0

Hello all, and thank you in advance for any replies :)

I have recently come accross a machine that has been hijacked!! Let me explain...

This is an XP Pro SP2 system, running IE7 with all the latest updates. Whenever a Google search is performed (.com + .co.uk, from the searchbar, google home page, or any other subsequent Google pages, the usual results are returned fine, but whenever i click on a link, (any result, any search) I am redirected to another (usually) search engine, such as LookSearch, or various advertisment sites.

This problem is exclusive to IE (have recently installed firefox as a work-around) and does not seem to affect any other search engine (Yahoo, Ask, Live etc work fine).

I have ran the usual Spyware/AV scans using SpyBot, Ad-Aware and Windows Defender, (all with latest updates, as of 19th July) none of which were much help.

In a last-ditch attempt at salvation, i grabbed a HijackThis! log, which i will attach to this post, in the hope that someone more knoweledgeable than myself can find the problem. There doesnt appear to be any new programs/toolbars etc so i really am stuck!

Please please please help, any posts will be geratly appreciated!!!

PS having spent hours searching the net, the closest thing i could find was a 3 year old thread on some random forum where the problem lay with an "sp.html" and some associated rogue dlls and exes, but having scoured the HDD could not find evidence of this.

Again, thanks in advance for any replies!

Attachments
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:45:57, on 19/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Deerfield.com\DNS2Go\DNS2GoClient.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\HYPERS-!\KASSE-!\Lptlink.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\DOCUME~1\user\LOCALS~1\Temp\Imation Disk Manager V a3.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\user\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thekenilworth.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thekenilworth.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: H - {4F862FBA-1E2B-4072-9EA8-1FD3FECB86A1} - somato.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exe
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: Enable Wireless Optical Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm021YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174082514437
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DNS2Go Client (DNS2GoClient) - Deerfield.com - C:\Program Files\Deerfield.com\DNS2Go\DNS2GoClient.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8343 bytes
2
Contributors
4
Replies
5
Views
10 Years
Discussion Span
Last Post by DeViAnT\gAmEr
1

First, go to add/remove pgms and uninstall MyWebSearch, then delete the pgm folder of that name.
This is your main problem :
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
And then there is this, a pest:
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm021YYGB
-fix both with hijackthis, then delete the file C:\WINDOWS\Temp\startdrv.exe [you may have to do it in safe mode....]
Alternatively you could download Unlocker to delete it...
If it returns you could try Combofix:
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

0

Hey man, thanks a lot for the info, seriously i mean it, this ones been a real head-scratcher. Unfortunately though i will not be able to have another look at this machine until monday (owner away), BUT as soon as i can i will have a look and let you know how it goes!

Did you have the same problem? if so do you have any idea what could have caused this?

Thanks again mate, loads!


speak soon,

Rich

0

Me? No. It was late so I did not complete. Run ComboFix because it will remove files associated with that trojan, and add these few entries for fixing just to tidy up...

O2 - BHO: H - {4F862FBA-1E2B-4072-9EA8-1FD3FECB86A1} - somato.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file)

Say how you get on.

0

hi again, thanks for the help its really appreciated. Unfortunately neither that file or registry entries exist, i did however run combofix, and i shall attatch the log file, as well as the quarentine log (i dunno if that helps, but ill up it neway :) )

Sorry for the late reply, work has been really busy this week.

thanks again,


rich

Attachments
[code]
2003-11-18 02:06      99352    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\MabryObj.dll.vir
2004-08-04 07:00      29056    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ip6fw.sys.vir
2005-01-17 03:26      262144    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\FtpX.DLL.vir
2006-11-08 20:10      1363    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\info.txt.vir
2007-07-08 22:27      19968    --a------    C:\Qoobox\Quarantine\C\U.exe.vir
2007-07-08 22:28      0    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\7_exception.nls.vir
2007-07-08 22:28      19505    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\we33tde1.dll.vir
2007-07-18 00:35      34560    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\runtime2.sys.vir
2007-07-19 15:48      34560    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\runtime2.sy_.vir
2007-07-25 16:11      1034    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_RUNTIME.reg.cf
2007-07-25 16:11      1044    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_RUNTIME2.reg.cf


