 d-------- C:\Documents and Settings\Ruvim\Incomplete
2008-07-20 11:35:39 0 d-------- C:\Documents and Settings\Ruvim\Application Data\FrostWire
2008-07-17 22:07:58 0 d-------- C:\Documents and Settings\Ruvim\Application Data\Help
2008-07-14 23:20:18 0 d---s---- C:\Documents and Settings\Ruvim\UserData
2008-07-14 17:03:30 0 d-------- C:\Program Files\Shai-Hulud 2000
2008-07-14 16:23:38 0 d-------- C:\Documents and Settings\Ruvim\Application Data\Adobe
2008-07-14 16:22:43 0 d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-14 12:35:35 0 d-------- C:\Documents and Settings\new\Application Data\Yahoo!
2008-07-14 01:08:27 0 d-------- C:\Documents and Settings\new\Application Data\Real
2008-07-13 21:52:03 0 d-------- C:\Documents and Settings\new\Application Data\Share-to-Web Upload Folder
2008-07-13 21:45:01 0 d-------- C:\Documents and Settings\new\Application Data\Azureus
2008-07-13 21:31:18 0 d-------- C:\Documents and Settings\new\Application Data\vlc
2008-07-13 21:06:50 0 d-------- C:\Documents and Settings\new\Application Data\Macromedia
2008-07-13 21:04:19 0 d-------- C:\Documents and Settings\new\Application Data\Mozilla
2008-07-13 21:02:27 0 d-------- C:\Documents and Settings\new\Application Data\GetRight Pro
2008-07-13 21:02:12 0 d-------- C:\Documents and Settings\new\Application Data\Symantec
2008-07-13 21:01:32 0 d-------- C:\Documents and Settings\new\Application Data\Identities
2008-07-13 21:00:42 0 d--h----- C:\Documents and Settings\new\Templates
2008-07-13 21:00:42 0 dr------- C:\Documents and Settings\new\Start Menu
2008-07-13 21:00:42 0 dr-h----- C:\Documents and Settings\new\SendTo
2008-07-13 21:00:42 0 dr-h----- C:\Documents and Settings\new\Recent
2008-07-13 21:00:42 0 d--h----- C:\Documents and Settings\new\PrintHood
2008-07-13 21:00:42 0 d--h----- C:\Documents and Settings\new\NetHood
2008-07-13 21:00:42 0 dr------- C:\Documents and Settings\new\My Documents
2008-07-13 21:00:42 0 d--h----- C:\Documents and Settings\new\Local Settings
2008-07-13 21:00:42 0 dr------- C:\Documents and Settings\new\Favorites
2008-07-13 21:00:42 0 d-------- C:\Documents and Settings\new\Desktop
2008-07-13 21:00:42 0 d---s---- C:\Documents and Settings\new\Cookies
2008-07-13 21:00:42 0 dr-h----- C:\Documents and Settings\new\Application Data
2008-07-13 21:00:42 0 d---s---- C:\Documents and Settings\new\Application Data\Microsoft
2008-07-13 21:00:41 1310720 --ah----- C:\Documents and Settings\new\NTUSER.DAT
2008-07-13 16:59:40 0 d-------- C:\Documents and Settings\Ruvim\Application Data\Yahoo!
