Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combo Fix Help Me


  • Please log in to reply
11 replies to this topic

#1 Vicktor_94

Vicktor_94

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 25 January 2008 - 10:36 AM

please tell me from where can i get this program.Today I clicked on sth and from then there are always errors.Like cyber log.x virus and many else.I've heard about this program but i can't download it.im getting a error on http://download.bleepingcomputer.com/sUBs/...aB/combofix.exe
help please

BC AdBot (Login to Remove)

 


#2 Vicktor_94

Vicktor_94
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 25 January 2008 - 11:55 AM

there are also starting windows with software sites and casinos. - I don't believe in this.
I had the same problem on my last PC now it's happening again. ;[
Those spywares/malwares idk what is it but it's breaking my pc.







sry for my bad english

#3 Rittnasty

Rittnasty

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:It's a Midwest thing, ya'll...
  • Local time:11:03 AM

Posted 25 January 2008 - 12:21 PM

Before you use ComboFix I would run a scan of your system with a program like Ad-Aware to remove any spyware programs/files that might be causing the pop-ups. That might fix the problem...There are several other programs to use for removing spyware if you go here... http://www.bleepingcomputer.com/forums/t/405/antivirus-antimalware-and-antispyware-resources/

Here is the link to the ComboFix tutorial from BC... http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Before you use this program, I would talk with one of the admins so that they can walk you through the directions and help you in analyzing your combofix log...
"And if it is evil in your eyes to serve the Lord, choose this day whom you will serve, whether the gods your fathers served in the region beyond the River, or the gods of the Amorites in whose land you dwell. But as for me and my house, we will serve the Lord. Joshua 24:15 (ESV)

Thoughtvent.com

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:03 AM

Posted 25 January 2008 - 12:22 PM

You should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.

If your using Win XP or 2000, do this:

Please print out and follow the generic instructions for using "SmitfraudFix". Make sure you scroll down to Clean and perform the steps where you reboot in "Safe Mode" and run option #2.
-- If you have downloaded SmitfraudFix previously, please delete that version and download it again as the tool is frequently updated!
-- If the tool fails to launch from the Desktop, please move smitfraudFix.exe to the root of the system drive (usually C:\), and run it from there.

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.
Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Vicktor_94

Vicktor_94
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 25 January 2008 - 01:25 PM

When It was scanning my pc (in safe mode) it suddenly rebooted.It didn't save any logs.When it was scanning i saw that there had 7 threats found.
I'll try again and I'll write in the forum as soon as possible - maybe tomorrow.
Thank you for the help.
Btw the smitfraudfix has removed 4 threats. ;]
I won't use combo fix because if i do sth wrong my mum'll kill me :D

Edited by Vicktor_94, 25 January 2008 - 01:28 PM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:03 AM

Posted 25 January 2008 - 04:07 PM

Follow the directions I provided to retrieve your SAS log after reboot. You should be able to find it there.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Vicktor_94

Vicktor_94
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 26 January 2008 - 01:35 AM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/26/2008 at 08:28 AM

Application Version : 3.9.1008

Core Rules Database Version : 3388
Trace Rules Database Version: 1382

Scan type : Complete Scan
Total Scan Time : 00:24:37

Memory items scanned : 357
Memory threats detected : 0
Registry items scanned : 4474
Registry threats detected : 7
File items scanned : 27009
File threats detected : 77