Folder PATH listing
Volume serial number is CCFC-4F2C
C:\QOOBOX
\---Quarantine
    +---C
    |   |   U.exe.vir
    |   |   
    |   \---WINDOWS
    |       \---system32
    |           |   7_exception.nls.vir
    |           |   FtpX.DLL.vir
    |           |   info.txt.vir
    |           |   MabryObj.dll.vir
    |           |   we33tde1.dll.vir
    |           |   
    |           \---drivers
    |                   ip6fw.sys.vir
    |                   runtime2.sys.vir
    |                   runtime2.sy_.vir
    |                   
    \---Registry_backups
            LEGACY_RUNTIME.reg.cf
            LEGACY_RUNTIME2.reg.cf
            
[/code]
"terminal001" - 2007-07-25 16:06:17 - ComboFix 07-07-23.6 - Service Pack 2  NTFS  


((((((((((((((((((((((((((((((((((((((((((((   V Log   )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\we33tde1.dll 


* * *  POST RUN FILES/FOLDERS  * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\U.exe
C:\WINDOWS\system32\7_exception.nls
C:\WINDOWS\system32\drivers\ip6fw.sys
C:\WINDOWS\system32\drivers\runtime2.sy_
C:\WINDOWS\system32\drivers\runtime2.sys
C:\WINDOWS\system32\FTPx.dll
C:\WINDOWS\system32\info.txt
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\we33tde1.dll


(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2


(((((((((((((((((((((((((   Files Created from 2007-06-25 to 2007-07-25  )))))))))))))))))))))))))))))))


2007-07-25 16:05	51,200	--a------	C:\WINDOWS\nircmd.exe
2007-07-19 13:22	<DIR>	d--------	C:\Program Files\Windows Defender
2007-07-19 12:58	139,264	--a------	C:\WINDOWS\system32\UStorSrv.exe
2007-07-19 12:58	139,264	--a------	C:\WINDOWS\system32\OPDSL.DLL
2007-07-16 13:40	<DIR>	d--------	C:\Program Files\MSECache
2007-07-11 02:55	20,480	--a------	C:\WINDOWS\system32\somato.dll
2007-07-09 20:25	20,480	--a------	C:\WINDOWS\system32\muscira.dll
2007-06-28 13:08	20	---h-----	C:\DOCUME~1\ALLUSE~1\APPLIC~1\PKP_DLec.DAT
2007-06-28 13:08	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ultima_T15
2007-06-28 13:08	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\EnterNHelp


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-25 01:18:56	--------	d-----w	C:\Program Files\LogMeIn
2007-07-24 19:37:47	--------	d-----w	C:\DOCUME~1\user\APPLIC~1\Help
2007-07-17 23:30:57	--------	d-----w	C:\Program Files\MSN Messenger
2007-07-17 19:03:40	44,488	----a-w	C:\DOCUME~1\user\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-07-10 11:11:08	--------	d-----w	C:\Program Files\Microsoft AntiSpyware
2007-06-28 12:35:38	--------	d-----w	C:\Program Files\Google
2007-06-28 12:12:10	--------	d-----w	C:\DOCUME~1\user\APPLIC~1\Nikon
2007-06-28 12:09:45	--------	d-----w	C:\Program Files\Common Files\Nikon
2007-06-25 22:06:18	8,854	----a-w	C:\WINDOWS\hh.dat
2007-06-21 09:50:08	--------	d-----w	C:\Program Files\RegCure
2007-06-16 15:48:44	--------	d-----w	C:\Program Files\Axon Data
2007-06-13 20:45:33	--------	d-----w	C:\Program Files\Photodex Presenter
2007-06-13 20:45:32	--------	d-----w	C:\DOCUME~1\user\APPLIC~1\Netscape
2007-06-04 14:02:28	--------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-06-04 14:02:13	--------	d-----w	C:\Program Files\Common Files\muvee Technologies
2007-06-04 14:01:44	--------	d-----w	C:\Program Files\Nikon
2007-06-04 13:59:42	--------	d-----w	C:\Program Files\QuickTime
2007-05-25 14:22:30	83,552	----a-w	C:\WINDOWS\system32\LMIRfsClientNP.dll
2007-05-25 14:22:10	26,176	----a-w	C:\WINDOWS\system32\LMIport.dll
2007-05-25 14:22:08	10,304	----a-w	C:\WINDOWS\system32\LMImirr2.dll
2007-05-25 14:22:06	24,000	----a-w	C:\WINDOWS\system32\LMImirr.dll
2007-05-25 14:22:04	63,040	----a-w	C:\WINDOWS\system32\LMIinit.dll
2007-05-16 15:12:02	683,520	----a-w	C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15	144,896	----a-w	C:\WINDOWS\system32\schannel.dll
2006-10-10 18:56:32	14,405,024	-c--a-w	C:\Program Files\GoogleEarthWin.exe
2003-10-23 17:52:08	40,960	----a-w	C:\Program Files\Uninstall_CDS.exe


