Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91601 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

trojan hell!


  • This topic is locked This topic is locked
95 replies to this topic

#46 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 09 March 2007 - 06:20 PM

I found a post that ComboScan ( Not ComboFix) removed that entry, lets give it a try.

backup-20070220-142721-234 O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing) <--It was removed


Download ComboScan
to your Desktop.
  • Close all applications and windows.
  • Double-click on comboscan.exe to run it, and follow the prompts.
  • When the scan is complete, a text file will open - ComboScan.txt
  • Copy (Ctrl+A then Ctrl+C) and
  • Paste (Ctrl+V) the contents of ComboScan.txt in your next reply.
  • A folder, C:\ComboScan, will also open. In it will be another text file,Supplementary.txt.
I don't really need it at this time so just close it.

Note: some firewalls may warn that sigcheck.exe is trying to access the
internet - please ensure that you allow sigcheck.exe permission to do so.


What ComboScan will do:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files
  • Downloaded Program Files
  • Internet Cache Files and also
  • Empty the Recycle Bin on all drives.
  • Checks some important areas of your system and produce a report for your
    analyst to review.
  • ComboScan automatically runs HijackThis for you, but it
    will also install and place a shortcut to HijackThis on your desktop if you
    do not already have HijackThis installed.

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.

    Advertisements

Register to Remove


#47 kneecap

kneecap

    Authentic Member

  • Authentic Member
  • PipPip
  • 53 posts
  • Interests:Getting rid of trojans!!!!!

Posted 10 March 2007 - 07:27 AM

the kernel check i see is in the msconfig start list.it keeps re checking itself
couldnt see kernel check in hjt
have seen cdnup previously but ran search and it came up blank.

got a avg threat warning of worm/vb.AUG in docs+settings\pete\my docs\firefox setup 1.5

ran combo scan

ComboScan v20070306.20 run by pete on 2007-03-10 at 13:03:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.


-- Last 5 Restore Point(s) --
10: 2007-03-10 13:03:40 UTC - RP10 - ComboScan Restore Point
9: 2007-03-09 19:57:37 UTC - RP9 - Software Distribution Service 2.0
8: 2007-03-09 17:58:16 UTC - RP8 - Software Distribution Service 2.0
7: 2007-03-08 21:45:49 UTC - RP7 - Software Distribution Service 2.0
6: 2007-03-08 18:04:21 UTC - RP6 - Software Distribution Service 2.0


-- First Restore Point --
1: 2007-03-07 18:16:17 UTC - RP1 - System Checkpoint


Performed disk cleanup.


-- HijackThis (run as pete.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 13:03:51, on 10/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\pete\Desktop\comboscan.exe
C:\DOCUME~1\pete\MYDOCU~1\MYPROG~1\pete.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\pxbho.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\system32\nzdd.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe


