Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log Help!


  • Please log in to reply
10 replies to this topic

#1 Panduh

Panduh

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 03 October 2006 - 10:30 PM

Logfile of HijackThis v1.99.1
Scan saved at 9:55:01 PM, on 10/3/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Alex\LOCALS~1\Temp\Rar$EX00.877\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {4FC95EDD-4796-4966-9049-29649C80111D}_ - (no file)
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
R3 - URLSearchHook: (no name) - {4065FB35-39F5-4B06-F6AD-6943BC65AB91} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\VideosCodec\isaddon.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1158291556473
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O21 - SSODL: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - C:\WINDOWS\System32\gqagksr.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

can anyone tell me what is wrong with my comp? i think it is winfixer that is what norton said but it couldn't get rid of it and i tried the VundoFix, and the Virtumundobegon and it didn't work.

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 04 October 2006 - 08:09 PM

Hi Panduh and Welcome to the Bleeping Computer!


Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

#3 Panduh

Panduh
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 05 October 2006 - 04:10 PM

SmitFraudFix v2.105

Scan done at 16:00:55.85, Thu 10/05/2006
Run from C:\Documents and Settings\Alex\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\gqagksr.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Alex


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Alex\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Alex\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\VideosCodec\ FOUND !
C:\Program Files\VirusBurster\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b166be07-30a4-4d38-b781-44528a630706}"="hydrodictyon"

[HKEY_CLASSES_ROOT\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]
@="C:\WINDOWS\System32\gqagksr.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]
@="C:\WINDOWS\System32\gqagksr.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

k there is the smitfraudfix report.

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 05 October 2006 - 04:44 PM

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.



After posting C:\rapport.txt,Please download Combofix to your desktop.
http://download.bleepingcomputer.com/sUBs/combofix.exe

Doubleclick combo.exe to launch the application.

Follow the prompts that will be displayed on the screen.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log, combofix.txt

Please post that log in the next reply.

#5 Panduh

Panduh
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 05 October 2006 - 05:11 PM

SmitFraudFix v2.105

Scan done at 17:02:37.96, Thu 10/05/2006
Run from C:\Documents and Settings\Alex\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b166be07-30a4-4d38-b781-44528a630706}"="hydrodictyon"

[HKEY_CLASSES_ROOT\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]
@="C:\WINDOWS\System32\gqagksr.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]
@="C:\WINDOWS\System32\gqagksr.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\System32\gqagksr.dll -> Hoax.Win32.Renos.gen.e
C:\WINDOWS\System32\gqagksr.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\VideosCodec\ Deleted
C:\Program Files\VirusBurster\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

k thats the rapport, now i am runnning combofix and will post the log shortly.
»»»»»»»»»»»»»»»»»»»»»»»» End

#6 Panduh

Panduh
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 05 October 2006 - 05:16 PM

Alex - 06-10-05 17:10:03.84 Service Pack 1
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Alex\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Alex\My Documents\STEM32~1
C:\QooBox\Purity\Program Files\SSEMBL~1


((((((((((((((((((((((((((((((( Files Created from 2006-09-05 to 2006-10-05 ))))))))))))))))))))))))))))))))))


