could not get it to run by copy/pasting that link,but i just ran it manual?!? this is the log i got,and btw,i just tryed to use internet explore,and im still getting popup´s
"Administrator" - 07-03-24 16:21:11 Service Pack 2
ComboFix 07-03-23 - Running from: "C:\Documents and Settings\Administrator\Skrivebord"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\bund1\a6.exe
C:\WINDOWS\system32\bund1\ClientBundle1.exe
C:\WINDOWS\system32\bund1\temp.txt
C:\install.log
C:\WINDOWS\system32\awtsp.dll
C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\ddayy.dll
C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\bund1
((((((((((((((((((((((((((((((( Files Created from 2007-02-24 to 2007-03-24 ))))))))))))))))))))))))))))))))))
2007-03-24 16:16 438,432 ---hs---- C:\WINDOWS\system32\utstv.ini2
2007-03-24 16:11 26,697 --a------ C:\WINDOWS\system32\ljjigdc.dll
2007-03-23 17:44 436,876 ---hs---- C:\WINDOWS\system32\utstv.bak1
2007-03-23 17:43 280,676 ---hs---- C:\WINDOWS\system32\vtstu.dll
2007-03-23 17:38 26,725 --a------ C:\WINDOWS\system32\ljjjkhf.dll
2007-03-23 17:29 26,697 --a------ C:\WINDOWS\system32\gebcayv.dll
2007-03-23 16:50 26,697 --a------ C:\WINDOWS\system32\fccaxwv.dll
2007-03-23 16:28 26,697 --a------ C:\WINDOWS\system32\tuvvvut.dll
2007-03-23 16:22 123,972 --a------ C:\WINDOWS\system32\bifgoaxp.dll
2007-03-23 16:05 26,697 --a------ C:\WINDOWS\system32\ddcayaa.dll
2007-03-23 11:15 26,697 --a------ C:\WINDOWS\system32\ssqromm.dll
2007-03-23 04:07 437,729 ---hs---- C:\WINDOWS\system32\cccdd.bak1
2007-03-23 04:07 123,972 --a------ C:\WINDOWS\system32\vuplegcp.dll
2007-03-23 01:06 280,676 --a------ C:\WINDOWS\system32\ddabx.dll
2007-03-23 00:06 280,676 --a------ C:\WINDOWS\system32\ddayv.dll
2007-03-22 23:06 280,676 --a------ C:\WINDOWS\system32\geebc.dll
2007-03-22 23:06 280,676 --a------ C:\WINDOWS\system32\gebyx.dll
2007-03-22 21:02 280,676 --a------ C:\WINDOWS\system32\ddcyv.dll
2007-03-22 19:02 280,676 --a------ C:\WINDOWS\system32\mljgd.dll
2007-03-22 18:25 280,676 --a------ C:\WINDOWS\system32\ddcyy.dll
2007-03-22 18:19 <DIR> d-------- C:\Programmer\HJT
2007-03-22 18:18 280,676 --a------ C:\WINDOWS\system32\vtsqo.dll
2007-03-22 18:18 280,676 --a------ C:\WINDOWS\system32\ssqrp.dll
2007-03-22 18:13 26,697 --a------ C:\WINDOWS\system32\tuvwwvv.dll
2007-03-22 18:00 <DIR> d-------- C:\VundoFix Backups
2007-03-22 17:48 26,697 --a------ C:\WINDOWS\system32\xxyvspp.dll
2007-03-22 17:40 26,697 --a------ C:\WINDOWS\system32\pmnnlli.dll
2007-03-22 17:26 26,697 --a------ C:\WINDOWS\system32\xxywwwx.dll
2007-03-22 17:14 26,697 --a------ C:\WINDOWS\system32\cbxxvvu.dll
2007-03-22 17:08 26,697 --a------ C:\WINDOWS\system32\opnlkjh.dll
2007-03-22 16:01 26,697 --a------ C:\WINDOWS\system32\fccyyyv.dll
2007-03-22 15:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-03-22 15:00 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Uniblue
2007-03-22 14:59 <DIR> d-------- C:\Programmer\Uniblue
2007-03-22 14:39 26,697 --a------ C:\WINDOWS\system32\ddcywuv.dll
2007-03-22 13:49 26,697 --a------ C:\WINDOWS\system32\opnmkkl.dll
2007-03-22 13:26 26,697 --a------ C:\WINDOWS\system32\jkkkifg.dll
2007-03-22 13:14 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-03-22 13:14 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-03-22 13:14 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-03-22 13:14 <DIR> d-------- C:\Programmer\Norton AntiVirus
2007-03-22 13:01 26,697 --a------ C:\WINDOWS\system32\xxyvutt.dll
2007-03-22 12:34 26,697 --a------ C:\WINDOWS\system32\hggggfc.dll
2007-03-22 12:16 26,697 --a------ C:\WINDOWS\system32\opnljjh.dll
2007-03-20 14:12 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-03-20 14:12 <DIR> d-------- C:\Programmer\AGEIA Technologies
2007-03-16 20:13 <DIR> d-------- C:\Programmer\MSN Messenger