-- HijackThis Fixed Entries (C:\DOCUME~1\pete\MYDOCU~1\MYPROG~1\backups\) ------

backup-20070303-134842-952 O23 - Service: jsefusf - Unknown owner - C:\WINDOWS\system32\jsefusf.exe (file missing)
backup-20070305-191213-609 R3 - URLSearchHook: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll
backup-20070305-191213-464 O2 - BHO: (no name) - AutorunsDisabled - (no file)
backup-20070305-191213-244 O2 - BHO: (no name) - {4627a870-d469-4829-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\4829cfsb.dll (file missing)
backup-20070305-191213-639 O2 - BHO: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll
backup-20070305-191213-640 O3 - Toolbar: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll
backup-20070305-191213-463 O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
backup-20070305-191213-415 O20 - Winlogon Notify: cryptimg - C:\WINDOWS\SYSTEM32\cryptimg.dll
backup-20070307-075255-727 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
backup-20070307-075255-644 R3 - URLSearchHook: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070307-075255-424 O2 - BHO: MyLoader Class - {09BA1AA9-CAD4-4C14-BDE6-922DFF5F6F38} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Office\SYSTEMDATA\aS3RhXPMHt_2002.dll (file missing)
backup-20070307-075255-819 O2 - BHO: browser Class - {C86488AF-13D5-4FEF-9DDF-9FB88698CFC1} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Office\USERDATA\yI0nxwrhWZ_2002.dll (file missing)
backup-20070307-075255-633 O2 - BHO: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070307-075255-456 O3 - Toolbar: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070307-075255-723 O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
backup-20070307-075548-683 R3 - URLSearchHook: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070307-075548-676 O2 - BHO: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070307-075548-431 O3 - Toolbar: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070307-075548-168 O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
backup-20070307-075548-314 O23 - Service: CNTDBQ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\pete\LOCALS~1\Temp\CNTDBQ.exe
backup-20070307-075548-744 O23 - Service: DZATZ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\pete\LOCALS~1\Temp\DZATZ.exe
backup-20070307-075548-986 O23 - Service: HBYHPSIE - Sysinternals - www.sysinternals.com - C:\DOCUME~1\pete\LOCALS~1\Temp\HBYHPSIE.exe
backup-20070307-075548-261 O23 - Service: HYGJWU - Sysinternals - www.sysinternals.com - C:\DOCUME~1\pete\LOCALS~1\Temp\HYGJWU.exe
backup-20070307-075548-780 O23 - Service: MGCLAFSUSOV - Sysinternals - www.sysinternals.com - C:\DOCUME~1\pete\LOCALS~1\Temp\MGCLAFSUSOV.exe
backup-20070307-075548-115 O23 - Service: MYMA - Sysinternals - www.sysinternals.com - C:\DOCUME~1\pete\LOCALS~1\Temp\MYMA.exe
backup-20070307-075548-719 O23 - Service: NLNG - Sysinternals - www.sysinternals.com - C:\DOCUME~1\pete\LOCALS~1\Temp\NLNG.exe
backup-20070307-075548-798 O23 - Service: RYJIUB - Sysinternals - www.sysinternals.com - C:\DOCUME~1\pete\LOCALS~1\Temp\RYJIUB.exe
backup-20070307-075548-296 O23 - Service: WNDJQCPXD - Sysinternals - www.sysinternals.com - C:\DOCUME~1\pete\LOCALS~1\Temp\WNDJQCPXD.exe
backup-20070307-075548-901 O23 - Service: ZQHAHUR - Sysinternals - www.sysinternals.com - C:\DOCUME~1\pete\LOCALS~1\Temp\ZQHAHUR.exe
backup-20070307-080343-116 R3 - URLSearchHook: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070307-080343-158 O2 - BHO: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070307-080403-729 O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
backup-20070307-181959-417 R3 - URLSearchHook: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070307-181959-866 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
backup-20070307-181959-645 O2 - BHO: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070307-181959-855 O3 - Toolbar: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070307-181959-677 O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
backup-20070307-193858-214 R3 - URLSearchHook: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070307-193858-725 O2 - BHO: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070307-193858-973 O3 - Toolbar: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070307-193858-368 O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
backup-20070308-203817-741 R3 - URLSearchHook: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070308-203817-720 O2 - BHO: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070308-203817-500 O3 - Toolbar: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070308-203817-895 O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
backup-20070309-092547-679 R3 - URLSearchHook: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070309-092547-907 O2 - BHO: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070309-092547-687 O3 - Toolbar: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070309-092547-897 O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
backup-20070309-092710-710 R3 - URLSearchHook: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070309-092710-627 O2 - BHO: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070309-092710-407 O3 - Toolbar: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070309-092710-802 O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
backup-20070309-141707-842 O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
backup-20070309-143913-285 O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
backup-20070309-185545-860 O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
backup-20070310-124556-997 O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)

