# Can't open HJT or REGEDIT!



## Hey it's me (Mar 29, 2008)

OK, I'm not sure what I've done but, I'm working on my IBM T40 thinkpad and all of the sudden I can't open regedit and everytime I try and download and install HJT I get the same issue. Avast tells me I have about 4 different types of trojans that begin with Win32:.  I was able to download and I'm runnig S&D but, I'm concerned about the others I mentioned just now. THAT is the 1st time I've ever encountered this issue regarding my registry.  I've deleteled some things from it recently, but they were sfotware files I wanted completely removed. I also found a folder called Vauead and I deleted it. Ididn;t find anything like it in my add remove control panel so I simply deleted it from the programs file.

I'm scared. this is my father's computer on loan.  I'm trying to see the Dell I've had windows updates problems with and you guys are helping me fix so I can buy myself my own portable computer which I need for work.  I have to return this to him in perfect shape.  I've installed some things I use on it for now. But I'm not sure why that would be a problem.  ANyway

PLEASE HELP clean this computer for me.
thank you in advance for your incredible FREE HELP!  I can't tell you how grateful I am for this community!!

IBM Thinkpad T40
windows XP PRo
159 GHZ
Pent M
512 ram


----------



## Hey it's me (Mar 29, 2008)

BTW, this is the message I get when I try and install HJT or open the regedit:

Windows cannot find 'C:\Program Files\Trend Micro\Hijack This\HijackThis.exe'. Make sure you tped the name correctly, and then try again. To search for a file, click start button, and then click search.
and....
Windows cannot find 'regedit'. Make sure you tped the name correctly, and then try again. To search for a file, click start button, and then click search.


VERY disconcerting indeed! would you not agree?


----------



## G25r8cer (Mar 29, 2008)

Your def infected. Try doing a system restore to an earlier point.


----------



## GameMaster (Mar 29, 2008)

OK let's try to run your HijackThis.
Rename it.
Go to the HijackThis. Rename the Trend Micro folder as...Racer, rename your HijackThsi folder as Game and rename Hijackthis.exe as master.exe ( in Properties ).
Then run the program and post the scan results.


----------



## Hey it's me (Apr 7, 2008)

Hi Game master,  as always your directions are ace!  here's the HJT log after I changed the names as you told me to.  sorry it took so long for me to get back to you.  this computer still can't open regedit.  my week last week was insane, I will be back on again to see your repsonse Monday 4/7/08.
Thanks again, can;t fathom what I did to make my registry not accessable.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:39 PM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Program Files\racer\Game\master.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154110343740
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158602166459
O16 - DPF: {9FE1C75D-439C-4D76-9FFB-18E592DE51E6} - https://na4.salesforce.com/setup/outlook/setups2/install.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 7561 bytes


----------



## GameMaster (Apr 7, 2008)

Hmm...your problems (and HijackThis renaming help ) show presence of Trojans. However I can't find any in your log!

Please open your HijackThis and choose *Do a system scan only.*
Check this entry:

*O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto*

Now click *Fix checked.*

Reboot your computer.
Is it any better ( I doubt it )?

Download *Deckard's System Scanner (DSS)* to your *Desktop*. You must be logged onto an account with administrator privileges.

*Close* all applications and windows.
*Double-click* on *dss.exe* to run it, and follow the prompts.
When the scan is complete, two text files will open - *main.txt* <- this one will be maximized and *extra.txt*<- this one will be minimized.
Copy *(Ctrl+A then Ctrl+C)* and paste *(Ctrl+V)* the contents of *main.txt* and the *extra.txt* in your reply.


----------



## Hey it's me (Apr 7, 2008)

Hi Game master you can find 

main.txt here:

http://www.savefile.com/files/1490369


extra.txt here:

http://www.savefile.com/files/1490369


ok, GM, is it possible I perhaps did something stupid and erased my registry??  is that possible?



NOW I'm scared!


----------



## soccerdude (Apr 7, 2008)

Are you using an administrator account on the computer?


----------



## Hey it's me (Apr 8, 2008)

uhm? what do you mean?


