0

Hello, first post here so excuse me if i'm breakin some (un?)written rules. I've read all the stickys and the other post concering this, and I'm still having problems

what i've done and noticed:
Run Avast many times, catching some infected .tmp files but not helping
I've tried booting into safe mood, but even then explorer.exe keeps restarting itself. Everytime it does this, windows pops up the "are you shure you want to be in safe mode?" dialog. It makes it impossible to do any kind of work in safe mode.
Run combofix.exe. Combofix on the first run caught a large number of things and got rid of them (log later). On the reboot, the system was working fine. I thought combofix fixed the problem
However, then spybot search and destroy started to report that something or other was trying to make a registry key ({B3285A3E-E762-4C8D-96BD-C71C74DB3F71}" (new data: "") added in Browser Helper Object!) over and over. It was blocking it every 4 seconds.

During this process, I decided to reinstall windows, thinking that might help (it didn't). I have to reinstall my video card drivers now, so I rebooted my system.

The problems came back. I ran combofix.exe and caught only 3 files. Then spybot started to do the same thing over and over again as it did before.

I am quite confused as to how deep this infection is - and am quite worried that safe mode itself is not working properly. Any advice would be helpful

also, logs:

--Second combo fix run--
ComboFix 07-11-06.4 - Rob 2007-11-06  8:40:16.2 - NTFSx86 
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.1571 [GMT -5:00]
Running from: C:\Documents and Settings\Rob\Desktop\ComboFix.exe
.

    Unable to gain System Privileges

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\rtstv.bak1
C:\WINDOWS\SYSTEM32\rtstv.ini
C:\WINDOWS\system32\vtstr.dll

.
(((((((((((((((((((((((((   Files Created from 2007-10-06 to 2007-11-06  )))))))))))))))))))))))))))))))
.

2007-11-06 08:49    <DIR>    d--------   C:\VundoFix Backups
2007-11-06 07:45    51,200  --a------   C:\WINDOWS\NirCmd.exe
2007-11-05 23:45    116,224 --a--c---   C:\WINDOWS\SYSTEM32\dllcache\xrxwiadr.dll
2007-11-05 23:45    27,648  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\xrxftplt.exe
2007-11-05 23:45    23,040  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\xrxwbtmp.dll
2007-11-05 23:45    17,408  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\xrxscnui.dll
2007-11-05 23:44    99,865  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\xlog.exe
2007-11-05 23:44    19,455  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\wvchntxx.sys
2007-11-05 23:44    19,328  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\wstcodec.sys
2007-11-05 23:44    16,970  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\xem336n5.sys
2007-11-05 23:44    12,063  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\wsiintxx.sys
2007-11-05 23:44    8,832   --a--c---   C:\WINDOWS\SYSTEM32\dllcache\wmiacpi.sys
2007-11-05 23:44    8,192   --a--c---   C:\WINDOWS\SYSTEM32\dllcache\wshirda.dll
2007-11-05 23:44    4,608   --a--c---   C:\WINDOWS\SYSTEM32\dllcache\xrxflnch.exe
2007-11-05 23:30    899,146 --a--c---   C:\WINDOWS\SYSTEM32\dllcache\r2mdkxga.sys
2007-11-05 23:30    714,762 --a--c---   C:\WINDOWS\SYSTEM32\dllcache\r2mdmkxx.sys
2007-11-05 23:30    49,024  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\ql1280.sys
2007-11-05 23:30    45,312  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\ql12160.sys
2007-11-05 23:30    41,472  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\qvusd.dll
2007-11-05 23:30    40,448  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\ql1240.sys
2007-11-05 23:30    19,584  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\rasirda.sys
2007-11-05 23:30    13,776  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\recagent.sys
2007-11-05 23:30    3,328   --a--c---   C:\WINDOWS\SYSTEM32\dllcache\qv2kux.sys
2007-11-05 23:23    51,328  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\msdv.sys
2007-11-05 23:23    35,200  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\msgame.sys
2007-11-05 23:23    22,016  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\msircomm.sys
2007-11-05 23:23    17,280  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\mraid35x.sys
2007-11-05 23:23    12,416  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\msriffwv.sys
2007-11-05 23:23    6,016   --a--c---   C:\WINDOWS\SYSTEM32\dllcache\msfsio.sys
2007-11-05 23:23    2,944   --a--c---   C:\WINDOWS\SYSTEM32\dllcache\msmpu401.sys
2007-11-05 23:14    455,680 --a--c---   C:\WINDOWS\SYSTEM32\dllcache\fus2base.sys
2007-11-05 23:14    455,296 --a--c---   C:\WINDOWS\SYSTEM32\dllcache\fusbbase.sys
2007-11-05 23:14    454,912 --a--c---   C:\WINDOWS\SYSTEM32\dllcache\fxusbase.sys
2007-11-05 23:14    444,416 --a--c---   C:\WINDOWS\SYSTEM32\dllcache\fpcibase.sys
2007-11-05 23:14    442,240 --a--c---   C:\WINDOWS\SYSTEM32\dllcache\fpnpbase.sys
2007-11-05 23:14    441,728 --a--c---   C:\WINDOWS\SYSTEM32\dllcache\fpcmbase.sys
2007-11-05 23:14    92,160  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\fuusd.dll
2007-11-05 23:14    34,173  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\forehe.sys
2007-11-05 23:10    334,208 --a--c---   C:\WINDOWS\SYSTEM32\dllcache\ds1wdm.sys
2007-11-05 23:10    207,360 --a--c---   C:\WINDOWS\SYSTEM32\dllcache\dot4.sys
2007-11-05 23:10    28,062  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\dp83820.sys
2007-11-05 23:10    23,808  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\dot4usb.sys
2007-11-05 23:10    20,192  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\dpti2o.sys
2007-11-05 23:10    12,928  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\dot4prt.sys
2007-11-05 23:10    8,704   --a--c---   C:\WINDOWS\SYSTEM32\dllcache\dot4scan.sys
2007-11-05 23:00    2,180,992   --a--c---   C:\WINDOWS\SYSTEM32\dllcache\ntoskrnl.exe
2007-11-05 23:00    66,048  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\s3legacy.dll
2007-11-05 22:14    24,661  --a------   C:\WINDOWS\SYSTEM32\spxcoins.dll
2007-11-05 22:14    24,661  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\spxcoins.dll
2007-11-05 22:14    13,312  --a------   C:\WINDOWS\SYSTEM32\irclass.dll
2007-11-05 22:14    13,312  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\irclass.dll
2007-11-05 21:42    <DIR>    d----c---   C:\Documents and Settings\Administrator\Application Data\Talkback
2007-11-05 09:23    35,328  --a------   C:\WINDOWS\SYSTEM32\vtuvuvt.dll
2007-11-05 09:22    <DIR>    d--------   C:\Program Files\kdcngncr
2007-11-05 09:22    104,960 --a------   C:\WINDOWS\SYSTEM32\drvtak.dll
2007-11-05 07:31    <DIR>    d--------   C:\Program Files\kfspybmd
2007-11-05 07:31    36,864  --a------   C:\WINDOWS\SYSTEM32\cbxyvtt.dll
2007-11-04 22:30    104,960 --a------   C:\WINDOWS\SYSTEM32\drvlim.dll
2007-10-27 16:35    <DIR>    d--------   C:\Program Files\PCPitstop
2007-10-25 13:55    <DIR>    d--------   C:\Program Files\Crazy Marble 2 Demo
2007-10-25 13:55    <DIR>    d--------   C:\Program Files\Common Files\Download Manager
2007-10-18 19:32    <DIR>    d--------   C:\Program Files\EA Games
2007-10-16 15:49    <DIR>    d--------   C:\Program Files\CachemanXP
2007-10-13 11:30    <DIR>    d--------   C:\Program Files\GCFScape
2007-10-07 16:12    <DIR>    d----c---   C:\Documents and Settings\All Users\Application Data\Age of Empires 3 YPack Trial

