Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Registry Issues And Very Slow Laptop Recently


  • This topic is locked This topic is locked
1 reply to this topic

#1 finewines

finewines

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 10 March 2007 - 05:08 PM

My laptop has been slowing down and not running right. A couple of weeks a go I noticed my firewall was turned off and that there was strange file in the advanced settings of my firewall and . I didn't think much of it after I deleted it since I have AVG on my machine and Mcafee as well but ... If anyone could take a look I would really appreciate it since I am at a total loss at this point. I ran the comboscan and here is the result of my scan.

Thanks in advance.

Kimberly


ps.. i think i posted this in the wrong topic earlier today.. my apologies if i have not followed protocol..

ComboScan v20070306.20 run by kimberly ford on 2007-03-10 at 14:51:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as kimberly ford.exe) ---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:51:58 PM, on 3/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\kimberly ford\Desktop\bleeping\comboscan.exe
C:\DOCUME~1\KIMBER~1\MYDOCU~1\download\KIMBER~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware Pro\AAW2007AW.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe
O4 - HKLM\..\Run: [@RegRunOnSecure] C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKCU\..\Run: [Registry] "C:\Program Files\Greatis\RegRunSuite\lsoon.exe" -1 30 "C:\Program Files\Greatis\RegRunSuite\rescue.exe" /a "c:\backreg\rstore.ini"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,9...pdatePortal.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0202181173534704) (0202181173534704mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\020218~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe


-- Files created between 2007-02-10 and 2007-03-10 -----------------------------

2007-03-10 12:40:43 0 d-------- C:\Program Files\Safer Networking<SAFERN~1>
2007-03-10 02:05:18 22016 --a------ C:\WINDOWS\system32\Partizan.exe
2007-03-10 01:50:46 0 d-------- C:\Documents and Settings\kimberly ford\Application Data\Regrun
2007-03-10 01:50:46 0 d-------- C:\backreg
2007-03-10 01:50:06 8944 --a------ C:\WINDOWS\system32\drivers\UnHackMeDrv.sys<UNHACK~1.SYS>
2007-03-10 01:49:55 25773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2007-03-10 01:49:54 2 -rahs-o-t C:\WINDOWS\winstart.bat
2007-03-10 01:41:47 16384 --a------ C:\WINDOWS\WinBait.exe
2007-03-10 01:41:47 438272 --a------ C:\WINDOWS\RunGuard.exe
2007-03-10 01:41:44 0 d-------- C:\Program Files\Greatis
2007-03-09 21:48:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-03-09 21:29:45 0 d-------- C:\ERDNT
2007-03-09 20:32:00 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
2007-03-09 20:04:55 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-03-07 19:38:32 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-03-07 19:38:31 19392 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-03-05 22:38:54 5632 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-02-23 14:15:26 47 --a------ C:\WINDOWS\readdoc.cmd
2007-02-21 14:55:49 0 dr-h----- C:\MSOCache
2007-02-21 14:22:27 0 d-------- C:\sql2ksp3
2007-02-21 11:04:16 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1>