----------



## Verve (Apr 8, 2008)

not that I'm a big expert or anything, but wouldn't an antivirus boot scan be helpful?


----------



## GameMaster (Apr 8, 2008)

Please open *Notepad* (Start -> Run -> type *notepad* in the Open field -> OK) and copy and paste the text present *inside* the code box below: 


```
File::
C:\WINDOWS\system32\fsys.exe
C:\WINDOWS\system32\Flower.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AgentSvr.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AppSvc32.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\auto.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRun.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autoruns.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgrssvc.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvMonitor.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCenter.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccSvcHst.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cross.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Discovery.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FileDsty.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FTCleanerShell.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guangd.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\isPwdSvc.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KaScrScn.SCR]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASMain.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASTask.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVDX.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVSetup.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVStart.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KISLnchr.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KMailMon.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KMFilter.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPFW32.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPFW32X.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPFWSvc.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRepair.COM]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KsLoader.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVCenter.kxp]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvfwMcl.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP_1.kxp]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvol.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvolself.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvReport.kxp]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVStub.kxp]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvupload.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatch.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatch9x.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatchX.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\loaddll.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcconsol.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmqczj.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSetup.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32kui.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QHSET.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStub.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavTask.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RegClean.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwcfg.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RfwMain.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwProxy.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsAgent.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rsaupd.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safelive.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SDGames.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\servet.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shcfg32.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ShuiNiu.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SmartUp.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sos.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\svch0st.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcsvc.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SysSafe.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Systom.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TNT.Exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanDetector.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Trojanwall.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TxoMoU.Exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UFO.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UIHost.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxAgent.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxAttachment.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxCfg.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxFwHlp.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxPol.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UpLive.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Wsyscheck.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\XP.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zxsweep.exe]
```

 Save this as *CFScript.txt* and change the "*Save as type*" to "*All Files*" and place it on your desktop. 






*Very Important!* Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
 Referring to the screenshot above, *drag CFScript.txt into ComboFix.exe.* 
 ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. 
 When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply. 
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall!

Any better???


----------



## Hey it's me (Apr 8, 2008)

ok! here's the combofix log..


ComboFix 08-04-08.5 - monosphere user 2008-04-08 18:00:44.1 - NTFSx86
Running from: C:\Documents and Settings\monosphere user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\monosphere user\Desktop\CFScript.txt
 * Created a new restore point

*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!*

FILE ::
C:\WINDOWS\system32\Flower.exe
C:\WINDOWS\system32\fsys.exe
.

(((((((((((((((((((((((((   Files Created from 2008-03-08 to 2008-04-08  )))))))))))))))))))))))))))))))
.