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-06 13:50    ---------   d-----w C:\Program Files\GetRight
2007-11-06 12:27    ---------   dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-05 03:39    ---------   dc----w C:\Documents and Settings\Rob\Application Data\uTorrent
2007-11-05 03:33    ---------   dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-01 19:12    ---------   d-----w C:\Program Files\Comcast Play Games
2007-10-30 23:50    ---------   d-----w C:\Program Files\mIRC
2007-10-30 04:13    ---------   dc----w C:\Documents and Settings\Rob\Application Data\Hamachi
2007-10-30 03:56    25,280  ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-28 02:29    ---------   d-----w C:\Program Files\Tsukihime
2007-10-26 13:44    ---------   d--h--w C:\Program Files\InstallShield Installation Information
2007-10-25 16:28    ---------   dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-19 22:09    ---------   dc----w C:\Documents and Settings\Rob\Application Data\Dev-Cpp
2007-10-16 17:52    ---------   d-----w C:\Program Files\AIM
2007-10-13 21:53    ---------   d-----w C:\Program Files\Activision
2007-10-11 04:28    25,992  ----a-w C:\WINDOWS\SYSTEM32\pgdfgsvc.exe
2007-10-07 21:01    ---------   d-----w C:\Program Files\Microsoft Games
2007-10-06 04:22    ---------   dc----w C:\Documents and Settings\Rob\Application Data\Soldat
2007-10-06 04:12    ---------   d-----w C:\Program Files\Toribash-2.3
2007-10-04 02:01    ---------   d-----w C:\Program Files\Safer Networking
2007-10-02 13:56    ---------   d-----w C:\Program Files\Bluehell Productions
2007-09-28 03:26    ---------   dc----w C:\Documents and Settings\Ana\Application Data\Move Networks
2007-09-25 22:56    ---------   d-----w C:\Program Files\Professor Fizzwizzle
2007-09-23 07:19    ---------   d-----w C:\Program Files\SSI
2007-09-23 03:58    ---------   d-----w C:\Program Files\Combined Community Codec Pack
2007-09-23 03:51    33,533  ----a-w C:\WINDOWS\SYSTEM32\CoreVorbis-uninstall.exe
2007-09-22 23:57    ---------   d-----w C:\Program Files\eFusion
2007-09-22 18:23    43,520  ----a-w C:\WINDOWS\SYSTEM32\CmdLineExt03.dll
2007-09-22 17:13    ---------   dc----w C:\Documents and Settings\Rob\Application Data\InstallShield Installation Information
2007-09-21 18:53    ---------   dc----w C:\Documents and Settings\Rob\Application Data\Ironclad Games
2007-09-19 12:23    ---------   d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-09-18 01:41    ---------   d-----w C:\Program Files\Audacity
2007-09-17 21:49    ---------   dc----w C:\Documents and Settings\WALLA WALLA\Application Data\Big Fish Games
2007-09-17 20:37    ---------   d-----w C:\Program Files\QBeez 2
2007-09-17 17:55    ---------   d-----w C:\Program Files\MSN Games
2007-09-16 02:26    ---------   d-----w C:\Program Files\DAEMON Tools
2007-09-16 02:17    ---------   d-----w C:\Program Files\Vivendi Games
2007-09-15 22:48    ---------   d-----w C:\Program Files\Radeon Omega Drivers
2007-09-15 22:40    451,072 ----a-w C:\WINDOWS\Radeon Omega Drivers v3.8.360 Uninstall.exe
2007-09-15 22:40    ---------   d-----w C:\Program Files\MultiRes
2007-09-15 03:39    ---------   d-----w C:\Program Files\Yeti Studios
2007-09-14 11:41    ---------   dc----w C:\Documents and Settings\Rob\Application Data\U3
2007-09-12 16:47    ---------   d-----w C:\Program Files\THQ
2007-09-12 16:47    ---------   d-----w C:\Program Files\Street Hacker
2007-09-12 16:20    ---------   d-----w C:\Program Files\FizzBall DEMO
2007-09-12 02:45    ---------   d-----w C:\Program Files\SD EnterNET
2007-09-10 23:29    ---------   dc----w C:\Documents and Settings\WALLA WALLA\Application Data\PlayFirst
2007-09-10 23:29    ---------   dc----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-09-09 22:01    ---------   d-----w C:\Program Files\Passware
2007-09-09 03:57    ---------   d-----w C:\Program Files\Motherboard Monitor 5
2007-09-08 19:24    ---------   d-----w C:\Program Files\Symantec
2007-09-07 22:32    ---------   d-----w C:\Program Files\Notepad++
2007-09-06 20:36    ---------   d-----w C:\Program Files\bfgclient
2007-09-06 10:09    801,144 ----a-w C:\WINDOWS\SYSTEM32\aswBoot.exe
2007-09-06 10:05    94,416  ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05    92,848  ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03    23,152  ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02    42,912  ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00    95,608  ----a-w C:\WINDOWS\SYSTEM32\AVASTSS.scr
2007-09-06 10:00    26,624  ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-02 06:48    98,304  ----a-w C:\WINDOWS\SYSTEM32\CmdLineExt.dll
2007-08-20 18:06    409,600 ----a-w C:\WINDOWS\SYSTEM32\wrap_oal.dll
2007-08-20 18:06    114,688 ----a-w C:\WINDOWS\SYSTEM32\OpenAL32.dll
2007-08-08 20:55    2,517   ----a-w C:\Program Files\INSTALL.LOG
2007-05-28 19:23    92,064  -c--a-w C:\Documents and Settings\Rob\mqdmmdm.sys
2007-05-28 19:23    9,232   -c--a-w C:\Documents and Settings\Rob\mqdmmdfl.sys
2007-05-28 19:23    79,328  -c--a-w C:\Documents and Settings\Rob\mqdmserd.sys
2007-05-28 19:23    66,656  -c--a-w C:\Documents and Settings\Rob\mqdmbus.sys
2007-05-28 19:23    6,208   -c--a-w C:\Documents and Settings\Rob\mqdmcmnt.sys
2007-05-28 19:23    5,936   -c--a-w C:\Documents and Settings\Rob\mqdmwhnt.sys
2007-05-28 19:23    4,048   -c--a-w C:\Documents and Settings\Rob\mqdmcr.sys
2007-05-28 19:23    25,600  -c--a-w C:\Documents and Settings\Rob\usbsermptxp.sys
2007-05-28 19:23    22,768  -c--a-w C:\Documents and Settings\Rob\usbsermpt.sys
2006-12-27 18:20    1   -c--a-w C:\Documents and Settings\Rob\SI.bin
2004-10-25 03:48    266 --sh--w C:\Program Files\desktop.ini
2004-10-25 03:48    11,079  ---ha-w C:\Program Files\folder.htt
2003-12-18 15:33    20,102  ----a-w C:\Program Files\Readme.txt
2003-09-03 11:46    10,960  ----a-w C:\Program Files\EULA.txt
2001-11-23 05:08    712,704 ----a-r C:\WINDOWS\INF\OTHER\AUDIO3D.DLL
.