2006-10-05 16:00 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-10-05 16:00 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-10-05 16:00 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-10-05 16:00 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-10-03 13:29 33,792 --a------ C:\WINDOWS\ieuninst.exe
2006-10-02 20:15 48,816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-10-02 20:15 109,744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-10-02 20:15 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-10-02 12:30 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2006-10-02 12:30 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2006-10-02 12:30 8,448 --a------ C:\WINDOWS\system32\drivers\vspf_hk5.sys
2006-10-02 12:30 41,984 --a------ C:\WINDOWS\system32\drivers\FOPN.sys
2006-10-02 12:30 21,888 --a------ C:\WINDOWS\system32\drivers\vspf5.sys
2006-09-29 15:17 0 --a------ C:\WINDOWS\system32\Ultra.dll
2006-09-18 20:23 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-09-18 20:23 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-09-18 20:22 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-09-18 20:21 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-09-18 20:21 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2006-09-18 20:21 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-09-18 20:21 63,768 --a------ C:\WINDOWS\system32\dxdllreg.exe
2006-09-18 20:21 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2006-09-18 20:21 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys
2006-09-18 20:21 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2006-09-18 20:21 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2006-09-18 20:21 381,952 --a------ C:\WINDOWS\system32\dsound.dll
2006-09-18 20:21 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2006-09-18 20:21 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2006-09-18 20:21 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
2006-09-18 20:21 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2006-09-18 20:21 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2006-09-18 20:21 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2006-09-18 20:21 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2006-09-18 20:21 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2006-09-18 20:21 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2006-09-18 20:21 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2006-09-18 20:21 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
2006-09-18 20:21 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2006-09-18 20:21 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2006-09-18 20:21 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2006-09-18 20:21 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2006-09-18 20:21 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2006-09-18 20:21 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-09-18 20:21 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
2006-09-18 09:32 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-09-18 09:32 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-09-16 19:52 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-09-16 19:52 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-09-15 23:33 420,632 --a------ C:\WINDOWS\system32\wuapi.dll
2006-09-15 23:33 39,704 --a------ C:\WINDOWS\system32\wups.dll
2006-09-15 23:33 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-09-15 23:33 167,704 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-09-15 23:33 118,552 --a------ C:\WINDOWS\system32\wucltui.dll
2006-09-14 21:20 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-09-14 21:20 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-09-14 20:41 593,408 --a------ C:\WINDOWS\system32\h323msp.dll
2006-09-14 20:41 593,408 --------- C:\WINDOWS\system32\xpsp2res.dll
2006-09-14 20:41 548,352 --a------ C:\WINDOWS\system32\rtcdll.dll
2006-09-14 20:41 439,808 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-09-14 20:41 36,864 --a------ C:\WINDOWS\system32\mf3216.dll
2006-09-14 20:40 977,920 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-09-14 20:40 97,280 --a------ C:\WINDOWS\system32\txflog.dll
2006-09-14 20:40 831,519 --a------ C:\WINDOWS\system32\mswdat10.dll
2006-09-14 20:40 82,432 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-09-14 20:40 64,512 --a------ C:\WINDOWS\system32\mtxclu.dll
2006-09-14 20:40 64,512 --a------ C:\WINDOWS\system32\colbact.dll
2006-09-14 20:40 614,431 --a------ C:\WINDOWS\system32\mswstr10.dll
2006-09-14 20:40 594,944 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-09-14 20:40 552,989 --a------ C:\WINDOWS\system32\msrepl40.dll
2006-09-14 20:40 535,552 --a------ C:\WINDOWS\system32\rpcrt4.dll
2006-09-14 20:40 53,279 --a------ C:\WINDOWS\system32\msjter40.dll
2006-09-14 20:40 512,029 --a------ C:\WINDOWS\system32\msexch40.dll
2006-09-14 20:40 499,712 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-09-14 20:40 499,200 --a------ C:\WINDOWS\system32\comuid.dll
2006-09-14 20:40 421,919 --a------ C:\WINDOWS\system32\msrd2x40.dll
2006-09-14 20:40 380,957 --a------ C:\WINDOWS\system32\expsrv.dll
2006-09-14 20:40 367,616 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-14 20:40 358,976 --a------ C:\WINDOWS\system32\msjetoledb40.dll
2006-09-14 20:40 348,189 --a------ C:\WINDOWS\system32\msxbde40.dll
2006-09-14 20:40 348,189 --a------ C:\WINDOWS\system32\mspbde40.dll
2006-09-14 20:40 319,517 --a------ C:\WINDOWS\system32\msexcl40.dll
2006-09-14 20:40 315,423 --a------ C:\WINDOWS\system32\msrd3x40.dll
2006-09-14 20:40 30,749 --a------ C:\WINDOWS\system32\vbajet32.dll
2006-09-14 20:40 263,680 --a------ C:\WINDOWS\system32\rpcss.dll
2006-09-14 20:40 258,077 --a------ C:\WINDOWS\system32\mstext40.dll
