jmash

I have followed your steps closely and am pasting the files in order below.

******************
daft.txt:
******************
DAFT Log saved on 2008-05-06 19:55:34
-----------------------------------------------------------------------
All associations okay!


******************
mbam log
******************
Malwarebytes' Anti-Malware 1.12
Database version: 726

Scan type: Full Scan (C:\|)
Objects scanned: 165519
Time elapsed: 4 hour(s), 24 minute(s), 57 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 4
Registry Keys Infected: 34
Registry Values Infected: 7
Registry Data Items Infected: 2
Folders Infected: 5
Files Infected: 70

Memory Processes Infected:
c:\program files\JavaCore\JavaCore.exe (Trojan.Insider) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINNT\system32\tpjuwdqv.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINNT\system32\unbnwmog.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINNT\system32\xxywXQGw.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINNT\system32\efcCuVon.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68810da4-1a9e-45be-bf89-c937cc27f26e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{68810da4-1a9e-45be-bf89-c937cc27f26e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{24e9519b-3f70-429b-99bc-4b2b49b96f66} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24e9519b-3f70-429b-99bc-4b2b49b96f66} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efccuvon (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3cab59b4-55a3-4737-9fd5-b93c6430bf75} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3cab59b4-55a3-4737-9fd5-b93c6430bf75} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\vacpro.internazionale_ver10 (Dialer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{dd469a88-316c-441d-b712-783d9b9a6707} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{981bda1d-c8ad-46ff-be2c-fddd859ac6f5} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{d28cd14c-50be-4cfa-951e-b37f25da3472} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d7391412-ca67-4b78-aa59-e09e193a1986} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9bcf2027-c4b0-4ada-bbd2-e6b642e5265a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\BO1jiZmwnF2zhi (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WinReanimator (Rogue.WinReanimator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\xInsiDERexe (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cc15b3c3-112b-465f-9880-88eedc82230f} (Trojan.vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f00f8779 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JavaCore (Trojan.Insider) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\g]eeV\mWhjlnspB (Adware.ZeroSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{24e9519b-3f70-429b-99bc-4b2b49b96f66} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinReanimator (Rogue.WinReanimator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMf33cb4e5 (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\winnt\system32\xxywxqgw -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\winnt\system32\xxywxqgw -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\WinReanimator (Rogue.WinReanimator) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\JavaCore\JavaCore.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\WINNT\system32\bhvpjeuu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\uuejpvhb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\gfjjovaf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\favojjfg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\oeywrplb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\blprwyeo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\qdrgjmeb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\bemjgrdq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\qupbotpi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\iptobpuq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\tpjuwdqv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINNT\system32\vqdwujpt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\unbnwmog.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\gomwnbnu.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\xxywXQGw.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINNT\system32\wGQXwyxx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\wGQXwyxx.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\ocntqkdn.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\WINNT\system32\efcCuVon.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINNT\system32\pgmjhwmj.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\cav.bal\Local Settings\Temporary Internet Files\Content.IE5\IPIYQOEZ\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\cav.bal\Local Settings\Temporary Internet Files\Content.IE5\IPIYQOEZ\Installer2[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\cav.bal\Local Settings\Temporary Internet Files\Content.IE5\S9O22ZVZ\glas[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\cav.bal\Local Settings\Temporary Internet Files\Content.IE5\S9O22ZVZ\idkfa[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\cav.bal\Local Settings\Temporary Internet Files\Content.IE5\S9O22ZVZ\kriv[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareMaster\asm.exe (Rogue.AntiSpyMaster) -> Quarantined and deleted successfully.
C:\Program Files\Temporary\InsiDERInst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\WinReanimator\install.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINNT\b152.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\WINNT\b153.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINNT\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINNT\mrofinu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINNT\mrofinu1000106.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINNT\mrofinu572.exe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINNT\CSC\d5\800000B4 (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINNT\system32\ceogovkk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINNT\system32\cumuapux.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\hgayudvq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\ofwgaspq.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINNT\system32\ppc101.exe (Trojan.Pakes) -> Quarantined and deleted successfully.
C:\WINNT\system32\pvdahmvh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\qkocanrl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\qpnwbabf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\seflqkkv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\slwildsx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\ssqOIXPg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\vtUnlKDU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\winivstr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINNT\system32\wupxaept.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINNT\system32\yaejoshx.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINNT\system32\ace2\bmv35gui.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINNT\system32\bharebio01\bharebio011065.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINNT\system32\gui4\cegmgr76.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\Program Files\WinReanimator\un.ico (Rogue.WinReanimator) -> Quarantined and deleted successfully.
C:\Program Files\WinReanimator\unzip32.dll (Rogue.WinReanimator) -> Quarantined and deleted successfully.
C:\Program Files\WinReanimator\WinReanimator.exe (Rogue.WinReanimator) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore\UnInstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINNT\system32\qodsddvg.dll (Trojan.Agent) -> Delete on reboot.
C:\WINNT\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINNT\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINNT\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINNT\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINNT\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINNT\system32\univrs32.dat (Trojan.Agent) -> Delete on reboot.
C:\WINNT\system32\braviax.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINNT\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINNT\system32\hnlffuit.dll (Trojan.vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\cav.bal\Start Menu\Programs\Startup\Deewoo.lnk (Trojan.Agent) -> Quarantined and deleted successfully.



