Viruses I can't get rid of!

I'm running Kaspersky Anti Virus and I have a few viruses (or spyware or something not good anyway!) that I just can't seem to get rid of. 1 is temperror32 and another is pokapoka79, there are a couple of others but those are the main ones, I've also got an elitebar thing on my browser too!
If someone can tell me how to get rid of them I'd be a friend for life! I've run hijackthis and here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 10:39:43, on 19/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpcc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpm.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpcc.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\USBMonit.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avp32.exe
C:\WINDOWS\etb\pokapoka79.exe
C:\tmp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.eza1netsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [AVPCC] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpcc.exe /wait
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitehkg32.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\USBMonit.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [System service79] C:\WINDOWS\etb\pokapoka79.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe
O9 - Extra button: MP3freeDownload - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\MP3freeDownload (file missing)
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.ezproxy.lib.ucalgary.ca/lib/ucalgary/support/plugins/ebraryRdr.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpcc.exe" /Service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

 

Hello and welcome to WindowsBBS Forums.

Well this infection has been quiet as of late, but we have a fix for it, so lets proceed.

Please follow these instructions, exactly, for proper HJT installation. Please place HJT into ITS OWN PERMANANT FOLDER. It also needs to be removed from the desktop.

You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT. (C:\HJT\HijackThis.exe)Move HijackThis.exe into this folder. When you run HijackThis.exe from C:\HJT folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary which is easily accessible.

Please download LQfix.exe from one of the following locations:

http://www.downloads.subratam.org/LQfix.exe
http://miekiemoes.geekstogo.com/tools/LQfix.exe

Save it to your desktop.

• Double-Click LQfix.exe and click Next > Next > Install.
• Leave the default settings, if you change them, the fix will Fail!
• You need an active Internet connection, so make sure your connection is enabled.
• Now make sure the "Launch LQfix" box is checked.
• Click the Finish button, after clicking the Finish button the fix will start.
• Follow the on-screen prompts.
• Your system will reboot afterwards.
• Please be patient after the reboot, there is a script running in the background that needs to complete.

Once all the above has been done, please post a new HJT log back into this thread.

 

Ok, done the things you said and this is the new logfile I get:

Logfile of HijackThis v1.99.1
Scan saved at 17:06:10, on 19/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpcc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpm.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpcc.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\USBMonit.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.eza1netsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [AVPCC] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpcc.exe /wait
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\USBMonit.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe
O9 - Extra button: MP3freeDownload - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\MP3freeDownload (file missing)
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.ezproxy.lib.ucalgary.ca/lib/ucalgary/support/plugins/ebraryRdr.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpcc.exe" /Service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe



Thanks for the help!

 

OK, looks like we have one more left over, nut I want to double check for any other nasties before we tackle that one, and it may get killed with this next tool anyway.

Download combofix.exe

• Double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall,

After running ComboFix, please re-run HJT and give me both logs for me to look at.

 

Ok the combofix one is:

Test - 06-09-19 19:25:55.57 Service Pack 2
ComboFix 06.09.19 - Running from: C:\Documents and Settings\Test\Desktop

((((((((((((((((((((((((((((((( Files Created from 2006-08-19 to 2006-09-19 ))))))))))))))))))))))))))))))))))


2006-09-17 22:08 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
2006-09-17 20:44 10,902 --a------ C:\WINDOWS\abc.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))




