MICKEY KAY - 06-10-18 9:05:56.54 Service Pack 2 ComboFix 06.10.16 - Running from: "C:\Documents and Settings\MICKEY KAY\Desktop" ((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log )))))))))))))))))))))))))))))))))))))))))))))))))) REGISTRY ENTRIES REMOVED: * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Granting sedebugprivilege to Administrators ... successful ((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log ))))))))))))))))))))))))))))))))))))))))))))))))))) * * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * * O4 - HKCU\...\Run C:\WINDOWS\system32\ctblkv.exe O4 - HKLM\...\Run C:\WINDOWS\system32\ctblkv.exe F2 -REG:system.ini: Shell C:\WINDOWS\system32\rdrpk.exe F2 -REG:system.ini: UserInit C:\WINDOWS\system32\dyxtubi.exe * * * PRE-RUN - Filepaths extracted by Memory Dump * * * * * * * * * * * * * * * * * * * * * * C:\WINDOWS\system32\ctblkv.exe C:\WINDOWS\system32\ibalbet.dll C:\WINDOWS\system32\dyxtubi.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\tbmmq.exe C:\WINDOWS\aohsb.dll C:\WINDOWS\system32\hrpov.dat C:\WINDOWS\system32\rdrpk.exe * * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * * 06-10-08 15:15 127488 tbmmq.exe.qoo 06-10-08 19:20 127488 ctblkv.exe.qoo 06-10-11 17:36 127488 hrpov.dat.qoo 06-10-11 17:36 51712 ibalbet.dll.qoo 06-10-08 19:30 28672 rdrpk.exe.qoo 06-10-08 15:15 23552 dyxtubi.exe.qoo 06-10-18 08:56 264 aohsb.dll.qoo 06-10-08 15:15 52 oceeqw.dat.qoo DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO ((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\dxclib303562752.dll C:\Documents and Settings\MICKEY KAY\Application Data\Dxcknwrd.dll C:\Documents and Settings\MICKEY KAY\Application Data\Dxcdmns.dll C:\Documents and Settings\MICKEY KAY\Application Data\Dxcuknwrd.dll C:\Documents and Settings\MICKEY KAY\Application Data\Dxccwrd.dll C:\WINDOWS\system32\bkd.exe C:\Program Files\DeluxeCommunications\DxcBho.dll C:\Program Files\DeluxeCommunications\DxcCore.dll C:\Program Files\DeluxeCommunications\Dxc.exe * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\drsmartload2.dat C:\dfndrff_e25.exe C:\RDFX4.exe C:\WINDOWS\uninstall_nmon.vbs C:\Documents and Settings\LocalService\Application Data\NetMon C:\Program Files\network monitor C:\Program Files\ToolBar888 C:\Program Files\Common Files\{245B89E7-063B-1033-0610-060602150001} ((((((((((((((((((((((((((((((( Files Created from 2006-09-18 to 2006-10-18 )))))))))))))))))))))))))))))))))) 2006-10-16 15:42 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys 2006-10-16 15:42 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys 2006-10-16 15:41 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys 2006-10-08 15:15 217,276 --a------ C:\WINDOWS\srvawshtsr.exe 2006-10-08 15:15 192 --a------ C:\WINDOWS\system32\ggg.bat 2006-10-08 15:15 147,456 --a------ C:\InstallerC.exe 2006-10-08 15:15 1,233 --a------ C:\WINDOWS\system32\arq86b27.sys 2006-10-08 15:14 32,768 --a------ C:\WINDOWS\system32\setup9x.exe 2006-10-08 15:14 138,862 --a------ C:\WINDOWS\system32\install.exe 2006-10-08 13:49 25,600 --a------ C:\Documents and Settings\MICKEY KAY\usbsermptxp.sys 2006-10-08 13:49 22,768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys 2006-10-08 13:49 22,768 --a------ C:\Documents and Settings\MICKEY KAY\usbsermpt.sys 2006-10-08 13:12 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys 2006-10-05 21:41 81,920 --a------ C:\WINDOWS\system32\PSCLK170.dll 2006-10-05 21:41 81,920 --a------ C:\WINDOWS\system32\CNDCK170.dll 2006-10-05 21:41 40,960 --a------ C:\WINDOWS\system32\CNDNDlg.exe 2006-10-05 21:41 159,744 --a------ C:\WINDOWS\system32\CNDUK170.dll 2006-10-05 21:41 