-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R Avg7Core (AVG7 Kernel) - C:\WINDOWS\system32\drivers\avg7core.sys
1R Avg7RsW (AVG7 Wrap Driver) - C:\WINDOWS\system32\drivers\avg7rsw.sys
1R Avg7RsXP (AVG7 Rezident Driver) - C:\WINDOWS\system32\drivers\avg7rsxp.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys
1R AvgClean (AVG7 Clean Driver) - C:\WINDOWS\system32\drivers\avgclean.sys
2R AvgTdi (AVG Network Redirector) - C:\WINDOWS\system32\drivers\avgtdi.sys
0S bdhabijg - C:\WINDOWS\system32\drivers\bdhabijg.sys (not found)
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\CCDECODE.sys
3R cmuda (C-Media WDM Audio Interface) - C:\WINDOWS\system32\drivers\cmuda.sys
3R FETNDIS (VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver) - C:\WINDOWS\system32\drivers\fetnd5.sys
3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2R GenPort - C:\WINDOWS\system32\drivers\genport.sys
0S gjhbcdid - C:\WINDOWS\system32\drivers\gjhbcdid.sys (not found)
3S hidgame (Microsoft Hid to Joystick Port Enabler) - C:\WINDOWS\system32\drivers\hidgame.sys
2R hidproc - C:\WINDOWS\system32\drivers\hidproc.sys
3S HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
2S https - C:\WINDOWS\system32\drivers\https.sys (not found)
3S iMSPQMn - C:\DOCUME~1\pete\LOCALS~1\Temp\iMSPQMn.sys (not found)
1S intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
2R irda (IrDA Protocol) - C:\WINDOWS\system32\drivers\irda.sys
3S irsir (Microsoft Serial Infrared Driver) - C:\WINDOWS\system32\DRIVERS\irsir.sys (not found)
1S kbdhid (Keyboard HID Driver) - C:\WINDOWS\system32\drivers\kbdhid.sys
3S MadgeTRN (Madge Token-Ring Adapter NDIS5 Driver) - C:\WINDOWS\system32\drivers\mdgndis5.sys
2R MapMem - C:\WINDOWS\system32\drivers\MAPMEM.SYS
3S mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3S MSIRCOMM (Microsoft IR Communications Driver) - C:\WINDOWS\system32\drivers\MSIRCOMM.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\MSTEE.sys
3S ms_mpu401 (Microsoft MPU-401 MIDI UART Driver) - C:\WINDOWS\system32\drivers\msmpu401.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\NABTSFEC.sys
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\NdisIP.sys
2R NTRemap - C:\WINDOWS\system32\drivers\NTREMAP.SYS
3R PAC207 (SoC PC-Camer@) - C:\WINDOWS\system32\drivers\PFC027.sys
0R PrevxDriver (PREVX Kernel Mode Agent) - C:\WINDOWS\system32\drivers\pxfsf.sys
3S PREVXEmulator (PREVX Emulator driver) - C:\WINDOWS\system32\drivers\PxEmu.sys
1R PREVXTdi (PREVX TDI filter) - C:\WINDOWS\system32\drivers\pxtdi.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
1R PXRDDriver (PREVX Rootkitscan driver) - C:\WINDOWS\system32\drivers\PxRD.sys
3R Rasirda (WAN Miniport (IrDA)) - C:\WINDOWS\system32\drivers\rasirda.sys
3S RegGuard - C:\WINDOWS\system32\drivers\regguard.sys
3R S6U12BScanner (MUSTEK 1200 UB Still Image Device Service) - C:\WINDOWS\system32\drivers\usbscan.sys
1R SCDEmu - C:\WINDOWS\system32\drivers\scdemu.sys
3S SiS315 - C:\WINDOWS\system32\drivers\sisgrp.sys
1S SiSEsc (SISLIB_ESC) - C:\WINDOWS\system32\sisesc.sys
0R SiSide - C:\WINDOWS\system32\drivers\siside.sys
0R sisidex - C:\WINDOWS\system32\drivers\sisidex.sys
1R SiSkp - C:\WINDOWS\system32\drivers\srvkp.sys
3S SISNIC (SiS PCI Fast Ethernet Adapter Driver) - C:\WINDOWS\system32\drivers\sisnic.sys
0R sisperf (Add Performance Filter Driver) - C:\WINDOWS\system32\drivers\sisperf.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\SLIP.sys
0R srescan - C:\WINDOWS\system32\ZoneLabs\srescan.sys
3S ss_bus (Samsung Mobile USB Device 1.0 driver (WDM)) - C:\WINDOWS\system32\drivers\ss_bus.sys
3S ss_mdfl (SAMSUNG Mobile USB Modem 1.0 Filter) - C:\WINDOWS\system32\drivers\ss_mdfl.sys
3S ss_mdm (SAMSUNG Mobile USB Modem 1.0 Drivers) - C:\WINDOWS\system32\drivers\ss_mdm.sys
3R StillCam (Still Serial Digital Camera Driver) - C:\WINDOWS\system32\drivers\serscan.sys
3S STIrUsb (SigmaTel USB-IrDA Dongle) - C:\WINDOWS\system32\drivers\irstusb.sys
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\StreamIP.sys
3S U81xbus (LGE U8XXX driver (WDM)) - C:\WINDOWS\system32\drivers\U81xbus.sys
3S U81xmdfl (LGE U8XXX USB WMC Modem Filter) - C:\WINDOWS\system32\drivers\U81xmdfl.sys
3S U81xmdm (LGE U8XXX USB WMC Modem Driver) - C:\WINDOWS\system32\drivers\U81xmdm.sys
3S U81xmgmt (LGE U8XXX USB WMC Device Management Drivers (WDM)) - C:\WINDOWS\system32\drivers\U81xmgmt.sys
3S U81xobex (LGE U8XXX USB WMC OBEX Interface) - C:\WINDOWS\system32\drivers\U81xobex.sys
0R uagp35 (Microsoft AGPv3.5 Filter) - C:\WINDOWS\system32\drivers\uagp35.sys
3S usb2vcom (USB Data Cable) - C:\WINDOWS\system32\drivers\usb2vcom.sys
3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3S usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys
3S usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys
3R viagfx - C:\WINDOWS\system32\drivers\vtmini.sys
0R viamraid - C:\WINDOWS\system32\drivers\viamraid.sys
1R vsdatant - C:\WINDOWS\system32\vsdatant.sys
4S WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\WSTCODEC.SYS
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------



