stupid virus

Discussion in 'Pinin's Website Forum' started by Pinin, Nov 28, 2006.

  1. Ilya - 06-11-29 1:59:48.62 Service Pack 2
    ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Ilya"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\Inetget2
    C:\Program Files\Common Files\{348CFEF5-0516-2057-0315-02012920002c}

    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    Folders Quarantined:

    C:\QooBox\Purity\Documents and Settings\Ilya\Application Data\ICROSO~1
    C:\QooBox\Purity\Documents and Settings\Ilya\Application Data\ICROSO~1\?icrosoft
    C:\QooBox\Purity\Documents and Settings\Ilya\My Documents\SSTEM~1
    C:\QooBox\Purity\Documents and Settings\Ilya\My Documents\SSTEM~1\?xplorer.exe


    ((((((((((((((((((((((((((((((( Files Created from 2006-10-29 to 2006-11-29 ))))))))))))))))))))))))))))))))))


    2006-11-29 01:06 d-------- C:\Program Files\MSN Apps
    2006-11-29 01:04 122,880 --a------ C:\Documents and Settings\Ilya\winstall.exe
    2006-11-28 18:03 d-------- C:\Program Files\Windows Live Safety Center
    2006-11-27 21:24 77,824 --a------ C:\WINDOWS\system32\cset.exe
    2006-11-27 20:07 dr-h----- C:\$VAULT$.AVG
    2006-11-27 20:00 d-------- C:\Documents and Settings\Ilya\Application Data\AVG7
    2006-11-27 19:59 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
    2006-11-27 19:59 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
    2006-11-27 19:59 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
    2006-11-27 19:59 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
    2006-11-27 19:59 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
    2006-11-27 19:59 d-------- C:\Program Files\Grisoft
    2006-11-27 19:59 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2006-11-27 19:59 d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2006-11-27 19:48 2 --a------ C:\WINDOWS\system32\wintcc.exe
    2006-11-27 19:48 131,072 --a------ C:\WINDOWS\system32\gjq.dll
    2006-11-27 19:29 122,880 --a------ C:\WINDOWS\system32\winstall.exe
    2006-11-21 18:37 d-------- C:\Documents and Settings\Ilya\.GalleryRemote
    2006-11-10 17:48 183,808 --a-s---- C:\WINDOWS\NDNuninstall7_44.exe
    2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-11-29 02:04 -------- d-------- C:\Program Files\Common Files
    2006-11-29 01:25 -------- d-------- C:\Program Files\Toolbar
    2006-11-28 22:38 -------- d-------- C:\Program Files\Common Files\WinTools
    2006-11-27 21:28 -------- d-------- C:\Program Files\Common Files\GMT
    2006-11-27 19:58 -------- d---s---- C:\Documents and Settings\Ilya\Application Data\Microsoft
    2006-11-27 19:28 -------- d-------- C:\Program Files\MSN Messenger
    2006-11-25 23:45 -------- d-------- C:\Documents and Settings\Ilya\Application Data\uTorrent
    2006-11-21 20:18 21840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
    2006-11-21 20:18 17212 --a----t- C:\WINDOWS\system32\SIntf32.dll
    2006-11-21 20:18 12067 --a----t- C:\WINDOWS\system32\SIntf16.dll
    2006-11-20 17:13 -------- d-------- C:\Program Files\Internet Explorer
    2006-11-13 23:39 -------- d-------- C:\Documents and Settings\Ilya\Application Data\Azureus
    2006-11-11 15:09 -------- d-a-s---- C:\Program Files\NewDotNet
    2006-11-08 22:44 -------- d-------- C:\Program Files\Prassi PrimoDVD 2.0 (English)
    2006-10-18 20:31 -------- d-------- C:\Program Files\eDonkey2000
    2006-10-13 12:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
    2006-10-09 21:55 -------- d-------- C:\Program Files\DC++
    2006-09-30 12:49 1557 --a------ C:\Documents and Settings\Ilya\Application Data\AdobeDLM.log
    2006-09-30 12:49 0 --a------ C:\Documents and Settings\Ilya\Application Data\dm.ini
    2006-09-30 12:49 -------- d-------- C:\Program Files\Adobe
    2006-09-30 12:49 -------- d-------- C:\Documents and Settings\Ilya\Application Data\Adobe
    2006-09-30 12:42 -------- d-------- C:\Program Files\Common Files\Adobe
    2006-09-13 05:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "Update Service"="C:\\PROGRA~1\\COMMON~1\\TEKNUM~1\\update.exe /startup"
    "Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
    "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
    "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
    "TBPS"="C:\\PROGRA~1\\Toolbar\\TBPS.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "NoChange"="1"
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,98,00,00,00,00,00,00,00,e8,03,00,00,20,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator"="Narrator.exe"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
    "RunNarrator"="Narrator.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
    "backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
    "item"="Adobe Gamma Loader"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^E_SPSU01.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\E_SPSU01.lnk"
    "backup"="C:\\WINDOWS\\pss\\E_SPSU01.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\E_SPSU01.EXE /P \"EPSON Stylus C44 Series\" /T1 \"180\" /T2 \"180\"/s"
    "item"="E_SPSU01"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\GStartup.lnk"
    "backup"="C:\\WINDOWS\\pss\\GStartup.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\COMMON~1\\GMT\\GMT.exe /startup"
    "item"="GStartup"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ScanPanel.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ScanPanel.lnk"
    "backup"="C:\\WINDOWS\\pss\\ScanPanel.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\SCANPA~1\\ScnPanel.exe "