(((((((((((((((((((((((((((((   snapshot@2007-11-06_ 8.10.52.95   )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 05:56:42   229,376 ----a-w C:\WINDOWS\SYSTEM32\ati2cqag.dll
+ 2007-03-15 01:10:28   356,352 ----a-w C:\WINDOWS\SYSTEM32\ati2cqag.dll
+ 2007-03-15 01:10:28   356,352 ----a-w C:\WINDOWS\SYSTEM32\ati2cqag.dll.tmp
- 2004-08-04 05:56:42   201,728 ----a-w C:\WINDOWS\SYSTEM32\ati2dvag.dll
+ 2007-03-15 01:57:34   267,776 ----a-w C:\WINDOWS\SYSTEM32\ati2dvag.dll
+ 2007-03-15 01:57:34   267,776 ----a-w C:\WINDOWS\SYSTEM32\ati2dvag.dll.tmp
- 2004-09-16 01:10:00   516,096 ----a-w C:\WINDOWS\SYSTEM32\ati2sgag.exe
+ 2004-09-16 02:10:00   516,096 ----a-w C:\WINDOWS\SYSTEM32\ati2sgag.exe
- 2004-08-04 05:56:42   1,888,992   ----a-w C:\WINDOWS\SYSTEM32\ati3duag.dll
+ 2007-03-15 01:40:10   2,820,544   ----a-w C:\WINDOWS\SYSTEM32\ati3duag.dll
+ 2007-03-15 01:40:10   2,820,544   ----a-w C:\WINDOWS\SYSTEM32\ati3duag.dll.tmp
- 2004-08-04 05:56:42   516,768 ----a-w C:\WINDOWS\SYSTEM32\ativvaxx.dll
+ 2007-03-15 01:29:47   1,315,712   ----a-w C:\WINDOWS\SYSTEM32\ativvaxx.dll
+ 2007-03-15 01:29:47   1,315,712   ----a-w C:\WINDOWS\SYSTEM32\ativvaxx.dll.tmp
- 2004-08-04 03:29:28   701,440 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys
+ 2007-03-15 01:57:15   1,986,560   ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys
+ 2004-08-04 05:56:42   229,376 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\ati2cqag.dll
+ 2004-08-04 05:56:42   201,728 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\ati2dvag.dll
+ 2007-03-15 01:50:12   42,496  ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\ati2edxx.dll
+ 2007-03-15 01:14:00   49,152  ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\ati2erec.dll
+ 2007-03-15 01:49:59   114,688 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\ati2evxx.dll
+ 2007-03-15 01:48:39   450,560 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\ati2evxx.exe
+ 2007-03-15 01:50:19   26,112  ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\Ati2mdxx.exe
+ 2004-08-04 03:29:28   701,440 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\ati2mtag.sys
+ 2004-08-04 05:56:42   1,888,992   ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\ati3duag.dll
+ 2006-02-22 00:05:00   1,830,912   ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\atiadaxx.exe
+ 2006-02-22 07:13:48   348,160 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\aticds10.dll
+ 2007-03-15 01:47:52   53,248  ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\ATIDDC.DLL
+ 2007-03-15 01:58:38   315,392 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\ATIDEMGX.dll
+ 2007-03-06 21:04:53   143,676 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\atiicdxx.dat
+ 2006-02-22 07:14:58   380,928 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\atiicdxx.dll
+ 2006-02-22 07:13:54   6,144   ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\atiicdxx.sys
+ 2007-03-15 01:55:38   307,200 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\atiiiexx.dll
+ 2006-02-22 00:05:00   36,864  ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\Atiiprxx.exe
+ 2007-03-15 01:16:14   258,048 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\atikvmag.dll
+ 2006-12-17 01:23:32   6,684,672   ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\atioglx1.dll
+ 2007-03-15 01:19:32   5,402,624   ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\atioglxx.dll
+ 2007-03-15 01:50:39   122,880 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\atipdlxx.dll
+ 2006-02-22 00:05:00   274,432 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\atipdsxx.dll
+ 2006-02-22 00:05:00   61,440  ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\atiphexx.exe
+ 2006-02-22 00:05:00   114,688 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\atippaxx.dll
+ 2006-02-22 00:05:00   139,264 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\atiprbxx.exe
+ 2006-02-22 00:05:00   344,064 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\atiptaxx.exe
+ 2006-02-22 00:05:00   2,060,288   ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\atipuixx.dll
+ 2007-03-15 01:14:43   17,408  ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\atitvo32.dll
+ 2001-11-09 14:01:04   24,064  ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\ativcoxx.dll
+ 2007-03-15 01:29:32   3,107,788   ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\ativvaxx.dat
+ 2004-08-04 05:56:42   516,768 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\ativvaxx.dll
+ 2007-03-15 01:50:27   114,688 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]000\DriverFiles\Oemdspif.dll
+ 2007-03-15 01:10:28   356,352 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\ati2cqag.dll
+ 2007-03-15 01:57:34   267,776 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\ati2dvag.dll
+ 2007-03-15 01:50:12   42,496  ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\ati2edxx.dll
+ 2007-03-15 01:14:00   49,152  ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\ati2erec.dll
+ 2007-03-15 01:49:59   114,688 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\ati2evxx.dll
+ 2007-03-15 01:48:39   450,560 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\ati2evxx.exe
+ 2007-03-15 01:50:19   26,112  ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\Ati2mdxx.exe
+ 2007-03-15 01:57:15   1,986,560   ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\ati2mtag.sys
+ 2007-03-15 01:40:10   2,820,544   ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\ati3duag.dll
+ 2006-02-22 00:05:00   1,830,912   ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\atiadaxx.exe
+ 2006-02-22 07:13:48   348,160 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\aticds10.dll
+ 2007-03-15 01:47:52   53,248  ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\ATIDDC.DLL
+ 2007-03-15 01:58:38   315,392 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\ATIDEMGX.dll
+ 2007-03-06 21:04:53   143,676 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\atiicdxx.dat
+ 2006-02-22 07:14:58   380,928 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\atiicdxx.dll
+ 2006-02-22 07:13:54   6,144   ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\atiicdxx.sys
+ 2007-03-15 01:55:38   307,200 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\atiiiexx.dll
+ 2006-02-22 00:05:00   36,864  ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\Atiiprxx.exe
+ 2007-03-15 01:16:14   258,048 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\atikvmag.dll
+ 2006-12-17 01:23:32   6,684,672   ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\atioglx1.dll
+ 2007-03-15 01:19:32   5,402,624   ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\atioglxx.dll
+ 2007-03-15 01:50:39   122,880 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\atipdlxx.dll
+ 2006-02-22 00:05:00   274,432 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\atipdsxx.dll
+ 2006-02-22 00:05:00   61,440  ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\atiphexx.exe
+ 2006-02-22 00:05:00   114,688 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\atippaxx.dll
+ 2006-02-22 00:05:00   139,264 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\atiprbxx.exe
+ 2006-02-22 00:05:00   344,064 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\atiptaxx.exe
+ 2006-02-22 00:05:00   2,060,288   ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\atipuixx.dll
+ 2007-03-15 01:14:43   17,408  ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\atitvo32.dll
+ 2001-11-09 14:01:04   24,064  ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\ativcoxx.dll
+ 2007-03-15 01:29:32   3,107,788   ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\ativvaxx.dat
+ 2007-03-15 01:29:47   1,315,712   ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\ativvaxx.dll
+ 2007-03-15 01:50:27   114,688 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\[u]0[/u]001\DriverFiles\Oemdspif.dll
+ 2007-11-06 13:59:54   16,384  ----atw C:\WINDOWS\Temp\Perflib_Perfdata_238.dat
+ 2007-11-06 13:59:08   16,384  ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7c4.dat
- 2007-11-06 13:05:56   98,304  ----a-w C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-06 14:00:28   98,304  ----a-w C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89032A20-4370-487E-AB80-2251EC374249}]
2007-11-05 07:31    36864   --a------   C:\WINDOWS\system32\cbxyvtt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9FE2211D-6D1C-4143-AFF7-E7B82B47D4A0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 05:06]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"AtiPTA"="atiptaxx.exe" [2006-02-21 19:05 C:\WINDOWS\SYSTEM32\atiptaxx.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-22 20:44]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2006-12-06 08:00]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