-- Scheduled Tasks -------------------------------------------------------------

2007-03-06 14:10:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>


-- Files created between 2007-02-10 and 2007-03-10 -----------------------------

2007-03-10 11:31:56 0 d-------- C:\Documents and Settings\gillian\Application Data\Prevx
2007-03-09 19:32:39 25773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2007-03-09 16:06:40 0 d-------- C:\Documents and Settings\kate\Application Data\Prevx
2007-03-09 14:06:14 0 d-------- C:\Documents and Settings\pete\Application Data\Prevx
2007-03-09 14:06:06 7680 --a------ C:\WINDOWS\system32\pxinst.dll
2007-03-09 14:06:06 100864 --a------ C:\WINDOWS\system32\drivers\PxEmu.sys
2007-03-09 14:06:05 18560 --a------ C:\WINDOWS\system32\drivers\pxtdi.sys
2007-03-09 14:06:05 276992 --a------ C:\WINDOWS\system32\drivers\pxfsf.sys
2007-03-09 14:06:05 7552 --a------ C:\WINDOWS\system32\drivers\pxcom.sys
2007-03-09 14:05:35 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx
2007-03-09 14:05:34 0 d-------- C:\Program Files\Prevx1
2007-03-09 14:05:04 13952 --a------ C:\WINDOWS\system32\drivers\PxRD.sys
2007-03-09 13:57:46 0 d-------- C:\Documents and Settings\pete\DoctorWeb<DOCTOR~1>
2007-03-09 13:27:14 0 d-------- C:\WINDOWS\ERDNT
2007-03-08 08:34:26 0 d--hs---- C:\FOUND.000
2007-03-07 19:09:32 0 d-------- C:\Documents and Settings\lucy\Application Data\Help
2007-03-06 14:38:56 0 d-------- C:\!KillBox
2007-03-06 14:12:07 0 d-------- C:\NoLopBackups<NOLOPB~1>
2007-03-04 17:44:47 0 d-------- C:\Program Files\ACW
2007-03-04 17:29:22 46352 --a------ C:\WINDOWS\setdebug.exe
2007-03-04 17:29:21 139536 --a------ C:\WINDOWS\system32\javaee.dll
2007-03-04 17:08:00 2256 --a------ C:\WINDOWS\system32\tmp.reg
2007-03-04 17:07:45 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-03-04 17:07:45 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-03-04 17:07:45 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-03-04 17:07:45 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-03-04 17:07:45 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-03-04 17:07:45 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-03-02 20:49:43 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-03-02 20:49:38 0 d-------- C:\8206950b53814547c488e2<820695~1>
2007-03-02 17:10:15 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1>
2007-03-02 17:07:28 0 d-------- C:\WINDOWS\system32\LogFiles
2007-03-02 17:07:28 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-02-28 17:05:01 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-02-27 10:12:45 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan<SECTAS~1>
2007-02-27 10:12:39 0 d-------- C:\Program Files\Security Task Manager<SECURI~1>
2007-02-26 08:28:16 0 d-------- C:\kav
2007-02-25 23:04:25 1 --a------ C:\WINDOWS\system32\index.dat
2007-02-25 22:09:49 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-25 16:40:51 0 d-------- C:\Program Files\Agnitum
2007-02-25 16:03:14 42036 --a------ C:\WINDOWS\system32\431172419388.dat<431172~4.DAT>
2007-02-25 12:58:25 42036 --a------ C:\WINDOWS\system32\431172408301.dat<431172~3.DAT>
2007-02-25 12:27:55 42036 --a------ C:\WINDOWS\system32\431172406458.dat<431172~2.DAT>
2007-02-25 11:57:53 9327 --a------ C:\WINDOWS\system32\drivers\hidproc.sys
2007-02-25 11:57:43 42036 --a------ C:\WINDOWS\system32\431172404659.dat<431172~1.DAT>
2007-02-25 11:57:25 185 --a------ C:\WINDOWS\system32\E25F6992.dat
2007-02-22 18:06:43 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-02-22 18:06:42 19392 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-02-13 19:02:37 0 d-------- C:\Documents and Settings\gillian\Application Data\Talkback


