Tech Support Forum - View Single Post - w32.spybot.worm- I can't get rid of it.

Immune · 04-28-2007, 11:30 PM

I got this Virus about two days ago, and can't seem to get rid of it. I looked on the symantec website, but got confused when they started talking about registrys and stuff. ( I'm an intermediate Computer user.) The exe called tfpl.exe
I thought I got rid of it, but every time I restart my computer, a symantec auto-protect came up. I am also having problems with my internet connection. For instance when I play a game counter-strike source, when I search for servers it loses internet connection and all I have is Local connection. This is that hijackthis dss log. Attached is the extra.txt log thing

Deckard's System Scanner v20070426.43
Run by Tadd on 2007-04-28 at 21:57:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Performed disk cleanup.

-- HijackThis (run as Tadd.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:00:08 PM, on 4/28/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\tfpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
C:\hp\kbd\kbd.exe
C:\Users\Tadd\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\HIJACK~1\Tadd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [googletalk] C:\Users\Tadd\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] TFPL.EXE
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>

S3 SRTSPL - c:\windows\system32\drivers\srtspl.sys <Not Verified; Symantec Corporation; AutoProtect>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Files created between 2007-03-28 and 2007-04-28 -----------------------------

2007-04-28 21:46:37 0 d-------- C:\Program Files\SpywareBlaster
2007-04-27 17:00:44 0 d-------- C:\Program Files\ATI Technologies
2007-04-27 17:00:41 0 d-------- C:\Program Files\ATI
2007-04-27 16:59:33 0 d-------- C:\ATI
2007-04-27 16:12:17 0 d-------- C:\Program Files\CCleaner
2007-04-26 18:08:14 121856 ---h----- C:\Windows\system32\tfpl.exe
2007-04-26 18:08:12 121856 ---h----- C:\Windows\system32\llvk.exe
2007-04-25 15:21:05 0 d-------- C:\Program Files\Microsoft Works
2007-04-25 15:10:07 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-04-25 15:09:01 0 d-------- C:\Users\All Users\Microsoft Help
2007-04-25 14:47:37 92160 --a------ C:\Windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2007-04-25 14:47:36 0 d-------- C:\Program Files\MagicDisc
2007-04-24 18:53:30 0 d-------- C:\Program Files\DVDFab HD Decrypter 3
2007-04-22 16:18:05 0 d-------- C:\Windows\Sun
2007-04-22 12:23:16 0 d-------- C:\Program Files\Stardock
2007-04-20 19:09:05 0 d-------- C:\Program Files\Yamicsoft
2007-04-19 17:59:13 0 d-------- C:\Program Files\Common Files\L&H
2007-04-18 19:24:01 0 d-------- C:\Program Files\Steam
2007-04-18 16:04:52 0 d-------- C:\Program Files\SystemRequirementsLab
2007-04-10 12

29 0 d-------- C:\Program Files\MagicISO
2007-04-10 01:47:18 0 d-------- C:\Program Files\Common Files\Stardock
2007-04-07 20:10:25 0 d-------- C:\Program Files\Bethesda Softworks
2007-04-07 20:05:19 0 d-------- C:\Program Files\Alcohol Soft
2007-04-07 19:56:59 0 d-------- C:\Program Files\RCrawler
2007-04-03 22:09:42 0 d-------- C:\Program Files\CONEXANT
2007-04-01 13:08:35 0 d-------- C:\Users\Tadd\Shared
2007-04-01 13:08:34 0 d-------- C:\Users\Tadd\Incomplete
2007-03-31 16:11:58 0 d-------- C:\Windows\pss
2007-03-29 15:26:12 36864 --a------ C:\Windows\system32\wbsys.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4.x for x86 machines>
2007-03-29 15:04:31 2560 --a------ C:\Windows\_MSRSTRT.EXE