2007-03-16 18:54 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-03-13 21:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\GetRightToGo
2007-03-12 14:07 <DIR> d-------- C:\Programmer\DAEMON Tools
2007-03-12 13:29 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-03-12 13:29 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-03-12 13:29 <DIR> d-------- C:\Programmer\OpenAL
2007-03-10 17:25 <DIR> d-------- C:\WINDOWS\system32\BattleHQ
2007-03-10 17:20 <DIR> d-------- C:\WINDOWS\Close Combat Cross of Iron
2007-03-08 19:57 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Ascaron Entertainment
2007-03-07 22:14 <DIR> d-------- C:\Programmer\DFX
2007-03-07 22:13 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-03-07 22:13 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-03-07 22:13 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-03-07 22:13 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-03-07 22:12 <DIR> d-------- C:\Programmer\Winamp
2007-03-05 09:18 <DIR> d-------- C:\Programmer\Disc2Phone
2007-03-05 09:12 85,408 -ra------ C:\WINDOWS\system32\drivers\w810mgmt.sys
2007-03-05 09:12 83,344 -ra------ C:\WINDOWS\system32\drivers\w810obex.sys
2007-03-05 09:11 94,064 -ra------ C:\WINDOWS\system32\drivers\w810mdm.sys
2007-03-05 09:11 8,336 -ra------ C:\WINDOWS\system32\drivers\w810mdfl.sys
2007-03-05 09:11 6,176 -ra------ C:\WINDOWS\system32\drivers\w810cmnt.sys
2007-03-05 09:11 6,176 -ra------ C:\WINDOWS\system32\drivers\w810cm.sys
2007-03-05 09:11 58,288 -ra------ C:\WINDOWS\system32\drivers\w810bus.sys
2007-03-05 09:11 5,808 -ra------ C:\WINDOWS\system32\drivers\w810whnt.sys
2007-03-05 09:11 5,808 -ra------ C:\WINDOWS\system32\drivers\w810wh.sys
2007-03-05 08:58 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Teleca
2007-03-05 08:58 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sony Ericsson
2007-03-05 08:56 <DIR> d-------- C:\Programmer\Sony Ericsson
2007-03-05 08:56 <DIR> d-------- C:\Programmer\F‘lles filer\Teleca Shared
2007-03-05 08:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Documents
2007-03-05 08:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
2007-03-05 08:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
2007-03-04 14:59 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\TeamViewer
2007-03-04 14:57 206,648 --a------ C:\DOCUME~1\ADMINI~1\DynGate_Setup.exe
2007-03-04 14:57 <DIR> d-------- C:\Programmer\DynGate
2007-03-04 14:57 <DIR> d-------- C:\DOCUME~1\ADMINI~1\temp
2007-03-02 21:31 <DIR> d-------- C:\temp
2007-03-02 21:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Media Center Programs
2007-03-02 20:46 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
2007-02-24 12:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\uTorrent
2007-02-24 12:54 <DIR> d-------- C:\Programmer\uTorrent
2007-02-24 01:26 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-03-22 22:18 -------- d-------- C:\Programmer\teamspeak2_rc2
2007-03-22 15:12 -------- d--h----- C:\Programmer\installshield installation information
2007-03-22 15:10 -------- d-------- C:\Programmer\F‘lles filer\wise installation wizard
2007-03-22 15:06 -------- d-------- C:\Programmer\F‘lles filer\symantec shared
2007-03-22 13:35 -------- d-------- C:\Programmer\symantec
2007-03-14 20:29 -------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\dvdcss
2007-03-12 14:00 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-03-10 17:29 73364 --a------ C:\WINDOWS\system32\perfc006.dat
2007-03-10 17:29 414976 --a------ C:\WINDOWS\system32\perfh006.dat
2007-03-07 15:17 -------- d-------- C:\Programmer\nbpro
2007-03-07 15:04 -------- d-------- C:\Programmer\dc++
2007-02-16 16:54 -------- d-------- C:\Programmer\java
2007-02-12 17:22 538256 --a------ C:\WINDOWS\system32\symneti.dll
2007-02-12 17:22 31888 --a------ C:\WINDOWS\system32\drivers\symids.sys