C:\Documents and Settings\Ana\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

C:\Documents and Settings\WALLA WALLA\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoBrowserOptions"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBrowserOptions"=0 (0x0)
"NoSMBalloonTip"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{89032A20-4370-487E-AB80-2251EC374249}"= C:\WINDOWS\system32\cbxyvtt.dll [2007-11-05 07:31 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxyvtt] 
cbxyvtt.dll 2007-11-05 07:31 36864 C:\WINDOWS\SYSTEM32\cbxyvtt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmbj32] 
winmbj32.dll 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtstr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
backup=C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=C:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rob^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rob^Start Menu^Programs^Startup^Adware Filter.lnk]
backup=C:\WINDOWS\pss\Adware Filter.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rob^Start Menu^Programs^Startup^ATI Tray Tools.lnk]
backup=C:\WINDOWS\pss\ATI Tray Tools.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rob^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Rob\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rob^Start Menu^Programs^Startup^Phoenix RPG Mod 1.91 - Auto Update.lnk]
backup=C:\WINDOWS\pss\Phoenix RPG Mod 1.91 - Auto Update.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rob^Start Menu^Programs^Startup^Xfire.lnk]
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7ee8c064.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiTrayTools]
"C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\atitray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
"\FreeRAM XP Pro.exe" -win

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
"C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"C:\Program Files\Internet Optimizer\optimize.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"c:\program files\common files\installshield\updateservice\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MultiRes]
C:\Program Files\MultiRes\MultiRes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
SysTray.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tsa2]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
"C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows AdStatus]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zanu]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZESOFT"=2 (0x2)
"NVSvc"=2 (0x2)
"VETMSGNT"=2 (0x2)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"ose"=3 (0x3)
"Macromedia Licensing Service"=3 (0x3)
"iPodService"=3 (0x3)
"Iomsyxxvam"=3 (0x3)
"IDriverT"=3 (0x3)
"Groove Games Licensing Service"=3 (0x3)
"EPSONStatusAgent2"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"ATI Smart"=2 (0x2)
"avast! Mail Scanner"=3 (0x3)
"rpcapd"=3 (0x3)
"NBService"=3 (0x3)
"WMPNetworkSvc"=2 (0x2)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"CachemanXPService"=2 (0x2)
"avast! Web Scanner"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AIM"=C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
"Steam"=
"NVIEW"=rundll32.exe nview.dll,nViewLoadHook

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ScanRegistry"=C:\WINDOWS\scanregw.exe /autorun
"TaskMonitor"=C:\WINDOWS\taskmon.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\nvcpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\nvmctray.dll,NvTaskbarInit
"C-Media Mixer"=Mixer.exe /startup
"tgcmd"="C:\Program Files\support.com\bin\tgcmd.exe" /server
"CriticalUpdate"=C:\WINDOWS\SYSTEM32\WUCRTUPD.EXE -startup
"EM_EXEC"=C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
"kdx"=C:\WINDOWS\KDX\KHOST.EXE
"QuickTime Task"="C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
"ICSMGR"=ICSMGR.EXE
"TBPS"=C:\PROGRA~1\TOOLBAR\TBPS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"SmcService"=C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
"Tweak UI"=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\nvcpl.dll,NvStartup
"QuickTime Task"="C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"SchedulingAgent"=C:\WINDOWS\SYSTEM\mstask.exe

R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
R1 atitray;atitray;\??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys
R2 PfDetNT;PfDetNT;\??\C:\WINDOWS\system32\drivers\PfModNT.sys
R2 X4HSX32;X4HSX32;\??\C:\Program Files\Comcast Games on Demand\X4HSX32.Sys
R2 xinstall;xinstall;\??\C:\WINDOWS\system32\drivers\xinstall.sys
S0 d117bus;d117bus;C:\WINDOWS\system32\DRIVERS\d117bus.sys
S0 d117prt;d117prt;C:\WINDOWS\system32\Drivers\d117prt.sys
S0 d343bus;d343bus;C:\WINDOWS\system32\DRIVERS\d343bus.sys
S0 d343prt;d343prt;C:\WINDOWS\system32\Drivers\d343prt.sys
S2 SVKP;SVKP;\??\C:\windows\system32\SVKP.sys
S3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);C:\WINDOWS\system32\drivers\ES1370MP.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 naecd;naecd;\??\C:\DOCUME~1\Rob\LOCALS~1\Temp\naecd.sys
S3 nocashio;nocashio;C:\WINDOWS\system32\drivers\nocashio.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 pnicml;pnicml;\??\C:\DOCUME~1\Rob\LOCALS~1\Temp\pnicml.sys
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 SMIHardwareMonitor;SMI Hardware Monitor Driver 1.0;\??\C:\WINDOWS\system32\smidriver.sys
S3 tj2knd5;Terayon Cable Modem (NDIS);C:\WINDOWS\system32\DRIVERS\tj2knd5.sys
S3 tj2kunic;Terayon Cable Modem (WDM);C:\WINDOWS\system32\DRIVERS\tj2kunic.sys
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S3 XDva011;XDva011;\??\C:\WINDOWS\system32\XDva011.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc  p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19f6db62-111a-11da-b3be-00e06f9398a3}]
\Shell\AutoRun\command - F:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6cc598ba-11b0-11da-b3c4-00e06f9398a3}]
\Shell\AutoRun\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ffaf618-0a2d-11da-b388-00e06f9398a3}]
\Shell\AutoRun\command - F:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0d86118-3548-11dc-a208-0015f2a634d8}]
\Shell\AutoRun\command - I:\autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-11-06 09:01:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2007-11-06  9:07:29 - machine was rebooted 
C:\ComboFix2.txt ... 2007-11-06 08:13
.
    --- E O F ---






--First ComboFix run--







ComboFix 07-11-06.4 - Rob 2007-11-06  7:50:11.1 - NTFSx86 
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.1605 [GMT -5:00]
Running from: C:\Documents and Settings\Rob\Desktop\ComboFix.exe
 * Created a new restore point
.