-- Find3M Report ---------------------------------------------------------------

2007-04-28 20:59:35 0 d-------- C:\Users\Tadd\AppData\Roaming\uTorrent
2007-04-28 10:12:20 0 d-------- C:\Users\Tadd\AppData\Roaming\Vso
2007-04-27 17:08:08 0 d-------- C:\Users\Tadd\AppData\Roaming\ATI
2007-04-27 16:15:26 0 d-------- C:\Users\Tadd\AppData\Roaming\SystemRequirementsLab
2007-04-25 15:20:28 0 d-------- C:\Program Files\MSBuild
2007-04-22 10:15:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-18 17:24:05 0 d-------- C:\Program Files\Microsoft Games
2007-04-16 22:32:15 0 d-------- C:\Users\Tadd\AppData\Roaming\Skype
2007-04-15 16:11:01 0 d-------- C:\Program Files\Windows Defender
2007-04-15 16:09:28 0 d-------- C:\Program Files\Java
2007-04-15 16:08:48 0 d-------- C:\Program Files\Windows Mail
2007-04-08 02:18:11 0 d-------- C:\Program Files\Lavasoft
2007-04-07 20:09:38 0 d-------- C:\Program Files\Common Files\InstallShield
2007-04-03 15:27:46 0 d-------- C:\Program Files\DVDFab Platinum 3
2007-04-03 07:17:34 0 d-------- C:\Users\Tadd\AppData\Roaming\Lavasoft
2007-04-01 13:26:06 0 d-------- C:\Users\Tadd\AppData\Roaming\LimeWire
2007-03-27 16:08:15 0 d-------- C:\Program Files\Opera
2007-03-27 15:48:36 0 --a------ C:\Windows\nsreg.dat
2007-03-27 15:48:25 0 d-------- C:\Users\Tadd\AppData\Roaming\Mozilla
2007-03-27 15:10:38 0 d-------- C:\Program Files\Frameworkx
2007-03-25 19:10:42 0 d-------- C:\Program Files\Boilsoft MOV Converter
2007-03-23 17:25:58 0 d-------- C:\Program Files\ffdshow
2007-03-22 21:38:22 0 d-------- C:\Program Files\WhatPulse
2007-03-20 22:02:44 0 d-------- C:\Program Files\DAMN NFO Viewer
2007-03-20 19:02:32 0 d-------- C:\Users\Tadd\AppData\Roaming\Azureus
2007-03-20 07:21:30 0 d-------- C:\Program Files\iTunes
2007-03-20 07:21:25 0 d-------- C:\Program Files\iPod
2007-03-19 16:12:02 0 d-------- C:\Users\Tadd\AppData\Roaming\Apple Computer
2007-03-19 07:11:30 0 d-------- C:\Program Files\SlySoft
2007-03-18 14:47:28 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-03-18 14:47:01 0 d-------- C:\Program Files\Symantec
2007-03-18 14:43:37 0 d-------- C:\Program Files\Symantec AntiVirus
2007-03-18 13:09:38 0 d-------- C:\Program Files\mIRC
2007-03-16 18:04:58 512000 --a------ C:\Windows\system32\AWESOM-O Movie Generator.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2007-03-16 17:31:41 0 d-------- C:\Program Files\Common Files\Java
2007-03-16 17:27:17 0 d-------- C:\Program Files\uTorrent
2007-03-16 10:09:44 0 d-------- C:\Program Files\MAPILab Ltd
2007-03-16 09:33:45 34 --a------ C:\Users\Tadd\AppData\Roaming\pcouffin.log
2007-03-16 09:33:42 7824 --a------ C:\Users\Tadd\AppData\Roaming\pcouffin.cat
2007-03-15 23:10:19 0 d-------- C:\Program Files\AC3Filter
2007-03-15 23:02:16 0 d-------- C:\Program Files\Google
2007-03-15 22:31:25 0 d-------- C:\Users\Tadd\AppData\Roaming\Google
2007-03-15 21:10:09 0 d-------- C:\Program Files\RadarSync
2007-03-15 19:15:58 0 d-------- C:\Program Files\Xvid
2007-03-15 15:30:08 0 d-------- C:\Users\Tadd\AppData\Roaming\Elaborate Bytes
2007-03-15 15:30:04 43 --ahs---- C:\Users\Tadd\AppData\Roaming\.zreglib
2007-03-15 07:18:12 0 d-------- C:\Program Files\Apple Software Update
2007-03-14 21:44:01 0 d-------- C:\Program Files\DVD Decrypter
2007-03-14 21:42:39 0 d-------- C:\Program Files\DVD Shrink
2007-03-14 17:26:47 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-03-14 17:24:55 0 d-------- C:\Program Files\Microsoft.NET
2007-03-14 17:16:56 0 d-------- C:\Program Files\Lexmark X6100 Series
2007-03-14 07:39:03 0 d-------- C:\Users\Tadd\AppData\Roaming\SlySoft
2007-03-14 07:25:30 0 d-------- C:\Program Files\Elaborate Bytes
2007-03-13 21:22:47 0 d-------- C:\Users\Tadd\AppData\Roaming\Macromedia
2007-03-13 20:30:31 0 d-------- C:\Program Files\QuickTime
2007-03-13 20:18:18 0 d-------- C:\Users\Tadd\AppData\Roaming\WinRAR
2007-03-13 19:48:59 0 d-------- C:\Users\Tadd\AppData\Roaming\Opera
2007-03-13 19:36:58 0 d-------- C:\Users\Tadd\AppData\Roaming\Identities
2007-02-28 16:05:26 86016 --a------ C:\Windows\system32\ElbyCDIO.dll <Not Verified; Elaborate Bytes AG; Elaborate Bytes CDRTools>
2007-02-21 21:00:28 10752 --a------ C:\Windows\system32\ff_vfw.dll