-- Find3M Report ---------------------------------------------------------------

2007-02-25 11:58:00 132 --a------ C:\Program Files\2.ini
2007-02-08 15:00:54 0 d-------- C:\Program Files\PC Camer@<PCCAME~1>
2007-02-08 15:00:54 0 d-------- C:\Program Files\Common Files\PCCamera
2007-02-03 19:19:40 0 d-------- C:\Program Files\LG PC Suite<LGPCSU~1>
2007-02-02 20:07:12 0 d-------- C:\Program Files\Yahoo!
2007-01-29 08:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-12 13:28:04 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2006-12-19 21:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 18:16:48 333824 --a------ C:\WINDOWS\system32\wiaservc.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"SiS Tray"="C:\\WINDOWS\\System32\\sistray.EXE"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"SiS Windows KeyHook"="C:\\WINDOWS\\System32\\keyhook.exe"
"WireLessKeyboard"="C:\\Program Files\\Multimedia Keyboard\\PS2USBKbdDrv.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"VTTrayp"="VTtrayp.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\AutorunsDisabled]
"CdnCtr"="C:\\Program Files\\CNNIC\\Cdn\\cdnup.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^RealDownload.lnk]
"path"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\RealDownload.lnk"
"backup"="C:\\WINDOWS\\pss\\RealDownload.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Real\\REALDO~1\\REALDO~1.EXE -hidden"
"item"="RealDownload"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^pete^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
"backup"="C:\\WINDOWS\\pss\\Microsoft Find Fast.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\FINDFAST.EXE "
"item"="Microsoft Find Fast"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^pete^Start Menu^Programs^Startup^Office Startup.lnk]
"backup"="C:\\WINDOWS\\pss\\Office Startup.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA.EXE -b"
"item"="Office Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8tv3fg93wkked7]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iexpl0ra"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\iexpl0ra.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CFD"
"hkey"="HKLM"
"command"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\drivers]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\drivers\ttp.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ttp"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\drivers\\ttp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DkIcon"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"inimapping"="0"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="??? ?"
"hkey"="HKCU"
"command"="??? ?"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mwsoemon"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PicasaMediaDetector"
"hkey"="HKLM"
"command"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PWRISOVM"
"hkey"="HKLM"
"command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="raid_tool"
"hkey"="HKLM"
"command"="C:\\Program Files\\VIA\\RAID\\raid_tool.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealJukeboxSystray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tsystray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealJukebox\\tsystray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realplay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RFX_auto_upgrade]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shimdvdlongmess]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="htm internet"
"hkey"="HKLM"
"command"="C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\date flap shim dvd\\htm internet.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sysonling"
"hkey"="HKCU"
"command"="C:\\DOCUME~1\\pete\\LOCALS~1\\Temp\\sysonling.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tau Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Taumon"
"hkey"="HKLM"
"command"="C:\\Program Files\\Agnitum\\Tauscan 1.7\\Taumon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray way]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="inside deaf"
"hkey"="HKCU"
"command"="C:\\DOCUME~1\\pete\\APPLIC~1\\LOUDCU~1\\inside deaf.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\workflow]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="workflow"
"hkey"="HKLM"
"command"="D:\\installs\\workflow.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A6011F8F-A7F8-49AA-9ADA-49127D43138F}"=""
"{754FB7D8-B8FE-4810-B363-A788CD060F1F}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptimg

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\hidproc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\https
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\i82440bx

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce098a11-a562-11d9-88ff-806d6172696f}]
Shell\AutoRun\command D:\Setup.exe


-- End of ComboScan: finished at 2007-03-10 at 13:04:51 ------------------------






new hjt after fix checked


Logfile of HijackThis v1.99.1
Scan saved at 13:24:43, on 10/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\pete\My Documents\my programs\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\pxbho.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\system32\nzdd.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

#48 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 10 March 2007 - 09:28 AM

kneecap :D

How did you chose that name? Some of the logon names really crack me up, the funniest one was a guy logged on as Lizard Lips :D


Go to Start> Run and type in msconfig and click ok, go to the start up tab and look for both these and stop them from starting.

"item"="??? ?"

"item"="inside deaf"


Then try removing that 020 entry.

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#49 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 10 March 2007 - 09:47 AM

Also make sure you still have windows enabled to show all files and folders and look for this and delete it.

C:\Program Files\CNNIC

Info on that here
http://research.sunb...threatid=116510

Edited by ken545, 10 March 2007 - 09:48 AM.

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#50 kneecap

kneecap

    Authentic Member

  • Authentic Member
  • PipPip
  • 53 posts
  • Interests:Getting rid of trojans!!!!!

Posted 10 March 2007 - 10:29 AM

Those two entries were already unchecked in start up looked for cnnic in program files but couldn't see it. i have come across a program called Reanimator which claims to get rid of cryptimg should i try it?

#51 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 10 March 2007 - 11:40 AM

Try unchecking these as well.

"item"="iexpl0ra"
"item"="htm internet"

Greatis is a legit site , you need just the standard version although I don't think its free so its your call to download it or not.
http://www.greatis.c...downloc.htm#STD

Another option is to run Comboscan in Safemode.

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#52 kneecap

kneecap

    Authentic Member

  • Authentic Member
  • PipPip
  • 53 posts
  • Interests:Getting rid of trojans!!!!!

Posted 10 March 2007 - 11:46 AM

have a look at reanimator... it finds cryptimg and tries to kill but can't find file. but you can view it in regedit can it be got rid of from there?

#53 kneecap

kneecap

    Authentic Member

  • Authentic Member
  • PipPip
  • 53 posts
  • Interests:Getting rid of trojans!!!!!

Posted 10 March 2007 - 11:54 AM

.........................it appears under windows NT \winlogon \notify

#54 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 10 March 2007 - 11:55 AM

Did you download it ?? If so let me see a new HJT log. I would create a new Restore Point and than back up your registry by using the export feature and then delete that entry related to cryptimg

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#55 kneecap

kneecap

    Authentic Member

  • Authentic Member
  • PipPip
  • 53 posts
  • Interests:Getting rid of trojans!!!!!

Posted 10 March 2007 - 01:40 PM

deleted cryptimg from registry................ still in hjt after fix checked and it's come back into registry!!

    Advertisements

Register to Remove


#56 kneecap

kneecap

    Authentic Member

  • Authentic Member
  • PipPip
  • 53 posts
  • Interests:Getting rid of trojans!!!!!

Posted 10 March 2007 - 01:41 PM

are cryptnet and crypt32chain kosher files?

#57 kneecap

kneecap

    Authentic Member

  • Authentic Member
  • PipPip
  • 53 posts
  • Interests:Getting rid of trojans!!!!!

Posted 10 March 2007 - 01:53 PM

rebooted to safe mode ,still there .tried to delete in safe mode but windows wouldnt let me.

#58 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 10 March 2007 - 01:57 PM

http://www.greatis.c...ryptnet.dll.htm

http://forums.spybot...read.php?t=2600


Go to this site Jotti Upload and under the browse feature, browse to this file cryptnet and crypt32chain <-- Upload them both, one at a time.
Then click on upload and it will give you a report, post the report in your next reply.

Another option is to find the file on your hard drive, right click in and go to properties and it will tell you what company the file belongs to.