(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "\ "C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background "
"Skype "= "\ "C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized "
"swg "= "C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.4156\\GoogleToolbarNotifier.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "C:\\WINDOWS\\system32\\igfxtray.exe "
"PmProxy "= "C:\\Program Files\\Analog Devices\\SoundMAX\\PmProxy.exe "
"TouchED "= "C:\\Program Files\\TOSHIBA\\TouchED\\TouchED.Exe "
"Tpwrtray "= "TPWRTRAY.EXE "
"AVPCC "= "C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus\\avpcc.exe /wait "
"00THotkey "= "C:\\WINDOWS\\System32\\00THotkey.exe "
"Gene USB Monitor "= "C:\\WINDOWS\\system32\\USBMonit.exe "
"000StTHK "= "000StTHK.exe "
"Zone Labs Client "= "\ "C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "
"Flags "=dword:00000002
"Position "=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:04,00,00,40
"OriginalStateInfo "=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo "=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername "=dword:00000000
"legalnoticecaption "=" "
"legalnoticetext "=" "
"shutdownwithoutlogon "=dword:00000001
"undockwithoutlogon "=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091
"CDRAutoRun "=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091
"CDRAutoRun "=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
"CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
"WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
"SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "
"UPnPMonitor "= "{e57ce738-33e8-4c51-8354-bb4de9d215d1} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digimax Viewer 2.1.lnk]
"path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Digimax Viewer 2.1.lnk "
"backup "= "C:\\WINDOWS\\pss\\Digimax Viewer 2.1.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\Samsung\\DIGIMA~1.1\\STIMGB~1.EXE /s "
"item "= "Digimax Viewer 2.1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Freeserve Connection Kit.lnk]
"path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Freeserve Connection Kit.lnk "
"backup "= "C:\\WINDOWS\\pss\\Freeserve Connection Kit.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\FREESE~1\\FREESE~1\\ATDIAL~1.EXE "
"item "= "Freeserve Connection Kit "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AdaptecDirectCD]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "DirectCD "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\apbijxgn]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "apbijxgn "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\moyedj\\apbijxgn.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Apoint]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "Apoint "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Apoint2K\\Apoint.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BJCFD]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "CFD "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\bvdaihww]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "bvdaihww "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\rkdx\\bvdaihww.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\cddwxu]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "cddwxu "
"hkey "= "HKLM "
"command "= "c:\\windows\\system32\\cddwxu.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\cfgmgr51]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "cfgmgr51 "
"hkey "= "HKLM "
"command "= "RunDLL32.EXE C:\\WINDOWS\\cfgmgr51.dll,DllRun "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\cfgmgr52]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "cfgmgr52 "
"hkey "= "HKLM "
"command "= "RunDLL32.EXE C:\\WINDOWS\\cfgmgr52.dll,DllRun "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\cgslu]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "cgslu "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\kwpf\\cgslu.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DataLayer]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "DataLayer "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Common Files\\PCSuite\\DataLayer\\DataLayer.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\exp.exe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "exp "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\exp.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\farmmext]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "farmmext "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\farmmext.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\gcfbwq]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "gcfbwq "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\ubssihpu\\gcfbwq.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Gearbox]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "confsvr "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Gearbox Connection Kit\\bin\\confsvr.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\gwgufbe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "gwgufbe "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\iayhp\\gwgufbe.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HotKeysCmds]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "hkcmd "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\hkcmd.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "iTunesHelper "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\iTunes\\iTunesHelper.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\jfwnswm]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "jfwnswm "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\cxoambmr\\jfwnswm.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\jotyt]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "jotyt "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\qmlrgfjd\\jotyt.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\jphvt]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "jphvt "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\feqjwr\\jphvt.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\kalvsys]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "kalvwsk32 "
"hkey "= "HKLM "
"command "= "C:\\windows\\system32\\kalvwsk32.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KAZAA]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "KazaaLite "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Kazaa Lite K++\\kpp.exe\" \ "C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp\" /SYSTRAY "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ljbgnfue]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "ljbgnfue "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\hhposuq\\ljbgnfue.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\lpuo]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "lpuo "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\tkyywg\\lpuo.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LTSMMSG]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "LTSMMSG "
"hkey "= "HKLM "
"command "= "LTSMMSG.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\mcqnu]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "mcqnu "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\iqnarx\\mcqnu.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Media Access]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "MediaAccK "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Media Access\\MediaAccK.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MP3freeDownload]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "MSA64CHK "
"hkey "= "HKCU "
"command "= "rundll32.exe C:\\WINDOWS\\System32\\MSA64CHK.dll,DllMostrar Matrix_HTML:MP3freeDownload:t "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "msmsgs "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\Messenger\\msmsgs.exe\" /background "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MsnMsgr]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "msnmsgr "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\o57f37e]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "danx_xx07 "
"hkey "= "HKLM "
"command "= "danx_xx07.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\P2P Networking]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "P2P Networking "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\P2P Networking\\P2P Networking.exe /AUTOSTART "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PaciSoft]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pacis "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\pacis.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCSuiteTrayApplication]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "LaunchApplication "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PcSync]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "PcSync2 "
"hkey "= "HKCU "
"command "= "C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "qttask "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SAHBundle]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "bundle "
"hkey "= "HKLM "
"command "= "C:\\DOCUME~1\\JONATH~1\\LOCALS~1\\Temp\\bundle.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service65]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka65 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\etb\\pokapoka65.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service66]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka66 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\etb\\pokapoka66.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service67]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka67 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\etb\\pokapoka67.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service75]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka75 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\etb\\pokapoka75.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service76]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka76 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\etb\\pokapoka76.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service79]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka79 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\\\\\etb\\\\pokapoka79.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TFNF5]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "TFNF5 "
"hkey "= "HKLM "
"command "= "TFNF5.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "realsched "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\tsho]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "tsho "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\syrfstic\\tsho.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\veymxxui]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "veymxxui "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\chtdg\\veymxxui.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\wjolra]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "wjolra "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\wmecuj\\wjolra.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\xhmpfr]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "xhmpfr "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\fybsih\\xhmpfr.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\yowlqnr]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "yowlqnr "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\twfek\\yowlqnr.exe "
"inimapping "= "0 "


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 19/09/2006 19:29:19.97
ComboFix.txt

 

and the HJT is:

Logfile of HijackThis v1.99.1
Scan saved at 19:31:57, on 19/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpcc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpm.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpcc.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\USBMonit.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.eza1netsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [AVPCC] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpcc.exe /wait
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\USBMonit.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe
O9 - Extra button: MP3freeDownload - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\MP3freeDownload (file missing)
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.ezproxy.lib.ucalgary.ca/lib/ucalgary/support/plugins/ebraryRdr.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpcc.exe" /Service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe


I really appreciate this...this website is the best!

 

Ok, this is odd, did the log get cut off somehow? It appears we are missing all the files located in the Find3M section. There should be a boat load of files, all which were created in the last 3 months.

Can you please check the log again, and if need be, run CombboFix again.

 

ok here is the combofix log again:

Test - 06-09-19 19:25:55.57 Service Pack 2
ComboFix 06.09.19 - Running from: C:\Documents and Settings\Test\Desktop

((((((((((((((((((((((((((((((( Files Created from 2006-08-19 to 2006-09-19 ))))))))))))))))))))))))))))))))))


2006-09-17 22:08 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
2006-09-17 20:44 10,902 --a------ C:\WINDOWS\abc.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))