2006-09-14 20:40 241,693 --a------ C:\WINDOWS\system32\msjtes40.dll
2006-09-14 20:40 226,816 --a------ C:\WINDOWS\system32\es.dll
2006-09-14 20:40 225,280 --a------ C:\WINDOWS\system32\catsrv.dll
2006-09-14 20:40 213,023 --a------ C:\WINDOWS\system32\msltus40.dll
2006-09-14 20:40 151,583 --a------ C:\WINDOWS\system32\msjint40.dll
2006-09-14 20:40 150,528 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-09-14 20:40 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-09-14 20:40 1,507,356 --a------ C:\WINDOWS\system32\msjet40.dll
2006-09-14 20:40 1,194,496 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-09-14 20:40 1,183,744 --a------ C:\WINDOWS\system32\ole32.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-05 17:06 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-03 20:29 -------- d-------- C:\Program Files\XoftSpy
2006-10-03 20:07 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-03 13:35 -------- d-------- C:\Program Files\Symantec
2006-10-03 13:33 -------- d-a------ C:\Program Files\Common Files
2006-10-03 13:33 -------- d-------- C:\Program Files\Outlook Express
2006-10-03 13:33 -------- d-------- C:\Program Files\Internet Explorer
2006-10-03 13:33 -------- d-------- C:\Program Files\Common Files\System
2006-10-03 13:33 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-03 13:31 -------- d-------- C:\Program Files\Lineage II
2006-10-03 13:31 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-03 13:30 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-02 21:15 -------- d-------- C:\Program Files\Norton AntiVirus
2006-10-02 20:50 -------- d-------- C:\Documents and Settings\Alex\Application Data\Symantec
2006-10-02 20:13 -------- d-------- C:\Documents and Settings\Alex\Application Data\uTorrent
2006-10-02 20:00 -------- d-------- C:\Program Files\Windows Media Player
2006-10-02 19:58 -------- d-------- C:\Program Files\MemoryWatcher
2006-10-02 19:54 -------- d-------- C:\Program Files\Homepage
2006-10-02 19:52 -------- d-------- C:\Program Files\Common Files\çasks
2006-10-02 14:34 -------- d-------- C:\Program Files\Softwin
2006-10-02 14:34 -------- d-------- C:\Program Files\Common Files\Softwin
2006-09-30 12:06 -------- d-------- C:\Program Files\Silkroad
2006-09-30 09:14 -------- d---s---- C:\Documents and Settings\Alex\Application Data\Microsoft
2006-09-29 15:17 -------- d-------- C:\Program Files\Bug Doctor
2006-09-29 15:11 -------- d-------- C:\Program Files\PC Registry Cleaner
2006-09-28 18:02 14 --a------ C:\AUTOEXEC.BAT
2006-09-28 18:02 10 --a------ C:\CONFIG.SYS
2006-09-18 22:30 -------- d-a------ C:\Program Files\Lycos
2006-09-18 22:30 -------- d--h----- C:\Program Files\Common Files\Uninstall Information
2006-09-18 20:19 -------- d-------- C:\Program Files\directx
2006-09-18 14:51 2 --a------ C:\WINDOWS\system32\wnstssv.exe
2006-09-18 14:38 -------- d-------- C:\Program Files\WinRAR
2006-09-18 12:48 -------- d-------- C:\Program Files\Wizet
2006-09-18 10:04 -------- d-------- C:\Program Files\Winamp
2006-09-18 09:58 -------- d-------- C:\Program Files\LimeWire
2006-09-18 09:58 -------- d-------- C:\Program Files\Java
2006-09-18 09:54 -------- d-------- C:\Program Files\Common Files\Java
2006-09-17 14:40 -------- d-------- C:\Program Files\Steam
2006-09-17 14:39 -------- d-------- C:\Program Files\Quake III Arena
2006-09-17 14:37 -------- d-------- C:\Program Files\Diablo II
2006-09-17 14:36 -------- d-------- C:\Program Files\Call of Duty
2006-09-17 13:06 -------- d-------- C:\Program Files\Yahoo!
2006-09-16 10:17 -------- d-------- C:\Documents and Settings\Alex\Application Data\Aim
2006-09-15 23:34 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-14 22:31 -------- d-------- C:\Program Files\MSN Messenger
2006-09-14 22:26 -------- d-------- C:\Documents and Settings\Alex\Application Data\Mozilla
2006-09-14 22:24 -------- d-------- C:\Program Files\mozilla.org
2006-09-14 21:25 -------- d-------- C:\Program Files\PopCap Games
2006-09-14 21:21 -------- d-------- C:\Program Files\DivX
2006-09-14 21:10 -------- d-------- C:\Documents and Settings\Alex\Application Data\Real
2006-09-14 21:08 -------- d-------- C:\Program Files\Common Files\xing shared
2006-09-14 21:08 -------- d-------- C:\Program Files\Common Files\Real
2006-09-14 21:07 -------- d-------- C:\Program Files\Real
2006-09-14 20:41 -------- d-------- C:\Program Files\NetMeeting
2006-09-14 20:39 148659 -r------- C:\Program Files\Common Files\ati3d2ag.exe
2006-09-14 20:31 -------- d-a------ C:\Program Files\TV Media
2006-09-14 20:31 -------- d-a------ C:\Program Files\SysAI
2006-09-14 20:19 48 --a------ C:\Documents and Settings\Alex\Application Data\tvmcwrd.dll
2006-09-14 20:19 -------- d-------- C:\Program Files\AWS
2006-09-14 20:12 401 --a------ C:\WINDOWS\system32\master12.dll
2006-09-14 20:10 26 --a------ C:\WINDOWS\system32\MSrev21.dll
2006-09-14 20:10 110 --a------ C:\WINDOWS\system32\MSrev41.dll
2006-08-11 10:35 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-08-11 10:35 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-08-11 10:35 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-08-11 10:35 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-08-11 10:31 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-08-11 10:31 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-08-11 10:31 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-08-11 10:31 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-11 10:31 620180 --a------ C:\WINDOWS\system32\DivX.dll
