Goldensage1

Last night, I saw that my network wasn't working because of an invalid IP address. Then my firewall started telling me that 3 new networks were trying to connect to my computer and even though I wasn't using the internet, the inbound and outbound data were going fast. I think I have a trojan, but my scans picked up nothing. Please help me.

Logfile of HijackThis v1.99.1
Scan saved at 15:44:21, on 2007-3-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
H:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
H:\ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\cidaemon.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: &D&ownload &with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Secure Global Desktop Client, 3.4 - http://roaming.umc-usa.com/java/ttaC-du.cab
O16 - DPF: Tarantella 3.x Framework Java Archive - http://roaming.umc-usa.com/java/asadJ-du.cab
O16 - DPF: Tarantella 3.x Proxy Java Archive - http://roaming.umc-usa.com/java/proxyJ-du.cab
O16 - DPF: Tarantella 3.x Security Java Archive - http://roaming.umc-usa.com/java/tspJ-du.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/puzzlepirate...GameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/0704133085943c2...p/RdxIE601.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {C738EA53-97C2-441B-AC52-DFBC597BCBE5} (Chess Control) - http://www.worldwinner.com/games/v48/chess/chess.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - http://lw8fd.law8.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} - http://supportcentral.sel.sony.com/s...ad/sonyctl.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: host - host.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Windows DDOSServer (DDOSServer) - Unknown owner - C:\WINDOWS\system32\xjh.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - H:\ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Ried

Hello Goldensage1 and welcome to TSF,

You have a couple infections onboard and this will take a few rounds to clean properly.


Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

Close any open browsers.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

--------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
New HijackThis log

__________________

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Goldensage1

Deckard's System Scanner v20070318.32
Run by zheng on 2007-03-20 at 18:58:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
9: 2007-03-21 01:58:41 UTC - RP620 - Deckard's System Scanner Restore Point
8: 2007-03-21 00:01:54 UTC - RP619 - Software Distribution Service 2.0
7: 2007-03-21 00:00:06 UTC - RP618 - Software Distribution Service 2.0
6: 2007-03-20 01:28:41 UTC - RP617 - Deckard's System Scanner Restore Point
5: 2007-03-17 18:10:32 UTC - RP616 - Software Distribution Service 2.0


-- First Restore Point --
1: 2007-03-15 22:30:32 UTC - RP612 - Removed Google Web Accelerator


Performed disk cleanup.


-- HijackThis (run as zheng.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 18:59:20, on 2007-3-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
H:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
H:\ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
H:\dss.exe
H:\HIJACK~1\zheng.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: &D&ownload &with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Secure Global Desktop Client, 3.4 - http://roaming.umc-usa.com/java/ttaC-du.cab
O16 - DPF: Tarantella 3.x Framework Java Archive - http://roaming.umc-usa.com/java/asadJ-du.cab
O16 - DPF: Tarantella 3.x Proxy Java Archive - http://roaming.umc-usa.com/java/proxyJ-du.cab
O16 - DPF: Tarantella 3.x Security Java Archive - http://roaming.umc-usa.com/java/tspJ-du.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/puzzlepirate...GameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/0704133085943c2...p/RdxIE601.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {C738EA53-97C2-441B-AC52-DFBC597BCBE5} (Chess Control) - http://www.worldwinner.com/games/v48/chess/chess.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - http://lw8fd.law8.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} - http://supportcentral.sel.sony.com/s...ad/sonyctl.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: host - host.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Windows DDOSServer (DDOSServer) - Unknown owner - C:\WINDOWS\system32\xjh.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - H:\ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - Unknown owner - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 imagedrv - c:\windows\system32\drivers\imagedrv.sys
R0 imagesrv - c:\windows\system32\drivers\imagesrv.sys
R0 sonyhcb (Sony Digital Imaging Base) - c:\windows\system32\drivers\sonyhcb.sys
R1 BUFADPT - c:\windows\system32\bufadpt.sys
R1 DMICall (Sony DMI Call service) - c:\windows\system32\drivers\dmicall.sys
R1 FsVga - c:\windows\system32\drivers\fsvga.sys
R1 SFS - c:\windows\system32\drivers\sfs.sys
R2 DS1410D - c:\windows\system32\drivers\ds1410d.sys
R2 hardlock - c:\windows\system32\drivers\hardlock.sys
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys
R2 NwlnkIpx (NWLink IPX/SPX/NetBIOS Compatible Transport Protocol) - c:\windows\system32\drivers\nwlnkipx.sys
R2 NwlnkNb (NWLink NetBIOS) - c:\windows\system32\drivers\nwlnknb.sys
R2 NwlnkSpx (NWLink SPX/SPXII Protocol) - c:\windows\system32\drivers\nwlnkspx.sys
R2 procguard - c:\windows\system32\drivers\procguard.sys
R2 SonyFKC (FAN and Keyboard Control Service) - c:\windows\system32\drivers\sonyfkc.sys
R2 V7 - c:\windows\system32\drivers\v7.sys
R3 EPPSCSIx (EPPSCSI Driver) - c:\windows\system32\drivers\eppscan.sys
R3 ltmodem5 (Lucent Modem Driver) - c:\windows\system32\drivers\ltmdmnt.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys
R3 SaiMini - c:\windows\system32\drivers\saimini.sys
R3 SaiNtBus - c:\windows\system32\drivers\saintbus.sys
R3 smwdm - c:\windows\system32\drivers\smwdm.sys
R3 SONYWBMS (Sony Memory Stick controller(WB)) - c:\windows\system32\drivers\sonywbms.sys
R3 WLI2USB2G54 (BUFFALO WLI2-USB2-G54 Wireless LAN Driver) - c:\windows\system32\drivers\prisma02.sys