    Unable to gain System Privileges

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\windows adstatus
C:\Program Files\windows adstatus\Info.txt
C:\WINDOWS\boot.ini
C:\WINDOWS\hosts
C:\WINDOWS\start.exe
C:\WINDOWS\system32\.exe
C:\WINDOWS\system32\drvlimr.dll
C:\WINDOWS\system32\drvtakr.dll
C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\SYSTEM32\kjkkj.bak1
C:\WINDOWS\SYSTEM32\kjkkj.bak2
C:\WINDOWS\SYSTEM32\kjkkj.ini
C:\WINDOWS\SYSTEM32\llkkj.bak1
C:\WINDOWS\SYSTEM32\llkkj.ini
C:\WINDOWS\SYSTEM32\qttss.ini
C:\WINDOWS\SYSTEM32\qttss.ini2
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\winuqw32.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_IPRIP
-------\Iprip


(((((((((((((((((((((((((   Files Created from 2007-10-06 to 2007-11-06  )))))))))))))))))))))))))))))))
.

2007-11-06 07:45    51,200  --a------   C:\WINDOWS\NirCmd.exe
2007-11-05 23:45    116,224 --a--c---   C:\WINDOWS\SYSTEM32\dllcache\xrxwiadr.dll
2007-11-05 23:45    27,648  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\xrxftplt.exe
2007-11-05 23:45    23,040  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\xrxwbtmp.dll
2007-11-05 23:45    17,408  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\xrxscnui.dll
2007-11-05 23:44    99,865  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\xlog.exe
2007-11-05 23:44    19,455  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\wvchntxx.sys
2007-11-05 23:44    19,328  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\wstcodec.sys
2007-11-05 23:44    16,970  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\xem336n5.sys
2007-11-05 23:44    12,063  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\wsiintxx.sys
2007-11-05 23:44    8,832   --a--c---   C:\WINDOWS\SYSTEM32\dllcache\wmiacpi.sys
2007-11-05 23:44    8,192   --a--c---   C:\WINDOWS\SYSTEM32\dllcache\wshirda.dll
2007-11-05 23:44    4,608   --a--c---   C:\WINDOWS\SYSTEM32\dllcache\xrxflnch.exe
2007-11-05 23:30    899,146 --a--c---   C:\WINDOWS\SYSTEM32\dllcache\r2mdkxga.sys
2007-11-05 23:30    714,762 --a--c---   C:\WINDOWS\SYSTEM32\dllcache\r2mdmkxx.sys
2007-11-05 23:30    49,024  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\ql1280.sys
2007-11-05 23:30    45,312  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\ql12160.sys
2007-11-05 23:30    41,472  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\qvusd.dll
2007-11-05 23:30    40,448  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\ql1240.sys
2007-11-05 23:30    19,584  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\rasirda.sys
2007-11-05 23:30    13,776  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\recagent.sys
2007-11-05 23:30    3,328   --a--c---   C:\WINDOWS\SYSTEM32\dllcache\qv2kux.sys
2007-11-05 23:23    51,328  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\msdv.sys
2007-11-05 23:23    35,200  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\msgame.sys
2007-11-05 23:23    22,016  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\msircomm.sys
2007-11-05 23:23    17,280  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\mraid35x.sys
2007-11-05 23:23    12,416  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\msriffwv.sys
2007-11-05 23:23    6,016   --a--c---   C:\WINDOWS\SYSTEM32\dllcache\msfsio.sys
2007-11-05 23:23    2,944   --a--c---   C:\WINDOWS\SYSTEM32\dllcache\msmpu401.sys
2007-11-05 23:14    455,680 --a--c---   C:\WINDOWS\SYSTEM32\dllcache\fus2base.sys
2007-11-05 23:14    455,296 --a--c---   C:\WINDOWS\SYSTEM32\dllcache\fusbbase.sys
2007-11-05 23:14    454,912 --a--c---   C:\WINDOWS\SYSTEM32\dllcache\fxusbase.sys
2007-11-05 23:14    444,416 --a--c---   C:\WINDOWS\SYSTEM32\dllcache\fpcibase.sys
2007-11-05 23:14    442,240 --a--c---   C:\WINDOWS\SYSTEM32\dllcache\fpnpbase.sys
2007-11-05 23:14    441,728 --a--c---   C:\WINDOWS\SYSTEM32\dllcache\fpcmbase.sys
2007-11-05 23:14    92,160  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\fuusd.dll
2007-11-05 23:14    34,173  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\forehe.sys
2007-11-05 23:10    334,208 --a--c---   C:\WINDOWS\SYSTEM32\dllcache\ds1wdm.sys
2007-11-05 23:10    207,360 --a--c---   C:\WINDOWS\SYSTEM32\dllcache\dot4.sys
2007-11-05 23:10    28,062  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\dp83820.sys
2007-11-05 23:10    23,808  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\dot4usb.sys
2007-11-05 23:10    20,192  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\dpti2o.sys
2007-11-05 23:10    12,928  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\dot4prt.sys
2007-11-05 23:10    8,704   --a--c---   C:\WINDOWS\SYSTEM32\dllcache\dot4scan.sys
2007-11-05 23:00    2,180,992   --a--c---   C:\WINDOWS\SYSTEM32\dllcache\ntoskrnl.exe
2007-11-05 23:00    66,048  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\s3legacy.dll
2007-11-05 22:14    24,661  --a------   C:\WINDOWS\SYSTEM32\spxcoins.dll
2007-11-05 22:14    24,661  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\spxcoins.dll
2007-11-05 22:14    13,312  --a------   C:\WINDOWS\SYSTEM32\irclass.dll
2007-11-05 22:14    13,312  --a--c---   C:\WINDOWS\SYSTEM32\dllcache\irclass.dll
2007-11-05 21:42    <DIR>    d----c---   C:\Documents and Settings\Administrator\Application Data\Talkback
2007-11-05 09:23    35,328  --a------   C:\WINDOWS\SYSTEM32\vtuvuvt.dll
2007-11-05 09:22    <DIR>    d--------   C:\Program Files\kdcngncr
2007-11-05 09:22    104,960 --a------   C:\WINDOWS\SYSTEM32\drvtak.dll
2007-11-05 07:31    <DIR>    d--------   C:\Program Files\kfspybmd
2007-11-05 07:31    36,864  --a------   C:\WINDOWS\SYSTEM32\cbxyvtt.dll
2007-11-04 22:30    104,960 --a------   C:\WINDOWS\SYSTEM32\drvlim.dll
2007-10-27 16:35    <DIR>    d--------   C:\Program Files\PCPitstop
2007-10-25 13:55    <DIR>    d--------   C:\Program Files\Crazy Marble 2 Demo
2007-10-25 13:55    <DIR>    d--------   C:\Program Files\Common Files\Download Manager
2007-10-18 19:32    <DIR>    d--------   C:\Program Files\EA Games
2007-10-16 15:49    <DIR>    d--------   C:\Program Files\CachemanXP
2007-10-13 11:30    <DIR>    d--------   C:\Program Files\GCFScape
2007-10-07 16:12    <DIR>    d----c---   C:\Documents and Settings\All Users\Application Data\Age of Empires 3 YPack Trial