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F862FBA-1E2B-4072-9EA8-1FD3FECB86A1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-17 21:10]
"SoundMan"="SOUNDMAN.EXE" [2004-10-27 07:49 C:\WINDOWS\SOUNDMAN.EXE]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-19 23:27]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-06 19:03]
"PaperPort PTD"="C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 10:33]
"IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 11:07]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 12:18]
"@"="" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-04 14:58]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~4\wcescomm.exe" [2005-11-15 19:44]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
Pervasive.SQL Workgroup Engine.lnk - C:\PVSW\Bin\w3dbsmgr.exe [2004-07-22 15:40:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Enable Wireless Keyboard Driver.lnk - C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe [2005-09-26 00:32:28]
Enable Wireless Optical Mouse Driver.lnk - C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe [2005-09-26 00:32:29]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-06-04 15:02:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 
LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] 
PCANotify.dll 2004-11-01 11:50 8704 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R2400]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9SE.EXE /P24 "EPSON Stylus Photo R2400" /O6 "USB002" /M "Stylus Photo R2400"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

R0 caboagp;ATI Cabo AGP Filter;C:\WINDOWS\system32\DRIVERS\atisgkaf.sys
R0 Gernuwa;Gernuwa;C:\WINDOWS\system32\drivers\Gernuwa.sys
R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys
R0 SI3112r;ATI-436E Serial ATA Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys
R0 SiFilter;SATALink driver accelerator;C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
R1 awecho;awecho;C:\WINDOWS\system32\drivers\awechomd.sys
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys
R2 awhost32;pcAnywhere Host Service;C:\Program Files\Symantec\pcAnywhere\awhost32.exe
R2 brmfrmps;Brother Popup Suspend service for Resource manager;"C:\WINDOWS\system32\Brmfrmps.exe" -service 
R2 DNS2GoClient;DNS2Go Client;C:\Program Files\Deerfield.com\DNS2Go\DNS2GoClient.exe -service
R2 hardlock;hardlock;\??\C:\WINDOWS\system32\drivers\hardlock.sys
R2 Haspnt;Haspnt;\??\C:\WINDOWS\system32\drivers\Haspnt.sys
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
R2 Norton Ghost;Norton Ghost;C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
R3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImirr.sys
S1 P3;Intel PentiumIII Processor Driver;C:\WINDOWS\system32\DRIVERS\p3.sys
S2 BT848;Trust,814 PCI SURVEILLANCE INTERFACE-WDM-Video;C:\WINDOWS\system32\drivers\XG4port.sys
S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys
S3 BrSerWDM;Brother Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
S3 BrUsbScn;Brother MFC USB Scanner driver;C:\WINDOWS\system32\Drivers\BrUsbScn.sys
S3 i81x;i81x;C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
S3 iAimFP0;iAimFP0;C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
S3 iAimFP1;iAimFP1;C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
S3 iAimFP2;iAimFP2;C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
S3 iAimFP3;iAimFP3;C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
S3 iAimFP4;iAimFP4;C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
S3 iAimFP5;iAimFP5;C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
S3 iAimFP6;iAimFP6;C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
S3 iAimFP7;iAimFP7;C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
S3 iAimTV0;iAimTV0;C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
S3 iAimTV1;iAimTV1;C:\WINDOWS\system32\DRIVER
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.