S2 npkcrypt - h:\yuntao\maplestory\npkcrypt.sys (file missing)
S3 61883 (61883 Unit Device) - c:\windows\system32\drivers\61883.sys
S3 aksusb (Aladdin USB Key) - c:\windows\system32\drivers\aksusb.sys
S3 Avc (AVC Device) - c:\windows\system32\drivers\avc.sys
S3 ba1 - h:\yuntao\s3nsa_public_hpack_1.01\s3nsa public hpack 1.01\virus!! do not click!!\im warning you!!\fine.. =3\working uce's\bagay\ba.sys (file missing)
S3 BCM42XX (Broadcom iLine10(tm) Network Adapter Driver) - c:\windows\system32\drivers\bcm42xx5.sys
S3 BCMModem (BCM V.90 56K Modem) - c:\windows\system32\drivers\bcmdm.sys
S3 BlackJoseph1 - h:\yuntao\s3nsa_public_hpack_1.01\s3nsa public hpack 1.01\virus!! do not click!!\im warning you!!\fine.. =3\working uce's\blackjoseph engine(mpc)\blackj32.sys (file missing)
S3 Bridge (MAC Bridge) - c:\windows\system32\drivers\bridge.sys
S3 BridgeMP (MAC Bridge Miniport) - c:\windows\system32\drivers\bridge.sys
S3 DC1 - h:\yuntao\dc_engine\dc engine\dc.sys (file missing)
S3 DRIVER1111 - h:\yuntao\celite\dbk32.sys (file missing)
S3 Dua1 - h:\yuntao\memory editors\dualengine 2\dualengine2\dualengi.sys (file missing)
S3 ESSIDSET - c:\windows\system32\essidset.sys
S3 kaspersky1 - h:\yuntao\kaspersky engine\kaspersky engine\kaspersky.sys (file missing)
S3 KIKIDRIVER - h:\yuntao\naruto\kikiuce1.4\kiki_uce_1.4\kiki.sys (file missing)
S3 LTower (LEGO USB Tower Driver) - c:\windows\system32\drivers\ltower.sys
S3 m001 - h:\yuntao\m12\m12\m00.sys (file missing)
S3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys
S3 MSDV (Microsoft DV Camera and VCR) - c:\windows\system32\drivers\msdv.sys
S3 npkcusb - h:\yuntao\maplestory\npkcusb.sys (file missing)
S3 NVDISP - h:\yuntao\saves\rareengine_lite_v.2\nv7800gt.sys (file missing)
S3 P1110VID (Creative WebCam NX) - c:\windows\system32\drivers\p1110vid.sys
S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys
S3 phoenix1 - h:\yuntao\memory editors\phoenix engine\phoenix.sys (file missing)
S3 saruen - h:\yuntao\memory editors\saruengang101of\saruen.sys (file missing)
S3 saruenGang - h:\yuntao\saruengang102\saruengang.sys (file missing)
S3 sejt1 - h:\yuntao\essential stuff\akumaengine333\akumaengine33\sejt.sys (file missing)
S3 serum1 - h:\yuntao\serum\serum.sys (file missing)
S3 SMBE (Sony MPEG2 Encoder Board (WDM)) - c:\windows\system32\drivers\smbe.sys
S3 sonyhcs (Sony Digital Imaging Video) - c:\windows\system32\drivers\sonyhcs.sys
S3 spuce1 - h:\yuntao\memory editors\spuc3 engine\spuc3 engine\spuce.sys (file missing)
S3 Storm1 - h:\yuntao\storm engine\storm\storm.sys (file missing)
S3 uzeil1 - h:\yuntao\mini_engine\uzeil.sys (file missing)
S3 vicious1 - c:\program files\vicious_engine\vicious engine\vicious engine 3.0\vicious.sys (file missing)
S3 wceusbsh (Windows CE USB Serial Host Driver) - c:\windows\system32\drivers\wceusbsh.sys
S3 xp1 - h:\yuntao\xpengine\xpengine\xp.sys (file missing)
S3 zenos1 - h:\yuntao\memory editors\gg system x [protected]\gg system x [protected]\npggnt.sys (file missing)
S3 zenx1 - h:\yuntao\naruto\zenxengine_latest\zenxengine_latest\zenx.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NwSapAgent (SAP Agent) - c:\windows\system32\svchost.exe -k netsvcs

