Forum Home
Press F1
Thread ID: 88237	2008-03-20 07:30:00	Virus, Trojan, Spyware infection	colinf (13530)	Press F1

Post ID	Timestamp	Content	User
651891	2008-03-21 07:44:00	O . K . Have run Combo Fix log is below ComboFix 08-03-20 . 5 - Doug McLaren 21/03/2008 20:05:44 . 1 - NTFSx86 Microsoft Windows 2000 Professional 5 . 0 . 2195 . 4 . 1252 . 1 . 1033 . 18 . 103 [GMT 12:00] Running from: C:\Documents and Settings\Doug McLaren . DOUGHOME\Desktop\ComboFix . exe . ADS - svchost . exe: deleted 512 bytes in 1 streams . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun . inf C:\Documents and Settings\All Users\Application Data\microsoft\pctools C:\WINNT\Downloaded Program Files\Quarantine C:\WINNT\fn00321 . log C:\WINNT\system32\inf\svch0st . exe C:\WINNT\system32\mstacim . sig C:\WINNT\system32\system C:\WINNT\system32\system\AVICAP . DLL C:\WINNT\system32\system\AVIFILE . DLL C:\WINNT\system32\system\COMDLG16 . OCX C:\WINNT\system32\system\COMMDLG . DLL C:\WINNT\system32\system\CTL3DV2 . DLL C:\WINNT\system32\system\DVL C:\WINNT\system32\system\KEYBOARD . DRV C:\WINNT\system32\system\lzexpand . dll C:\WINNT\system32\system\lzexpand . dll . tmp C:\WINNT\system32\system\MAPIFORM . VBX C:\WINNT\system32\system\MAPIFVBX . TLB C:\WINNT\system32\system\MAPIU . DLL C:\WINNT\system32\system\MAPIX . DLL C:\WINNT\system32\system\MCIAVI . DRV C:\WINNT\system32\system\MCISEQ . DRV C:\WINNT\system32\system\MCIWAVE . DRV C:\WINNT\system32\system\MLCTRL . DLL C:\WINNT\system32\system\MMSYSTEM . DLL C:\WINNT\system32\system\MMTASK . TSK C:\WINNT\system32\system\MOUSE . DRV C:\WINNT\system32\system\MSRICHED . VBX C:\WINNT\system32\system\MSVIDEO . DLL C:\WINNT\system32\system\OC25 . DLL C:\WINNT\system32\system\OLECLI . DLL C:\WINNT\system32\system\OLESVR . DLL C:\WINNT\system32\system\RICHED . DLL C:\WINNT\system32\system\SETUP . INF C:\WINNT\system32\system\SHELL . DLL C:\WINNT\system32\system\SOUND . DRV C:\WINNT\system32\system\STDOLE . TLB C:\WINNT\system32\system\SYSTEM . DRV C:\WINNT\system32\system\TAPI . DLL C:\WINNT\system32\system\THREED16 . OCX C:\WINNT\system32\system\TIMER . DRV C:\WINNT\system32\system\VAEN2 . DLL C:\WINNT\system32\system\VAEN21 . OLB C:\WINNT\system32\system\VB40016 . DLL C:\WINNT\system32\system\VB4EN16 . DLL C:\WINNT\system32\system\VER . DLL C:\WINNT\system32\system\VGA . DRV C:\WINNT\system32\system\WFWNET . DRV C:\WINNT\system32\system\WINSPOOL . DRV C:\WINNT\system32\system\WMSUI . DLL C:\WINNT\system32\system\zhqbdf080305 . DLL C:\WINNT\Web\default . htt . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ACPIDISK -------\Legacy_MS_2FAX -------\Legacy_MXDISPDR -------\Legacy_RPCS -------\Legacy_WAMER -------\Service_mxdispdr -------\Service_wamer ((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 ))))))))))))))))))))))))))))))) . 2008-03-21 12:15 . 08-03-21 12:16 2,646,086 --a------ C:\WINNT\SYSTEM32\XSSCNDNJKEZA 2008-03-20 20:45 . 08-03-21 18:06 642,586 ---h----- C:\WINNT\ShellIconCache 2008-03-20 19:21 . 08-03-21 18:02 <DIR> d-------- C:\Program Files\Trojan Remover 2008-03-20 19:21 . 08-03-20 19:21 <DIR> d-------- C:\Documents and Settings\Doug McLaren . DOUGHOME\Application Data\Simply Super Software 2008-03-20 19:21 . 08-03-20 19:21 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-03-20 19:21 . 06-05-25 14:52 162,304 --a------ C:\WINNT\SYSTEM32\ztvunrar36 . dll 2008-03-20 19:21 . 03-02-02 19:06 153,088 --a------ C:\WINNT\SYSTEM32\UNRAR3 . dll 2008-03-20 19:21 . 05-08-26 00:50 77,312 --a------ C:\WINNT\SYSTEM32\ztvunace26 . dll 2008-03-20 19:21 . 02-03-06 00:00 75,264 --a------ C:\WINNT\SYSTEM32\unacev2 . dll 2008-03-20 19:21 . 06-06-19 12:01 69,632 --a------ C:\WINNT\SYSTEM32\ztvcabinet . dll 2008-03-20 09:57 . 06-03-01 01:00 158,208 --a------ C:\WINNT\SYSTEM32\mscfg . exe 2008-03-16 09:47 . 08-03-16 09:47 <DIR> d-------- C:\kav 2008-03-15 21:40 . 08-03-16 11:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-15 16:48 . 08-03-15 16:48 1,010 --a------ C:\WINNT\SYSTEM32\tmp . reg 2008-03-15 16:47 . 08-03-14 08:09 86,528 --a------ C:\WINNT\SYSTEM32\VACFix . exe 2008-03-14 16:25 . 08-03-14 16:25 <DIR> d-------- C:\Documents and Settings\Doug McLaren . DOUGHOME\Application Data\Uniblue 2008-03-11 16:23 . 08-03-11 16:19 691,545 --a------ C:\WINNT\unins000 . exe 2008-03-11 16:23 . 08-03-11 16:23 2,550 --a------ C:\WINNT\unins000 . dat 2008-03-11 15:59 . 08-03-11 15:59 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-11 14:25 . 08-03-11 14:25 <DIR> d-------- C:\Documents and Settings\Doug McLaren . DOUGHOME\Application Data\F-Secure 2008-03-11 14:14 . 08-03-16 08:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure 2008-03-11 14:13 . 08-03-16 09:40 <DIR> d-------- C:\Program Files\F-Secure Internet Security 2008-03-11 14:11 . 08-03-11 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg 2008-03-09 19:31 . 08-03-09 19:31 <DIR> d-------- C:\Program Files\Alwil Software 2008-03-09 19:31 . 03-03-19 07:20 1,060,864 --a------ C:\WINNT\SYSTEM32\MFC71 . dll 2008-03-09 15:12 . 08-03-09 15:22 <DIR> d-------- C:\Program Files\Safer Networking 2008-03-09 09:50 . 08-03-09 09:50 0 --a------ C:\WINNT\pestpatrol5 . INI 2008-03-09 09:47 . 08-03-09 09:47 <DIR> d-------- C:\Documents and Settings\DOUGMC~1~DOU\LOCALS~1 2008-03-08 15:45 . 08-03-08 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2008-03-08 15:44 . 08-03-08 15:44 <DIR> d-------- C:\Program Files\Common Files\PC Tools 2008-03-08 15:41 . 08-03-08 15:41 <DIR> d-------- C:\Documents and Settings\Doug McLaren . DOUGHOME\Application Data\Comodo 2008-03-08 15:41 . 08-03-08 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo 2008-03-08 15:29 . 08-03-16 10:28 <DIR> d-------- C:\Program Files\Comodo 2008-03-07 09:32 . 08-03-07 09:32 14 --a------ C:\WINNT\SYSTEM32\-6-113-16-44 2008-03-07 09:12 . 08-03-07 09:21 <DIR> d-------- C:\Program Files\Free Window Registry Repair 2008-03-06 20:44 . 08-03-06 20:44 <DIR> d-------- C:\Temp\SmitfraudFix 2008-03-06 20:44 . 07-09-05 22:22 289,144 --a------ C:\WINNT\SYSTEM32\VCCLSID . exe 2008-03-06 20:44 . 06-04-27 15:49 288,417 --a------ C:\WINNT\SYSTEM32\SrchSTS . exe 2008-03-06 20:44 . 08-01-27 13:37 81,920 --a------ C:\WINNT\SYSTEM32\IEDFix . exe 2008-03-06 20:44 . 03-06-05 19:13 53,248 --a------ C:\WINNT\SYSTEM32\Process . exe 2008-03-06 20:44 . 04-07-31 16:50 51,200 --a------ C:\WINNT\SYSTEM32\dumphive . exe 2008-03-06 20:44 . 