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2006-10-05 19:13 90,112 --a------ C:\WINDOWS\unvise32.exe 2006-10-05 19:13 82,432 --------- C:\WINDOWS\system32\msxml4r.dll 2006-10-05 19:13 81,920 --------- C:\WINDOWS\system32\vdrmux.dll 2006-10-05 19:13 76,800 --------- C:\WINDOWS\system32\Lfwmf13n.dll 2006-10-05 19:13 73,728 --------- C:\WINDOWS\system32\MMAviAx.dll 2006-10-05 19:13 73,728 --------- C:\WINDOWS\system32\lffax13n.dll 2006-10-05 19:13 65,536 --------- C:\WINDOWS\system32\Lfpct13n.dll 2006-10-05 19:13 46,592 --------- C:\WINDOWS\system32\vdrcodec.dll 2006-10-05 19:13 453,120 --------- C:\WINDOWS\system32\ltkrn13n.dll 2006-10-05 19:13 44,544 --------- C:\WINDOWS\system32\msxml4a.dll 2006-10-05 19:13 40,960 --------- C:\WINDOWS\system32\langserv.dll 2006-10-05 19:13 393,216 --------- C:\WINDOWS\system32\LFCMP13n.DLL 2006-10-05 19:13 32,768 --------- C:\WINDOWS\system32\MLPagAx.dll 2006-10-05 19:13 30,208 --------- C:\WINDOWS\system32\lfbmp13n.dll 2006-10-05 19:13 294,912 --------- C:\WINDOWS\system32\pvmjpg21.dll 2006-10-05 19:13 278,016 --------- C:\WINDOWS\system32\LFJ2K13n.dll 2006-10-05 19:13 24,576 --------- C:\WINDOWS\system32\lftga13n.dll 2006-10-05 19:13 204,881 --------- C:\WINDOWS\system32\DiskIO.dll 2006-10-05 19:13 18,432 --a------ C:\WINDOWS\system32\Cachex.dll 2006-10-05 19:13 155,721 --------- C:\WINDOWS\system32\RALMain.dll 2006-10-05 19:13 153,088 --------- C:\WINDOWS\system32\ltfil13n.DLL 2006-10-05 19:13 143,360 --------- C:\WINDOWS\system32\lftif13n.dll 2006-10-05 19:13 114,759 --------- C:\WINDOWS\system32\Aviprax.dll 2006-10-05 19:13 1,693,696 --------- C:\WINDOWS\system32\LTCLR13n.dll 2006-10-05 19:13 1,230,336 --------- C:\WINDOWS\system32\msxml4.dll 2006-10-05 19:12 974,848 --a------ C:\WINDOWS\system32\MFC70.DLL 2006-10-05 19:12 964,608 --a------ C:\WINDOWS\system32\MFC70U.DLL 2006-10-05 19:12 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL 2006-10-05 19:12 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL 2006-10-05 19:12 61,440 --a------ C:\WINDOWS\system32\pclepim1.dll 2006-10-05 19:12 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL 2006-10-05 19:12 61,440 --a------ C:\WINDOWS\system32\MFC71FRA.DLL 2006-10-05 19:12 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL 2006-10-05 19:12 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL 2006-10-05 19:12 54,784 --a------ C:\WINDOWS\system32\MSVCI70.DLL 2006-10-05 19:12 49,152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll 2006-10-05 19:12 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL 2006-10-05 19:12 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL 2006-10-05 19:12 487,424 --a------ C:\WINDOWS\system32\MSVCP70.DLL 2006-10-05 19:12 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL 2006-10-05 19:12 406,016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe 2006-10-05 19:12 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL 2006-10-05 19:12 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll 2006-10-05 19:12 19,456 --a------ C:\WINDOWS\system32\asapi.dll 2006-10-05 19:12 11,264 --a------ C:\WINDOWS\system32\drivers\asapiW2k.sys 2006-10-05 19:09 14,165 --------- C:\WINDOWS\system32\drivers\Pclepci.sys 2006-09-30 12:58 23,040 --------- C:\WINDOWS\kb913800.exe 2006-09-26 14:14 0 --a------ C:\WINDOWS\system32\Ultra.dll 2006-09-26 14:11 4,608 --a------ C:\WINDOWS\system32\W95Inf32.DLL 2006-09-26 14:11 2,272 --a------ C:\WINDOWS\system32\W95Inf16.DLL 2006-09-26 13:51 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2006-09-26 03:24 258,048 --a------ C:\WINDOWS\system32\Uninstall_eRecovery.exe 2006-09-26 03:24 258,048 --a------ C:\WINDOWS\system32\CheckD2DSystem.exe 