S2 DDOSServer (Windows DDOSServer) - c:\windows\system32\xjh.exe -netsata (file missing)
S2 ITMRTSVC (CA Pest Patrol Realtime Protection Service) - "c:\program files\ca\sharedcomponents\pprt\bin\itmrtsvc.exe" (file missing)
S3 usprserv (User Privilege Service) - c:\windows\system32\svchost.exe -k netsvcs


-- Scheduled Tasks -------------------------------------------------------------

2007-03-20 17:27:54 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>
2007-03-19 16:00:02 386 --ah----- C:\WINDOWS\Tasks\{56789ACA-3D22-44C3-9B78-B98CC3A23DAB}_VAIO_zheng.job<{56789~1.JOB>
2007-03-16 16:00:03 386 --ah----- C:\WINDOWS\Tasks\{27E7BD76-A9C6-4B26-B7C3-5D77C13AB584}_VAIO_zheng.job<{27E7B~1.JOB>
2007-03-16 09:00:03 386 --ah----- C:\WINDOWS\Tasks\{BC73F8A1-C9D9-40FC-9D9B-2671A929A2D2}_VAIO_zheng.job<{BC73F~1.JOB>


-- Files created between 2007-02-20 and 2007-03-20 -----------------------------

2007-03-20 17:00:36 1087216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-03-15 15:47:53 74396 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-03-15 15:47:53 75932 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-03-15 15:46:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab<KASPER~1>
2007-03-15 15:46:39 103456 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-03-15 15:46:39 7476256 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-03-14 19:49:04 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-03-14 19:49:04 67784 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2007-03-14 19:47:12 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-03-14 16:50:21 800272 --a------ C:\Documents and Settings\zheng\ppctl.dll
2007-03-14 16:36:16 0 d-------- C:\Program Files\Common Files\Scanner
2007-03-12 18:40:39 0 --a------ C:\Documents and Settings\zheng\TaskList
2007-03-12 18:39:41 0 --a------ C:\Documents and Settings\zheng\NetStat
2007-03-11 18:13:37 10047 --a------ C:\WINDOWS\system32\mspriv32.dll
2007-03-11 11:28:34 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>
2007-03-06 22:54:41 0 d-------- C:\users
2007-03-06 16:53:08 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-03-05 19:17:25 0 d-------- C:\Program Files\Windows Desktop Search<WI459E~1>
2007-03-05 19:09:18 0 d-------- C:\Program Files\MSBuild
2007-03-05 19:00:24 0 d-------- C:\WINDOWS\system32\XPSViewer<XPSVIE~1>
2007-03-05 18:58:10 0 d-------- C:\Program Files\Reference Assemblies<REFERE~1>
2007-03-05 18:57:02 14048 -----n--- C:\WINDOWS\system32\spmsg2.dll
2007-03-04 21:44:19 0 d--hs---- C:\Diskeeper<DISKEE~1>
2007-03-04 20:51:21 0 d--h----- C:\Documents and Settings\zheng\Recent(2)<RECENT~1>
2007-02-26 20:39:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-02-26 18:19:38 19 --a------ C:\WINDOWS\popcinfo.dat
2007-02-23 22:54:35 1716297 -----n--- C:\WINDOWS\system32\InetClnt.dll
2007-02-23 22:52:44 0 d-------- C:\Documents and Settings\zheng\Application Data\InstallShield<INSTAL~1>
2007-02-22 17:16:24 0 d-------- C:\WINDOWS\system32\VIRepair
2007-02-21 21:58:17 0 d-------- C:\WINDOWS\system32\VITrans(2)<VITRAN~1>
2007-02-21 21:56:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~2>
2007-02-21 11:32:22 0 d-------- C:\Documents and Settings\zheng\Application Data\Intuit
2007-02-21 11:31:46 0 d-------- C:\Program Files\ItsDeductible2006<ITSDED~1>
2007-02-21 11:30:58 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0<ANSWER~1.0>
2007-02-21 11:29:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2007-02-21 11:28:31 0 d-------- C:\Program Files\Common Files\Intuit
2007-02-20 18:09:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage(2)<WINDOW~1>