Adware.Tracking Cookie
C:\Documents and Settings\name\Cookies\name@tacoda[2].txt
C:\Documents and Settings\name\Cookies\name@888[2].txt
C:\Documents and Settings\name\Cookies\name@cgi-bin[5].txt
C:\Documents and Settings\name\Cookies\name@winanonymous[1].txt
C:\Documents and Settings\name\Cookies\name@tribalfusion[2].txt
C:\Documents and Settings\name\Cookies\name@new-pcp[1].txt
C:\Documents and Settings\name\Cookies\name@adrevolver[1].txt
C:\Documents and Settings\name\Cookies\name@1065996238[1].txt
C:\Documents and Settings\name\Cookies\name@20997850[2].txt
C:\Documents and Settings\name\Cookies\name@cgi-bin[2].txt
C:\Documents and Settings\name\Cookies\name@advertising[1].txt
C:\Documents and Settings\name\Cookies\name@media303[2].txt
C:\Documents and Settings\name\Cookies\name@network-ca.247realmedia[1].txt
C:\Documents and Settings\name\Cookies\name@adopt.euroclick[1].txt
C:\Documents and Settings\name\Cookies\name@weborama[1].txt
C:\Documents and Settings\name\Cookies\name@doubleclick[2].txt
C:\Documents and Settings\name\Cookies\name@winspycontrol[1].txt
C:\Documents and Settings\name\Cookies\name@pacificpoker[2].txt
C:\Documents and Settings\name\Cookies\name@2o7[1].txt
C:\Documents and Settings\name\Cookies\name@atwola[1].txt
C:\Documents and Settings\name\Cookies\name@ads.adbrite[1].txt
C:\Documents and Settings\name\Cookies\name@247realmedia[1].txt
C:\Documents and Settings\name\Cookies\name@atdmt[2].txt
C:\Documents and Settings\name\Cookies\name@74613876[2].txt
C:\Documents and Settings\name\Cookies\name@msnportal.112.2o7[1].txt
C:\Documents and Settings\name\Cookies\name@statcounter[2].txt
C:\Documents and Settings\name\Cookies\name@rdr.hitmngr[1].txt
C:\Documents and Settings\name\Cookies\name@server.iad.liveperson[1].txt
C:\Documents and Settings\name\Cookies\name@4.adbrite[2].txt
C:\Documents and Settings\name\Cookies\name@cgi-bin[1].txt
C:\Documents and Settings\name\Cookies\name@ehg-philipsvheusen.hitbox[2].txt
C:\Documents and Settings\name\Cookies\name@ad.investor[2].txt
C:\Documents and Settings\name\Cookies\name@sales.liveperson[2].txt
C:\Documents and Settings\name\Cookies\name@ehg-adidas.hitbox[2].txt
C:\Documents and Settings\name\Cookies\name@xiti[1].txt
C:\Documents and Settings\name\Cookies\name@ads.gameforgeads[1].txt
C:\Documents and Settings\name\Cookies\name@samsung.112.2o7[1].txt
C:\Documents and Settings\name\Cookies\name@1058125797[1].txt
C:\Documents and Settings\name\Cookies\name@realmedia[2].txt
C:\Documents and Settings\name\Cookies\name@mediaservices.myspace[2].txt
C:\Documents and Settings\name\Cookies\name@chicagosuntimes.122.2o7[1].txt
C:\Documents and Settings\name\Cookies\name@www.antispyshield[1].txt
C:\Documents and Settings\name\Cookies\name@cassava[1].txt
C:\Documents and Settings\name\Cookies\name@specificclick[1].txt
C:\Documents and Settings\name\Cookies\name@ad.yieldmanager[2].txt
C:\Documents and Settings\name\Cookies\name@media.adrevolver[1].txt
C:\Documents and Settings\name\Cookies\name@school[1].txt
C:\Documents and Settings\name\Cookies\name@ehg-globalgamingleague.hitbox[2].txt
C:\Documents and Settings\name\Cookies\name@edge.ru4[1].txt
C:\Documents and Settings\name\Cookies\name@ehg-adidasus.hitbox[1].txt
C:\Documents and Settings\name\Cookies\name@winsecureav[2].txt
C:\Documents and Settings\name\Cookies\name@mediaplex[1].txt
C:\Documents and Settings\name\Cookies\name@whitehorse.112.2o7[1].txt
C:\Documents and Settings\name\Cookies\name@www.virusranger[1].txt
C:\Documents and Settings\name\Cookies\name@adserver.incgamers[1].txt
C:\Documents and Settings\name\Cookies\name@overture[1].txt
C:\Documents and Settings\name\Cookies\name@ads.revsci[1].txt
C:\Documents and Settings\name\Cookies\name@www.winspykiller[1].txt
C:\Documents and Settings\name\Cookies\name@ad.mp-gamer[1].txt
C:\Documents and Settings\name\Cookies\name@zedo[2].txt
C:\Documents and Settings\name\Cookies\name@anad.tacoda[2].txt
C:\Documents and Settings\name\Cookies\name@ehg-upperdeck.hitbox[2].txt
C:\Documents and Settings\name\Cookies\name@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\name\Cookies\name@hitbox[2].txt
C:\Documents and Settings\name\Cookies\name@ads.pimdesign[2].txt
C:\Documents and Settings\name\Cookies\name@adinterax[2].txt
C:\Documents and Settings\name\Cookies\name@adserver.mmoguru[1].txt
C:\Documents and Settings\name\Cookies\name@revsci[1].txt
C:\Documents and Settings\name\Cookies\name@advancedcleaner[2].txt
C:\Documents and Settings\name\Cookies\name@winpcdoctor[2].txt