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-06 12:45    ---------   d-----w C:\Program Files\GetRight
2007-11-06 12:27    ---------   dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-05 03:39    ---------   dc----w C:\Documents and Settings\Rob\Application Data\uTorrent
2007-11-05 03:33    ---------   dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-01 19:12    ---------   d-----w C:\Program Files\Comcast Play Games
2007-10-30 23:50    ---------   d-----w C:\Program Files\mIRC
2007-10-30 04:13    ---------   dc----w C:\Documents and Settings\Rob\Application Data\Hamachi
2007-10-30 03:56    25,280  ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-28 02:29    ---------   d-----w C:\Program Files\Tsukihime
2007-10-26 13:44    ---------   d--h--w C:\Program Files\InstallShield Installation Information
2007-10-25 16:28    ---------   dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-19 22:09    ---------   dc----w C:\Documents and Settings\Rob\Application Data\Dev-Cpp
2007-10-16 17:52    ---------   d-----w C:\Program Files\AIM
2007-10-13 21:53    ---------   d-----w C:\Program Files\Activision
2007-10-11 04:28    25,992  ----a-w C:\WINDOWS\SYSTEM32\pgdfgsvc.exe
2007-10-07 21:01    ---------   d-----w C:\Program Files\Microsoft Games
2007-10-06 04:22    ---------   dc----w C:\Documents and Settings\Rob\Application Data\Soldat
2007-10-06 04:12    ---------   d-----w C:\Program Files\Toribash-2.3
2007-10-04 02:01    ---------   d-----w C:\Program Files\Safer Networking
2007-10-02 13:56    ---------   d-----w C:\Program Files\Bluehell Productions
2007-09-28 03:26    ---------   dc----w C:\Documents and Settings\Ana\Application Data\Move Networks
2007-09-25 22:56    ---------   d-----w C:\Program Files\Professor Fizzwizzle
2007-09-23 07:19    ---------   d-----w C:\Program Files\SSI
2007-09-23 03:58    ---------   d-----w C:\Program Files\Combined Community Codec Pack
2007-09-23 03:51    33,533  ----a-w C:\WINDOWS\SYSTEM32\CoreVorbis-uninstall.exe
2007-09-22 23:57    ---------   d-----w C:\Program Files\eFusion
2007-09-22 18:23    43,520  ----a-w C:\WINDOWS\SYSTEM32\CmdLineExt03.dll
2007-09-22 17:13    ---------   dc----w C:\Documents and Settings\Rob\Application Data\InstallShield Installation Information
2007-09-21 18:53    ---------   dc----w C:\Documents and Settings\Rob\Application Data\Ironclad Games
2007-09-19 12:23    ---------   d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-09-18 01:41    ---------   d-----w C:\Program Files\Audacity
2007-09-17 21:49    ---------   dc----w C:\Documents and Settings\WALLA WALLA\Application Data\Big Fish Games
2007-09-17 20:37    ---------   d-----w C:\Program Files\QBeez 2
2007-09-17 17:55    ---------   d-----w C:\Program Files\MSN Games
2007-09-16 02:26    ---------   d-----w C:\Program Files\DAEMON Tools
2007-09-16 02:17    ---------   d-----w C:\Program Files\Vivendi Games
2007-09-15 22:48    ---------   d-----w C:\Program Files\Radeon Omega Drivers
2007-09-15 22:40    451,072 ----a-w C:\WINDOWS\Radeon Omega Drivers v3.8.360 Uninstall.exe
2007-09-15 22:40    ---------   d-----w C:\Program Files\MultiRes
2007-09-15 03:39    ---------   d-----w C:\Program Files\Yeti Studios
2007-09-14 11:41    ---------   dc----w C:\Documents and Settings\Rob\Application Data\U3
2007-09-12 16:47    ---------   d-----w C:\Program Files\THQ
2007-09-12 16:47    ---------   d-----w C:\Program Files\Street Hacker
2007-09-12 16:20    ---------   d-----w C:\Program Files\FizzBall DEMO
2007-09-12 02:45    ---------   d-----w C:\Program Files\SD EnterNET
2007-09-10 23:29    ---------   dc----w C:\Documents and Settings\WALLA WALLA\Application Data\PlayFirst
2007-09-10 23:29    ---------   dc----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-09-09 22:01    ---------   d-----w C:\Program Files\Passware
2007-09-09 03:57    ---------   d-----w C:\Program Files\Motherboard Monitor 5
2007-09-08 19:24    ---------   d-----w C:\Program Files\Symantec
2007-09-07 22:32    ---------   d-----w C:\Program Files\Notepad++
2007-09-06 20:36    ---------   d-----w C:\Program Files\bfgclient
2007-09-06 10:09    801,144 ----a-w C:\WINDOWS\SYSTEM32\aswBoot.exe
2007-09-06 10:05    94,416  ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05    92,848  ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03    23,152  ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02    42,912  ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00    95,608  ----a-w C:\WINDOWS\SYSTEM32\AVASTSS.scr
2007-09-06 10:00    26,624  ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-02 06:48    98,304  ----a-w C:\WINDOWS\SYSTEM32\CmdLineExt.dll
2007-08-20 18:06    409,600 ----a-w C:\WINDOWS\SYSTEM32\wrap_oal.dll
2007-08-20 18:06    114,688 ----a-w C:\WINDOWS\SYSTEM32\OpenAL32.dll
2007-08-08 20:55    2,517   ----a-w C:\Program Files\INSTALL.LOG
2007-05-28 19:23    92,064  -c--a-w C:\Documents and Settings\Rob\mqdmmdm.sys
2007-05-28 19:23    9,232   -c--a-w C:\Documents and Settings\Rob\mqdmmdfl.sys
2007-05-28 19:23    79,328  -c--a-w C:\Documents and Settings\Rob\mqdmserd.sys
2007-05-28 19:23    66,656  -c--a-w C:\Documents and Settings\Rob\mqdmbus.sys
2007-05-28 19:23    6,208   -c--a-w C:\Documents and Settings\Rob\mqdmcmnt.sys
2007-05-28 19:23    5,936   -c--a-w C:\Documents and Settings\Rob\mqdmwhnt.sys
2007-05-28 19:23    4,048   -c--a-w C:\Documents and Settings\Rob\mqdmcr.sys
2007-05-28 19:23    25,600  -c--a-w C:\Documents and Settings\Rob\usbsermptxp.sys
2007-05-28 19:23    22,768  -c--a-w C:\Documents and Settings\Rob\usbsermpt.sys
2006-12-27 18:20    1   -c--a-w C:\Documents and Settings\Rob\SI.bin
2004-10-25 03:48    266 --sh--w C:\Program Files\desktop.ini
2004-10-25 03:48    11,079  ---ha-w C:\Program Files\folder.htt
2003-12-18 15:33    20,102  ----a-w C:\Program Files\Readme.txt
2003-09-03 11:46    10,960  ----a-w C:\Program Files\EULA.txt
2001-11-23 05:08    712,704 ----a-r C:\WINDOWS\INF\OTHER\AUDIO3D.DLL
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89032A20-4370-487E-AB80-2251EC374249}]
2007-11-05 07:31    36864   --a------   C:\WINDOWS\system32\cbxyvtt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9FE2211D-6D1C-4143-AFF7-E7B82B47D4A0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 05:06]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"AtiPTA"="atiptaxx.exe" [2006-02-21 19:05 C:\WINDOWS\SYSTEM32\atiptaxx.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-22 20:44]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2006-12-06 08:00]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