-- Find3M Report ---------------------------------------------------------------

2007-03-20 17:01:47 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-03-17 15:32:07 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-03-15 15:30:58 0 d-------- C:\Program Files\Google
2007-03-14 16:36:16 0 d-------- C:\Program Files\CA
2007-03-12 00:16:12 0 d-------- C:\Documents and Settings\zheng\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>
2007-03-12 00:10:00 0 d-------- C:\Documents and Settings\zheng\Application Data\Lavasoft
2007-03-11 10:56:09 0 d-------- C:\Program Files\Yahoo!
2007-03-07 00:18:20 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-03-06 23:25:50 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-05 18:32:50 0 d---s---- C:\Documents and Settings\zheng\Application Data\Microsoft<MICROS~1>
2007-03-03 20:54:10 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll<BITCOM~1.DLL>
2007-02-26 20:40:46 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-26 18:17:25 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-02-23 20:53:05 8736 --a------ C:\Documents and Settings\zheng\Application Data\.googlewebacchosts<GOOGLE~1>
2007-02-09 17:36:21 0 d-------- C:\Documents and Settings\zheng\Application Data\Uniblue
2007-02-08 22:00:13 0 d-------- C:\Documents and Settings\zheng\Application Data\Webroot
2007-02-08 18:29:15 1021713 ---hs---- C:\WINDOWS\system32\oqtss.bak1<OQTSS~1.BAK>
2007-02-07 19:45:41 86 --ahs---- C:\Documents and Settings\zheng\Application Data\desktop.ini
2007-02-07 19:43:57 2191232 --a------ C:\WINDOWS\system32\kernel1.exe
2007-02-07 19:39:38 0 d-------- C:\Documents and Settings\zheng\Application Data\Styler
2007-02-07 19:30:13 0 d-------- C:\Documents and Settings\zheng\Application Data\Stardock
2007-02-03 23:14:39 926241 --a------ C:\WINDOWS\system32\model.dat
2007-02-03 23:14:37 53248 --a------ C:\WINDOWS\system32\silc_dll.dll
2007-02-03 23:14:36 729088 --a------ C:\WINDOWS\system32\LDPackage.dll<LDPACK~1.DLL>
2007-02-03 20:25:36 0 --a------ C:\WINDOWS\system32\rlvknlg.exe
2007-02-03 20:24:18 0 -----n--- C:\WINDOWS\NDNuninstall7_48.exe<NDNUNI~2.EXE>
2007-02-01 20:23:37 15 --a------ C:\WINDOWS\system32\uu.dat
2007-02-01 19:29:23 45056 --a------ C:\WINDOWS\cssys.dll
2007-01-29 23:04:00 200768 --a------ C:\WINDOWS\system32\klogon.dll
2007-01-21 17:00:11 30 --a------ C:\Program Files\Exiferupdate.ini<EXIFER~1.INI>
2007-01-21 13:53:36 0 d-------- C:\Documents and Settings\zheng\Application Data\AdobeUM
2007-01-14 14:26:33 0 --a------ C:\WINDOWS\system32\NSP.exe
2007-01-10 16:08:20 225280 --a------ C:\WINDOWS\system32\AutoFAT.exe
2007-01-10 16:08:16 185344 --a------ C:\WINDOWS\system32\AutoNTFS.exe
2007-01-08 20:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"AVP"="\"H:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
"ZoneAlarm Client"="\"H:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"srePostpone"="rundll32.exe c:\\windows\\system32\\zonelabs\\srescan.dll,DoSpecialAction"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="H:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="H:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Real-time Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Real-time Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\Real-time Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\Installer\\{A839294B-70A9-11D5-9F5A-0050DAD742CD}\\_106B5A0.exe "
"item"="Real-time Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Run Google Web Accelerator.lnk"
"backup"="C:\\WINDOWS\\pss\\Run Google Web Accelerator.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Google\\WEBACC~1\\GOOGLE~2.EXE "
"item"="Run Google Web Accelerator"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VAIO Action Setup (Server).lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\VAIO Action Setup (Server).lnk"
