Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Reformated, Tons Of Problems From Factory


  • Please log in to reply
5 replies to this topic

#1 DemonSui

DemonSui

  • Members
  • 325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hammond, IN
  • Local time:05:09 PM

Posted 17 January 2007 - 05:13 PM

Logfile of HijackThis v1.99.1
Scan saved at 4:11:29 PM, on 1/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Documents and Settings\Administrator\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Let free your emotions so I can destroy them!

PSP M33 USER.

MY new PC is a laptop and I love it.

BC AdBot (Login to Remove)

 


#2 DemonSui

DemonSui
  • Topic Starter

  • Members
  • 325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hammond, IN
  • Local time:05:09 PM

Posted 17 January 2007 - 05:24 PM

DLLs loaded by process c:\program files\internet explorer\iexplore.exe:

[full path to filename] [file version] [company name]
C:\WINDOWS\system32\ntdll.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\kernel32.dll 5.1.2600.2945 Microsoft Corporation
C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\GDI32.dll 5.1.2600.2818 Microsoft Corporation
C:\WINDOWS\system32\USER32.dll 5.1.2600.2622 Microsoft Corporation
C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\SHLWAPI.dll 6.0.2900.3020 Microsoft Corporation
C:\WINDOWS\system32\SHELL32.dll 6.0.2900.2951 Microsoft Corporation
C:\WINDOWS\system32\ole32.dll 5.1.2600.2726 Microsoft Corporation
C:\WINDOWS\system32\urlmon.dll 7.0.5730.11 Microsoft Corporation
C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\iertutil.dll 7.0.5730.11 Microsoft Corporation
C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\IMM32.DLL 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 6.0.2900.2982 Microsoft Corporation
C:\WINDOWS\system32\comctl32.dll 5.82.2900.2982 Microsoft Corporation
C:\WINDOWS\system32\IEFRAME.dll 7.0.5730.11 Microsoft Corporation
C:\WINDOWS\system32\PSAPI.DLL 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\UxTheme.dll 6.0.2900.2180 Microsoft Corporation
C:\WINDOWS\system32\MSCTF.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\msctfime.ime 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\IEUI.dll 7.0.5730.11 Microsoft Corporation
C:\WINDOWS\system32\MSIMG32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll 5.1.3102.2180 Microsoft Corporation
C:\WINDOWS\system32\xmllite.dll 1.0.1018.0 Microsoft Corporation
C:\WINDOWS\system32\apphelp.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.308 Microsoft Corporation
C:\WINDOWS\system32\COMRes.dll 2001.12.4414.258 Microsoft Corporation
C:\WINDOWS\system32\msimtf.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\Secur32.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\mslbui.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\System32\cscui.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\ime\sptip.dll 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\OLEACC.dll 4.2.5406.0 Microsoft Corporation
C:\WINDOWS\system32\MSVCP60.dll 6.2.3104.0 Microsoft Corporation
C:\WINDOWS\IME\SPGRMR.DLL 5.1.2600.2180 Microsoft Corporation
C:\WINDOWS\system32\msi.dll 3.1.4000.2435 Microsoft Corporation
Let free your emotions so I can destroy them!

PSP M33 USER.

MY new PC is a laptop and I love it.

#3 DemonSui

DemonSui
  • Topic Starter

  • Members
  • 325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hammond, IN
  • Local time:05:09 PM

Posted 17 January 2007 - 06:08 PM

01/17/07 16:48:58 [Info]: BlackLight Engine 1.0.55 initialized
01/17/07 16:48:58 [Info]: OS: 5.1 build 2600 (Service Pack 2)
01/17/07 16:48:59 [Note]: 7019 4
01/17/07 16:48:59 [Note]: 7005 0
01/17/07 16:49:01 [Note]: 7006 0
01/17/07 16:49:01 [Note]: 7011 432
01/17/07 16:49:01 [Note]: 7026 0
01/17/07 16:49:01 [Note]: 7026 0
01/17/07 16:49:48 [Note]: FSRAW library version 1.7.1021
01/17/07 16:55:26 [Note]: 2000 1012
01/17/07 16:55:26 [Note]: 2000 1012
01/17/07 16:58:05 [Note]: 7007 0
Let free your emotions so I can destroy them!

PSP M33 USER.

MY new PC is a laptop and I love it.