*****************
Combofix log
*****************

ComboFix 08-05-01.3 - cav.bal 2008-05-07 0:47:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.129 [GMT 1:00]
Running from: C:\Documents and Settings\cav.bal\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\cav.bal\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\cav.bal\Application Data\FNTS~1
C:\Documents and Settings\cav.bal\Application Data\PPATCH~1
C:\Documents and Settings\cav.bal\Application Data\SCURIT~1
C:\Documents and Settings\cav.bal\My Documents\DOBE~1
C:\Documents and Settings\cav.bal\My Documents\MCROSO~1.NET
C:\Program Files\Common Files\sks~1
C:\Program Files\Common Files\smante~1
C:\Program Files\Common Files\sstem3~1
C:\Program Files\mantec~1
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINNT\cookies.ini
C:\WINNT\pskt.ini
C:\WINNT\sstem~1
C:\WINNT\system32\amgncpos.dll
C:\WINNT\system32\axqoauup.dll
C:\WINNT\system32\bdacbbwg.dll
C:\WINNT\system32\braviax.exe
C:\WINNT\system32\crosof~1
C:\WINNT\system32\crosof~1.net
C:\WINNT\system32\curity~1
C:\WINNT\system32\drtuimqh.ini
C:\WINNT\system32\dtmaojgy.ini
C:\WINNT\system32\dwqnqvxx.dll
C:\WINNT\system32\ecurit~1
C:\WINNT\system32\efcCuVon.dll
C:\WINNT\system32\engcjvpv.dll
C:\WINNT\system32\faugmjwq.dll
C:\WINNT\system32\fnts~1
C:\WINNT\system32\gqmijyqr.dll
C:\WINNT\system32\grouppolicy\machine\scripts\scripts.ini
C:\WINNT\system32\hminljly.dll
C:\WINNT\system32\hpayyckf.ini
C:\WINNT\system32\kbuobuue.ini
C:\WINNT\system32\kpbcbiue.ini
C:\WINNT\system32\lnhcaugy.dll
C:\WINNT\system32\lstlbxxq.dll
C:\WINNT\system32\mcrh.tmp
C:\WINNT\system32\mhmdhpnn.dll
C:\WINNT\system32\mjumfhro.dll
C:\WINNT\system32\mrtpxcog.ini
C:\WINNT\system32\mtacnoqa.dll
C:\WINNT\system32\mycobvju.dll
C:\WINNT\system32\nunwnsop.dll
C:\WINNT\system32\nvsqwjlp.dll
C:\WINNT\system32\ogkgmbmm.dll
C:\WINNT\system32\qodsddvg.dll
C:\WINNT\system32\rkotupdu.ini
C:\WINNT\system32\sembly~1
C:\WINNT\system32\stem~1
C:\WINNT\system32\stem32~1
C:\WINNT\system32\tmsewxjy.ini
C:\WINNT\system32\tpjuwdqv.dll
C:\WINNT\system32\ufhjnjct.dll
C:\WINNT\system32\univrs32.dat
C:\WINNT\system32\unrnyhhh.dll
C:\WINNT\system32\uqffyluq.dll
C:\WINNT\system32\vvqtocwx.dll
C:\WINNT\system32\vxeqhfpf.dll
C:\WINNT\system32\wdanhngy.dll
C:\WINNT\system32\wktriurh.dll
C:\WINNT\system32\wnsapisv.exe
C:\WINNT\system32\wnsxs~1
C:\WINNT\system32\wxmkgeqd.ini
C:\WINNT\system32\xcweeogj.ini
C:\WINNT\system32\xxywXQGw.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 )))))))))))))))))))))))))))))))
.