2008-04-08 17:43 . 2008-04-08 17:43	<DIR>	d--------	C:\WINDOWS\LastGood
2008-04-07 18:17 . 2008-04-07 18:17	<DIR>	d--------	C:\Deckard
2008-04-04 07:13 . 2008-04-04 07:13	<DIR>	d--------	C:\Program Files\Safari
2008-04-04 07:10 . 2008-04-04 07:10	<DIR>	d--------	C:\Program Files\iPod
2008-04-04 07:07 . 2008-04-04 07:08	<DIR>	d--------	C:\Program Files\QuickTime
2008-04-03 06:51 . 2008-04-07 17:05	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-04-03 06:51 . 2008-04-03 06:51	1,409	--a------	C:\WINDOWS\QTFont.for
2008-03-29 10:33 . 2008-04-06 23:15	<DIR>	d--------	C:\Program Files\racer
2008-03-29 10:06 . 2008-03-29 10:06	<DIR>	d--------	C:\Program Files\Spybot - Search & Destroy
2008-03-29 10:06 . 2008-03-29 11:07	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-28 23:37 . 2008-03-28 23:37	90,112	--a------	C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37	57,344	--a------	C:\WINDOWS\system32\QuickTime.qts
2008-03-25 09:23 . 2008-04-08 18:00	<DIR>	d--------	C:\Program Files\Mozilla Firefox 3 Beta 4
2008-03-23 19:35 . 2008-03-23 19:35	<DIR>	d--------	C:\Documents and Settings\monosphere user\Application Data\ZoomBrowser EX
2008-03-20 00:03 . 2007-12-04 08:04	837,496	--a------	C:\WINDOWS\system32\aswBoot.exe
2008-03-20 00:03 . 2004-01-09 04:13	380,928	--a------	C:\WINDOWS\system32\actskin4.ocx
2008-03-20 00:03 . 2007-12-04 07:54	95,608	--a------	C:\WINDOWS\system32\AvastSS.scr
2008-03-20 00:03 . 2007-12-04 09:55	94,544	--a------	C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-20 00:03 . 2007-12-04 09:56	93,264	--a------	C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-20 00:03 . 2007-12-04 09:51	42,912	--a------	C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-20 00:03 . 2007-12-04 09:49	26,624	--a------	C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-20 00:03 . 2007-12-04 09:53	23,152	--a------	C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-19 22:15 . 2008-03-20 00:00	2,483	--a------	C:\WINDOWS\system32\bxdkex.KEY
2008-03-17 23:19 . 2008-03-28 15:18	<DIR>	d--------	C:\Program Files\Plato Video To iPod Converter
2008-03-17 23:19 . 2007-03-09 09:36	856,064	--a------	C:\WINDOWS\system32\mpgfiltr.ax
2008-03-17 23:19 . 2007-12-06 21:07	615,424	--a------	C:\WINDOWS\system32\XFlower.dll
2008-03-17 23:19 . 2006-08-01 14:01	438,272	--a------	C:\WINDOWS\system32\SkinCrafter.dll
2008-03-17 23:19 . 2007-03-09 09:35	208,896	--a------	C:\WINDOWS\system32\VideoEdit.ocx
2008-03-17 23:19 . 2007-03-09 09:37	139,264	--a------	C:\WINDOWS\system32\viscomqtde.dll
2008-03-17 23:19 . 2007-03-09 09:36	81,920	--a------	C:\WINDOWS\system32\viscomwave.dll
2008-03-17 22:19 . 2008-03-17 22:22	<DIR>	d--------	C:\Documents and Settings\monosphere user\Application Data\Any Video Converter Professional
2008-03-17 22:19 . 2008-03-17 22:20	<DIR>	d-a------	C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-17 21:41 . 2008-03-17 21:52	<DIR>	d--------	C:\Program Files\AviSynth 2.5
2008-03-17 20:47 . 2005-11-25 07:46	421,888	--a------	C:\WINDOWS\system32\RealMediaSplitter.ax
2008-03-17 20:47 . 2004-05-25 17:06	417,792	--a------	C:\WINDOWS\system32\ac3filter.ax
2008-03-17 20:47 . 2004-01-10 17:02	258,048	--a------	C:\WINDOWS\system32\GplMpgDec.ax
2008-03-17 20:42 . 2008-03-17 20:43	<DIR>	d--------	C:\Documents and Settings\monosphere user\Application Data\XnView
2008-03-13 12:01 . 2008-03-13 12:01	<DIR>	d--------	C:\Documents and Settings\monosphere user\Application Data\Snappy Fax Archives
2008-03-13 11:47 . 2008-03-13 13:47	<DIR>	d--------	C:\Program Files\Snappy Fax Version 4
2008-03-13 11:47 . 2008-03-13 15:27	<DIR>	d--------	C:\Documents and Settings\monosphere user\Application Data\Snappy Fax
2008-03-12 20:22 . 2008-03-12 20:22	<DIR>	d--------	C:\EPSONREG
2008-03-12 20:14 . 2008-03-12 20:14	<DIR>	d--------	C:\Program Files\Common Files\ArcSoft
2008-03-12 20:14 . 2008-03-17 20:45	<DIR>	d--------	C:\Documents and Settings\monosphere user\Application Data\ArcSoft
2008-03-12 20:14 . 2004-08-04 07:52	413,696	-ra------	C:\WINDOWS\system32\msvcb66f.rra
2008-03-12 20:14 . 1995-08-01 04:44	212,480	--a------	C:\WINDOWS\PCDLIB32.DLL
2008-03-12 20:14 . 2006-10-20 16:11	126,976	--a------	C:\WINDOWS\system32\PhotoImpression Slideshow.scr
2008-03-12 20:14 . 2005-02-23 14:58	11,776	--a------	C:\WINDOWS\system32\drivers\afc.sys
2008-03-12 20:13 . 2008-03-12 20:14	<DIR>	d--------	C:\WINDOWS\system32\PhotoImpression Slideshow
2008-03-12 20:13 . 2008-03-12 20:15	<DIR>	d--------	C:\Program Files\ArcSoft
2008-03-12 20:12 . 2008-03-12 20:12	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\EPSON
2008-03-12 20:09 . 2008-03-17 20:46	<DIR>	d--------	C:\Program Files\epson
2008-03-12 20:09 . 2007-04-18 00:00	67,072	--a------	C:\WINDOWS\system32\escwiad.dll
2008-03-12 20:08 . 2008-03-12 20:22	44	--a------	C:\WINDOWS\EPCX8400.ini