2007-02-20 22:19:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-02-20 22:17:18 0 d-------- C:\Program Files\Logitech
2007-02-20 22:07:51 255848 --a------ C:\WINDOWS\system32\xactengine2_6.dll<XA3066~1.DLL>
2007-02-20 22:07:50 251672 --a------ C:\WINDOWS\system32\xactengine2_5.dll<XA3C56~1.DLL>
2007-02-20 22:07:49 3426072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-02-19 22:28:11 199448 --a------ C:\WINDOWS\system32\LCCoin13.dll
2007-02-19 22:28:05 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-02-19 22:24:58 0 d-------- C:\WINDOWS\system32\drivers\umdf
2007-02-19 22:23:57 68888 --a------ C:\WINDOWS\system32\xinput1_3.dll<XINPUT~4.DLL>
2007-02-19 22:23:57 237848 --a------ C:\WINDOWS\system32\xactengine2_4.dll<XA3856~1.DLL>
2007-02-19 22:23:57 15128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll<X3DAUD~2.DLL>
2007-02-19 22:23:56 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll<XINPUT~3.DLL>
2007-02-19 22:23:56 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll<XACTEN~4.DLL>
2007-02-19 22:23:56 2414360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-02-19 19:15:55 78464 --a------ C:\WINDOWS\system32\drivers\usbvideo.sys
2007-02-18 00:27:41 0 d-------- C:\Program Files\Common Files\Skype
2007-02-17 21:49:50 0 d-------- C:\943272a4f4eec594af7dad5f63<943272~1>
2007-02-17 21:38:06 0 d-------- C:\WINDOWS\system32\windows media<WINDOW~1>
2007-02-17 21:37:58 0 d--h----- C:\WINDOWS\msdownld.tmp
2007-02-17 21:37:54 0 d-------- C:\Program Files\Windows Media Components<WI15DA~1>
2007-02-17 21:12:50 348160 --a------ C:\WINDOWS\system\msvcr71.dll
2007-02-17 21:12:48 0 d-------- C:\Program Files\Common Files\Logitech
2007-02-17 21:11:44 0 d-------- C:\Program Files\Common Files\LogiShrd
2007-02-17 11:46:23 0 d-------- C:\WINDOWS\.file_store_32<FILE_S~1>
2007-02-17 11:02:33 0 d-------- C:\WINDOWS\.jagex_cache_32<JAGEX_~1>
2007-02-16 21:40:59 5504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-02-16 21:40:50 10880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-02-16 21:40:47 15360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-02-16 21:40:44 11136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-02-16 21:40:41 19328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-02-16 21:40:38 85376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-02-16 21:40:36 17024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-02-16 21:40:27 59264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-02-16 21:40:13 53760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-02-16 21:37:10 2297552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-02-14 18:27:24 0 d-------- C:\WINDOWS\Adobe Illustrator CS<ADOBEI~1>
2007-02-11 15:40:12 0 d-------- C:\Documents and Settings\kimberly ford\ramfree
2007-02-10 22:11:25 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor<SITEAD~1>
2007-02-10 22:11:06 0 d-------- C:\Program Files\SiteAdvisor<SITEAD~1>
2007-02-10 22:11:06 0 d-------- C:\Documents and Settings\kimberly ford\Application Data\SiteAdvisor<SITEAD~1>
2007-02-10 22:11:06 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor<SITEAD~1>
2007-02-10 22:10:19 143360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-02-10 22:09:44 107608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-02-10 22:08:43 0 d-------- C:\Program Files\Common Files\McAfee