Adware.WhenU
HKCR\WUSN.1
HKCR\WUSN.1#WUSN_Id
HKCR\WUSE.1
HKCR\WUSE.1#WUSE_Id
C:\PROGRAM FILES\DAEMON TOOLS\SETUPDTSB.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{63F0AF58-672A-4680-B24A-BD49E6AE1CBB}\RP75\A0008392.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{63F0AF58-672A-4680-B24A-BD49E6AE1CBB}\RP75\A0008393.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{63F0AF58-672A-4680-B24A-BD49E6AE1CBB}\RP75\A0008394.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{63F0AF58-672A-4680-B24A-BD49E6AE1CBB}\RP75\A0008395.EXE

Trojan.Media-Codec/V4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center#UninstallString

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{63F0AF58-672A-4680-B24A-BD49E6AE1CBB}\RP102\A0013877.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{63F0AF58-672A-4680-B24A-BD49E6AE1CBB}\RP102\A0013878.ICO


now ?

Edited by Vicktor_94, 26 January 2008 - 01:38 AM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:03 AM

Posted 26 January 2008 - 10:26 AM

Download and scan with Dr.Web CureIt. Follow the instructions here for performing a scan in "safe mode".

Post the log in your next reply and let me know how your computer is running.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Vicktor_94

Vicktor_94
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 27 January 2008 - 05:02 AM

mirc.exe D:\Download dc++\mirc\PrisonBreak mIRC Program.mIRC.616 Incurable.Moved.
fnatic_mym-de_inferno.dem D:\Games\Original German CS\Counter Strike 1.6 Online + Hamachi\Counter-Strike 1.6\cstrike Modification of V2Px.1190 Moved.
Process.exe C:\Documents and Settings\name\Desktop\SmitfraudFix Tool.Prockill Incurable.Moved.
restart.exe C:\Documents and Settings\name\Desktop\SmitfraudFix Tool.ShutDown.11 Incurable.Moved.
4OWUOGCA.NQF C:\Program Files\ESET\infected Trojan.Packed.214 Deleted.
CKXAKTBA.NQF C:\Program Files\ESET\infected Trojan.Fakealert.386 Deleted.
HY52R4AA.NQF C:\Program Files\ESET\infected Trojan.Fakealert.386 Deleted.
ZMIDETDA.NQF C:\Program Files\ESET\infected Trojan.Fakealert.386 Deleted.
A0013879.exe C:\System Volume Information\_restore{63F0AF58-672A-4680-B24A-BD49E6AE1CBB}\RP102 Tool.Prockill Incurable.Moved.
A0016917.exe C:\System Volume Information\_restore{63F0AF58-672A-4680-B24A-BD49E6AE1CBB}\RP103 Adware.SaveNow Incurable.Moved.
Process.exe C:\WINDOWS\system32 Tool.Prockill Incurable.Moved.

that's the log.
My pc is running better now. The pop-ups are removed,the viruses,trojans,adwares and malwares too.
Thank you man ur the best :]

Edited by Vicktor_94, 27 January 2008 - 09:05 AM.


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:03 AM

Posted 27 January 2008 - 09:05 AM

How is your system running now?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 mithu1988

mithu1988

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 23 February 2008 - 03:54 AM

Am I Infected?

ComboFix 08-02-23 - Compaq Owner 2008-02-23 13:53:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.325 [GMT 5.5:30]
Running from: C:\Documents and Settings\Compaq Owner\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.