"backup"="C:\\WINDOWS\\pss\\VAIO Action Setup (Server).lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Sony\\VAIOAC~1\\VAServ.exe "
"item"="VAIO Action Setup (Server)"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Windows Desktop Search.lnk"
"backup"="C:\\WINDOWS\\pss\\Windows Desktop Search.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WI459E~1\\WINDOW~1.EXE /startup"
"item"="Windows Desktop Search"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autoer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Autoer"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\Autoer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgcc"
"hkey"="HKLM"
"command"="H:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ad-Watch"
"hkey"="HKCU"
"command"="\"H:\\Program Files\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bpk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bpk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\bpk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CAMTRAY"
"hkey"="HKLM"
"command"="C:\\Program Files\\Creative\\Shared Files\\CAMTRAY.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3800 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="E_FATIACA"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACA.EXE /P26 \"EPSON Stylus CX3800 Series\" /O6 \"USB002\" /M \"Stylus CX3800\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WCESCOMM"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="H:\\ahead\\InCD\\InCD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iupdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fontog"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\fontog.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LClock"
"hkey"="HKLM"
"command"="C:\\Program Files\\LClock\\LClock.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NBJ"
"hkey"="HKCU"
"command"="\"H:\\ahead\\Nero BackItUp\\NBJ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NovaBackup 7 Tray Control]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NbkCtrl"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\NovaStor\\NovaBACKUP\\NbkCtrl.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NSP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NSP.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QAGENT"
"hkey"="HKLM"
"command"="C:\\Program Files\\QUICKENW\\QAGENT.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"H:\\Quicktime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIS2PostReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LaunchRIS2"
"hkey"="HKLM"
"command"="C:\\Program Files\\LEGO MINDSTORMS\\RIS 2.0\\LaunchRIS2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TeaTimer"
"hkey"="HKCU"
"command"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="H:\\JAVA\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Systweak Ad and Popup Blocker]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="adblock"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Advanced System Optimizer\\adblock.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSASCui"
"hkey"="HKLM"
"command"="\"H:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WmdmPmSN"=dword:00000003


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\host

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-03-20 at 19:04:19 ---------

Attached Files

extra.txt (34.6 KB, 0 views)

Ried

Thank you for downloading Deckard's System Scan and posting that info, but I need to see a ComboFix.txt more than anything right now.

Did you download and run ComboFix? Please see my previous instructions and run ComboFix.exe, then run a new scan with HijackThis and post the ComboFix.txt and HijackThis log here please.