-- Find3M Report ---------------------------------------------------------------

2007-03-10 08:51:23 0 d-------- C:\Program Files\McAfee
2007-03-10 01:13:45 0 dr-h----- C:\Documents and Settings\kimberly ford\Application Data\yahoo!
2007-03-10 00:55:59 0 d-------- C:\Program Files\Java
2007-03-09 23:57:28 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-03-09 21:48:08 0 d-------- C:\Program Files\Lavasoft
2007-03-09 20:17:05 0 d-------- C:\Program Files\Apoint
2007-03-09 20:16:03 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-09 20:16:02 0 d-------- C:\Program Files\Microsoft ActiveSync<MI3AA1~1>
2007-03-09 20:15:10 0 d-------- C:\Program Files\Google
2007-03-09 20:14:51 0 d-------- C:\Program Files\GoogleAFE<GOOGLE~1>
2007-03-09 20:08:58 47784 --a------ C:\Documents and Settings\kimberly ford\Application Data\wklnhst.dat
2007-03-07 19:38:16 0 d-------- C:\Program Files\Grisoft
2007-03-05 18:04:13 0 d---s---- C:\Documents and Settings\kimberly ford\Application Data\Microsoft<MICROS~1>
2007-03-05 17:09:25 0 d-------- C:\Documents and Settings\kimberly ford\Application Data\AdobeUM
2007-02-25 23:44:26 0 d-------- C:\Documents and Settings\kimberly ford\Application Data\Adobe
2007-02-22 09:04:27 0 d-------- C:\Documents and Settings\kimberly ford\Application Data\AVG7
2007-02-21 13:08:20 0 d-------- C:\Documents and Settings\kimberly ford\Application Data\Help
2007-02-19 21:56:35 0 d-------- C:\Program Files\AIM
2007-02-18 01:34:36 0 d-------- C:\Documents and Settings\kimberly ford\Application Data\Skype
2007-02-18 00:27:41 0 d-------- C:\Program Files\Skype
2007-02-14 18:32:31 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-14 18:23:55 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-11 15:45:50 0 d-------- C:\Documents and Settings\kimberly ford\Application Data\LimeWire
2007-02-11 14:56:48 0 d-------- C:\Program Files\McAfee.com
2007-02-06 07:47:52 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-05 15:40:48 1024 --a------ C:\WINDOWS\system32\pdf2word.DAT
2007-01-31 14:38:06 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-01-29 15:58:42 0 d-------- C:\Documents and Settings\kimberly ford\Application Data\.gaim<GAIM~1>
2007-01-29 03:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-19 16:53:53 0 d-------- C:\Program Files\AvantGo
2007-01-19 16:30:17 2508 --a------ C:\Documents and Settings\kimberly ford\Application Data\$_hpcst$.hpc
2007-01-19 16:18:20 0 d-------- C:\Program Files\Garmin
2007-01-18 18:35:23 24575 --a------ C:\WINDOWS\system32\Setwinsyspios.dll<SETWIN~1.DLL>
2007-01-16 21:03:22 0 d-------- C:\Program Files\LimeWire
2007-01-16 18:31:20 0 d-------- C:\Program Files\Common Files\AOL
2007-01-16 01:41:42 71600 --a------ C:\Documents and Settings\kimberly ford\Application Data\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT>
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-11 14:41:27 0 d-------- C:\Documents and Settings\kimberly ford\Application Data\Aim
2007-01-11 14:38:42 0 d-------- C:\Program Files\AIM6
2007-01-11 14:35:45 0 d-------- C:\Documents and Settings\kimberly ford\Application Data\Mozilla
2007-01-11 14:06:41 0 d-------- C:\Program Files\ejabberd-1.1.2<EJABBE~1.2>
2007-01-11 10:34:31 0 d-------- C:\Program Files\Psi
2007-01-10 20:06:49 0 d-------- C:\Program Files\Yahoo!
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-12-22 11:41:24 323624 --a------ C:\WINDOWS\system32\wiaaut.dll
2006-12-19 16:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 16:52:18 8453632 --a------ C:\WINDOWS\system32\shell32(3).dll<SHELL3~2.DLL>
2006-12-19 13:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\PROGRA~1\\MI3AA1~1\\wcescomm.exe\""
"FreeRAM XP"="\"C:\\Program Files\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"Regrun2"="C:\\PROGRA~1\\Greatis\\REGRUN~1\\WatchDog.exe"
"Registry"="\"C:\\Program Files\\Greatis\\RegRunSuite\\lsoon.exe\" -1 30 \"C:\\Program Files\\Greatis\\RegRunSuite\\rescue.exe\" /a \"c:\\backreg\\rstore.ini\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"EOUApp"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\EOUWiz.exe\""
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"Synchronization Manager"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,\
73,74,65,6d,33,32,5c,6d,6f,62,73,79,6e,63,2e,65,78,65,20,2f,6c,6f,67,6f,6e,\
00
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MskAgentexe"="C:\\Program Files\\McAfee\\MSK\\MskAgent.exe"
"SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6028\\SiteAdv.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"Ad-Watch"="C:\\Program Files\\Lavasoft\\Ad-Aware Pro\\AAW2007AW.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"RegRun WinBait"="C:\\WINDOWS\\winbait.exe"