2008-07-13 16:42:45 0 d-------- C:\Documents and Settings\Ruvim\dwhelper
2008-07-13 16:24:14 0 d-------- C:\Documents and Settings\Ruvim\WINDOWS
2008-07-13 15:18:57 0 d-------- C:\Documents and Settings\Ruvim\Application Data\Share-to-Web Upload Folder
2008-07-13 15:07:45 0 d-------- C:\Documents and Settings\Ruvim\Application Data\vlc
2008-07-13 15:00:24 0 d-------- C:\Documents and Settings\Ruvim\Application Data\Real
2008-07-13 01:02:43 0 d-------- C:\Documents and Settings\Ruvim\Application Data\Azureus
2008-07-13 00:47:32 0 d-------- C:\Documents and Settings\Ruvim\Application Data\Macromedia
2008-07-13 00:46:29 0 d-------- C:\Documents and Settings\Ruvim\Application Data\Mozilla
2008-07-13 00:44:54 0 d-------- C:\Documents and Settings\Ruvim\Application Data\GetRight Pro
2008-07-13 00:44:40 0 d-------- C:\Documents and Settings\Ruvim\Application Data\Symantec
2008-07-13 00:43:25 0 d-------- C:\Documents and Settings\Ruvim\Application Data\Identities
2008-07-13 00:42:21 0 dr------- C:\Documents and Settings\Ruvim\Favorites
2008-07-13 00:42:21 0 d-------- C:\Documents and Settings\Ruvim\Desktop
2008-07-13 00:42:21 0 d---s---- C:\Documents and Settings\Ruvim\Cookies
2008-07-13 00:42:21 0 d--h----- C:\Documents and Settings\Ruvim\Application Data
2008-07-13 00:42:20 0 d--h----- C:\Documents and Settings\Ruvim\Templates
2008-07-13 00:42:20 0 dr------- C:\Documents and Settings\Ruvim\Start Menu
2008-07-13 00:42:20 0 dr-h----- C:\Documents and Settings\Ruvim\SendTo
2008-07-13 00:42:20 0 dr-h----- C:\Documents and Settings\Ruvim\Recent
2008-07-13 00:42:20 0 d--h----- C:\Documents and Settings\Ruvim\PrintHood
2008-07-13 00:42:20 2621440 --ah----- C:\Documents and Settings\Ruvim\NTUSER.DAT
2008-07-13 00:42:20 0 d--h----- C:\Documents and Settings\Ruvim\NetHood
2008-07-13 00:42:20 0 dr------- C:\Documents and Settings\Ruvim\My Documents
2008-07-13 00:42:20 0 d--h----- C:\Documents and Settings\Ruvim\Local Settings
2008-07-12 09:37:00 0 d-------- C:\Program Files\MED2k
2008-07-12 09:35:23 29696 --a------ C:\WINDOWS\system32\VB5StKit.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-07-12 09:35:23 71680 --a------ C:\WINDOWS\ST5UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-07-12 05:08:51 0 d-------- C:\Program Files\Windows Sidebar
2008-07-12 05:08:04 0 d-------- C:\Program Files\Norton 360
2008-07-12 04:28:55 0 d-------- C:\Downloads
2008-07-11 17:13:20 0 d-------- C:\Program Files\DAEMON Tools
2008-07-11 17:13:16 0 d-------- C:\Program Files\RSSoft
2008-07-10 17:46:35 0 d-------- C:\Program Files\GetRight
2008-07-08 14:54:32 0 d-------- C:\Program Files\Vuze
2008-07-04 21:05:10 0 d-------- C:\Program Files\TibEd 2
2008-07-04 19:41:23 0 d-------- C:\Program Files\TibEd
2008-07-04 19:28:14 0 d-------- C:\Westwood
2008-07-04 19:24:17 0 d-------- C:\Program Files\Domination
2008-07-04 18:57:07 0 d-------- C:\Program Files\Xicat
-- Find3M Report ---------------------------------------------------------------
2008-07-30 00:47:14 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-25 21:50:14 0 d-------- C:\Program Files\Common Files
2008-07-23 10:23:17 0 d-------- C:\Program Files\FrostWire
2008-07-13 00:25:13 0 d-------- C:\Program Files\Symantec
2008-07-11 16:59:06 0 d-------- C:\Program Files\Real
2008-06-27 00:37:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-27 00:37:23 0 d-------- C:\Program Files\Hewlett-Packard
2008-06-27 00:37:04 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [06/30/2008 01:44 PM 349552]
[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/18/2008 12:37 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/17/2008 08:41 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight.lnk
backup=C:\WINDOWS\pss\GetRight.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
"C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
"C:\Program Files\Norton 360\osCheck.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
c:\program files\powerstrip\pstrip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Red Swoosh]
C:\Program Files\RSSoft\RedSwoosh.exe /S
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aspnet_state"=3 (0x3)
"WZCSVC"=2 (0x2)
"TrkWks"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"seclogon"=2 (0x2)
"RasMan"=3 (0x3)
"ERSvc"=2 (0x2)
"Browser"=2 (0x2)
"BITS"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"LiveUpdate Notice"=2 (0x2)
"IDriverT"=3 (0x3)
"hpqwmi"=3 (0x3)
"getPlus® Helper"=3 (0x3)
"comHost"=3 (0x3)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasAuto"=3 (0x3)
"Netlogon"=3 (0x3)
"dmadmin"=3 (0x3)
"W32Time"=2 (0x2)
"Schedule"=2 (0x2)
"HidServ"=2 (0x2)
"CryptSvc"=3 (0x3)
*Newly Created Service* - COMHOST
*Newly Created Service* - IPOD_SERVICE
-- End of Deckard's System Scanner: finished at 2008-07-30 01:02:51 ------------