(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "\ "C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background "
"Skype "= "\ "C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized "
"swg "= "C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.4156\\GoogleToolbarNotifier.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "C:\\WINDOWS\\system32\\igfxtray.exe "
"PmProxy "= "C:\\Program Files\\Analog Devices\\SoundMAX\\PmProxy.exe "
"TouchED "= "C:\\Program Files\\TOSHIBA\\TouchED\\TouchED.Exe "
"Tpwrtray "= "TPWRTRAY.EXE "
"AVPCC "= "C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus\\avpcc.exe /wait "
"00THotkey "= "C:\\WINDOWS\\System32\\00THotkey.exe "
"Gene USB Monitor "= "C:\\WINDOWS\\system32\\USBMonit.exe "
"000StTHK "= "000StTHK.exe "
"Zone Labs Client "= "\ "C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "
"Flags "=dword:00000002
"Position "=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:04,00,00,40
"OriginalStateInfo "=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo "=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername "=dword:00000000
"legalnoticecaption "=" "
"legalnoticetext "=" "
"shutdownwithoutlogon "=dword:00000001
"undockwithoutlogon "=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091
"CDRAutoRun "=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091
"CDRAutoRun "=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
"CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
"WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
"SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "
"UPnPMonitor "= "{e57ce738-33e8-4c51-8354-bb4de9d215d1} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digimax Viewer 2.1.lnk]
"path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Digimax Viewer 2.1.lnk "
"backup "= "C:\\WINDOWS\\pss\\Digimax Viewer 2.1.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\Samsung\\DIGIMA~1.1\\STIMGB~1.EXE /s "
"item "= "Digimax Viewer 2.1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Freeserve Connection Kit.lnk]
"path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Freeserve Connection Kit.lnk "
"backup "= "C:\\WINDOWS\\pss\\Freeserve Connection Kit.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\FREESE~1\\FREESE~1\\ATDIAL~1.EXE "
"item "= "Freeserve Connection Kit "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AdaptecDirectCD]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "DirectCD "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\apbijxgn]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "apbijxgn "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\moyedj\\apbijxgn.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Apoint]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "Apoint "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Apoint2K\\Apoint.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BJCFD]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "CFD "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\bvdaihww]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "bvdaihww "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\rkdx\\bvdaihww.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\cddwxu]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "cddwxu "
"hkey "= "HKLM "
"command "= "c:\\windows\\system32\\cddwxu.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\cfgmgr51]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "cfgmgr51 "
"hkey "= "HKLM "
"command "= "RunDLL32.EXE C:\\WINDOWS\\cfgmgr51.dll,DllRun "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\cfgmgr52]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "cfgmgr52 "
"hkey "= "HKLM "
"command "= "RunDLL32.EXE C:\\WINDOWS\\cfgmgr52.dll,DllRun "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\cgslu]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "cgslu "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\kwpf\\cgslu.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DataLayer]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "DataLayer "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Common Files\\PCSuite\\DataLayer\\DataLayer.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\exp.exe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "exp "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\exp.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\farmmext]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "farmmext "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\farmmext.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\gcfbwq]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "gcfbwq "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\ubssihpu\\gcfbwq.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Gearbox]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "confsvr "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Gearbox Connection Kit\\bin\\confsvr.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\gwgufbe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "gwgufbe "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\iayhp\\gwgufbe.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HotKeysCmds]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "hkcmd "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\hkcmd.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "iTunesHelper "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\iTunes\\iTunesHelper.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\jfwnswm]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "jfwnswm "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\cxoambmr\\jfwnswm.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\jotyt]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "jotyt "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\qmlrgfjd\\jotyt.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\jphvt]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "jphvt "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\feqjwr\\jphvt.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\kalvsys]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "kalvwsk32 "
"hkey "= "HKLM "
"command "= "C:\\windows\\system32\\kalvwsk32.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KAZAA]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "KazaaLite "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Kazaa Lite K++\\kpp.exe\" \ "C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp\" /SYSTRAY "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ljbgnfue]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "ljbgnfue "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\hhposuq\\ljbgnfue.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\lpuo]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "lpuo "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\tkyywg\\lpuo.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LTSMMSG]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "LTSMMSG "
"hkey "= "HKLM "
"command "= "LTSMMSG.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\mcqnu]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "mcqnu "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\iqnarx\\mcqnu.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Media Access]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "MediaAccK "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Media Access\\MediaAccK.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MP3freeDownload]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "MSA64CHK "
"hkey "= "HKCU "
"command "= "rundll32.exe C:\\WINDOWS\\System32\\MSA64CHK.dll,DllMostrar Matrix_HTML:MP3freeDownload:t "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "msmsgs "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\Messenger\\msmsgs.exe\" /background "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MsnMsgr]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "msnmsgr "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\o57f37e]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "danx_xx07 "
"hkey "= "HKLM "
"command "= "danx_xx07.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\P2P Networking]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "P2P Networking "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\P2P Networking\\P2P Networking.exe /AUTOSTART "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PaciSoft]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pacis "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\pacis.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCSuiteTrayApplication]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "LaunchApplication "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PcSync]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "PcSync2 "
"hkey "= "HKCU "
"command "= "C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "qttask "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SAHBundle]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "bundle "
"hkey "= "HKLM "
"command "= "C:\\DOCUME~1\\JONATH~1\\LOCALS~1\\Temp\\bundle.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service65]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka65 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\etb\\pokapoka65.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service66]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka66 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\etb\\pokapoka66.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service67]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka67 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\etb\\pokapoka67.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service75]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka75 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\etb\\pokapoka75.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service76]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka76 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\etb\\pokapoka76.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service79]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka79 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\\\\\etb\\\\pokapoka79.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TFNF5]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "TFNF5 "
"hkey "= "HKLM "
"command "= "TFNF5.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "realsched "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\tsho]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "tsho "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\syrfstic\\tsho.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\veymxxui]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "veymxxui "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\chtdg\\veymxxui.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\wjolra]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "wjolra "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\wmecuj\\wjolra.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\xhmpfr]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "xhmpfr "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\fybsih\\xhmpfr.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\yowlqnr]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "yowlqnr "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\twfek\\yowlqnr.exe "
"inimapping "= "0 "


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 19/09/2006 19:29:19.97
ComboFix.txt

 

Ok, I want to run the Find3M scan directly, I have never had a user post a log with nothing found in this section, it goes back to scan for files created in the last 3 months and should have quite a few items in there.