2007-02-12 17:22 28304 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2007-02-12 17:22 24720 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2007-02-12 17:22 196752 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2007-02-12 17:22 161424 --a------ C:\WINDOWS\system32\symredir.dll
2007-02-12 17:22 12944 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2007-02-12 17:22 110736 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2007-02-01 18:43 -------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\my games
2007-02-01 13:39 -------- d-------- C:\Programmer\curerom
2007-01-27 20:15 21840 --a------ C:\WINDOWS\system32\sintfnt.dll
2007-01-27 20:15 17212 --a------ C:\WINDOWS\system32\sintf32.dll
2007-01-27 20:15 12067 --a------ C:\WINDOWS\system32\sintf16.dll
2007-01-27 17:59 -------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\petroglyph
2007-01-24 01:14 -------- d-------- C:\Programmer\videolan
2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Programmer\\MSN Messenger\\MsnMsgr.Exe\" /background"
"LDM"="C:\\Programmer\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Sony Ericsson PC Suite"="\"C:\\Programmer\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"ccApp"="\"C:\\Programmer\\Fælles filer\\Symantec Shared\\ccApp.exe\""
"NAV CfgWiz"="C:\\Programmer\\Fælles filer\\Symantec Shared\\SymProbe.exe -r \"C:\\Programmer\\Norton AntiVirus\\CfgWiz.exe\" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE \"REBOOT\""
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"SoundService"="rundll32.exe \"C:\\WINDOWS\\system32\\bifgoaxp.dll\",setvm"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Menuen Start^Programmer^Start^Sid Registration.lnk]
"path"="C:\\Documents and Settings\\Administrator\\Menuen Start\\Programmer\\Start\\Sid Registration.lnk"
"backup"="C:\\WINDOWS\\pss\\Sid Registration.lnkStartup"
"location"="Startup"
"command"="D:\\ATR1.exe /remind /language=DAN /PRNM=\"Sid\"/PRMP=\"PIRS\"/SKUN=\"PCXX\"/GTYP=\"STRY\""
"item"="Sid Registration"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menuen Start\\Programmer\\Start\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menuen Start\\Programmer\\Start\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^LG SyncManager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menuen Start\\Programmer\\Start\\LG SyncManager.lnk"
"backup"="C:\\WINDOWS\\pss\\LG SyncManager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\LGPCSU~1\\LGPCSY~1\\LGSYNC~1.EXE "
"item"="LG SyncManager"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^VIA RAID TOOL.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menuen Start\\Programmer\\Start\\VIA RAID TOOL.lnk"
"backup"="C:\\WINDOWS\\pss\\VIA RAID TOOL.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\VIA\\RAID\\RAID_T~1.EXE "
"item"="VIA RAID TOOL"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Anti-Blaxx"
"hkey"="HKLM"
"command"="C:\\Programmer\\Anti-Blaxx\\Anti-Blaxx.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AsusProb"
"hkey"="HKLM"
"command"="C:\\Program Files\\ASUS\\Probe\\AsusProb.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ADeck"
"hkey"="HKLM"
"command"="C:\\Programmer\\VIAudioi\\SBADeck\\ADeck.exe 1 "
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Programmer\\Fælles filer\\Ahead\\lib\\NMBgMonitor.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Programmer\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C46 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="E_S4I0T1"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I0T1.EXE /P23 \"EPSON Stylus C46 Series\" /O6 \"USB001\" /M \"Stylus C46\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tgcmd"
"hkey"="HKLM"
"command"="\"C:\\Programmer\\Support.com\\bin\\tgcmd.exe\" /server /startmonitor "