C:\Documents and Settings\Ana\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

C:\Documents and Settings\WALLA WALLA\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoBrowserOptions"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBrowserOptions"=0 (0x0)
"NoSMBalloonTip"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{89032A20-4370-487E-AB80-2251EC374249}"= C:\WINDOWS\system32\cbxyvtt.dll [2007-11-05 07:31 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxyvtt] 
cbxyvtt.dll 2007-11-05 07:31 36864 C:\WINDOWS\SYSTEM32\cbxyvtt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmbj32] 
winmbj32.dll 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkjk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
backup=C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=C:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rob^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rob^Start Menu^Programs^Startup^Adware Filter.lnk]
backup=C:\WINDOWS\pss\Adware Filter.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rob^Start Menu^Programs^Startup^ATI Tray Tools.lnk]
backup=C:\WINDOWS\pss\ATI Tray Tools.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rob^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Rob\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rob^Start Menu^Programs^Startup^Phoenix RPG Mod 1.91 - Auto Update.lnk]
backup=C:\WINDOWS\pss\Phoenix RPG Mod 1.91 - Auto Update.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rob^Start Menu^Programs^Startup^Xfire.lnk]
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7ee8c064.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiTrayTools]
"C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\atitray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
"\FreeRAM XP Pro.exe" -win

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
"C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"C:\Program Files\Internet Optimizer\optimize.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"c:\program files\common files\installshield\updateservice\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MultiRes]
C:\Program Files\MultiRes\MultiRes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
SysTray.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tsa2]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
"C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows AdStatus]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zanu]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZESOFT"=2 (0x2)
"NVSvc"=2 (0x2)
"VETMSGNT"=2 (0x2)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"ose"=3 (0x3)
"Macromedia Licensing Service"=3 (0x3)
"iPodService"=3 (0x3)
"Iomsyxxvam"=3 (0x3)
"IDriverT"=3 (0x3)
"Groove Games Licensing Service"=3 (0x3)
"EPSONStatusAgent2"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"ATI Smart"=2 (0x2)
"avast! Mail Scanner"=3 (0x3)
"rpcapd"=3 (0x3)
"NBService"=3 (0x3)
"WMPNetworkSvc"=2 (0x2)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"CachemanXPService"=2 (0x2)
"avast! Web Scanner"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AIM"=C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
"Steam"=
"NVIEW"=rundll32.exe nview.dll,nViewLoadHook

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ScanRegistry"=C:\WINDOWS\scanregw.exe /autorun
"TaskMonitor"=C:\WINDOWS\taskmon.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\nvcpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\nvmctray.dll,NvTaskbarInit
"C-Media Mixer"=Mixer.exe /startup
"tgcmd"="C:\Program Files\support.com\bin\tgcmd.exe" /server
"CriticalUpdate"=C:\WINDOWS\SYSTEM32\WUCRTUPD.EXE -startup
"EM_EXEC"=C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
"kdx"=C:\WINDOWS\KDX\KHOST.EXE
"QuickTime Task"="C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
"ICSMGR"=ICSMGR.EXE
"TBPS"=C:\PROGRA~1\TOOLBAR\TBPS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"SmcService"=C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
"Tweak UI"=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\nvcpl.dll,NvStartup
"QuickTime Task"="C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"SchedulingAgent"=C:\WINDOWS\SYSTEM\mstask.exe

R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
R1 atitray;atitray;\??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys
R2 PfDetNT;PfDetNT;\??\C:\WINDOWS\system32\drivers\PfModNT.sys
R2 X4HSX32;X4HSX32;\??\C:\Program Files\Comcast Games on Demand\X4HSX32.Sys
R2 xinstall;xinstall;\??\C:\WINDOWS\system32\drivers\xinstall.sys
S0 d117bus;d117bus;C:\WINDOWS\system32\DRIVERS\d117bus.sys
S0 d117prt;d117prt;C:\WINDOWS\system32\Drivers\d117prt.sys
S0 d343bus;d343bus;C:\WINDOWS\system32\DRIVERS\d343bus.sys
S0 d343prt;d343prt;C:\WINDOWS\system32\Drivers\d343prt.sys
S2 SVKP;SVKP;\??\C:\windows\system32\SVKP.sys
S3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);C:\WINDOWS\system32\drivers\ES1370MP.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 naecd;naecd;\??\C:\DOCUME~1\Rob\LOCALS~1\Temp\naecd.sys
S3 nocashio;nocashio;C:\WINDOWS\system32\drivers\nocashio.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 pnicml;pnicml;\??\C:\DOCUME~1\Rob\LOCALS~1\Temp\pnicml.sys
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 SMIHardwareMonitor;SMI Hardware Monitor Driver 1.0;\??\C:\WINDOWS\system32\smidriver.sys
S3 tj2knd5;Terayon Cable Modem (NDIS);C:\WINDOWS\system32\DRIVERS\tj2knd5.sys
S3 tj2kunic;Terayon Cable Modem (WDM);C:\WINDOWS\system32\DRIVERS\tj2kunic.sys
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S3 XDva011;XDva011;\??\C:\WINDOWS\system32\XDva011.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc  p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19f6db62-111a-11da-b3be-00e06f9398a3}]
\Shell\AutoRun\command - F:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6cc598ba-11b0-11da-b3c4-00e06f9398a3}]
\Shell\AutoRun\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ffaf618-0a2d-11da-b388-00e06f9398a3}]
\Shell\AutoRun\command - F:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0d86118-3548-11dc-a208-0015f2a634d8}]
\Shell\AutoRun\command - I:\autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-11-06 08:08:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2007-11-06  8:13:08 - machine was rebooted 
.
    --- E O F ---



Thanks in advance for any help.

edit: forgot the hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:15 AM, on 11/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Documents and Settings\Rob\Desktop\HiJackThis.exe
C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com[/url]
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - [url]http://www.comcast.net/[/url] (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - [url]http://www.comcastsupport.com/[/url] (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - [url]http://online.comcast.net/help/[/url] (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - 
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url]
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - [url]http://gamingzone.ubisoft.com/packages/GSManager.cab[/url]
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - [url]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab[/url]
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - 
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - [url]http://simcity.ea.com/update/EARTPX.cab[/url]
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - 
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - 
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - [url]http://zone.msn.com/bingame/amad/default/atomaders.cab[/url]
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - [url]http://www.nick.com/common/groove/gx/GrooveAX27.cab[/url]
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - [url]http://legendofares.netgame.com/download/MusaLauncherNew.cab[/url]
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - [url]http://www.shockwave.com/content/luxor/sis/mjolauncher.cab[/url]
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - 
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [url]http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab[/url]
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) - 
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - [url]http://zone.msn.com/binframework/v10/StProxy.cab41227.cab[/url]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [url]http://real.gamehouse.com/games/chuzzle/popcaploader.cab[/url]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 7803 bytes

Edited by mike_2000_17: Fixed formatting

2
Contributors
3
Replies
4
Views
9 Years
Discussion Span
Last Post by gerbil
0

Just ran SDfix in safe mode.....somehow.