Move ComboFix to your desktop then:
Go to Start -> Run and type (or copy and paste) the following:

"%userprofile%\desktop\combofix.exe" /f3m

See what that produces.

Sorry for the redundancy here, just wanna be sure there isn't some other element I'm missing.

 

Test - 06-09-20 8:04:24.98 Service Pack 2
ComboFix 06.09.19 - Running from: C:\Documents and Settings\Test\desktop

((((((((((((((((((((((((((((((( Files Created from 2006-08-20 to 2006-09-20 ))))))))))))))))))))))))))))))))))


2006-09-17 22:08 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
2006-09-17 20:44 10,902 --a------ C:\WINDOWS\abc.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))




(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "\ "C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background "
"Skype "= "\ "C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "C:\\WINDOWS\\system32\\igfxtray.exe "
"PmProxy "= "C:\\Program Files\\Analog Devices\\SoundMAX\\PmProxy.exe "
"TouchED "= "C:\\Program Files\\TOSHIBA\\TouchED\\TouchED.Exe "
"Tpwrtray "= "TPWRTRAY.EXE "
"AVPCC "= "C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus\\avpcc.exe /wait "
"00THotkey "= "C:\\WINDOWS\\System32\\00THotkey.exe "
"Gene USB Monitor "= "C:\\WINDOWS\\system32\\USBMonit.exe "
"000StTHK "= "000StTHK.exe "
"Zone Labs Client "= "\ "C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "
"Flags "=dword:00000002
"Position "=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:04,00,00,40
"OriginalStateInfo "=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo "=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername "=dword:00000000
"legalnoticecaption "=" "
"legalnoticetext "=" "
"shutdownwithoutlogon "=dword:00000001
"undockwithoutlogon "=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091
"CDRAutoRun "=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091
"CDRAutoRun "=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
"CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
"WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
"SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "
"UPnPMonitor "= "{e57ce738-33e8-4c51-8354-bb4de9d215d1} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digimax Viewer 2.1.lnk]
"path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Digimax Viewer 2.1.lnk "
"backup "= "C:\\WINDOWS\\pss\\Digimax Viewer 2.1.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\Samsung\\DIGIMA~1.1\\STIMGB~1.EXE /s "
"item "= "Digimax Viewer 2.1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Freeserve Connection Kit.lnk]
"path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Freeserve Connection Kit.lnk "
"backup "= "C:\\WINDOWS\\pss\\Freeserve Connection Kit.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\FREESE~1\\FREESE~1\\ATDIAL~1.EXE "
"item "= "Freeserve Connection Kit "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AdaptecDirectCD]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "DirectCD "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\apbijxgn]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "apbijxgn "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\moyedj\\apbijxgn.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Apoint]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "Apoint "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Apoint2K\\Apoint.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BJCFD]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "CFD "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\bvdaihww]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "bvdaihww "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\rkdx\\bvdaihww.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\cddwxu]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "cddwxu "
"hkey "= "HKLM "
"command "= "c:\\windows\\system32\\cddwxu.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\cfgmgr51]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "cfgmgr51 "
"hkey "= "HKLM "
"command "= "RunDLL32.EXE C:\\WINDOWS\\cfgmgr51.dll,DllRun "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\cfgmgr52]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "cfgmgr52 "
"hkey "= "HKLM "
"command "= "RunDLL32.EXE C:\\WINDOWS\\cfgmgr52.dll,DllRun "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\cgslu]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "cgslu "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\kwpf\\cgslu.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DataLayer]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "DataLayer "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Common Files\\PCSuite\\DataLayer\\DataLayer.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\exp.exe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "exp "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\exp.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\farmmext]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "farmmext "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\farmmext.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\gcfbwq]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "gcfbwq "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\ubssihpu\\gcfbwq.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Gearbox]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "confsvr "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Gearbox Connection Kit\\bin\\confsvr.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\gwgufbe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "gwgufbe "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\iayhp\\gwgufbe.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HotKeysCmds]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "hkcmd "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\hkcmd.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "iTunesHelper "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\iTunes\\iTunesHelper.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\jfwnswm]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "jfwnswm "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\cxoambmr\\jfwnswm.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\jotyt]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "jotyt "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\qmlrgfjd\\jotyt.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\jphvt]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "jphvt "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\feqjwr\\jphvt.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\kalvsys]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "kalvwsk32 "
"hkey "= "HKLM "
"command "= "C:\\windows\\system32\\kalvwsk32.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KAZAA]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "KazaaLite "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Kazaa Lite K++\\kpp.exe\" \ "C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp\" /SYSTRAY "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ljbgnfue]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "ljbgnfue "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\hhposuq\\ljbgnfue.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\lpuo]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "lpuo "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\tkyywg\\lpuo.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LTSMMSG]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "LTSMMSG "
"hkey "= "HKLM "
"command "= "LTSMMSG.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\mcqnu]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "mcqnu "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\iqnarx\\mcqnu.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Media Access]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "MediaAccK "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Media Access\\MediaAccK.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MP3freeDownload]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "MSA64CHK "
"hkey "= "HKCU "
"command "= "rundll32.exe C:\\WINDOWS\\System32\\MSA64CHK.dll,DllMostrar Matrix_HTML:MP3freeDownload:t "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "msmsgs "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\Messenger\\msmsgs.exe\" /background "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MsnMsgr]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "msnmsgr "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\o57f37e]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "danx_xx07 "
"hkey "= "HKLM "
"command "= "danx_xx07.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\P2P Networking]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "P2P Networking "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\P2P Networking\\P2P Networking.exe /AUTOSTART "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PaciSoft]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pacis "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\pacis.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCSuiteTrayApplication]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "LaunchApplication "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PcSync]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "PcSync2 "
"hkey "= "HKCU "
"command "= "C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "qttask "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SAHBundle]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "bundle "
"hkey "= "HKLM "
"command "= "C:\\DOCUME~1\\JONATH~1\\LOCALS~1\\Temp\\bundle.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service65]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka65 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\etb\\pokapoka65.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service66]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka66 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\etb\\pokapoka66.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service67]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka67 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\etb\\pokapoka67.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service75]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka75 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\etb\\pokapoka75.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service76]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka76 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\etb\\pokapoka76.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service79]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka79 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\\\\\etb\\\\pokapoka79.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TFNF5]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "TFNF5 "
"hkey "= "HKLM "
"command "= "TFNF5.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "realsched "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\tsho]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "tsho "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\syrfstic\\tsho.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\veymxxui]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "veymxxui "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\chtdg\\veymxxui.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\wjolra]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "wjolra "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\wmecuj\\wjolra.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\xhmpfr]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "xhmpfr "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\fybsih\\xhmpfr.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\yowlqnr]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "yowlqnr "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\twfek\\yowlqnr.exe "
"inimapping "= "0 "