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Defender"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,\
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"KBD"="C:\\HP\\KBD\\KbdStub.EXE"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"RtHDVCpl"="RtHDVCpl.exe"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
@="C:\\Program Files\\WhatPulse\\WhatPulse.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"googletalk"="C:\\Users\\Tadd\\AppData\\Roaming\\Google\\Google Talk\\googletalk.exe /autostart"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"WhatPulse"="C:\\Program Files\\WhatPulse\\WhatPulse.exe"
"ehTray.exe"="C:\\Windows\\ehome\\ehTray.exe"
"µTorrent"="\"C:\\Program Files\\uTorrent\\utorrent.exe\""
"Steam"="\"c:\\program files\\steam\\steam.exe\" -silent"
@=""
"StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"Winsock2 driver"="TFPL.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"scforceoption"=dword:00000000
"FilterAdministratorToken"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="credssp.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Notification Packages REG_MULTI_SZ scecli\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0tspkg\0\0
Authentication Packages REG_MULTI_SZ msv1_0\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AppInfo
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\KeyIso
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\NTDS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ProfSvc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sacsvr
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SWPRV
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TabletInputService
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TBS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TrustedInstaller
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgr.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgrx.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\WindowBlinds]
"WindowBlinds"=dword:00000002
"YEAR"=dword:000007d7
"MONTH"=dword:00000004
"DAY"=dword:00000014
"HOUR"=dword:00000013
"MINUTE"=dword:00000016
"SECOND"=dword:0000002d

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ nsi\0lltdsvc\0SSDPSRV\0upnphost\0SCardSvr\0w32time\0EventSystem\0RemoteRegistry\0WinHttpAutoProxySvc\0lanmanworkstation\0TBS\0SLUINotify\0THREADORDER\0fdrespub\0netprofm\0fdphost\0wcncsvc\0QWAVE\0Mcx2Svc\0WebClient\0\0
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv\0UxSms\0WdiSystemHost\0Netman\0trkwks\0AudioEndpointBuilder\0WUDFSvc\0irmon\0sysmain\0IPBusEnum\0dot3svc\0PcaSvc\0EMDMgmt\0TabletInputService\0wlansvc\0WPDBusEnum\0\0
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent\0\0
LocalServiceNoNetwork REG_MULTI_SZ PLA\0DPS\0BFE\0mpssvc\0ehstart\0\0
NetworkService REG_MULTI_SZ CryptSvc\0DHCP\0TermService\0KtmRm\0DNSCache\0NapAgent\0nlasvc\0WinRM\0WECSVC\0Tapisrv\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WerSvcGroup REG_MULTI_SZ wersvc\0\0
swprv REG_MULTI_SZ swprv\0\0
LocalServiceNetworkRestricted REG_MULTI_SZ DHCP\0eventlog\0AudioSrv\0LmHosts\0wscsvc\0p2pimsvc\0PNRPSvc\0p2psvc\0WPCSvc\0PnrpAutoReg\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
regsvc REG_MULTI_SZ RemoteRegistry\0\0
wcssvc REG_MULTI_SZ WcsPlugInService\0\0
DcomLaunch REG_MULTI_SZ PlugPlay\0DcomLaunch\0\0
wdisvc REG_MULTI_SZ WdiServiceHost\0\0
sdrsvc REG_MULTI_SZ sdrsvc\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
secsvcs REG_MULTI_SZ WinDefend\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
AeLookupSvc
wercplsupport
CertPropSvc
SCPolicySvc
gpsvc
IKEEXT
LogonHours
PCAudit
iphlpsvc
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
SessionEnv
hkmsvc

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6851e82d-e579-11db-ab4b-0018f3315d35}]
shell\AutoRun\command J:\OblivionLauncher.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72cd4f7f-f2b2-11db-96e5-0018f3315d35}]
shell\AutoRun\command L:\SETUP.EXE
shell\configure\command L:\SETUP.EXE
shell\install\command L:\SETUP.EXE

-- End of Deckard's System Scanner: finished at 2007-04-28 at 22:00:36 ---------