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="isuspm"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\FLLESF~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="issch"
"hkey"="HKLM"
"command"="\"C:\\Programmer\\Fælles filer\\InstallShield\\UpdateService\\issch.exe\" -start"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="C:\\Programmer\\iTunes\\iTunesHelper.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogitechDesktopMessenger"
"hkey"="HKCU"
"command"="C:\\Programmer\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LAUNCH~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PcSync2"
"hkey"="HKCU"
"command"="C:\\Programmer\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programmer\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vuplegcp"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\system32\\vuplegcp.dll\",setvm"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Programmer\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Programmer\\Winamp\\winampa.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{D2A0728D-AB2F-4B91-9EEF-590C70EA075D}"=""
"{182B90A3-F372-438A-800C-6814B4DE417B}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"_NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcayaa
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjkhf
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtstu
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\
HTTPFilter REG_MULTI_SZ HTTPFilter\
DcomLaunch REG_MULTI_SZ DcomLaunchTermService\
bthsvcs REG_MULTI_SZ BthServ\
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{072f6452-4695-11da-9d04-806d6172696f}]
Shell\AutoRun\command G:\autorun.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29238fb2-7554-11da-9284-806d6172696f}]
Shell\AutoRun\command E:\Autorun.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e2ec166-7ecd-11da-b1ca-806d6172696f}]
Shell\AutoRun\command G:\kochstart\kochstart.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3387ea6a-3966-11da-ae07-806d6172696f}]
Shell\AutoRun\command G:\autorun.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49e5964a-2868-11da-a752-0013d46f36cd}]
Shell\AutoRun\command G:\launcher.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d41e0fe-7614-11da-80cd-806d6172696f}]
Shell\AutoRun\command D:\SETUP.EXE 517
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{957c8a80-675d-11da-9280-806d6172696f}]
Shell\AutoRun\command D:\LaunchBFII.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fd0ee34-64bc-11da-9ccd-806d6172696f}]
Shell\AutoRun\command G:\kochstart\kochstart.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a74f5668-8ccc-11da-b888-806d6172696f}]
Shell\AutoRun\command D:\autorun.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b105d06a-35dd-11da-8c7f-806d6172696f}]
Shell\AutoRun\command G:\launcher.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b56a92d1-626d-11da-b1a0-806d6172696f}]
Shell\AutoRun\command F:\AutoRun.exe --autorun
Shell\autorun_0\command F:\AutoRun.exe
Shell\autorun_1\command F:\Gothic2-Setup.exe
Shell\autorun_2\command notepad ReadMe.txt
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc826782-4307-11da-b68b-0013d46f36cd}]
Shell\AutoRun\command D:\T-72.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5c4986a-37d5-11da-8b97-806d6172696f}]
Shell\AutoRun\command G:\launcher.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc131306-5218-11da-8595-806d6172696f}]
Shell\AutoRun\command G:\kochstart\kochstart.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f743169e-40fc-11da-9008-806d6172696f}]
Shell\AutoRun\command G:\autorun.exe
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Administrator.job
C:\WINDOWS\tasks\Uniblue SpyEraser.job
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.netscanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-03-24 16:25:42