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 20/09/2006 8:09:17.47
ComboFix2.txt
ComboFix.txt
((((((((((((((((((((((((((((((( Files Created from 2020-08-06 to 2020/09/2006 ))))))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))




(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "\ "C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background "
"Skype "= "\ "C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "C:\\WINDOWS\\system32\\igfxtray.exe "
"PmProxy "= "C:\\Program Files\\Analog Devices\\SoundMAX\\PmProxy.exe "
"TouchED "= "C:\\Program Files\\TOSHIBA\\TouchED\\TouchED.Exe "
"Tpwrtray "= "TPWRTRAY.EXE "
"AVPCC "= "C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus\\avpcc.exe /wait "
"00THotkey "= "C:\\WINDOWS\\System32\\00THotkey.exe "
"Gene USB Monitor "= "C:\\WINDOWS\\system32\\USBMonit.exe "
"000StTHK "= "000StTHK.exe "
"Zone Labs Client "= "\ "C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000005

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "
"Flags "=dword:00000002
"Position "=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:04,00,00,40
"OriginalStateInfo "=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo "=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername "=dword:00000000
"legalnoticecaption "=" "
"legalnoticetext "=" "
"shutdownwithoutlogon "=dword:00000001
"undockwithoutlogon "=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091
"CDRAutoRun "=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091
"CDRAutoRun "=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
"CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
"WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
"SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "
"UPnPMonitor "= "{e57ce738-33e8-4c51-8354-bb4de9d215d1} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digimax Viewer 2.1.lnk]
"path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Digimax Viewer 2.1.lnk "
"backup "= "C:\\WINDOWS\\pss\\Digimax Viewer 2.1.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\Samsung\\DIGIMA~1.1\\STIMGB~1.EXE /s "
"item "= "Digimax Viewer 2.1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Freeserve Connection Kit.lnk]
"path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Freeserve Connection Kit.lnk "
"backup "= "C:\\WINDOWS\\pss\\Freeserve Connection Kit.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\FREESE~1\\FREESE~1\\ATDIAL~1.EXE "
"item "= "Freeserve Connection Kit "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AdaptecDirectCD]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "DirectCD "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\apbijxgn]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "apbijxgn "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\moyedj\\apbijxgn.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Apoint]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "Apoint "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Apoint2K\\Apoint.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BJCFD]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "CFD "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\bvdaihww]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "bvdaihww "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\rkdx\\bvdaihww.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\cddwxu]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "cddwxu "
"hkey "= "HKLM "
"command "= "c:\\windows\\system32\\cddwxu.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\cfgmgr51]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "cfgmgr51 "
"hkey "= "HKLM "
"command "= "RunDLL32.EXE C:\\WINDOWS\\cfgmgr51.dll,DllRun "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\cfgmgr52]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "cfgmgr52 "
"hkey "= "HKLM "
"command "= "RunDLL32.EXE C:\\WINDOWS\\cfgmgr52.dll,DllRun "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\cgslu]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "cgslu "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\kwpf\\cgslu.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DataLayer]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "DataLayer "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Common Files\\PCSuite\\DataLayer\\DataLayer.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\exp.exe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "exp "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\exp.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\farmmext]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "farmmext "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\farmmext.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\gcfbwq]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "gcfbwq "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\ubssihpu\\gcfbwq.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Gearbox]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "confsvr "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Gearbox Connection Kit\\bin\\confsvr.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\gwgufbe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "gwgufbe "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\iayhp\\gwgufbe.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HotKeysCmds]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "hkcmd "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\hkcmd.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "iTunesHelper "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\iTunes\\iTunesHelper.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\jfwnswm]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "jfwnswm "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\cxoambmr\\jfwnswm.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\jotyt]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "jotyt "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\qmlrgfjd\\jotyt.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\jphvt]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "jphvt "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\feqjwr\\jphvt.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\kalvsys]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "kalvwsk32 "
"hkey "= "HKLM "
"command "= "C:\\windows\\system32\\kalvwsk32.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KAZAA]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "KazaaLite "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Kazaa Lite K++\\kpp.exe\" \ "C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp\" /SYSTRAY "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ljbgnfue]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "ljbgnfue "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\hhposuq\\ljbgnfue.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\lpuo]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "lpuo "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\tkyywg\\lpuo.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LTSMMSG]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "LTSMMSG "
"hkey "= "HKLM "
"command "= "LTSMMSG.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\mcqnu]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "mcqnu "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\iqnarx\\mcqnu.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Media Access]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "MediaAccK "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Media Access\\MediaAccK.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MP3freeDownload]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "MSA64CHK "
"hkey "= "HKCU "
"command "= "rundll32.exe C:\\WINDOWS\\System32\\MSA64CHK.dll,DllMostrar Matrix_HTML:MP3freeDownload:t "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "msmsgs "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\Messenger\\msmsgs.exe\" /background "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MsnMsgr]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "msnmsgr "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\o57f37e]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "danx_xx07 "
"hkey "= "HKLM "
"command "= "danx_xx07.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\P2P Networking]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "P2P Networking "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\P2P Networking\\P2P Networking.exe /AUTOSTART "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PaciSoft]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pacis "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\pacis.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCSuiteTrayApplication]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "LaunchApplication "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PcSync]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "PcSync2 "
"hkey "= "HKCU "
"command "= "C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "qttask "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SAHBundle]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "bundle "
"hkey "= "HKLM "
"command "= "C:\\DOCUME~1\\JONATH~1\\LOCALS~1\\Temp\\bundle.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service65]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka65 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\etb\\pokapoka65.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service66]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka66 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\etb\\pokapoka66.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service67]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka67 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\etb\\pokapoka67.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service75]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka75 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\etb\\pokapoka75.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service76]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka76 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\etb\\pokapoka76.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service79]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka79 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\\\\\etb\\\\pokapoka79.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TFNF5]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "TFNF5 "
"hkey "= "HKLM "
"command "= "TFNF5.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "realsched "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\tsho]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "tsho "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\syrfstic\\tsho.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\veymxxui]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "veymxxui "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\chtdg\\veymxxui.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\wjolra]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "wjolra "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\wmecuj\\wjolra.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\xhmpfr]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "xhmpfr "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\fybsih\\xhmpfr.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\yowlqnr]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "yowlqnr "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\twfek\\yowlqnr.exe "
"inimapping "= "0 "