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#59 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 10 March 2007 - 02:00 PM

Have you run Comboscan in Safemode yet? If that won't remove it, I am going to have to seek some help on this as everything we have tried is not working. Ken :D

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#60 kneecap

kneecap

    Authentic Member

  • Authentic Member
  • PipPip
  • 53 posts
  • Interests:Getting rid of trojans!!!!!

Posted 10 March 2007 - 02:06 PM

here is the latest comboscan log in safe mode-



ComboScan v20070306.20 run by pete on 2007-03-10 at 19:57:21
Computer is in Safe Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as pete.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 19:57:28, on 10/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\pete\Desktop\comboscan.exe
C:\DOCUME~1\pete\MYDOCU~1\MYPROG~1\pete.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\pxbho.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\system32\nzdd.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe


-- Files created between 2007-02-10 and 2007-03-10 -----------------------------

2007-03-10 18:51:05 0 d-------- C:\Documents and Settings\lucy\Application Data\Prevx
2007-03-10 11:31:56 0 d-------- C:\Documents and Settings\gillian\Application Data\Prevx
2007-03-09 19:32:39 25773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2007-03-09 16:06:40 0 d-------- C:\Documents and Settings\kate\Application Data\Prevx
2007-03-09 14:06:14 0 d-------- C:\Documents and Settings\pete\Application Data\Prevx
2007-03-09 14:06:06 7680 --a------ C:\WINDOWS\system32\pxinst.dll
2007-03-09 14:06:06 100864 --a------ C:\WINDOWS\system32\drivers\PxEmu.sys
2007-03-09 14:06:05 18560 --a------ C:\WINDOWS\system32\drivers\pxtdi.sys
2007-03-09 14:06:05 276992 --a------ C:\WINDOWS\system32\drivers\pxfsf.sys
2007-03-09 14:06:05 7552 --a------ C:\WINDOWS\system32\drivers\pxcom.sys
2007-03-09 14:05:35 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx
2007-03-09 14:05:34 0 d-------- C:\Program Files\Prevx1
2007-03-09 14:05:04 13952 --a------ C:\WINDOWS\system32\drivers\PxRD.sys
2007-03-09 13:57:46 0 d-------- C:\Documents and Settings\pete\DoctorWeb<DOCTOR~1>
2007-03-09 13:27:14 0 d-------- C:\WINDOWS\ERDNT
2007-03-08 08:34:26 0 d--hs---- C:\FOUND.000
2007-03-07 19:09:32 0 d-------- C:\Documents and Settings\lucy\Application Data\Help
2007-03-06 14:38:56 0 d-------- C:\!KillBox
2007-03-06 14:12:07 0 d-------- C:\NoLopBackups<NOLOPB~1>
2007-03-04 17:44:47 0 d-------- C:\Program Files\ACW
2007-03-04 17:29:22 46352 --a------ C:\WINDOWS\setdebug.exe
2007-03-04 17:29:21 139536 --a------ C:\WINDOWS\system32\javaee.dll
2007-03-04 17:08:00 2256 --a------ C:\WINDOWS\system32\tmp.reg
2007-03-04 17:07:45 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-03-04 17:07:45 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-03-04 17:07:45 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-03-04 17:07:45 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-03-04 17:07:45 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-03-04 17:07:45 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-03-02 20:49:43 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-03-02 20:49:38 0 d-------- C:\8206950b53814547c488e2<820695~1>
2007-03-02 17:10:15 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1>
2007-03-02 17:07:28 0 d-------- C:\WINDOWS\system32\LogFiles
2007-03-02 17:07:28 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-02-28 17:05:01 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-02-27 10:12:45 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan<SECTAS~1>
2007-02-27 10:12:39 0 d-------- C:\Program Files\Security Task Manager<SECURI~1>
2007-02-26 08:28:16 0 d-------- C:\kav
2007-02-25 23:04:25 1 --a------ C:\WINDOWS\system32\index.dat
2007-02-25 22:09:49 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-25 16:40:51 0 d-------- C:\Program Files\Agnitum
2007-02-25 16:03:14 42036 --a------ C:\WINDOWS\system32\431172419388.dat<431172~4.DAT>
2007-02-25 12:58:25 42036 --a------ C:\WINDOWS\system32\431172408301.dat<431172~3.DAT>
2007-02-25 12:27:55 42036 --a------ C:\WINDOWS\system32\431172406458.dat<431172~2.DAT>
2007-02-25 11:57:53 9327 --a------ C:\WINDOWS\system32\drivers\hidproc.sys
2007-02-25 11:57:43 42036 --a------ C:\WINDOWS\system32\431172404659.dat<431172~1.DAT>
2007-02-25 11:57:25 185 --a------ C:\WINDOWS\system32\E25F6992.dat
2007-02-22 18:06:43 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-02-22 18:06:42 19392 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-02-13 19:02:37 0 d-------- C:\Documents and Settings\gillian\Application Data\Talkback