    "item"="ScanPanel"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ilya^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    "path"="C:\\Documents and Settings\\Ilya\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
    "backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
    "location"="Startup"
    "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
    "item"="Adobe Gamma"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MMKeybd"
    "hkey"="HKLM"
    "command"="C:\\Apps\\ActivBoard\\MMKeybd.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="points manager"
    "hkey"="HKLM"
    "command"="c:\\program files\\altnet\\points manager\\points manager.exe -s"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="CMESys"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ctfmon"
    "hkey"="HKCU"
    "command"="C:\\WINDOWS\\System32\\ctfmon.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dxdllreg"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\System32\\dxdllreg.exe "
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="eBayTBDaemon"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="EM_EXEC"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C44 Series]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="E_S10IC2"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P23 \"EPSON Stylus C44 Series\" /O6 \"USB001\" /M \"Stylus C44\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GoogleDesktop"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="hkcmd"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="igfxtray"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="kazaa"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Kazaa\\kazaa.exe /SYSTRAY"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="KHost"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\kdx\\KHost.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msnmsgr"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NEWDOT~2"
    "hkey"="HKLM"
    "command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="P2P Networking"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe /AUTOSTART"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qttask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RVP]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bpc"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\RVP\\bpc.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchUpgrader]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SearchUpgrader"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Common files\\SearchUpgrader\\SearchUpgrader.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shhost]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="shhost"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\OutLaster\\shhost.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SsAAD"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="jusched"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="TBPS"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\Toolbar\\TBPS.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="realsched"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="fsg_4104a"
    "hkey"="HKLM"
    "command"="\"c:\\windows\\temp\\adware\\fsg_4104a.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Service]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="update"
    "hkey"="HKCU"
    "command"="C:\\PROGRA~1\\COMMON~1\\TEKNUM~1\\update.exe /startup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updater]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="wupdater"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Common files\\updater\\wupdater.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="updmgr"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Common files\\updmgr\\updmgr.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dumprep 0 -u"
    "hkey"="HKLM"
    "command"="%systemroot%\\system32\\dumprep 0 -u"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="whAgent"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\webHancer\\Programs\\whAgent.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="whSurvey"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\webHancer\\Programs\\whSurvey.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebSavingsfromEbates]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="WebSavingsfromEbates\""
    "hkey"="HKLM"
    "command"="wjview /cp<A BORDER="0" HREF="http://www.supercars.net/PitLane?displayFAQ=y"><IMG BORDER="0" SRC="pitlane/emoticons/tongue.gif"></A> \"C:\\Program Files\\WebSavingsfromEbates\\System\\Code\" Main lp: \"C:\\Program Files\\WebSavingsfromEbates\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="cdaEngine0400"
    "hkey"="HKLM"
    "command"="RUNDLL32.exe \"C:\\Program Files\\WildTangent\\Apps\\CDA\\cdaEngine0400.dll\",cdaEngineMain"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="WToolsA"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\COMMON~1\\WinTools\\WToolsA.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GameChannel"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\WildTangent\\Apps\\GameChannel.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="YAHOOM~1"
    "hkey"="HKCU"
    "command"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="gnotify"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Google\\Gmail Notifier\\G001-1.0.25.0\\gnotify.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"

    Completion time: 06-11-29 2:05:32.84
    C:\ComboFix.txt ... 06-11-29 02:05
    Ilya - 06-11-29 1:59:48.62 Service Pack 2
    ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Ilya"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\Inetget2
    C:\Program Files\Common Files\