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 20/09/2006 8:12:38.16
ComboFix2.txt
ComboFix.txt

 

OK, lets work with what we have here.

1) Please download the Killbox.
Save it to the desktop and run it.

2) Select "Delete on Reboot ", and then select "All files ".

3) Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\system32\moyedj\apbijxgn.exe
C:\WINDOWS\system32\rkdx\bvdaihww.exe
C:\WINDOWS\system32\kwpf\cgslu.exe
C:\WINDOWS\system32\ubssihpu\gcfbwq.exe
C:\WINDOWS\system32\iayhp\gwgufbe.exe
C:\WINDOWS\system32\cxoambmr\jfwnswm.exe
C:\WINDOWS\system32\qmlrgfjd\jotyt.exe
C:\WINDOWS\System32\feqjwr\jphvt.exe
C:\WINDOWS\System32\hhposuq\ljbgnfue.exe
C:\WINDOWS\system32\tkyywg\lpuo.exe
C:\WINDOWS\system32\iqnarx\mcqnu.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\WINDOWS\System32\P2PNetworking\P2PNetworking.exe
C:\WINDOWS\etb\pokapoka65.exe
C:\WINDOWS\system32\syrfstic\tsho.exe
C:WINDOWS\system32\chtdg\veymxxui.exe
C:\WINDOWS\system32\wmecuj\wjolra.exe
C:\WINDOWS\System32\fybsih\xhmpfr.exe
C:\WINDOWS\\system32\twfek\yowlqnr.exe


4) Return to Killbox, go to the File menu, and choose "Paste from Clipboard ".

5) Click the 'Options' tab, and select 'remove directories'.

6) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

Reboot and run ComboFix first, then HJT and post both logs back into this thread.

 

The killbox thing isnt working,

Copying the files from clipboard doesn't work, so i tried just putting one in and the Pending Operations prompt isn't an option it come up as an error and then won't reboot!

 

Ok, try deleting them manually, but enable the 'Show Hidden Folders' option, like this:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Then delete:
C:\WINDOWS\system32\moyedj<<<<---this folder
C:\WINDOWS\system32\rkdx<<<<---this folder
C:\WINDOWS\system32\kwpf<<<<---this folder
C:\WINDOWS\system32\ubssihpu<<<<---this folder
C:\WINDOWS\system32\iayhp<<<<---this folder
C:\WINDOWS\system32\cxoambmr<<<<---this folder
C:\WINDOWS\system32\qmlrgfj<<<<---this folder
C:\WINDOWS\System32\feqjwr<<<<---this folder
C:\WINDOWS\System32\hhposuq<<<<---this folder
C:\WINDOWS\system32\tkyywg <<<<---this folder
C:\WINDOWS\system32\iqnarx<<<<---this folder
C:\Program Files\Media Access<<<<---this folder
C:\WINDOWS\System32\P2PNetworking<<<<---this folder
C:\WINDOWS\etb<<<<---this folder
C:\WINDOWS\system32\syrfstic<<<<---this folder
C:\WINDOWS\system32\chtdg<<<<---this folder
C:\WINDOWS\system32\wmecuj<<<<---this folder
C:\WINDOWS\System32\fybsih<<<<---this folder
C:\WINDOWS\\system32\twfek<<<<---this folder

 

All done, everything seems to be working fine now... Thanks for the help I really appreciate it!

 

Ahhhhh....my bad, should have asked for new ComboFix and HJT logfile please.