2006-08-11 10:31 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-08-11 10:31 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-08-11 10:31 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-08-11 10:31 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-08-11 10:31 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-08-11 10:31 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-08-11 10:31 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-08-11 10:31 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-08-11 10:31 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-08-07 16:02 534208 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-08-07 16:02 31936 --a------ C:\WINDOWS\system32\drivers\symids.sys
2006-08-07 16:02 28352 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2006-08-07 16:02 24768 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2006-08-07 16:02 195776 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2006-08-07 16:02 161472 --a------ C:\WINDOWS\system32\SymRedir.dll
2006-08-07 16:02 110784 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2006-08-07 16:01 12992 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Alex^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
"path"="C:\\Documents and Settings\\Alex\\Start Menu\\Programs\\Startup\\LimeWire On Startup.lnk"
"backup"="C:\\WINDOWS\\pss\\LimeWire On Startup.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\LimeWire\\LimeWire.exe -startup"
"item"="LimeWire On Startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Alex^Start Menu^Programs^Startup^Virtual Bouncer.lnk]
"path"="C:\\Documents and Settings\\Alex\\Start Menu\\Programs\\Startup\\Virtual Bouncer.lnk"
"backup"="C:\\WINDOWS\\pss\\Virtual Bouncer.lnkStartup"
"location"="Startup"
"command"="C:\\Program Files\\VBouncer\\VirtualBouncer.exe "
"item"="Virtual Bouncer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\GStartup.lnk"
"backup"="C:\\WINDOWS\\pss\\GStartup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\Common Files\\GMT\\GMT.exe /startup"
"item"="GStartup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Bakra]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IEHost34"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\IEHost34.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BDMCon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bdmcon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Softwin\\BitDefender8\\bdmcon.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BDNewsAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bdnagent"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Softwin\\BitDefender8\\bdnagent.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BearShare]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BearShare"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\bznnMarTf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bznnMarTf"
"hkey"="HKLM"
"command"="C:\\windows\\temp\\bznnMarTf.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\CloneCDElbyCDFL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ElbyCheck"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Elaborate Bytes\\CloneCD\\ElbyCheck.exe\" /L ElbyCDFL"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\CloneCDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CloneCDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Elaborate Bytes\\CloneCD\\CloneCDTray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\d3e64866c720]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="appmgr20"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\appmgr20.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DAEMON Tools-1033]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Eftzyk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="s?ool32"
"hkey"="HKCU"
"command"="C:\\Documents and Settings\\Alex\\My Documents\\??stem32\\s?ool32.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\fash]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fash"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\fash.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Icwa]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="scanregw"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\COMMON~1\\ASKS~1\\scanregw.exe\" -vt ndrv"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Nfo]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nfomon"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\nfomon\\nfomon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NVMCTRAY"
"hkey"="HKCU"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PC Registry Cleaner]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PC Registry Cleaner"
"hkey"="HKCU"
"command"="C:\\Program Files\\PC Registry Cleaner\\PC Registry Cleaner.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RunDLL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bridge"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\System32\\bridge.dll\",Load"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\smanp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="patchme"
"hkey"="HKLM"
"command"="C:\\Documents and Settings\\All Users\\Application Data\\pcsvc\\patchme.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="C:\\Program Files\\Steam\\Steam.exe -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TV Media]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Tvm"
"hkey"="HKLM"
"command"="C:\\Program Files\\TV Media\\Tvm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\vidmon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vidmon"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\vidmon\\vidmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\VirusBurster]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="virusburster"
"hkey"="HKLM"
"command"="C:\\Program Files\\VirusBurster\\virusburster.exe /h"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Vkksd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="j?vaw"
"hkey"="HKCU"
"command"="C:\\Program Files\\?ssembly\\j?vaw.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Alex.job