2008-02-23 08:39 . 2008-02-23 08:39 0 --a------ C:\WINDOWS\hpqEmlSz.INI
2008-02-20 19:30 . 2008-02-20 19:35 <DIR> d-------- C:\Program Files\Webshots
2008-02-16 18:27 . 2008-02-16 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-02-16 18:23 . 2008-02-16 18:32 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-02-15 00:12 . 2008-02-15 00:12 <DIR> d-------- C:\Program Files\MSECache
2008-02-15 00:07 . 2008-02-15 00:07 <DIR> d-------- C:\Program Files\Microsoft Works
2008-02-15 00:02 . 2008-02-15 00:02 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-02-14 23:57 . 2008-02-14 23:57 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-14 23:54 . 2008-02-15 00:04 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-02-14 16:01 . 2008-02-14 16:01 <DIR> d-------- C:\Documents and Settings\Compaq Owner\Application Data\Windows Desktop Search
2008-02-14 15:59 . 2008-02-14 15:59 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-02-14 11:20 . 2008-02-14 11:20 244 --ah----- C:\sqmnoopt11.sqm
2008-02-14 11:20 . 2008-02-14 11:20 232 --ah----- C:\sqmdata11.sqm
2008-02-14 11:03 . 2008-02-14 11:03 <DIR> d-------- C:\Program Files\PowerISO
2008-02-13 21:46 . 2008-02-13 21:46 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-02-13 16:50 . 2008-02-13 16:53 <DIR> d-------- C:\Documents and Settings\Compaq Owner\Application Data\TeraCopy
2008-02-13 12:05 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-12 18:37 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-02-12 18:36 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-02-12 18:35 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-02-12 18:34 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-02-12 18:33 . 2004-08-03 22:29 1,897,408 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
2008-02-12 18:32 . 2004-08-04 00:56 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-02-12 18:31 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-02-12 18:30 . 2001-08-17 22:36 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-02-12 18:29 . 2004-08-03 22:41 1,041,536 --a--c--- C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2008-02-12 18:28 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-02-12 18:27 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-02-12 18:26 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-02-12 18:25 . 2004-08-04 00:56 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-02-12 18:24 . 2001-08-17 12:19 747,392 --a--c--- C:\WINDOWS\system32\dllcache\adm8830.sys
2008-02-12 18:23 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-02-11 14:27 . 2008-02-11 14:27 <DIR> d-------- C:\Documents and Settings\Compaq Owner\Application Data\WildTangent
2008-02-11 14:25 . 2008-02-14 11:00 <DIR> d-------- C:\Program Files\WildGames
2008-02-02 17:41 . 2006-04-21 10:22 85,040 -ra------ C:\WINDOWS\system32\drivers\zebrsce.sys
2008-02-02 17:40 . 2008-02-02 17:41 <DIR> d-------- C:\Documents and Settings\Compaq Owner\Application Data\Teleca
2008-02-02 17:38 . 2006-04-21 10:21 53,392 -ra------ C:\WINDOWS\system32\drivers\zebrceb.sys
2008-02-02 17:37 . 2008-02-02 17:37 <DIR> d-------- C:\Program Files\Symbian
2008-02-02 17:37 . 2008-02-02 17:37 <DIR> d-------- C:\Program Files\Intuwave
2008-02-02 17:37 . 2008-02-02 17:37 <DIR> d-------- C:\Documents and Settings\Compaq Owner\Application Data\Sony Ericsson
2008-02-02 17:37 . 2005-06-08 15:53 288 --a------ C:\WINDOWS\mrinstu.iss
2008-02-02 17:36 . 2008-02-02 17:38 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-02-02 17:36 . 2008-02-02 17:37 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-02-02 17:36 . 2008-02-02 17:36 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-02-02 17:36 . 2008-02-02 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-02-02 17:36 . 2008-02-02 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-02-02 17:31 . 2006-04-21 13:52 101,072 -ra------ C:\WINDOWS\system32\drivers\zebrmdm.sys
2008-02-02 17:31 . 2006-04-21 13:52 101,008 -ra------ C:\WINDOWS\system32\drivers\zebrmdmc.sys
2008-02-02 17:31 . 2006-04-21 13:51 9,264 -ra------ C:\WINDOWS\system32\drivers\zebrmdfl.sys
2008-02-02 17:31 . 2006-04-21 13:51 6,208 -ra------ C:\WINDOWS\system32\drivers\zebrcmnt.sys
2008-02-02 17:31 . 2006-04-21 13:51 6,208 -ra------ C:\WINDOWS\system32\drivers\zebrcm.sys
2008-02-02 17:30 . 2006-04-21 13:51 66,864 -ra------ C:\WINDOWS\system32\drivers\zebrbus.sys
2008-02-02 17:30 . 2006-04-21 10:22 5,904 -ra------ C:\WINDOWS\system32\drivers\zebrwhnt.sys
2008-02-02 17:30 . 2006-04-21 10:22 5,904 -ra------ C:\WINDOWS\system32\drivers\zebrwh.sys
2008-02-02 17:28 . 2008-02-02 17:28 <DIR> d-------- C:\Program Files\Disc2Phone