07-10-03 22:36 25,600 --a------ C:\WINNT\SYSTEM32\WS2Fix . exe 2008-03-06 14:52 . 08-03-06 20:47 <DIR> d-------- C:\Temp\backups 2008-03-06 14:44 . 08-03-06 20:45 <DIR> d-------- C:\Temp 2008-03-06 14:44 . 07-06-01 10:11 1,308,216 --a------ C:\Temp\HiJackThis_v2 . exe 2008-03-06 13:31 . 08-03-06 15:18 842 --a------ C:\WINNT\SYSTEM32\ActiveInfo . ini 2008-03-05 18:57 . 08-03-05 18:57 15 --a------ C:\WINNT\SYSTEM32\licon . dat 2008-03-05 18:09 . 08-03-06 13:33 248 --a------ C:\WINNT\ie . ini 2008-03-05 18:04 . 08-03-11 19:40 <DIR> d-------- C:\Program Files\winp 2008-03-05 17:56 . 08-03-05 17:56 134 --a------ C:\WINNT\checkcj . ini 2008-03-05 17:55 . 08-03-06 15:24 676 --a------ C:\WINNT\zuoyu16 . ini 2008-03-05 17:30 . 08-03-05 18:10 8,055 --a------ C:\WINNT\SYSTEM32\mywehit . ini . tmp 2008-03-05 17:29 . 04-11-03 10:48 236,816 --a------ C:\WINNT\SYSTEM32\tmpcj0 . exe 2008-02-29 06:54 . 04-11-03 10:48 236,816 --a------ C:\WINNT\SYSTEM32\tmpcj2 . exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-03-21 07:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-20 23:06 --------- d-----w C:\Documents and Settings\Doug McLaren . DOUGHOME\Application Data\U3 2008-03-16 22:18 --------- d-----w C:\Program Files\Windows Messaging 2008-03-15 23:41 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-03-15 23:41 --------- d-----w C:\Documents and Settings\Doug McLaren . DOUGHOME\Application Data\SUPERAntiSpyware . com 2008-03-11 04:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-11 04:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-03-05 06:06 16,896 ----a-w C:\WINNT\FireFoxUpdater . exe 2008-02-11 08:09 --------- d-----w C:\Program Files\Google 2001-05-07 19:00 32,528 ------w C:\WINNT\INF\WBFIRDMA . SYS . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer . exe" [08-01-28 10:43 2097488] "HijackThis startup scan"="C:\Program Files\Trend Micro\HijackThis\HijackThis . exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Driver Extbn"="C:\WINNT\system32\Driver Exden . exe" [ ] "Synchronization Manager"="mobsync . exe" [03-06-20 07:05 111376 C:\WINNT\SYSTEM32\mobsync . exe] "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan . exe" [08-03-17 16:38 873552] C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ Microsoft Find Fast . lnk - C:\Program Files\Microsoft Office\Office\FINDFAST . EXE [1996-11-21 115200] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer] "NoBandCustomize"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\run] "zhqb_df"= rundll32 . exe C:\WINNT\system\zhqbdf080305 . dll mymain "zsms"= rundll32 . exe C:\WINNT\system32\mcdsrv16_080304 . dll start [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer] "NoBandCustomize"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\10 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\22 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\23 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360Safe . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\60e41 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\adam . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ADVXDWIN] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AgentSvr . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\alertsvc . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ALOGSERV] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\amon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AMON9X] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\an006 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\anti - trojan . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntiArp . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\antivir] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTS] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AppSvc32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arvmon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ATCON] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AtiSrv . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ATUPDATER] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ATWATCH] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoGuarder . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autoruns . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoTrace] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGCC32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgrssvc . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvgServ] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGSERV9] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGW] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkpop] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvkServ] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkservice] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkwctl9] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvMonitor . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp . com] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avpmon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avpnt . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Avrep32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avsynmgr . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVWINNT] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVXMONITOR9X] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVXMONITORNT] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVXQUAR] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVXW] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BullGuard] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCAPP . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccSvcHst . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfgWiz] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfind . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\claw95ct . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\clrav . com] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CMGRDIAN] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CONNECTIONMONITOR] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CPDClnt] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CTRL] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\d39 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dbghlp32 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defalert] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defscangui] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DEFWATCH] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dodolook_7513 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DOORS] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfc1 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dv95 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dv95_o . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EFINET32 . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EFPEADM] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\eREAD . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\espwatch . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ETRUSTCIPE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EVPN] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EXPERT] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f - agnt95 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f - prot . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f - prot95 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f - stopw . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fameh32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fch32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fih32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FileDsty . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\filemon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\findt2005 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fnrb32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fp - win . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPROT95 . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\frhhusyk . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsaa] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsm32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsma32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsmb32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FTCleanerShell . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gbmenu] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GBPOLL] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GENERICS] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GUARD] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\haZl0oh . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\HijackThis . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IAMSTATS] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IceSword . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icmoon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icssuppnt . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iparmo . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IsHelp . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\isPwdSvc . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ISRV95] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jed . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kabaload . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KaScrScn . SCR] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASTask . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVDX . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVSetup . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVStart . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kbfz . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\killhidepid . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KISLnchr . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KMailMon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KMFilter . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kpf . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPFW32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPFW32X . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPFWSvc . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRegEx . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRepair . COM] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KsLoader . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVCenter . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvDetect . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvfwMcl . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP_1 . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvol . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvolself . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvReport . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Kvsc3 . exE] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVScan . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVStub . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvupload . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvXP . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvXP_1 . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatch . exe] Debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatch9x . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatchX . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kzdh@webbrowser-lyrics_2012 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LDPROMENU] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LDSCAN] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\loaddll . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lockdownadvanced . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lucomserver . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LUSPT] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MagicSet . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcafee] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCAGENT] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcconsol . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCMNHDLR] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCTOOL] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCUPDATE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCVSRTE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCVSSHLD] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MGHTML] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MINILOG] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmqczj . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmsk . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Monitor . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MPFSERVICE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msconfig . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msyaxk . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MWATCH] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mycc080223 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\my_200801 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\my_70218 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\n32scan . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVENGNAVEX15] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navrunr . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navsched . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSetup . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navw . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ndd32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NeoWatchLog] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netutils] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nisserv . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\notstart . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npscheck] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npssvc] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nsched32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nspclean . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ntrtscan] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NTVDM] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NTXconfig] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NVSVC32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NWService] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NWTOOL16] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\offguard . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PADMIN] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\padmin . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pav . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavmail . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavproxy] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcciomon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pccmain . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pccwin97] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcntmon] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcscan] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\peer . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\per . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\perd . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Performance . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pertsk . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\perupd . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pervac . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pervacd . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfwagent . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfwcon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFWLiveUpdate . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\POP3TRAP] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\POPROXY] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PORTMONITOR] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pqremove . com] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PROCESSMONITOR] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\procexp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PROGRAMAUDITOR] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pview95] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pview95 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QHSET . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rapapp . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ras . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavCopy . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStore . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStub . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravt08 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavTask . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\REALMON] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RegClean . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedt32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regmon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rescue . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwcfg . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RfwMain . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwolusr . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwProxy . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RKUnHooker . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rpcs . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsAgent . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rsaupd . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RTVSCN95] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RULAUNCH] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rundll . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\runiep . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safelive . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sbserv] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scvhost . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\servciesa . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\servciesb . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\servciesc . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\servciesd . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\servet . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sfc . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shcfg32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smartassistant . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SmartUp . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SPYXX] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREng . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREngPS . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SS3EDIT] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SSDPDiscovv . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\svch0st . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\svchosts . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\svsh0st . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SweepNet] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SWNETSUP] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcsvc . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SymProxySvc] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SYMTRAY] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\syscheck . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Syscheck2 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sysloader . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SysSafe . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TAUMON] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TCM] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TDS - 3] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tds2 - 98 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tds2 - nt . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\temp3 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TFAK] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\th . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\th32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\th32upd . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\thav . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\thd . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\thd32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\thmail . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ToolsUp . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanDetector . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Trojanwall . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojDie . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UIHost . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxAgent . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxAttachment . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxCfg . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxFwHlp . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxPol . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UpLive . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbcmserv] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VbCons] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VCONTROL . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VET32 . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vet98 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VIR - HELP] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPC32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPTRAY] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VSMAIN] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsmon] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsscan40 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WATCHDOG] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\webscan . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WEBTRAP] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WGFE95] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wiasoisao . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WIMMUN32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wincheck080127 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wincom . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winnir . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\c	colinf (13530)
651892	2008-03-21 07:52:00	I can fix it if you take notice of my post....	Pancake (6359)
651893	2008-03-21 22:59:00	Hi Pancake, I am quite happy to follow your advice. Especially since I consider a reformat and reload to be a "Scorched Earth Policy" approach for a first attempt to fix this problem. Colin	colinf (13530)
651894	2008-03-21 23:01:00	I can fix it for you..no problem	Pancake (6359)
651895	2008-03-21 23:45:00	Hey Colin - I think Pancake would like both Combofix log AND a new HJT log as well . This is probably what he is waiting for . Pretty important to follow (all) his instructions with things like this . And yes, some people's advice for a "Scorched Earth Policy" approach for a first attempt fix is not really the answer . :rolleyes: When the tool is finished, it will produce a report for you . Please post the "C:\ComboFix . txt" along with a new HijackThis log so that we can continue to do any further cleaning that your system may require .	bevy121 (117)
651896	2008-03-21 23:52:00	Yes I am waiting for them..	Pancake (6359)
651897	2008-03-22 00:47:00	Hi Sorry about overlooking the HJT log. Here it is Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:16:07 p.m., on 21/03/08 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\SYSTEM32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\svchost.exe C:\DMI\WIN32\bin\DellDmi.exe C:\Program Files\Dell\OpenManage\Client\EventAgt.exe C:\Program Files\Dell\OpenManage\Client\DLT.exe C:\WINNT\System32\svchost.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\WINNT\LogWatNT.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Trend Micro\HijackThis\crusty.exe C:\WINNT\System32\WBEM\WinMgmt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Driver Extbn] C:\WINNT\system32\Driver Exden.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan O4 - HKLM\..\Policies\Explorer\Run: [zhqb_df] rundll32.exe C:\WINNT\system\zhqbdf080305.dll mymain O4 - HKLM\..\Policies\Explorer\Run: [zsms] rundll32.exe C:\WINNT\system32\mcdsrv16_080304.dll start O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - unami-dpko.org O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation - C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINNT\LogWatNT.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe -- End of file - 4259 bytes	colinf (13530)
651898	2008-03-22 00:58:00	Hmmm, I seem to have posted the HJT log twice. So I will see if i can delete it once Colin	colinf (13530)
651899	2008-03-22 01:09:00	Its the Combofix log I am more interested in at the moment.	Pancake (6359)
651900	2008-03-22 01:43:00	Hi Pancake, I take it you have noticed the Combofix log I posted at 8:44 PM yesterday. Or did you want me to run it again? Colin P.S. It is at the top of page 2 of this thread	colinf (13530)
1 2 3 4 5 6