We need to verify things are gone

 

Test - 06-09-21 9:35:18.23 Service Pack 2
ComboFix 06.09.19 - Running from: C:\Documents and Settings\Test\Desktop

((((((((((((((((((((((((((((((( Files Created from 2006-08-21 to 2006-09-21 ))))))))))))))))))))))))))))))))))


2006-09-17 22:08 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
2006-09-17 20:44 10,902 --a------ C:\WINDOWS\abc.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))




(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "\ "C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background "
"Skype "= "\ "C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "C:\\WINDOWS\\system32\\igfxtray.exe "
"PmProxy "= "C:\\Program Files\\Analog Devices\\SoundMAX\\PmProxy.exe "
"TouchED "= "C:\\Program Files\\TOSHIBA\\TouchED\\TouchED.Exe "
"Tpwrtray "= "TPWRTRAY.EXE "
"AVPCC "= "C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus\\avpcc.exe /wait "
"00THotkey "= "C:\\WINDOWS\\System32\\00THotkey.exe "
"Gene USB Monitor "= "C:\\WINDOWS\\system32\\USBMonit.exe "
"000StTHK "= "000StTHK.exe "
"Zone Labs Client "= "\ "C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\" "
"QuickTime Task "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "
"Flags "=dword:00000002
"Position "=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:04,00,00,40
"OriginalStateInfo "=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo "=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername "=dword:00000000
"legalnoticecaption "=" "
"legalnoticetext "=" "
"shutdownwithoutlogon "=dword:00000001
"undockwithoutlogon "=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091
"CDRAutoRun "=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091
"CDRAutoRun "=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
"CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
"WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
"SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "
"UPnPMonitor "= "{e57ce738-33e8-4c51-8354-bb4de9d215d1} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digimax Viewer 2.1.lnk]
"path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Digimax Viewer 2.1.lnk "
"backup "= "C:\\WINDOWS\\pss\\Digimax Viewer 2.1.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\Samsung\\DIGIMA~1.1\\STIMGB~1.EXE /s "
"item "= "Digimax Viewer 2.1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Freeserve Connection Kit.lnk]
"path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Freeserve Connection Kit.lnk "
"backup "= "C:\\WINDOWS\\pss\\Freeserve Connection Kit.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\FREESE~1\\FREESE~1\\ATDIAL~1.EXE "
"item "= "Freeserve Connection Kit "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AdaptecDirectCD]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "DirectCD "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\apbijxgn]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "apbijxgn "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\moyedj\\apbijxgn.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Apoint]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "Apoint "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Apoint2K\\Apoint.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BJCFD]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "CFD "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\bvdaihww]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "bvdaihww "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\rkdx\\bvdaihww.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\cddwxu]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "cddwxu "
"hkey "= "HKLM "
"command "= "c:\\windows\\system32\\cddwxu.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\cfgmgr51]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "cfgmgr51 "
"hkey "= "HKLM "
"command "= "RunDLL32.EXE C:\\WINDOWS\\cfgmgr51.dll,DllRun "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\cfgmgr52]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "cfgmgr52 "
"hkey "= "HKLM "
"command "= "RunDLL32.EXE C:\\WINDOWS\\cfgmgr52.dll,DllRun "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\cgslu]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "cgslu "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\kwpf\\cgslu.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DataLayer]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "DataLayer "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Common Files\\PCSuite\\DataLayer\\DataLayer.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\exp.exe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "exp "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\exp.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\farmmext]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "farmmext "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\farmmext.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\gcfbwq]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "gcfbwq "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\ubssihpu\\gcfbwq.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Gearbox]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "confsvr "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Gearbox Connection Kit\\bin\\confsvr.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\gwgufbe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "gwgufbe "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\iayhp\\gwgufbe.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HotKeysCmds]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "hkcmd "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\hkcmd.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "iTunesHelper "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\iTunes\\iTunesHelper.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\jfwnswm]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "jfwnswm "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\cxoambmr\\jfwnswm.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\jotyt]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "jotyt "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\qmlrgfjd\\jotyt.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\jphvt]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "jphvt "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\feqjwr\\jphvt.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\kalvsys]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "kalvwsk32 "
"hkey "= "HKLM "
"command "= "C:\\windows\\system32\\kalvwsk32.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KAZAA]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "KazaaLite "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Kazaa Lite K++\\kpp.exe\" \ "C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp\" /SYSTRAY "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ljbgnfue]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "ljbgnfue "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\hhposuq\\ljbgnfue.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\lpuo]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "lpuo "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\tkyywg\\lpuo.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LTSMMSG]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "LTSMMSG "
"hkey "= "HKLM "
"command "= "LTSMMSG.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\mcqnu]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "mcqnu "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\iqnarx\\mcqnu.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Media Access]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "MediaAccK "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Media Access\\MediaAccK.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MP3freeDownload]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "MSA64CHK "
"hkey "= "HKCU "
"command "= "rundll32.exe C:\\WINDOWS\\System32\\MSA64CHK.dll,DllMostrar Matrix_HTML:MP3freeDownload:t "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "msmsgs "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\Messenger\\msmsgs.exe\" /background "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MsnMsgr]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "msnmsgr "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\o57f37e]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "danx_xx07 "
"hkey "= "HKLM "
"command "= "danx_xx07.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\P2P Networking]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "P2P Networking "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\P2P Networking\\P2P Networking.exe /AUTOSTART "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PaciSoft]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pacis "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\pacis.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCSuiteTrayApplication]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "LaunchApplication "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PcSync]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "PcSync2 "
"hkey "= "HKCU "
"command "= "C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "qttask "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SAHBundle]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "bundle "
"hkey "= "HKLM "
"command "= "C:\\DOCUME~1\\JONATH~1\\LOCALS~1\\Temp\\bundle.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service65]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka65 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\etb\\pokapoka65.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service66]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka66 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\etb\\pokapoka66.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service67]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka67 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\etb\\pokapoka67.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service75]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka75 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\etb\\pokapoka75.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service76]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka76 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\etb\\pokapoka76.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\System service79]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "pokapoka79 "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\\\\\etb\\\\pokapoka79.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TFNF5]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "TFNF5 "
"hkey "= "HKLM "
"command "= "TFNF5.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "realsched "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\tsho]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "tsho "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\syrfstic\\tsho.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\veymxxui]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "veymxxui "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\chtdg\\veymxxui.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\wjolra]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "wjolra "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\wmecuj\\wjolra.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\xhmpfr]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "xhmpfr "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\System32\\fybsih\\xhmpfr.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\yowlqnr]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "yowlqnr "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\twfek\\yowlqnr.exe "
"inimapping "= "0 "