2008-05-07 00:39 . 2008-05-07 01:02 54,156 --ah----- C:\WINNT\QTFont.qfn
2008-05-07 00:39 . 2008-05-07 00:53 1,409 --a------ C:\WINNT\QTFont.for
2008-05-06 20:05 . 2008-05-06 20:05 <DIR> d-------- C:\Documents and Settings\cav.bal\Application Data\Malwarebytes
2008-05-06 20:04 . 2008-05-06 20:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-06 20:04 . 2008-05-06 20:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-06 20:04 . 2008-05-05 20:46 27,048 --a------ C:\WINNT\system32\drivers\mbamcatchme.sys
2008-05-06 20:04 . 2008-05-05 20:46 15,864 --a------ C:\WINNT\system32\drivers\mbam.sys
2008-05-06 01:53 . 2008-05-07 00:33 53,312 --------- C:\WINNT\system32\pgmjhwmj.dll
2008-05-05 01:52 . 2008-05-05 01:52 53,312 --a------ C:\WINNT\system32\stbnqsdi.dll
2008-05-05 00:37 . 2008-05-05 00:37 53,312 --a------ C:\WINNT\system32\aciywtwm.dll
2008-05-04 10:18 . 2008-05-04 10:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-04 10:17 . 2008-05-04 10:30 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-05-04 10:08 . 2008-05-04 10:08 1,482,415 ---hs---- C:\WINNT\system32\drtuimqh.tmp
2008-05-04 10:07 . 2008-05-04 10:07 53,312 --a------ C:\WINNT\system32\adaopcao.dll
2008-05-04 02:29 . 2008-05-04 02:29 <DIR> d-------- C:\Documents and Settings\cav.bal\Application Data\Talkback
2008-05-04 02:18 . 2008-05-04 02:27 <DIR> d-------- C:\Program Files\Panda Security
2008-05-04 02:18 . 2008-05-04 02:23 1,883 --a------ C:\WINNT\mozver.dat
2008-05-04 01:51 . 2008-05-04 01:51 53,312 --a------ C:\WINNT\system32\qifliqrh.dll
2008-05-04 01:32 . 2008-05-04 01:32 53,312 --a------ C:\WINNT\system32\phpiytma.dll
2008-05-04 01:16 . 2008-05-04 01:16 53,312 --a------ C:\WINNT\system32\ljkqnbbl.dll
2008-05-04 00:40 . 2008-05-04 00:40 13,942 --a------ C:\WINNT\system32\N90-002.ico
2008-05-03 01:17 . 2008-05-03 01:17 53,312 --a------ C:\WINNT\system32\bhkxnvxx.dll
2008-05-03 01:13 . 2008-05-05 01:25 345 --ahs---- C:\WINNT\system32\CLUtvGgh.ini
2008-05-02 00:11 . 2003-01-24 09:03 155,648 --a------ C:\WINNT\system32\igfxres.dll
2008-05-01 23:24 . 2008-05-01 23:24 53,312 --a------ C:\WINNT\system32\adqaykde.dll
2008-05-01 23:22 . 2008-05-01 23:22 53,312 --a------ C:\WINNT\system32\cyxjqgiy.dll
2008-04-29 23:54 . 2008-04-29 23:54 53,312 --a------ C:\WINNT\system32\riiyorij.dll
2008-04-26 22:01 . 2008-04-26 22:01 53,312 --a------ C:\WINNT\system32\bgksvhye.dll
2008-04-26 21:41 . 2008-04-26 21:42 53,312 --a------ C:\WINNT\system32\tskwklfn.dll
2008-04-26 21:32 . 2008-05-02 00:11 345 --ahs---- C:\WINNT\system32\bJlUCcdd.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-06 23:58 --------- d-----w C:\Program Files\OfficeScan NT
2008-04-26 21:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-26 21:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2006-02-13 16:20 32,064 ----a-w C:\Documents and Settings\cav.bal\Application Data\GDIPFONTCACHEV1.DAT
2005-10-21 15:15 184 ----a-w C:\Program Files\INSTALL.LOG
2004-08-03 14:57 6,074,820 ----a-w C:\Program Files\download.zip
2004-06-23 16:03 6,267,888 ----a-w C:\Program Files\visualformatclient.exe
2003-07-17 08:53 94,229,736 ----a-w C:\Program Files\openft.zip
2005-04-26 08:48 57,344 ----a-w C:\Program Files\internet explorer\plugins\PluginWrapper.dll
2007-04-17 20:42 32,768 --sha-w C:\WINNT\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007041720070418\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1DA38E5B-2AD2-4DD4-A8F5-420FB7D8B162}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24E9519B-3F70-429B-99BC-4B2B49B96F66}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2DA9D4B8-707E-47D7-925B-FA2D81FDDB47}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{387A5B21-F2FE-456A-AC47-CB1956E2A1F2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6376940F-FEA2-493A-8DD6-5CD70214CAEA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68810DA4-1A9E-45BE-BF89-C937CC27F26E}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22 4670968]
"CatUserRun"="exec32 /wh /c chgreg5 /c" []
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"JavaCore"="C:\Program Files\\JavaCore\\JavaCore.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINNT\System32\hkcmd.exe" [2003-01-24 09:05 114688]
"RightFAX Print-to-Fax Driver"="C:\Program Files\RightFax\\FaxCtrl.exe" [2003-07-17 11:44 114688]
"Synchronization Manager"="C:\WINNT\system32\mobsync.exe" [2004-08-04 01:56 143360]
"NeroCheck"="C:\Program Files\Ahead\\Nero\NeroCheck.exe" [2001-07-09 12:50 155648]
"DirXconnect settings"="C:\\PROGRA~1\sie\DIRXDI~1\dxdSetup.exe" [2000-03-21 10:39 106561]
"OfficeScanNT Monitor"="C:\Program Files\OfficeScan NT\pccntmon.exe" [2007-01-08 20:20 356429]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-07 12:58 77824]
"Java Profiles Fix"="C:\Program Files\Java\Profile Fix\Java_Profile.exe" [2003-04-30 12:40 32768]
"JavaProfileFix2"="C:\Program Files\Java\Profile Fix\Java_Profile_2.exe" [2004-03-04 12:33 36864]