"@RegRunOnSecure"="C:\\PROGRA~1\\Greatis\\REGRUN~1\\OnSecure.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\0]
"Operation"=dword:00000001
"Target"="\\??\\C:\\DOCUME~1\\KIMBER~1\\LOCALS~1\\Temp\\~nsu.tmp\\Au_.exe"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\1]
"Operation"=dword:00000001
"Target"="\\??\\C:\\PROGRA~1\\Yahoo!\\Common\\ymmapi.dll"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\10]
"Operation"=dword:00000001
"Target"="\\??\\C:\\Program Files\\Common Files\\Logitech\\QCDRV\\BIN\\data1.cab"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\11]
"Operation"=dword:00000001
"Target"="\\??\\C:\\Program Files\\Common Files\\Logitech\\QCDRV\\BIN\\setup.exe"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\12]
"Operation"=dword:00000001
"Target"="\\??\\C:\\Program Files\\Common Files\\Logitech\\QCDRV\\BIN\\setup.exe"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\13]
"Operation"=dword:00000001
"Target"="\\??\\C:\\Program Files\\Common Files\\Logitech\\QCDRV"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\14]
"Operation"=dword:00000001
"Target"="\\??\\C:\\WINDOWS\\SYSTEM32\\DRIVERS\\LVPR2MON.SYS"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\15]
"Operation"=dword:00000001
"Target"="\\??\\C:\\WINDOWS\\SYSTEM32\\DRIVERS\\LVPR2MON.SYS"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\16]
"Operation"=dword:00000001
"Target"="\\??\\C:\\WINDOWS\\SYSTEM32\\DLA\\DLASHX_W.DLL"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\17]
"Operation"=dword:00000001
"Target"="\\??\\C:\\WINDOWS\\SYSTEM32\\DRIVERS\\LVPR2MON.SYS"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\18]
"Operation"=dword:00000001
"Target"="\\??\\C:\\WINDOWS\\SYSTEM32\\DRIVERS\\LVPR2MON.SYS"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\19]
"Operation"=dword:00000001
"Target"="\\??\\C:\\WINDOWS\\SYSTEM32\\DRIVERS\\LVPR2MON.SYS"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\2]
"Operation"=dword:00000001
"Target"="\\??\\C:\\DOCUME~1\\KIMBER~1\\LOCALS~1\\Temp\\GLB1A2B.EXE"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\20]
"Operation"=dword:00000001
"Target"="\\??\\C:\\WINDOWS\\SYSTEM32\\DRIVERS\\LVPR2MON.SYS"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\21]
"Operation"=dword:00000001
"Target"="C:\\WINDOWS\\SYSTEM32\\DRIVERS\\LVPR2MON.SYS"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\3]
"Operation"=dword:00000001
"Target"="\\??\\C:\\PROGRA~1\\Yahoo!\\Common\\ylogin.dll"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\4]
"Operation"=dword:00000001
"Target"="\\??\\C:\\Config.Msi\\34b3ad.rbf"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\5]
"Operation"=dword:00000001
"Target"="\\??\\C:\\Config.Msi\\34b3ae.rbf"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\6]
"Operation"=dword:00000001
"Target"="\\??\\C:\\WINDOWS\\twain_32\\LogiVid"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\7]
"Operation"=dword:00000001
"Target"="\\??\\C:\\Program Files\\Common Files\\Logitech\\QCDRV\\BIN\\data1.cab"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\8]
"Operation"=dword:00000001
"Target"="\\??\\C:\\Program Files\\Common Files\\Logitech\\QCDRV\\BIN\\setup.exe"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\9]
"Operation"=dword:00000001
"Target"="\\??\\C:\\Program Files\\Common Files\\Logitech\\QCDRV\\BIN\\"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"Flags"=dword:00000080
"Title"="RegRun II Secure Start"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\@Regrun2]
@="RegRun II Secure Start"
"1"="C:\\PROGRA~1\\Greatis\\REGRUN~1\\regrun2.exe /w"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\McAgent.exe"
"_AntiSpyware"="C:\\Program Files\\McAfee\\McAfee AntiSpyware\\MssCli.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{F552DDE6-2090-4bf4-B924-6141E87789A5}"="RegRun Script Checker Shell Hook DLL"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
Shell\AutoRun\command E:\setup.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_0202181173534704MCINSTCLEANUP


-- End of ComboScan: finished at 2007-03-10 at 14:52:32 ------------------------

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:23 AM

Posted 11 March 2007 - 06:26 AM

Already replied here:
http://www.bleepingcomputer.com/forums/t/84265/laptop-slowdown-potentially-bad-files/

By the way, no wonder you are having registry issues, It seems like you are blocking legit registry changes with your RegRun.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users