2008-01-31 22:30 . 2008-01-31 22:32 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-01-24 14:33 . 2008-01-24 14:33 <DIR> d-------- C:\Documents and Settings\Compaq Owner\Application Data\Activision
2008-01-24 13:39 . 2008-01-24 13:39 <DIR> d-------- C:\Program Files\Bonjour
2008-01-23 23:55 . 2008-01-23 23:55 <DIR> d-------- C:\Documents and Settings\Compaq Owner\Application Data\TuneUp Software
2008-01-23 20:34 . 2008-01-23 20:34 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-01-23 15:36 . 2008-01-24 13:52 <DIR> d-------- C:\Documents and Settings\Compaq Owner\Application Data\Apple Computer
2008-01-23 15:33 . 2008-01-23 15:33 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-23 15:33 . 2008-01-23 15:33 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-23 15:33 . 2008-01-23 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-23 12:49 . 2008-01-23 12:49 <DIR> d-------- C:\Documents and Settings\Compaq Owner\Application Data\Leadertech
2008-01-23 08:58 . 2008-01-23 09:03 895 --a------ C:\WINDOWS\ARPR.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 06:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-23 04:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-22 16:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-22 16:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-22 16:45 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-14 18:36 --------- d-----w C:\Program Files\MSBuild
2008-02-14 15:06 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-13 16:10 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-11 08:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-02-02 12:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-31 18:03 --------- d-----w C:\Documents and Settings\Compaq Owner\Application Data\Yahoo!
2008-01-31 18:03 --------- d-----w C:\Documents and Settings\Compaq Owner\Application Data\Image Zone Express
2008-01-31 17:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-01-25 18:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\POPWWPROFILES
2008-01-24 08:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-23 18:44 --------- d-----w C:\Program Files\BitComet
2008-01-21 16:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\DFX
2008-01-17 15:34 5,889,536 ----a-w C:\WINDOWS\system32\logonuiX.exe
2008-01-17 02:17 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-01-17 02:17 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-01-17 02:17 --------- d-----w C:\Program Files\Common Files\xing shared
2008-01-17 02:17 --------- d-----w C:\Program Files\Common Files\Real
2008-01-16 14:15 --------- d-----w C:\Program Files\Secret-Zip
2008-01-15 04:24 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-14 23:58 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 13:02 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-11 16:50 --------- d-----w C:\Program Files\WildTangent
2008-01-06 11:12 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-01-06 11:12 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-01-06 11:12 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-01-02 18:48 --------- d-----w C:\Documents and Settings\Compaq Owner\Application Data\RapidGet
2008-01-02 07:55 --------- d-----w C:\Documents and Settings\Compaq Owner\Application Data\Talkback
2007-12-31 20:18 --------- d-----w C:\Documents and Settings\Compaq Owner\Application Data\UseNeXT
2007-12-27 23:54 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-27 23:54 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-26 02:27 --------- d-----w C:\Documents and Settings\Compaq Owner\Application Data\CyberLink
2007-12-23 18:43 41,288 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-23 18:43 29,000 ----a-w C:\WINDOWS\system32\drivers\kcom.sys
2007-12-23 06:27 --------- d-----w C:\Documents and Settings\Compaq Owner\Application Data\PC Tools
2007-12-09 00:49 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-05 18:39 278,528 ----a-w C:\WINDOWS\system32\livesnth.dll
2007-12-05 18:39 203,776 ----a-w C:\WINDOWS\system32\clrviddc.dll
2007-12-05 12:40 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-03 02:47 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 18:21 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 13:44 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 18:21 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-12-07 20:33 1913656]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 00:56 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 03:18 437160]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq Owner^Start Menu^Programs^Startup^Delta Force-Black Hawk Down Team Sabre Registration.lnk]
backup=C:\WINDOWS\pss\Delta Force-Black Hawk Down Team Sabre Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq Owner^Start Menu^Programs^Startup^PowerReg Scheduler.exe]