    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    Folders Quarantined:

    C:\QooBox\Purity\Documents and Settings\Ilya\Application Data\ICROSO~1
    C:\QooBox\Purity\Documents and Settings\Ilya\Application Data\ICROSO~1\?icrosoft
    C:\QooBox\Purity\Documents and Settings\Ilya\My Documents\SSTEM~1
    C:\QooBox\Purity\Documents and Settings\Ilya\My Documents\SSTEM~1\?xplorer.exe


    ((((((((((((((((((((((((((((((( Files Created from 2006-10-29 to 2006-11-29 ))))))))))))))))))))))))))))))))))


    2006-11-29 01:06 d-------- C:\Program Files\MSN Apps
    2006-11-29 01:04 122,880 --a------ C:\Documents and Settings\Ilya\winstall.exe
    2006-11-28 18:03 d-------- C:\Program Files\Windows Live Safety Center
    2006-11-27 21:24 77,824 --a------ C:\WINDOWS\system32\cset.exe
    2006-11-27 20:07 dr-h----- C:\$VAULT$.AVG
    2006-11-27 20:00 d-------- C:\Documents and Settings\Ilya\Application Data\AVG7
    2006-11-27 19:59 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
    2006-11-27 19:59 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
    2006-11-27 19:59 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
    2006-11-27 19:59 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
    2006-11-27 19:59 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
    2006-11-27 19:59 d-------- C:\Program Files\Grisoft
    2006-11-27 19:59 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2006-11-27 19:59 d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2006-11-27 19:48 2 --a------ C:\WINDOWS\system32\wintcc.exe
    2006-11-27 19:48 131,072 --a------ C:\WINDOWS\system32\gjq.dll
    2006-11-27 19:29 122,880 --a------ C:\WINDOWS\system32\winstall.exe
    2006-11-21 18:37 d-------- C:\Documents and Settings\Ilya\.GalleryRemote
    2006-11-10 17:48 183,808 --a-s---- C:\WINDOWS\NDNuninstall7_44.exe
    2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-11-29 02:04 -------- d-------- C:\Program Files\Common Files
    2006-11-29 01:25 -------- d-------- C:\Program Files\Toolbar
    2006-11-28 22:38 -------- d-------- C:\Program Files\Common Files\WinTools
    2006-11-27 21:28 -------- d-------- C:\Program Files\Common Files\GMT
    2006-11-27 19:58 -------- d---s---- C:\Documents and Settings\Ilya\Application Data\Microsoft
    2006-11-27 19:28 -------- d-------- C:\Program Files\MSN Messenger
    2006-11-25 23:45 -------- d-------- C:\Documents and Settings\Ilya\Application Data\uTorrent
    2006-11-21 20:18 21840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
    2006-11-21 20:18 17212 --a----t- C:\WINDOWS\system32\SIntf32.dll
    2006-11-21 20:18 12067 --a----t- C:\WINDOWS\system32\SIntf16.dll
    2006-11-20 17:13 -------- d-------- C:\Program Files\Internet Explorer
    2006-11-13 23:39 -------- d-------- C:\Documents and Settings\Ilya\Application Data\Azureus
    2006-11-11 15:09 -------- d-a-s---- C:\Program Files\NewDotNet
    2006-11-08 22:44 -------- d-------- C:\Program Files\Prassi PrimoDVD 2.0 (English)
    2006-10-18 20:31 -------- d-------- C:\Program Files\eDonkey2000
    2006-10-13 12:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
    2006-10-09 21:55 -------- d-------- C:\Program Files\DC++
    2006-09-30 12:49 1557 --a------ C:\Documents and Settings\Ilya\Application Data\AdobeDLM.log
    2006-09-30 12:49 0 --a------ C:\Documents and Settings\Ilya\Application Data\dm.ini
    2006-09-30 12:49 -------- d-------- C:\Program Files\Adobe
    2006-09-30 12:49 -------- d-------- C:\Documents and Settings\Ilya\Application Data\Adobe
    2006-09-30 12:42 -------- d-------- C:\Program Files\Common Files\Adobe
    2006-09-13 05:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "Update Service"="C:\\PROGRA~1\\COMMON~1\\TEKNUM~1\\update.exe /startup"
    "Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
    "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
    "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
    "TBPS"="C:\\PROGRA~1\\Toolbar\\TBPS.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "NoChange"="1"
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,98,00,00,00,00,00,00,00,e8,03,00,00,20,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator"="Narrator.exe"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
    "RunNarrator"="Narrator.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    ""="Browseui preloader"
    ""="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    ""=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"=""
    "CDBurn"=""
    "WebCheck"=""
    "SysTray"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
    "backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
    "item"="Adobe Gamma Loader"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^E_SPSU01.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\E_SPSU01.lnk"
    "backup"="C:\\WINDOWS\\pss\\E_SPSU01.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\E_SPSU01.EXE /P \"EPSON Stylus C44 Series\" /T1 \"180\" /T2 \"180\"/s"
    "item"="E_SPSU01"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\GStartup.lnk"
    "backup"="C:\\WINDOWS\\pss\\GStartup.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\COMMON~1\\GMT\\GMT.exe /startup"
    "item"="GStartup"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ScanPanel.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ScanPanel.lnk"
    "backup"="C:\\WINDOWS\\pss\\ScanPanel.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\SCANPA~1\\ScnPanel.exe "
    "item"="ScanPanel"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ilya^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    "path"="C:\\Documents and Settings\\Ilya\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