-- Find3M Report ---------------------------------------------------------------

2007-02-25 11:58:00 132 --a------ C:\Program Files\2.ini
2007-02-08 15:00:54 0 d-------- C:\Program Files\PC Camer@<PCCAME~1>
2007-02-08 15:00:54 0 d-------- C:\Program Files\Common Files\PCCamera
2007-02-03 19:19:40 0 d-------- C:\Program Files\LG PC Suite<LGPCSU~1>
2007-02-02 20:07:12 0 d-------- C:\Program Files\Yahoo!
2007-01-29 08:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-12 13:28:04 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2006-12-19 21:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 18:16:48 333824 --a------ C:\WINDOWS\system32\wiaservc.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"SiS Tray"="C:\\WINDOWS\\System32\\sistray.EXE"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"SiS Windows KeyHook"="C:\\WINDOWS\\System32\\keyhook.exe"
"WireLessKeyboard"="C:\\Program Files\\Multimedia Keyboard\\PS2USBKbdDrv.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"VTTrayp"="VTtrayp.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\AutorunsDisabled]
"CdnCtr"="C:\\Program Files\\CNNIC\\Cdn\\cdnup.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^RealDownload.lnk]
"path"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\RealDownload.lnk"
"backup"="C:\\WINDOWS\\pss\\RealDownload.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Real\\REALDO~1\\REALDO~1.EXE -hidden"
"item"="RealDownload"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^pete^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
"backup"="C:\\WINDOWS\\pss\\Microsoft Find Fast.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\FINDFAST.EXE "
"item"="Microsoft Find Fast"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^pete^Start Menu^Programs^Startup^Office Startup.lnk]
"backup"="C:\\WINDOWS\\pss\\Office Startup.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA.EXE -b"
"item"="Office Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8tv3fg93wkked7]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iexpl0ra"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\iexpl0ra.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CFD"
"hkey"="HKLM"
"command"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\drivers]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\drivers\ttp.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ttp"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\drivers\\ttp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DkIcon"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"inimapping"="0"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="??? ?"
"hkey"="HKCU"
"command"="??? ?"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mwsoemon"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PicasaMediaDetector"
"hkey"="HKLM"
"command"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PWRISOVM"
"hkey"="HKLM"
"command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="raid_tool"
"hkey"="HKLM"
"command"="C:\\Program Files\\VIA\\RAID\\raid_tool.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealJukeboxSystray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tsystray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealJukebox\\tsystray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realplay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RFX_auto_upgrade]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shimdvdlongmess]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="htm internet"
"hkey"="HKLM"
"command"="C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\date flap shim dvd\\htm internet.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sysonling"
"hkey"="HKCU"
"command"="C:\\DOCUME~1\\pete\\LOCALS~1\\Temp\\sysonling.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tau Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Taumon"
"hkey"="HKLM"
"command"="C:\\Program Files\\Agnitum\\Tauscan 1.7\\Taumon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray way]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="inside deaf"
"hkey"="HKCU"
"command"="C:\\DOCUME~1\\pete\\APPLIC~1\\LOUDCU~1\\inside deaf.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\workflow]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="workflow"
"hkey"="HKLM"
"command"="D:\\installs\\workflow.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A6011F8F-A7F8-49AA-9ADA-49127D43138F}"=""
"{754FB7D8-B8FE-4810-B363-A788CD060F1F}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptimg

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\hidproc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\https
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\i82440bx

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce098a11-a562-11d9-88ff-806d6172696f}]
Shell\AutoRun\command D:\Setup.exe


-- End of ComboScan: finished at 2007-03-10 at 19:58:08 ------------------------

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users