"SIECACST"="C:\Program Files\sie\Card API\bin\siecacst.exe" [2005-02-01 10:10 45056]
"Discovery User Input"="c:\Discovery\User Input\userin32.exe" [2005-11-10 13:58 212992]
"JavaProfileFix3"="C:\Program Files\Java\Profile Fix\JAVA_Fix 3.exe" [2005-12-06 12:52 53248]
"Migrator"="C:\Program Files\CryptoEx\Migrator\Migrator.exe" [2004-10-26 16:16 290816]
"CryptoExTrayV3"="C:\Program Files\CryptoEx\Common\CexTray.exe" [2005-03-01 17:55 909312]
"SchedulingAgent_nDG"="C:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe" [2006-07-27 16:59 1183744]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 15:25 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 15:45 40960]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 16:48 622592]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 19:02 49152]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 15:58 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-01-09 08:27 77824]
"{F8-87-7D-D6-DW}"="C:\winnt\system32\jpwnw64m.exe" [ ]
"g]eeV\mWhjlnspB"="C:\WINNT\system32\ocntqkdn.exe" [ ]
"f00f8779"="C:\WINNT\system32\ygjoamtd.dll" [ ]
"@"="" []
"runner1"="C:\WINNT\mrofinu572.exe" [ ]
"WinReanimator"="C:\Program Files\WinReanimator\winreanimator.exe" [ ]
"BMf33cb4e5"="C:\WINNT\system32\engcjvpv.dll" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 0 (0x0)
"MaxGPOScriptWait"= 1800 (0x708)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"ConnectHomeDirToRoot"= 0 (0x0)
"HideLogonScripts"= 0 (0x0)
"EnableProfileQuota"= 1 (0x1)
"ProfileQuotaMessage"= You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage.
"MaxProfileSize"= 10240 (0x2800)
"WarnUserTimeout"= 15 (0xf)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPublishingWizard"= 1 (0x1)
"NoWebServices"= 1 (0x1)
"NoOnlinePrintsWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoMSAppLogo5ChannelNotify"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"= 0 (0x0)
"Btn_Forward"= 0 (0x0)
"Btn_Stop"= 0 (0x0)
"Btn_Refresh"= 0 (0x0)
"Btn_Home"= 0 (0x0)
"Btn_Search"= 0 (0x0)
"Btn_History"= 0 (0x0)
"Btn_Favorites"= 0 (0x0)
"Btn_Media"= 0 (0x0)
"Btn_Folders"= 0 (0x0)
"Btn_Fullscreen"= 0 (0x0)
"Btn_Tools"= 0 (0x0)
"Btn_MailNews"= 0 (0x0)
"Btn_Size"= 0 (0x0)
"Btn_Print"= 0 (0x0)
"Btn_Edit"= 0 (0x0)
"Btn_Discussions"= 0 (0x0)
"Btn_Cut"= 0 (0x0)
"Btn_Copy"= 0 (0x0)
"Btn_Paste"= 0 (0x0)
"Btn_Encoding"= 0 (0x0)
"Btn_PrintPreview"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoLogoff"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"DisallowCpl"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"GreyMSIAds"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
"StartRunNoHOMEPATH"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"= 0 (0x0)
"Btn_Forward"= 0 (0x0)
"Btn_Stop"= 0 (0x0)
"Btn_Refresh"= 0 (0x0)
"Btn_Home"= 0 (0x0)
"Btn_Search"= 0 (0x0)
"Btn_History"= 0 (0x0)
"Btn_Favorites"= 0 (0x0)
"Btn_Media"= 0 (0x0)
"Btn_Folders"= 0 (0x0)
"Btn_Fullscreen"= 0 (0x0)
"Btn_Tools"= 0 (0x0)
"Btn_MailNews"= 0 (0x0)
"Btn_Size"= 0 (0x0)
"Btn_Print"= 0 (0x0)
"Btn_Edit"= 0 (0x0)
"Btn_Discussions"= 0 (0x0)
"Btn_Cut"= 0 (0x0)
"Btn_Copy"= 0 (0x0)
"Btn_Paste"= 0 (0x0)
"Btn_Encoding"= 0 (0x0)
"Btn_PrintPreview"= 0 (0x0)
"NoActiveDesktopChanges"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoSetActiveDesktop"= 0 (0x0)
"NoLogoff"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoTrayContextMenu"= 0 (0x0)
"NoViewContextMenu"= 0 (0x0)
"EnforceShellExtensionSecurity"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="SGPro.exe /shell"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINNT\\system32\\userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CexTrayWinLogon]
C:\Program Files\CryptoEx\Common\CexTrayWinLogon.dll 2005-01-26 13:25 57344 C:\Program Files\CryptoEx\Common\CexTrayWinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcCuVon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0]
"Script"=CBEShutdown.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\1\0]
"Script"=bnls299acmdline.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=catstart.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]
"Script"=\\GB001.sie.net\sysvol\GB001.sie.net\scripts\CatPC\CAT Basic Environment\Setup\Setup.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\2\0]
"Script"=DeployCentennialAgent.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\3\0]
"Script"=bnls299acmdline.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-725345543-468838394-1152\Scripts\Logoff\0\0]
"Script"=CBELogoff.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-725345543-468838394-31563\Scripts\Logoff\0\0]
"Script"=CBELogoff.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-725345543-468838394-34625\Scripts\Logoff\0\0]
"Script"=CBELogoff.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-450047656-3918250416-1063027673-500\Scripts\Logoff\0\0]
"Script"=CBELogoff.bat