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 21/09/2006 9:38:45.65
ComboFix3.txt
ComboFix2.txt
ComboFix.txt

 

Logfile of HijackThis v1.99.1
Scan saved at 09:41:42, on 21/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpcc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpm.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpcc.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\USBMonit.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\royalvegasMPP\MPPoker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.eza1netsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [AVPCC] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpcc.exe /wait
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\USBMonit.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O9 - Extra button: MP3freeDownload - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\MP3freeDownload (file missing)
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.ezproxy.lib.ucalgary.ca/lib/ucalgary/support/plugins/ebraryRdr.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpcc.exe" /Service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

 

Ok, now that we know all the files are gone, we need to clean out your registry.

But lets first back up your registry.

Click the 'Start' button, select 'Run', hit 'Enter'.

When box appears, type regedit, hit 'Enter'.

Navigate to the following key, by unticking the '+' next to each subkey, beginning at HKEY_LOCAL_MACHINE:
SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg

Under the Startupreg key, find and delete the following entries:
apbijxgn
bvdaihww
cddwxu
cfgmgr51
cfgmgr52
cgslu
exp.exe
farmmext
gcfbwq
gwgufbe
jfwnswm
jotyt
jphvt
kalvsys
KAZAA
ljbgnfue
lpuo
mcqnu
Media Access
MP3freeDownload
o57f37e
P2P Networking
PaciSoft
SAHBundle
System service65
System service66
System service67
System service75
System service76
System service79
tsho
veymxxui
wjolra
xhmpfr
yowlqnr

Reboot and run ComboFix first, then HJT and post both logs back into this thread.

This should be the last time we run ComboFix.

 

Test - 06-09-22 14:32:10.90 Service Pack 2
ComboFix 06.09.19 - Running from: C:\Documents and Settings\Test\Desktop

((((((((((((((((((((((((((((((( Files Created from 2006-08-22 to 2006-09-22 ))))))))))))))))))))))))))))))))))


2006-09-17 22:08 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
2006-09-17 20:44 10,902 --a------ C:\WINDOWS\abc.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))




(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "\ "C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background "
"Skype "= "\ "C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "C:\\WINDOWS\\system32\\igfxtray.exe "
"PmProxy "= "C:\\Program Files\\Analog Devices\\SoundMAX\\PmProxy.exe "
"TouchED "= "C:\\Program Files\\TOSHIBA\\TouchED\\TouchED.Exe "
"Tpwrtray "= "TPWRTRAY.EXE "
"AVPCC "= "C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus\\avpcc.exe /wait "
"00THotkey "= "C:\\WINDOWS\\System32\\00THotkey.exe "
"Gene USB Monitor "= "C:\\WINDOWS\\system32\\USBMonit.exe "
"000StTHK "= "000StTHK.exe "
"Zone Labs Client "= "\ "C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\" "
"QuickTime Task "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "
"Flags "=dword:00000002
"Position "=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:04,00,00,40
"OriginalStateInfo "=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo "=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername "=dword:00000000
"legalnoticecaption "=" "
"legalnoticetext "=" "
"shutdownwithoutlogon "=dword:00000001
"undockwithoutlogon "=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091
"CDRAutoRun "=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091
"CDRAutoRun "=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
"CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
"WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
"SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "
"UPnPMonitor "= "{e57ce738-33e8-4c51-8354-bb4de9d215d1} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digimax Viewer 2.1.lnk]
"path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Digimax Viewer 2.1.lnk "
"backup "= "C:\\WINDOWS\\pss\\Digimax Viewer 2.1.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\Samsung\\DIGIMA~1.1\\STIMGB~1.EXE /s "
"item "= "Digimax Viewer 2.1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Freeserve Connection Kit.lnk]
"path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Freeserve Connection Kit.lnk "
"backup "= "C:\\WINDOWS\\pss\\Freeserve Connection Kit.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\FREESE~1\\FREESE~1\\ATDIAL~1.EXE "
"item "= "Freeserve Connection Kit "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AdaptecDirectCD]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "DirectCD "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Apoint]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "Apoint "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Apoint2K\\Apoint.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BJCFD]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "CFD "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DataLayer]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "DataLayer "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Common Files\\PCSuite\\DataLayer\\DataLayer.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Gearbox]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "confsvr "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Gearbox Connection Kit\\bin\\confsvr.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HotKeysCmds]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "hkcmd "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\hkcmd.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "iTunesHelper "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\iTunes\\iTunesHelper.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LTSMMSG]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "LTSMMSG "
"hkey "= "HKLM "
"command "= "LTSMMSG.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "msmsgs "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\Messenger\\msmsgs.exe\" /background "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MsnMsgr]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "msnmsgr "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCSuiteTrayApplication]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "LaunchApplication "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PcSync]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "PcSync2 "
"hkey "= "HKCU "
"command "= "C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "qttask "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TFNF5]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "TFNF5 "
"hkey "= "HKLM "
"command "= "TFNF5.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "realsched "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot "
"inimapping "= "0 "


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 22/09/2006 14:35:46.01
ComboFix.txt
ComboFix3.txt
ComboFix2.txt