    "backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
    "location"="Startup"
    "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
    "item"="Adobe Gamma"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MMKeybd"
    "hkey"="HKLM"
    "command"="C:\\Apps\\ActivBoard\\MMKeybd.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="points manager"
    "hkey"="HKLM"
    "command"="c:\\program files\\altnet\\points manager\\points manager.exe -s"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="CMESys"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ctfmon"
    "hkey"="HKCU"
    "command"="C:\\WINDOWS\\System32\\ctfmon.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dxdllreg"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\System32\\dxdllreg.exe "
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="eBayTBDaemon"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="EM_EXEC"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C44 Series]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="E_S10IC2"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P23 \"EPSON Stylus C44 Series\" /O6 \"USB001\" /M \"Stylus C44\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GoogleDesktop"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="hkcmd"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="igfxtray"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="kazaa"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Kazaa\\kazaa.exe /SYSTRAY"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="KHost"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\kdx\\KHost.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msnmsgr"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NEWDOT~2"
    "hkey"="HKLM"
    "command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="P2P Networking"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe /AUTOSTART"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qttask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RVP]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bpc"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\RVP\\bpc.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchUpgrader]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SearchUpgrader"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Common files\\SearchUpgrader\\SearchUpgrader.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shhost]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="shhost"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\OutLaster\\shhost.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SsAAD"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="jusched"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="TBPS"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\Toolbar\\TBPS.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="realsched"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="fsg_4104a"
    "hkey"="HKLM"
    "command"="\"c:\\windows\\temp\\adware\\fsg_4104a.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Service]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="update"
    "hkey"="HKCU"
    "command"="C:\\PROGRA~1\\COMMON~1\\TEKNUM~1\\update.exe /startup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updater]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="wupdater"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Common files\\updater\\wupdater.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="updmgr"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Common files\\updmgr\\updmgr.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dumprep 0 -u"
    "hkey"="HKLM"
    "command"="%systemroot%\\system32\\dumprep 0 -u"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="whAgent"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\webHancer\\Programs\\whAgent.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="whSurvey"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\webHancer\\Programs\\whSurvey.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebSavingsfromEbates]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="WebSavingsfromEbates\""
    "hkey"="HKLM"
    "command"="wjview /cp<A BORDER="0" HREF="http://www.supercars.net/PitLane?displayFAQ=y"><IMG BORDER="0" SRC="pitlane/emoticons/tongue.gif"></A> \"C:\\Program Files\\WebSavingsfromEbates\\System\\Code\" Main lp: \"C:\\Program Files\\WebSavingsfromEbates\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="cdaEngine0400"
    "hkey"="HKLM"
    "command"="RUNDLL32.exe \"C:\\Program Files\\WildTangent\\Apps\\CDA\\cdaEngine0400.dll\",cdaEngineMain"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="WToolsA"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\COMMON~1\\WinTools\\WToolsA.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GameChannel"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\WildTangent\\Apps\\GameChannel.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="YAHOOM~1"
    "hkey"="HKCU"
    "command"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="gnotify"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Google\\Gmail Notifier\\G001-1.0.25.0\\gnotify.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"

    Completion time: 06-11-29 2:05:32.84
    C:\ComboFix.txt ... 06-11-29 02:05
     
  2. ORLY
     
  3. But on a serious note, that's quite a #%[email protected] if you can't get rid of it. I wouldn't quite restart the computer if I were you.
     
  4. I think the what I just pasted got rid of it actaully, nothing's happened after it
     

Share This Page