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 10:17	---------	d-----w	C:\Documents and Settings\monosphere user\Application Data\uTorrent
2008-04-04 20:07	---------	d-----w	C:\Documents and Settings\monosphere user\Application Data\Apple Computer
2008-04-04 11:10	---------	d-----w	C:\Program Files\iTunes
2008-03-29 14:12	---------	d-----w	C:\Program Files\NCH Software
2008-03-28 19:18	---------	d-----w	C:\Program Files\pgAdmin III
2008-03-19 17:34	---------	d-----w	C:\Program Files\Norton AntiVirus
2008-03-19 17:34	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-03-19 17:32	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-13 19:29	---------	d-----w	C:\Documents and Settings\monosphere user\Application Data\Skype
2008-03-13 13:48	---------	d-----w	C:\Documents and Settings\monosphere user\Application Data\skypePM
2008-03-13 00:15	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-03-06 15:39	---------	d-----w	C:\Program Files\iDump
2008-03-04 12:59	---------	d-----w	C:\Program Files\Google
2008-03-03 20:24	---------	d-----w	C:\Program Files\Skype
2008-03-03 20:24	---------	d-----w	C:\Program Files\Java
2008-03-03 19:17	32	----a-w	C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-03 16:45	---------	d-----w	C:\Program Files\Common Files\Skype
2008-03-03 16:45	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Skype
2008-03-03 14:01	---------	d-----w	C:\Program Files\Bonjour
2008-03-02 13:58	2,141,137	----a-w	C:\Program Files\WeatherBug.rar
2008-03-02 13:05	---------	d-----w	C:\Documents and Settings\monosphere user\Application Data\WeatherBug
2008-02-29 17:40	---------	d-----w	C:\Program Files\Symantec AntiVirus
2008-02-29 17:31	---------	d-----w	C:\Program Files\Alwil Software
2008-02-29 17:20	---------	d-----w	C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-02-29 17:03	---------	d-----w	C:\Program Files\Avanquest update
2008-02-29 17:03	---------	d-----w	C:\Documents and Settings\monosphere user\Application Data\InstallShield
2008-02-29 16:54	---------	d-----w	C:\Program Files\IBM
2008-02-29 16:53	---------	d-----w	C:\Program Files\Motorola Phone Tools
2008-02-29 16:50	24,192	----a-w	C:\Documents and Settings\monosphere user\usbsermptxp.sys
2008-02-29 16:50	22,768	----a-w	C:\WINDOWS\system32\drivers\usbsermpt.sys
2008-02-29 16:50	22,768	----a-w	C:\Documents and Settings\monosphere user\usbsermpt.sys
2008-02-29 06:21	---------	d-----w	C:\Documents and Settings\monosphere user\Application Data\Move Networks
2008-02-28 20:30	---------	d-----w	C:\Program Files\Common Files\eSellerate
2008-02-28 19:06	---------	d-----w	C:\Documents and Settings\All Users\Application Data\NCH Software
2008-02-28 15:04	---------	d-----w	C:\Program Files\WebEx
2008-02-26 20:46	---------	d-----w	C:\Documents and Settings\monosphere user\Application Data\Any Video Converter
2008-02-25 19:13	---------	d-----w	C:\Program Files\Foxit Software
2008-02-25 19:01	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-02-25 18:17	---------	d-----w	C:\Program Files\uTorrent
2008-02-25 15:29	---------	d-----w	C:\Program Files\Symantec
2008-02-25 15:28	---------	d-----w	C:\Documents and Settings\monosphere user\Application Data\Symantec
2008-02-25 15:20	94	----a-w	C:\WINDOWS\system32\drivers\IBM_2373_A1U.MRK
2008-02-25 15:19	---------	d-----w	C:\Program Files\Lenovo
2008-02-25 15:19	---------	d-----w	C:\Program Files\Common Files\Lenovo
2008-02-25 15:00	---------	d-----w	C:\Documents and Settings\monosphere user\Application Data\IBM
2008-01-29 16:02	107,368	----a-w	C:\WINDOWS\system32\GEARAspi.dll
2008-01-13 18:40	21,321,008	----a-w	C:\Program Files\QuickTimeInstaller.exe