2006-09-26 03:24 16,384 --a------ C:\WINDOWS\system32\ClearEvent.exe 2006-09-26 03:24 159,744 --a------ C:\WINDOWS\system32\CloseProcessWindow.dll 2006-09-26 03:24 1,168,896 --a------ C:\WINDOWS\system32\ERUpdateHidden.EXE 2006-09-26 03:20 94,298 --a------ C:\WINDOWS\system32\SynTPAPI.dll 2006-09-26 03:20 82,013 --a------ C:\WINDOWS\system32\SynCOM.dll 2006-09-26 03:20 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll 2006-09-26 03:20 69,722 --a------ C:\WINDOWS\system32\SynTPFcs.dll 2006-09-26 03:20 192,672 --a------ C:\WINDOWS\system32\drivers\SynTP.sys 2006-09-26 03:20 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll 2006-09-26 03:18 69,632 --a------ C:\WINDOWS\Alcmtr.exe 2006-09-26 03:18 2,879,488 --a------ C:\WINDOWS\SkyTel.exe 2006-09-26 03:17 53,248 --a------ C:\WINDOWS\system32\acpimof.dll 2006-09-26 03:17 45,056 --a------ C:\WINDOWS\system32\Epm-Po.dll 2006-09-26 00:03 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2006-09-26 00:03 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys 2006-09-26 00:03 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2006-09-26 00:03 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2006-09-26 00:03 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2006-09-26 00:03 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys 2006-09-26 00:03 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys 2006-09-26 00:03 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2006-09-26 00:03 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys 2006-09-26 00:03 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys 2006-09-25 23:58 589,824 --a------ C:\WINDOWS\AntiV.EXE 2006-09-25 23:58 5,120 --a------ C:\WINDOWS\system32\FILTRCOI.DLL 2006-09-25 23:58 253,952 --a------ C:\WINDOWS\AArrange.exe 2006-09-25 23:58 163,840 --a------ C:\WINDOWS\AExec.exe 2006-09-25 23:58 16,896 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS 2006-09-25 23:58 147,456 --a------ C:\WINDOWS\UNINST32.EXE (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-17 09:34 -------- d-------- C:\Program Files\Hijackthis 2006-10-08 19:11 -------- d-------- C:\Program Files\CleanUp! 2006-10-08 19:04 -------- d-------- C:\Program Files\SpywareBlaster 2006-10-08 15:22 -------- d-------- C:\Program Files\WinRAR 2006-10-08 14:39 -------- d-------- C:\Program Files\Java 2006-10-08 14:38 -------- d-------- C:\Program Files\Common Files\Java 2006-10-08 13:12 -------- d-------- C:\Program Files\mobile PhoneTools 2006-10-05 23:21 -------- d-------- C:\Program Files\DivX 2006-10-05 22:36 -------- d-------- C:\Documents and Settings\MICKEY KAY\Application Data\AdobeUM 2006-10-05 21:36 -------- d-------- C:\Program Files\Canon 2006-10-05 19:30 -------- d-------- C:\Program Files\SmartSound Software 2006-10-05 19:09 -------- d-------- C:\Program Files\Pinnacle 2006-10-02 10:43 -------- d-------- C:\Program Files\Spyware Doctor 2006-10-01 17:51 -------- d-------- C:\Documents and Settings\MICKEY KAY\Application Data\Adobe 2006-09-29 22:45 -------- d-------- C:\Program Files\MSN Messenger 2006-09-29 22:37 -------- d-------- C:\Documents and Settings\MICKEY KAY\Application Data\CyberLink 2006-09-26 14:28 -------- d-------- C:\Program Files\ewido anti-spyware 4.0 2006-09-26 14:11 -------- d-------- C:\Program Files\RegVac 2006-09-26 14:11 -------- d-------- C:\Program Files\PCBugDoctor 2006-09-26 13:51 -------- d-------- C:\Program Files\Microsoft ActiveSync 2006-09-26 13:50 -------- d-------- C:\Program Files\Microsoft.NET 2006-09-26 13:50 -------- d-------- C:\Program Files\Microsoft Office 2006-09-26 13:50 -------- d-------- C:\Program Files\Common