__________________

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Goldensage1

Are you sure Combofix's safe? My firewall says that Combofix is trying to open cmd.exe, and I'm very wary of it ever since it almost destroyed my computer last time. Is Combofix supposed to create tons of temp .bat and .exe files on my desktop? What does Combofix really do? Is there any other way to fix my computer other than combofix? Sorry for these questions, but I really treasure my computer and my parents would kill me is I messed up my only computer.

Goldensage1

Okay here it is.

"zheng" - 07-03-21 16:44:40 Service Pack 2
ComboFix 07-03-22.2 - Running from: "C:\Documents and Settings\zheng\Desktop"

/wow section not completed - STAGE #5B

((((((((((((((((((((((((((((((( Files Created from 2007-02-21 to 2007-03-21 ))))))))))))))))))))))))))))))))))


2007-03-21 16:35 550 --a------ C:\Combo.bat
2007-03-20 17:00 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-03-19 18:28 <DIR> d-------- C:\Deckard
2007-03-15 15:47 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-03-15 15:47 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-03-15 15:46 7,537,184 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-03-15 15:46 108,064 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-03-15 15:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-03-14 19:49 67,784 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2007-03-14 19:49 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-03-14 19:47 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-03-14 16:50 800,272 --a------ C:\DOCUME~1\zheng\ppctl.dll
2007-03-14 16:36 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-03-11 18:13 10,047 --a------ C:\WINDOWS\system32\mspriv32.dll
2007-03-11 11:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-03-06 22:54 <DIR> d-------- C:\users
2007-03-06 16:53 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-03-05 19:17 <DIR> d-------- C:\Program Files\Windows Desktop Search
2007-03-05 19:09 <DIR> d-------- C:\Program Files\MSBuild
2007-03-05 19:00 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-03-05 18:58 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-03-05 18:57 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-03-04 21:44 <DIR> d--hs---- C:\Diskeeper
2007-03-04 20:51 <DIR> d--h----- C:\DOCUME~1\zheng\Recent(2)
2007-02-26 20:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
2007-02-26 18:19 19 --a------ C:\WINDOWS\popcinfo.dat
2007-02-23 22:54 1,716,297 --------- C:\WINDOWS\system32\InetClnt.dll
2007-02-23 22:52 <DIR> d-------- C:\DOCUME~1\zheng\APPLIC~1\InstallShield
2007-02-22 17:16 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2007-02-21 21:58 <DIR> d-------- C:\WINDOWS\system32\VITrans(2)
2007-02-21 21:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-02-21 11:32 <DIR> d-------- C:\DOCUME~1\zheng\APPLIC~1\Intuit
2007-02-21 11:31 <DIR> d-------- C:\Program Files\ItsDeductible2006
2007-02-21 11:30 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2007-02-21 11:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intuit
2007-02-21 11:28 <DIR> d-------- C:\Program Files\Common Files\Intuit