Completion time: Thu 10/05/2006 17:10:57.03
ComboFix.txt


k there is the combofix log.

#7 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 05 October 2006 - 05:27 PM

I will try to fix up msconfig later in the post,for now I need you to get as file scanned please

C:\WINDOWS\ieuninst.exe

Scan at the site below please
http://www.virustotal.com/en/indexf.html

Site may be busy but its not a rush on the file scan.


Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.


#8 Panduh

Panduh
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 05 October 2006 - 08:08 PM

Antivirus Version Update Result
AntiVir 7.2.0.22 10.05.2006 no virus found
Authentium 4.93.8 10.06.2006 no virus found
Avast 4.7.892.0 10.05.2006 no virus found
AVG 386 10.05.2006 no virus found
BitDefender 7.2 10.06.2006 no virus found
CAT-QuickHeal 8.00 10.05.2006 no virus found
ClamAV devel-20060426 10.05.2006 no virus found
DrWeb 4.33 10.05.2006 no virus found
eTrust-InoculateIT 23.73.15 10.06.2006 no virus found
eTrust-Vet 30.3.3115 10.05.2006 no virus found
Ewido 4.0 10.05.2006 no virus found
Fortinet 2.82.0.0 10.05.2006 no virus found
F-Prot 3.16f 10.06.2006 no virus found
F-Prot4 4.2.1.29 10.05.2006 no virus found
Ikarus 0.2.65.0 10.05.2006 no virus found
Kaspersky 4.0.2.24 10.06.2006 no virus found
McAfee 4867 10.05.2006 no virus found
Microsoft 1.1603 10.06.2006 no virus found
NOD32v2 1.1792 10.06.2006 no virus found
Norman 5.80.02 10.05.2006 no virus found
Panda 9.0.0.4 10.05.2006 no virus found
Sophos 4.10.0 10.05.2006 no virus found
Symantec 8.0 10.04.2006 no virus found
TheHacker 6.0.1.092 10.05.2006 no virus found
UNA 1.83 10.05.2006 no virus found
VBA32 3.11.1 10.05.2006 no virus found
VirusBuster 4.3.7:9 10.05.2006 no virus found


Aditional Information
File size: 33792 bytes
MD5: 470bc0fdac96e46ec58b2099145c3a5e
SHA1: 6099cca629f6dcb2476981ed9c8871db512b7475


thats from virus total.

#9 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 06 October 2006 - 04:18 PM

Thanks,lets see what F-Secure has to say and go from there.

#10 Panduh

Panduh
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 09 October 2006 - 09:59 PM

it didn't find anything. and i havn't had any popups inawhile also the icon in the lower left corner is gone. so thanks alot it really helped.

#11 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 10 October 2006 - 03:10 AM

Lets run one last scan to be sure we havent overlooked anything.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users