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BO1HelperStartUp]
C:\PROGRA~1\BUTTER~1\BO1HEL~1.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 Achernar;Achernar - SCSI Command Filters;C:\WINNT\system32\Drivers\Achernar.sys [2004-02-11 16:34]
R2 CBBS;CAT Bulletin Board;C:\Program Files\sie\CAT Bulletin Board\CBBS.exe [2002-06-20 18:52]
R2 mgsdl;ManageSoft Peer-to-Peer Download Service;"C:\Program Files\ManageSoft\Launcher\mgsdl.exe" [2006-07-27 16:54]
R2 ndGlobalLauncher;ManageSoft installation agent;"C:\Program Files\ManageSoft\Launcher\ndserv.exe" [2006-07-27 16:56]
R2 ndinit;ManageSoft managed device;"C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe" [2006-07-27 17:00]
R2 openFT FTNEA;openFT Server;"C:\Program Files\openFT\bin\NEACTRLS.EXE" [2002-07-09 18:36]
R2 openFT Security Server;openFT Security Server;"C:\Program Files\openFT\bin\SECSERV.EXE" [2002-07-09 18:38]
R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINNT\system32\Drivers\Aldebaran.sys [2004-02-11 16:34]
S2 CatSystemSvc;CatSystem;C:\WINNT\CatPC\CATSYS\CatSystemSvc.exe [2006-05-02 20:43]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINNT\system32\DRIVERS\BrScnUsb.sys [2004-10-15 13:50]
S3 MsDtsServer;SQL Server Integration Services;"C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe" [2005-10-14 03:45]
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 03:53]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