SDFix: Version 1.113

Run by Rob on Tue 11/06/2007 at 10:20 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\tmp172.tmp - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1253 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-06 10:35:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:b7,03,44,1b,df,c2,70,8f,4a,de,f6,2f,38,3b,d2,f9,39,74,63,b1,0b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ea,b1,3c,e1,e3,dd,3b,8a,2e,6e,88,81,1a,f2,62,1c,cc,..
"khjeh"=hex:f0,26,fe,31,41,21,f1,6c,fb,94,25,01,97,83,91,8b,16,b6,8d,08,59,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:04,17,29,88,c2,d8,66,52,81,8e,5b,c6,be,f4,97,a5,f6,cc,9a,0d,8f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:dd,d8,54,71,45,db,cb,27,37,28,5c,68,e8,0f,4c,81,b9,94,61,67,77,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:97,64,44,1e,7f,30,79,9c,fa,3e,4a,21,63,e2,a8,4c,29,fb,2f,f5,0c,..
"a0"=hex:20,01,00,00,ce,b2,af,e7,27,25,54,d7,ba,85,a0,5b,6e,53,f9,f6,20,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:61,7f,af,88,27,2a,81,01,49,c1,49,bc,36,f5,f2,c7,51,cb,9d,9a,64,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:90,19,50,f9,40,f4,86,41,b2,91,f0,21,4e,9f,56,b9,19,10,f4,4d,87,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:dd,d8,54,71,45,db,cb,27,37,28,5c,68,e8,0f,4c,81,b9,94,61,67,77,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:97,64,44,1e,7f,30,79,9c,fa,3e,4a,21,63,e2,a8,4c,29,fb,2f,f5,0c,..
"a0"=hex:20,01,00,00,ce,b2,af,e7,27,25,54,d7,ba,85,a0,5b,6e,53,f9,f6,20,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:61,7f,af,88,27,2a,81,01,49,c1,49,bc,36,f5,f2,c7,51,cb,9d,9a,64,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:dd,d8,54,71,45,db,cb,27,37,28,5c,68,e8,0f,4c,81,b9,94,61,67,77,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:97,64,44,1e,7f,30,79,9c,fa,3e,4a,21,63,e2,a8,4c,29,fb,2f,f5,0c,..
"a0"=hex:20,01,00,00,ce,b2,af,e7,27,25,54,d7,ba,85,a0,5b,6e,53,f9,f6,20,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:61,7f,af,88,27,2a,81,01,49,c1,49,bc,36,f5,f2,c7,51,cb,9d,9a,64,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 24 Oct 2004 103 ..SH. --- "C:\AUTOEXEC.BAK"
Fri 5 Jan 2007 21 A.SH. --- "C:\WINDOWS\WINPROD.DLL"
Sat 8 Jan 2005 687,104 A..H. --- "C:\My Games\Magic Ball 2\MagicBall2.exe"
Sat 11 Mar 2006 843,776 A..H. --- "C:\My Games\Strike Ball 2\StrikeBall2.exe"
Wed 13 Oct 2004 1,694,208 A.SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Fri 4 May 2007 4,231,168 A..H. --- "C:\Program Files\QBeez 2\QBeez 2.exe"
Tue 6 Nov 2007 6,470 ..SH. --- "C:\WINDOWS\SYSTEM32\ppqss.bak1"
Tue 24 Jul 2007 1,574,456 A..H. --- "C:\Program Files\PopCap Games\Chuzzle Deluxe\popcapgame1.exe"
Sat 20 Aug 2005 121,237 A..HR --- "C:\Program Files\THQ\Dawn of War\Disk1Check.EXE"
Sat 1 Jan 2005 4,348 A.SH. --- "C:\WINDOWS\All Users\DRM\DRMv1.bak"
Sat 10 Dec 2005 1,034 A..H. --- "C:\Program Files\Common Files\AOL\IPHSend\IPH.BAK"
Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll"
Sat 9 Dec 2006 0 A.SH. --- "C:\WINDOWS\All Users\DRM\Cache\Indiv01.tmp"
Tue 16 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fe95c915e785c18bf9cc0792fb5a73df\BIT1.tmp"
Sat 15 Sep 2007 3,077 A..HR --- "C:\Documents and Settings\Rob\Application Data\SecuROM\UserData\securom_v7_01.bak"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Rob\Application Data\U3\temp\Launchpad Removal.exe"

Finished!

0

Okay, let's see what we can do. A gamer's machine..... sigh... lotsa weird drivers and files.
It appears that you have a vundo infection, or traces of one, so please rename hijackthis.exe to imabunny.exe - this is important.
==Please download VundoFix.exe to your desktop from http://www.atribune.org/ccount/click.php?id=4
=Restart your system in Safe Mode.
Double-click VundoFix.exe to start it. Click the Scan for Vundo button.
When the scan completes click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files - click YES
Your desktop will then go blank as the process of removing Vundo starts.
When completed it will prompt that it will restart your computer - click OK.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

!!! Check the Vundofix log for any found files that were not deleted - if present rerun Vundofix !!!

ATF Cleaner:
==Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
Close ATF.

==Please copy the text between the lines to a notepad [format/wordwrap unchecked] and save as CFScript.txt to where you saved Combofix -that is, to a folder or your desktop.
__________________________________________________________
File::
C:\WINDOWS\SYSTEM32\vtuvuvt.dll
C:\WINDOWS\SYSTEM32\drvtak.dll
C:\WINDOWS\SYSTEM32\cbxyvtt.dll
C:\WINDOWS\SYSTEM32\drvlim.dll

Folder::
C:\Program Files\kdcngncr
C:\Program Files\kfspybmd

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89032A20-4370-487E-AB80-2251EC374249}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9FE2211D-6D1C-4143-AFF7-E7B82B47D4A0}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxyvtt]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmbj32]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7ee8c064.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tsa2]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zanu]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{89032A20-4370-487E-AB80-2251EC374249}"= -

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= hex(7):6d,73,76,31,5f,30,00,00
__________________________________________________________

Good. Now drag CFScript.txt onto Combofix [drag the icon if on your desktop, or the filename if in a folder]. Combofix will start, let it run, if your firewall prompts then allow all; post the log.

==Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} -
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} -
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} -
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} -

Okay, now make a fresh hijackthis log, post the contents of C:\vundofix.txt, C:]Combofix.txt plus that new HijackThis log.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.