Files\DESIGNER 2006-09-26 03:21 -------- d-------- C:\Program Files\Launch Manager 2006-09-26 03:20 -------- d-------- C:\Program Files\Synaptics 2006-09-26 03:17 -------- d-------- C:\Documents and Settings\MICKEY KAY\Application Data\Macromedia 2006-09-25 23:58 944 --a------ C:\WINDOWS\CLEANUP.CMD 2006-09-25 23:58 747 --a------ C:\WINDOWS\HotFix.bat 2006-09-15 17:17 53248 --a------ C:\WINDOWS\uni_e6h.exe 2006-09-13 01:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll 2006-08-25 11:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll 2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltMc.exe 2006-08-21 05:14 128896 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys 2006-08-16 07:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll 2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll 2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "LaunchApp"="" "AzMixerSel"="C:\\Program Files\\Realtek\\InstallShield\\AzMixerSel.exe" "ntiMUI"="C:\\Program Files\\NewTech Infosystems\\NTI CD & DVD-Maker 7\\ntiMUI.exe" @="" "Acer ePresentation HPD"="C:\\Acer\\Empowering Technology\\ePresentation\\ePresentation.exe" "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC" "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" "ePower_DMC"="C:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe" "Boot"="C:\\Acer\\Empowering Technology\\ePower\\Boot.exe" "LManager"="C:\\PROGRA~1\\LAUNCH~1\\LManager.exe" "eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\eRAgent.exe" "PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\"" "win3208560997885"="C:\\WINDOWS\\win3208560997885.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="C:\\Program Files\\Online Services\\vikekakih.html" "SubscribedURL"="" "FriendlyName"="" "Flags"=dword:00002000 "Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\ 03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00 "CurrentState"=hex:01,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\ 00,00,01,00,00,00 "RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] "Source"="C:\\Program Files\\Windows Plus\\sahyh.html" "SubscribedURL"="" "FriendlyName"="" "Flags"=dword:00002000 "Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\ 03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00 "CurrentState"=hex:01,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\ 00,00,01,00,00,00 "RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\ 00,00,01,00,00,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^tbmmq.exe] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\tbmmq.exe" "backup"="C:\\WINDOWS\\pss\\tbmmq.exeCommon Startup" "location"="Common Startup" "command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\tbmmq.exe" "item"="tbmmq" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ALCMTR" "hkey"="HKLM" "command"="ALCMTR.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\arq86b27] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RUNDLL32" "hkey"="HKLM" "command"="RUNDLL32.EXE w0760be8.dll,n 00586b22000000030760be8" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="cli" "hkey"="HKLM" "command"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeluxeCommunications] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Dxc" "hkey"="HKCU" "command"="C:\\Program Files\\DeluxeCommunications\\Dxc.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RTHDCPL" "hkey"="HKLM" "command"="RTHDCPL.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SynTPEnh" "hkey"="HKLM" "command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Completion time: 06-10-18 9:08:29.62 C:\ComboFix2.txt ... 06-10-18 08:59 C:\ComboFix.txt ... 06-10-18 09:08