*Newly Created Service* - MACROMEDIA_LICENSING_SERVICE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-07 01:00:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINNT\explorer.exe [3348] 0x8328A650

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"g]eeV\\mWhjlnspB"="C:\\WINNT\\system32\\ocntqkdn.exe DWram"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\msftesql]
"ImagePath"="\"C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe\" -s:MSSQL.2 -f:MSSQLSERVER"
.
------------------------ Other Running Processes ------------------------
.
C:\WINNT\system32\scardsvr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\WINNT\TEMP\EX35A8.EXE
C:\WINNT\system32\proquota.exe
C:\Program Files\sie\CAT Bulletin Board\CBB.exe
C:\Program Files\OfficeScan NT\PccNTUpd.exe
C:\Program Files\OfficeScan NT\POP3Trap.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
.
**************************************************************************
.
Completion time: 2008-05-07 1:13:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-07 00:12:55

Pre-Run: 2,751,373,312 bytes free
Post-Run: 2,624,106,496 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

356



*******************
DSS log
*******************

Deckard's System Scanner v20071014.68
Run by cav.bal on 2008-05-07 01:19:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 503 MiB (512 MiB recommended).
System Drive C: has 2.48 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-07 01:20:02
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.5730.13)
Boot mode: Normal

Running processes:
C:\WINNT\system32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\sie\CAT Bulletin Board\CBBS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
C:\Program Files\ManageSoft\Launcher\mgsdl.exe
C:\Program Files\ManageSoft\Launcher\ndserv.exe
C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\Program Files\openft\bin\secserv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\Program Files\openft\bin\neactrls.exe
C:\WINNT\TEMP\EX35A8.EXE
C:\WINNT\system32\proquota.exe
C:\Program Files\sie\CAT Bulletin Board\CBB.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\OfficeScan NT\POP3Trap.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\taskmgr.exe
C:\Documents and Settings\cav.bal\Desktop\dss(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=mddmproxy.gb001.sie.net:80;https=mddmproxy.gb001.sie.net:80;ftp=mddmproxy.gb001.sie.net:80;gopher=localhost:1;socks=proxy1.sbs.sie.co.uk:1080
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=mddmproxy.gb001.sie.net:80;https=mddmproxy.gb001.sie.net:80;ftp=mddmproxy.gb001.sie.net:80;gopher=mddmproxy.gb001.sie.net:80
R3 - URLSearchHook: (no name) - {B85A7A3C-BEDA-E62A-F1FB-E93B8602749A} - C:\WINNT\system32\wkz.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\\FaxCtrl.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\Program Files\Ahead\\Nero\NeroCheck.exe
O4 - HKLM\..\Run: [DirXconnect settings] C:\\PROGRA~1\sie\DIRXDI~1\dxdSetup.exe -silent -dxcsettings
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Java Profiles Fix] C:\Program Files\Java\Profile Fix\Java_Profile.exe
O4 - HKLM\..\Run: [JavaProfileFix2] C:\Program Files\Java\Profile Fix\Java_Profile_2.exe
O4 - HKLM\..\Run: [SIECACST] C:\Program Files\sie\Card API\bin\siecacst.exe
O4 - HKLM\..\Run: [Discovery User Input] c:\Discovery\User Input\userin32.exe
O4 - HKLM\..\Run: [JavaProfileFix3] "C:\Program Files\Java\Profile Fix\JAVA_Fix 3.exe"
O4 - HKLM\..\Run: [Migrator] "C:\Program Files\CryptoEx\Migrator\Migrator.exe" -StartUp
O4 - HKLM\..\Run: [CryptoExTrayV3] "C:\Program Files\CryptoEx\Common\CexTray.exe" /ShowTrayIcon
O4 - HKLM\..\Run: [SchedulingAgent_nDG] "C:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe" -o RunNDStartup=True -o Startup=True
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [{F8-87-7D-D6-DW}] C:\winnt\system32\jpwnw64m.exe DWram
O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINNT\system32\ocntqkdn.exe DWram
O4 - HKLM\..\Run: [f00f8779] rundll32.exe "C:\WINNT\system32\ygjoamtd.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [CatUserRun] exec32 /wh /c chgreg5 /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: Resume Windows Update Installation.lnk = \\gb001.sie.net\DFSroot\LSDP\BR0000023\WinXP\ie6setup.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://workplace.sie.net (HKLM)
O15 - Trusted Zone: *.microsoft.com (HKCU)
O15 - Trusted Zone: *.sap-ag.de (HKCU)
O15 - Trusted Zone: *.sap.com (HKCU)
O15 - Trusted Zone: *.sap.com (HKCU)
O15 - Trusted Zone: https://workplace.sie.net (HKCU)
O15 - Trusted IP Range: http://132.186.127.126 (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} () - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1176402450038
O17 - HKLM\Software\..\Telephony: DomainName = GB001.sie.net
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = GB001.sie.net
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: Domain = GB001.sie.net
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = GB001.sie.net
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: CexTrayWinLogon - C:\Program Files\CryptoEx\Common\CexTrayWinLogon.dll
O20 - Winlogon Notify: efcCuVon - C:\WINNT\system32\
O23 - Service: CatSystem (CatSystemSvc) - sie AG - C:\WINNT\CATPC\CATSYS\CatSystemSvc.exe
O23 - Service: CAT Bulletin Board (CBBS) - Unknown owner - C:\Program Files\sie\CAT Bulletin Board\CBBS.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\system32\DWRCS.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ManageSoft Peer-to-Peer Download Service (mgsdl) - ManageSoft Corp - C:\Program Files\ManageSoft\Launcher\mgsdl.exe
O23 - Service: ManageSoft installation agent (ndGlobalLauncher) - ManageSoft Corp - C:\Program Files\ManageSoft\Launcher\ndserv.exe
O23 - Service: ManageSoft managed device (ndinit) - ManageSoft Corp - C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: openFT Server (openFT FTNEA) - Fujitsu Siemens Computers GmbH - C:\Program Files\openft\bin\neactrls.exe
O23 - Service: openFT Security Server - Fujitsu Siemens Computers GmbH - C:\Program Files\openft\bin\secserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\tmlisten.exe