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq Owner^Start Menu^Programs^Startup^Registration Prince of Persia Warrior Within.LNK]
backup=C:\WINDOWS\pss\Registration Prince of Persia Warrior Within.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 23:24 620152 H:\Program Files\Adobe Reader 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2005-09-21 15:32 2807808 C:\WINDOWS\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-10-23 14:18 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2007-12-07 20:33 1913656 C:\Program Files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2008-01-31 13:15 51048 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
--a------ 2007-08-24 03:18 437160 C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 H:\Microsoft Office Ultimate 2007\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--------- 2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-11-03 15:22 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 15:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-11-03 15:22 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-11-03 15:26 118784 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-11-03 15:25 98304 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-10-15 10:40 1077032 H:\Program Files\Nero 8 Ultra Edition\Nero 8\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LowTek CopyFaster]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mRouterConfig]
--a------ 2006-03-02 11:54 290816 C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 21:54 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 08:51 1836328 H:\Program Files\Nero 8 Ultra Edition\Nero 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetFxUpdate_v1.1.4322]
--a------ 2007-01-15 16:11 73728 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
--a------ 2007-08-25 19:23 714608 C:\Program Files\Norton Internet Security\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite for Smartphones]
-ra------ 2006-04-25 13:09 487424 C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2005-11-03 15:26 118784 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a------ 2004-10-25 15:17 90112 C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-07 05:35 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2005-09-22 13:36 14854144 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
--a------ 2007-12-27 00:23 1065800 C:\Program Files\Spyware Doctor\SDTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-10-15 10:40 2045224 H:\Program Files\Nero 8 Ultra Edition\Nero 8\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-09-21 10:24 86016 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-17 07:47 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
--a------ 2005-09-03 02:20 302528 C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 19:20 866584 H:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]
--a------ 2003-10-10 03:01 184784 C:\Program Files\WildTangent\Apps\GameChannel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
--a------ 2007-06-08 20:29 224248 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019
"H:\\Program Files\\Power DVD 7.3\\PowerDVD.exe"=
"E:\\Tally\\tally9.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\\Network Diagnostic\\xpnetdiag.exe:@xpsp3res.dll,-20000
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"H:\\Flashget\\FlashGet.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"H:\\Microsoft Office Ultimate 2007\\Office12\\OUTLOOK.EXE"=
"H:\\Microsoft Office Ultimate 2007\\Office12\\GROOVE.EXE"=
"H:\\Microsoft Office Ultimate 2007\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25846:TCP"= 25846:TCP:BitComet 25846 TCP
"25846:UDP"= 25846:UDP:BitComet 25846 UDP
"25063:TCP"= 25063:TCP:BitComet 25063 TCP(ED2K)
"25063:UDP"= 25063:UDP:BitComet 25063 UDP(ED2K)
"27677:TCP"= 27677:TCP:BitComet 27677 TCP
"27677:UDP"= 27677:UDP:BitComet 27677 UDP
"28818:TCP"= 28818:TCP:BitComet 28818 TCP
"28818:UDP"= 28818:UDP:BitComet 28818 UDP
"27305:TCP"= 27305:TCP:BitComet 27305 TCP
"27305:UDP"= 27305:UDP:BitComet 27305 UDP
"21434:TCP"= 21434:TCP:BitComet 21434 TCP
"21434:UDP"= 21434:UDP:BitComet 21434 UDP
"24162:TCP"= 24162:TCP:BitComet 24162 TCP
"24162:UDP"= 24162:UDP:BitComet 24162 UDP
"21891:TCP"= 21891:TCP:BitComet 21891 TCP(ED2K)
"21891:UDP"= 21891:UDP:BitComet 21891 UDP(ED2K)
"35449:TCP"= 35449:TCP:BitComet 35449 TCP
"35449:UDP"= 35449:UDP:BitComet 35449 UDP
"24343:TCP"= 24343:TCP:BitComet 24343 TCP