2006-09-01 13:59	28,672	----a-w	C:\Documents and Settings\monosphere user\atwbxdet.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^monosphere user^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=C:\Documents and Settings\monosphere user\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=C:\WINDOWS\pss\Desktop Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2002-10-18 14:07 87751 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2001-09-04 19:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2003-01-16 14:52 294912 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 03:56 380416 C:\WINDOWS\system32\irprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMGAG]
--a------ 2003-01-17 04:32 64000 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMLREF]
--a------ 2003-01-17 04:32 20480 C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2006-03-07 16:02 53408 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2003-01-10 06:50 106551 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlbxmon.exe]
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX8400 Series]
--a------ 2007-02-15 06:00 179200 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
--a------ 2002-12-24 05:01 204800 C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages]
--a------ 2003-01-07 17:52 495616 C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
C:\PROGRA~1\NORTON~1\Cfgwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3TRAY2]
--a------ 2001-10-12 01:32 69632 C:\WINDOWS\system32\S3Tray2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snappy Fax]
--a------ 2008-02-28 14:01 13649408 C:\Program Files\Snappy Fax Version 4\sf4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
--a------ 2002-06-18 03:01 155648 c:\Program Files\VERITAS Software\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2003-06-24 17:33 561152 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2003-06-24 17:34 126976 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-12-11 18:36 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
--a------ 2002-09-04 04:05 53248 C:\WINDOWS\system32\TP4EX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
--a------ 2003-01-24 20:37 94208 C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPMN]
--a------ 2003-02-17 03:30 32835 C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
--a------ 2007-11-19 15:23 487424 C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UC_SMB]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2006-03-17 09:34 124656 C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\Program Files\WeatherBug\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\IBMTOOLS\\Updater\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2003-02-24 05:06]
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2003-01-17 04:32]
S3 PCDRDRV;Pcdr Helper Driver;C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys []
S3 PCX504;Cisco Systems Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\PCX504.sys [2002-04-02 07:27]
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2006-06-30 17:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NATServices	REG_MULTI_SZ   	NATServices

.
Contents of the 'Scheduled Tasks' folder
"2008-03-31 19:18:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-12-26 00:45:50 C:\WINDOWS\Tasks\BMMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 18:04:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2008-04-08 18:05:56
ComboFix-quarantined-files.txt  2008-04-08 22:05:34
Pre-Run: 45,598,097,408 bytes free
Post-Run: 45,584,396,288 bytes free
.
2008-03-21 21:13:51	--- E O F ---


----------



## Hey it's me (Apr 8, 2008)

BY JOE!!  you did it!  Game master? You AMAZE ME!  YOU REALLY ARE, "da MANNNNN".  what can I say? well, THANK YOU for starters. My registry is back up!  I am ever so grateful (once again) you have SAVED the day.  how does it feel to be the prince of CF?  As a person who's a danger to herself because I know JUST enough to do damage, not enough to fix it, I Need you!
Thank you. Thank you, Thank you!
I'm sending you lots of magical good vibes through cyber space!

hey it's me!


----------



## GameMaster (Apr 9, 2008)

Haha, thanks for your lovely greetings  helping anytime here on ComputerForum.com


----------