--
End of file - 12248 bytes

-- Files created between 2008-04-07 and 2008-05-07 -----------------------------

2008-05-07 00:44:25 68096 --a------ C:\WINNT\zip.exe
2008-05-07 00:44:25 49152 --a------ C:\WINNT\VFind.exe
2008-05-07 00:44:25 161792 --a------ C:\WINNT\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-07 00:44:25 98816 --a------ C:\WINNT\sed.exe
2008-05-07 00:44:25 80412 --a------ C:\WINNT\grep.exe
2008-05-07 00:44:25 73728 --a------ C:\WINNT\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-07 00:44:24 212480 --a------ C:\WINNT\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-07 00:44:24 136704 --a------ C:\WINNT\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-06 20:05:24 0 d-------- C:\Documents and Settings\cav.bal\Application Data\Malwarebytes
2008-05-06 20:04:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-06 20:04:47 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-06 01:53:40 53312 -----n--- C:\WINNT\system32\pgmjhwmj.dll
2008-05-05 01:52:57 53312 --a------ C:\WINNT\system32\stbnqsdi.dll
2008-05-05 00:37:57 53312 --a------ C:\WINNT\system32\aciywtwm.dll
2008-05-04 10:18:58 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-04 10:17:50 0 d-------- C:\Program Files\SpywareBlaster
2008-05-04 10:07:32 53312 --a------ C:\WINNT\system32\adaopcao.dll
2008-05-04 02:29:01 0 d-------- C:\Documents and Settings\cav.bal\Application Data\Talkback
2008-05-04 02:18:08 0 d-------- C:\Program Files\Panda Security
2008-05-04 02:18:03 1883 --a------ C:\WINNT\mozver.dat
2008-05-04 01:51:55 53312 --a------ C:\WINNT\system32\qifliqrh.dll
2008-05-04 01:32:27 53312 --a------ C:\WINNT\system32\phpiytma.dll
2008-05-04 01:16:51 53312 --a------ C:\WINNT\system32\ljkqnbbl.dll
2008-05-03 01:17:38 53312 --a------ C:\WINNT\system32\bhkxnvxx.dll
2008-05-01 23:24:34 53312 --a------ C:\WINNT\system32\adqaykde.dll
2008-05-01 23:22:19 53312 --a------ C:\WINNT\system32\cyxjqgiy.dll
2008-04-29 23:54:56 53312 --a------ C:\WINNT\system32\riiyorij.dll
2008-04-26 22:01:53 53312 --a------ C:\WINNT\system32\bgksvhye.dll
2008-04-26 21:58:53 0 dr-h----- C:\Documents and Settings\cav.bal\Recent
2008-04-26 21:41:59 53312 --a------ C:\WINNT\system32\tskwklfn.dll


-- Find3M Report ---------------------------------------------------------------

2008-05-07 01:20:47 0 d-------- C:\Program Files\OfficeScan NT
2008-05-07 00:48:07 0 d-a------ C:\Program Files\Common Files
2008-05-03 01:13:35 937 --a------ C:\WINNT\system32\winpfz33.sys


