(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]
{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}=C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2007-05-24 05:14]
{54EBD53A-9BC1-480B-966A-843A333CA162}=C:\WINDOWS\QQIEHelper.dll []
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 12:29]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-19 23:55]
{F156768E-81EF-470C-9057-481BA8380DBA}=C:\PROGRA~1\FlashGet\getflash.dll [2006-09-12 10:50]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-17 16:56]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 23:42]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-06-03 16:59]
"rxsa"="C:\DOCUME~1\Personal\LOCALS~1\Temp\rxso.exe" [2007-06-04 13:18]
"qjsa"="C:\DOCUME~1\Personal\LOCALS~1\Temp\qjso.exe" [2007-06-04 13:18]
"mhsa"="C:\DOCUME~1\Personal\LOCALS~1\Temp\mhso.exe" [2007-06-04 13:18]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:07]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"4jbbhd"=C:\WINDOWS\TEMP\c0nime.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"RavMon"=C:\DOCUME~1\Personal\LOCALS~1\Temp\RavMonD.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1496D5ED-7A09-46D0-8C92-B8E71A4304DF}"="C:\WINDOWS\system32\msacn.dll" [2004-08-04 09:07]
"{62A612A4-4334-4424-4234-42261A31A238}"="C:\WINDOWS\system32\bbqpri.dll" [2004-08-04 17:36]
"{27622928-28E4-115D-40A0-0BBFE89C54D6}"="C:\WINDOWS\system32\zt.DLL" []
"{DE35052A-9E37-4827-A1EC-79BF400D27A4}"="C:\Program Files\Internet Explorer\PLUGINS\System64.aaa" [1900-02-14 18:42]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^百度下吧.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\百度下吧.lnk
backup=C:\WINDOWS\pss\百度下吧.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BaiduXUpdate]
"C:\Program Files\Baidu\BaiduX\MovieUpdate.exe" --Update
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DinerDashFotGSetup.exe]
C:\DOCUME~1\Personal\Desktop\DINERD~1.EXE /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\helper.dll]
C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\Program Files\ICQLite\ICQLite.exe" -minimize
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yassistse]
"C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YLive.exe]
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
********************************************************************
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer,
http://www.gmer.netRootkit scan 2007-06-04 13:18:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\qwetop.exe
C:\WINDOWS\system32\7.exe
scan completed successfully
hidden files: 2
********************************************************************
Completion time: 2007-06-04 13:22:13 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-04 13:22
--- E O F ---