"24343:UDP"= 24343:UDP:BitComet 24343 UDP
"25312:TCP"= 25312:TCP:BitComet 25312 TCP
"25312:UDP"= 25312:UDP:BitComet 25312 UDP
"22118:TCP"= 22118:TCP:BitComet 22118 TCP(ED2K)
"22118:UDP"= 22118:UDP:BitComet 22118 UDP(ED2K)
"23290:TCP"= 23290:TCP:BitComet 23290 TCP
"23290:UDP"= 23290:UDP:BitComet 23290 UDP
"54867:TCP"= 54867:TCP:BitComet 54867 TCP
"54867:UDP"= 54867:UDP:BitComet 54867 UDP
"17628:TCP"= 17628:TCP:BitComet 17628 TCP
"17628:UDP"= 17628:UDP:BitComet 17628 UDP
"24659:TCP"= 24659:TCP:BitComet 24659 TCP
"24659:UDP"= 24659:UDP:BitComet 24659 UDP
"15672:TCP"= 15672:TCP:BitComet 15672 TCP
"15672:UDP"= 15672:UDP:BitComet 15672 UDP
"24079:TCP"= 24079:TCP:BitComet 24079 TCP
"24079:UDP"= 24079:UDP:BitComet 24079 UDP
"26994:TCP"= 26994:TCP:BitComet 26994 TCP(ED2K)
"26994:UDP"= 26994:UDP:BitComet 26994 UDP(ED2K)
"25128:TCP"= 25128:TCP:BitComet 25128 TCP
"25128:UDP"= 25128:UDP:BitComet 25128 UDP
"16279:TCP"= 16279:TCP:BitComet 16279 TCP(ED2K)
"16279:UDP"= 16279:UDP:BitComet 16279 UDP(ED2K)
"22440:TCP"= 22440:TCP:BitComet 22440 TCP
"22440:UDP"= 22440:UDP:BitComet 22440 UDP
"25150:TCP"= 25150:TCP:BitComet 25150 TCP
"25150:UDP"= 25150:UDP:BitComet 25150 UDP
"22773:TCP"= 22773:TCP:BitComet 22773 TCP
"22773:UDP"= 22773:UDP:BitComet 22773 UDP
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 prcmondrv;prcmondrv;C:\WINDOWS\system32\drivers\prcmondrv1041.sys [2007-12-09 23:58]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 14:57]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2006-04-21 10:21]
S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};H:\Program Files\Power DVD 7.3\000.fcl []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2008-01-31 13:15]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 14:57]
S3 zebrbus;Sony Ericsson Composite Device driver;C:\WINDOWS\system32\DRIVERS\zebrbus.sys [2006-04-21 13:51]
S3 zebrmdfl;Sony Ericsson Modem Filter;C:\WINDOWS\system32\DRIVERS\zebrmdfl.sys [2006-04-21 13:51]
S3 zebrmdm;Sony Ericsson Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdm.sys [2006-04-21 13:52]
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdmc.sys [2006-04-21 13:52]
S3 zebrsce;Sony Ericsson PC-Connect Port;C:\WINDOWS\system32\DRIVERS\zebrsce.sys [2006-04-21 10:22]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1de52af3-9817-11dc-a8c8-0013d40c524b}]
\Shell\AutoRun\command - L:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2570ba10-c5e9-11dc-a98c-bcd3cc2679ab}]
\Shell\AutoRun\command - wscript.exe VirusRemoval.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d594bc2-aa59-11dc-a92b-b97f340f55ab}]
\Shell\AutoRun\command - I:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ae6232d-cb4e-11dc-a999-0013d40c524b}]
\Shell\AutoRun\command - L:\autorun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f75d2eaa-98bc-11dc-a8dd-a0d65521b9d2}]
\Shell\AutoRun\command - L:\autorun.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 11:45:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-02-23 02:01:37 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-23 08:17:07 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-22 20:07:48 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- H:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-24 02:23:07 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Compaq Owner.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-02-18 15:18:07 C:\WINDOWS\Tasks\WebReg 20080218204806.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exeX/TaskName 20080218204806 /N
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 13:57:56
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-23 14:00:03
.
2008-01-31 16:32:27 --- E O F ---



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:03 AM

Posted 23 February 2008 - 08:37 AM

Welcome to BC mithu1988

If you have an issue or problem you would like to discuss, please start your own topic. Doing that will help to avoid the confusion that often occurs when trying to help two or more people in the same thread with different problems. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette.

And as I said previously in this thread, you should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.

Further, you did not follow the required instructions for using ComboFix which are provided when the tool is used under proper supervision as its log indicates your machine does not have the Recovery Console installed.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users