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-20 17:01 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-03-17 15:32 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-03-15 15:30 -------- d-------- C:\Program Files\google
2007-03-12 00:16 -------- d-------- C:\DOCUME~1\zheng\APPLIC~1\superantispyware.com
2007-03-12 00:10 -------- d-------- C:\DOCUME~1\zheng\APPLIC~1\lavasoft
2007-03-11 10:56 -------- d-------- C:\Program Files\yahoo!
2007-03-07 00:18 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-03-06 23:25 -------- d--h----- C:\Program Files\installshield installation information
2007-03-03 20:54 2560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-02-26 18:17 -------- d-------- C:\Program Files\msn gaming zone
2007-02-23 20:53 8736 --a------ C:\DOCUME~1\zheng\APPLIC~1\.googlewebacchosts
2007-02-09 17:36 -------- d-------- C:\DOCUME~1\zheng\APPLIC~1\uniblue
2007-02-08 22:00 -------- d-------- C:\DOCUME~1\zheng\APPLIC~1\webroot
2007-02-08 18:29 1021713 ---hs---- C:\WINDOWS\system32\oqtss.bak1
2007-02-07 19:45 86 --ahs---- C:\DOCUME~1\zheng\APPLIC~1\desktop.ini
2007-02-07 19:43 2191232 --a------ C:\WINDOWS\system32\kernel1.exe
2007-02-07 19:39 -------- d-------- C:\DOCUME~1\zheng\APPLIC~1\styler
2007-02-07 19:30 -------- d-------- C:\DOCUME~1\zheng\APPLIC~1\stardock
2007-02-03 23:14 926241 --a------ C:\WINDOWS\system32\model.dat
2007-02-03 23:14 729088 --a------ C:\WINDOWS\system32\ldpackage.dll
2007-02-03 23:14 53248 --a------ C:\WINDOWS\system32\silc_dll.dll
2007-02-03 20:25 0 --a------ C:\WINDOWS\system32\rlvknlg.exe
2007-02-03 20:24 0 --------- C:\WINDOWS\ndnuninstall7_48.exe
2007-02-01 20:23 15 --a------ C:\WINDOWS\system32\uu.dat
2007-02-01 19:29 45056 --a------ C:\WINDOWS\cssys.dll
2007-01-29 23:04 200768 --a------ C:\WINDOWS\system32\klogon.dll
2007-01-25 19:27 109848 --a------ C:\WINDOWS\system32\drivers\kl1.sys
2007-01-21 17:00 30 --a------ C:\Program Files\exiferupdate.ini
2007-01-14 14:26 0 --a------ C:\WINDOWS\system32\nsp.exe
2007-01-10 16:08 225280 --a------ C:\WINDOWS\system32\autofat.exe
2007-01-10 16:08 185344 --a------ C:\WINDOWS\system32\autontfs.exe
2007-01-08 20:01 17408 --a------ C:\WINDOWS\system32\corpol.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"AVP"="\"H:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
"ZoneAlarm Client"="\"H:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="H:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="H:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Real-time Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Real-time Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\Real-time Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\Installer\\{A839294B-70A9-11D5-9F5A-0050DAD742CD}\\_106B5A0.exe "
"item"="Real-time Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Run Google Web Accelerator.lnk"
"backup"="C:\\WINDOWS\\pss\\Run Google Web Accelerator.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Google\\WEBACC~1\\GOOGLE~2.EXE "
"item"="Run Google Web Accelerator"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VAIO Action Setup (Server).lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\VAIO Action Setup (Server).lnk"
"backup"="C:\\WINDOWS\\pss\\VAIO Action Setup (Server).lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Sony\\VAIOAC~1\\VAServ.exe "
"item"="VAIO Action Setup (Server)"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Windows Desktop Search.lnk"
"backup"="C:\\WINDOWS\\pss\\Windows Desktop Search.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WI459E~1\\WINDOW~1.EXE /startup"
"item"="Windows Desktop Search"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autoer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Autoer"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\Autoer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgcc"
"hkey"="HKLM"
"command"="H:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ad-Watch"
"hkey"="HKCU"
"command"="\"H:\\Program Files\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bpk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bpk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\bpk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CAMTRAY"
"hkey"="HKLM"
"command"="C:\\Program Files\\Creative\\Shared Files\\CAMTRAY.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3800 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="E_FATIACA"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACA.EXE /P26 \"EPSON Stylus CX3800 Series\" /O6 \"USB002\" /M \"Stylus CX3800\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WCESCOMM"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="H:\\ahead\\InCD\\InCD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iupdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fontog"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\fontog.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LClock"
"hkey"="HKLM"
"command"="C:\\Program Files\\LClock\\LClock.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NBJ"
"hkey"="HKCU"
"command"="\"H:\\ahead\\Nero BackItUp\\NBJ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NovaBackup 7 Tray Control]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NbkCtrl"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\NovaStor\\NovaBACKUP\\NbkCtrl.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NSP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NSP.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QAGENT"
"hkey"="HKLM"
"command"="C:\\Program Files\\QUICKENW\\QAGENT.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"H:\\Quicktime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIS2PostReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LaunchRIS2"
"hkey"="HKLM"
"command"="C:\\Program Files\\LEGO MINDSTORMS\\RIS 2.0\\LaunchRIS2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TeaTimer"
"hkey"="HKCU"
"command"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="H:\\JAVA\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Systweak Ad and Popup Blocker]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="adblock"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Advanced System Optimizer\\adblock.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\