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINNT\System32\hkcmd.exe" [2003-01-24 09:05]
"RightFAX Print-to-Fax Driver"="C:\Program Files\RightFax\\FaxCtrl.exe" [2003-07-17 11:44]
"Synchronization Manager"="C:\WINNT\system32\mobsync.exe" [2004-08-04 01:56]
"NeroCheck"="C:\Program Files\Ahead\\Nero\NeroCheck.exe" [2001-07-09 12:50]
"DirXconnect settings"="C:\\PROGRA~1\sie\DIRXDI~1\dxdSetup.exe" [2000-03-21 10:39]
"OfficeScanNT Monitor"="C:\Program Files\OfficeScan NT\pccntmon.exe" [2007-01-08 20:20]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-07 12:58]
"Java Profiles Fix"="C:\Program Files\Java\Profile Fix\Java_Profile.exe" [2003-04-30 12:40]
"JavaProfileFix2"="C:\Program Files\Java\Profile Fix\Java_Profile_2.exe" [2004-03-04 12:33]
"SIECACST"="C:\Program Files\sie\Card API\bin\siecacst.exe" [2005-02-01 10:10]
"Discovery User Input"="c:\Discovery\User Input\userin32.exe" [2005-11-10 13:58]
"JavaProfileFix3"="C:\Program Files\Java\Profile Fix\JAVA_Fix 3.exe" [2005-12-06 12:52]
"Migrator"="C:\Program Files\CryptoEx\Migrator\Migrator.exe" [2004-10-26 16:16]
"CryptoExTrayV3"="C:\Program Files\CryptoEx\Common\CexTray.exe" [2005-03-01 17:55]
"SchedulingAgent_nDG"="C:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe" [2006-07-27 16:59]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 15:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 15:45]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 16:48]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 19:02]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 15:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-01-09 08:27]
"{F8-87-7D-D6-DW}"="C:\winnt\system32\jpwnw64m.exe" []
"g]eeV\mWhjlnspB"="C:\WINNT\system32\ocntqkdn.exe" []
"f00f8779"="C:\WINNT\system32\ygjoamtd.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22]
"CatUserRun"="exec32 /wh /c chgreg5 /c" []
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 01:56]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"MaxGPOScriptWait"=1800 (0x708)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"ConnectHomeDirToRoot"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"EnableProfileQuota"=1 (0x1)
"ProfileQuotaMessage"=You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage.
"MaxProfileSize"=10240 (0x2800)
"WarnUserTimeout"=15 (0xf)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPublishingWizard"=1 (0x1)
"NoWebServices"=1 (0x1)
"NoOnlinePrintsWizard"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoMSAppLogo5ChannelNotify"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"=0 (0x0)
"Btn_Forward"=0 (0x0)
"Btn_Stop"=0 (0x0)
"Btn_Refresh"=0 (0x0)
"Btn_Home"=0 (0x0)
"Btn_Search"=0 (0x0)
"Btn_History"=0 (0x0)
"Btn_Favorites"=0 (0x0)
"Btn_Media"=0 (0x0)
"Btn_Folders"=0 (0x0)
"Btn_Fullscreen"=0 (0x0)
"Btn_Tools"=0 (0x0)
"Btn_MailNews"=0 (0x0)
"Btn_Size"=0 (0x0)
"Btn_Print"=0 (0x0)
"Btn_Edit"=0 (0x0)
"Btn_Discussions"=0 (0x0)
"Btn_Cut"=0 (0x0)
"Btn_Copy"=0 (0x0)
"Btn_Paste"=0 (0x0)
"Btn_Encoding"=0 (0x0)
"Btn_PrintPreview"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoChangeStartMenu"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoLogoff"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoNetConnectDisconnect"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoPrinterTabs"=0 (0x0)
"PromptRunasInstallNetPath"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)
"DisallowCpl"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoThumbnailCache"=1 (0x1)
"ForceStartMenuLogOff"=1 (0x1)
"NoResolveSearch"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"GreyMSIAds"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"DisablePersonalDirChange"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoAutoUpdate"=1 (0x1)
"StartRunNoHOMEPATH"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowCpl]
"1"=wuaucpl.cpl

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"=0 (0x0)
"Btn_Forward"=0 (0x0)
"Btn_Stop"=0 (0x0)
"Btn_Refresh"=0 (0x0)
"Btn_Home"=0 (0x0)
"Btn_Search"=0 (0x0)
"Btn_History"=0 (0x0)
"Btn_Favorites"=0 (0x0)
"Btn_Media"=0 (0x0)
"Btn_Folders"=0 (0x0)
"Btn_Fullscreen"=0 (0x0)
"Btn_Tools"=0 (0x0)
"Btn_MailNews"=0 (0x0)
"Btn_Size"=0 (0x0)
"Btn_Print"=0 (0x0)
"Btn_Edit"=0 (0x0)
"Btn_Discussions"=0 (0x0)
"Btn_Cut"=0 (0x0)
"Btn_Copy"=0 (0x0)
"Btn_Paste"=0 (0x0)
"Btn_Encoding"=0 (0x0)
"Btn_PrintPreview"=0 (0x0)
"NoActiveDesktopChanges"=0 (0x0)
"NoInternetIcon"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoSetActiveDesktop"=0 (0x0)
"NoChangeStartMenu"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoLogoff"=0 (0x0)
"NoClose"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoTrayContextMenu"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"EnforceShellExtensionSecurity"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoNetConnectDisconnect"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoPrinterTabs"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CexTrayWinLogon]
C:\Program Files\CryptoEx\Common\CexTrayWinLogon.dll 2005-01-26 13:25 57344 C:\Program Files\CryptoEx\Common\CexTrayWinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcCuVon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0]
"Script"=CBEShutdown.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\1\0]
"Script"=bnls299acmdline.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=catstart.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]
"Script"=\\GB001.sie.net\sysvol\GB001.sie.net\scripts\CatPC\CAT Basic Environment\Setup\Setup.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\2\0]
"Script"=DeployCentennialAgent.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\3\0]
"Script"=bnls299acmdline.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-725345543-468838394-1152\Scripts\Logoff\0\0]
"Script"=CBELogoff.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-725345543-468838394-31563\Scripts\Logoff\0\0]
"Script"=CBELogoff.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-725345543-468838394-34625\Scripts\Logoff\0\0]
"Script"=CBELogoff.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-450047656-3918250416-1063027673-500\Scripts\Logoff\0\0]
"Script"=CBELogoff.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BO1HelperStartUp]
C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1

*Newly Created Service* - MACROMEDIA_LICENSING_SERVICE



-- End of Deckard's System Scanner: finished at 2008-05-07 01:21:07 ------------


Regards,
jmash