#4 DemonSui

DemonSui
  • Topic Starter

  • Members
  • 325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hammond, IN
  • Local time:05:09 PM

Posted 17 January 2007 - 06:46 PM

HKLM\SECURITY\Policy\Secrets\SAC* 2/13/2006 4:22 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 2/13/2006 4:22 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 1/17/2007 5:18 PM 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed 1/17/2007 5:17 PM 4 bytes Data mismatch between Windows API and raw hive data.
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\History\cvt_[aX]_Cowboy_Bebop_-_Session_06_-_....lnk 1/17/2007 5:21 PM 2.12 KB Hidden from Windows API.
C:\Documents and Settings\Administrator\Application Data\Real\RealPlayer\Temp\r1ptemp51 1/17/2007 5:20 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\Administrator\Desktop\amv 1/15/2007 12:48 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Administrator\Desktop\amv\(AMV) Final Fantasy VIII, IX, X - Breaking the Habit (Linkin Park).mpg 5/18/2006 8:21 PM 32.85 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Administrator\Desktop\amv\(AMV) Naruto - Alive.mpg 6/3/2006 4:53 PM 55.74 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Administrator\Desktop\amv\(AMV) Naruto - Linkin Park- Nobody's Listening.mpg 6/1/2006 5:31 PM 13.37 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Administrator\Desktop\amv\(AMV) Naruto - Trapt - Headstrong.mpg 6/1/2006 5:31 PM 50.38 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Administrator\Desktop\amv\(amv) Styx - Mr Roboto (FLCL).mpeg 5/20/2006 9:36 AM 34.38 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Administrator\Desktop\amv\(AMV)Metallica - Enter Sandman (Final Fantasy) - Anime Music Video.mpg 6/16/2006 3:05 PM 44.21 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Administrator\Desktop\amv\(anime music video) - will smith - wild wild west (trigun).avi 6/16/2006 2:11 PM 48.67 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Administrator\Desktop\amv\(Anime Music Videos) - They Might Be Giants - Particle Man (DBZ).mpg 4/27/2006 10:04 AM 7.21 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Administrator\Desktop\amv\(Naruto) AMV - Way Of The Ninja.mpg 6/16/2006 4:44 PM 37.44 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Administrator\Desktop\amv\AMV - (Samurai X)- Du Hast (Rammstien).mpg 4/22/2006 9:30 PM 39.13 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Administrator\Desktop\amv\AMV - DBZ - Bon Jovi - It's My Life - Dragonball Z, GT anime music video.mpg 4/27/2006 6:28 AM 38.73 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Administrator\Desktop\amv\AMV - DBZ - Dragon Ball Z - Linkin Park - In The End - Dedicated to Bardock.mpg 4/27/2006 7:46 PM 36.95 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Administrator\Desktop\amv\AMV - Dragon Ball Z - Goku VS Brolly-Bring Me to Life -Evanescence DBZ Dragonball Z GT.mpg 4/17/2006 12:37 PM 39.37 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Administrator\Desktop\amv\AMV - Dragon Ball Z - Slipknot - Wait and Bleed.mpg 4/27/2006 11:10 AM 4.23 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Administrator\Desktop\amv\AMV - Final Fantasy 7, 9, 8, 10 - Linkin Park - Pushing Me Away.mpg 6/3/2006 3:57 PM 32.72 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Administrator\Desktop\amv\AMV - Final Fantasy VII - Advent Children - Forever Walking Alone.mpeg 4/29/2006 11:32 AM 48.04 MB Visible in Windows API, but not in MFT or directory index.

more stuff appeared, similar to this, but it kept freezing with the program wrote this log

Edited by DemonSui, 17 January 2007 - 06:47 PM.

Let free your emotions so I can destroy them!

PSP M33 USER.

MY new PC is a laptop and I love it.

#5 DemonSui

DemonSui
  • Topic Starter

  • Members
  • 325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hammond, IN
  • Local time:05:09 PM

Posted 18 January 2007 - 05:04 PM

"Administrator" - 07-01-18 16:00:16 Service Pack 2
ComboFix 07-01-18 - Running from: "C:\Documents and Settings\Administrator\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-18 to 2007-01-18 ))))))))))))))))))))))))))))))))))


2007-01-16 19:11 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\ESTSoft
2007-01-16 18:08 <DIR> d-------- C:\Program Files\ESTsoft
2007-01-16 16:15 4,392 --a------ C:\WINDOWS\system32\tmp.reg
2007-01-16 15:49 180,224 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-01-16 15:32 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\AdobeUM
2007-01-16 15:31 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Adobe
2007-01-16 14:41 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\HPQ
2007-01-16 13:55 <DIR> d-------- C:\WINDOWS\WBEM
2007-01-16 13:55 <DIR> d-------- C:\WINDOWS\system32\en-US
2007-01-16 13:53 <DIR> d--h-c--- C:\WINDOWS\ie7
2007-01-16 13:52 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-01-16 13:51 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-01-16 13:48 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-01-16 13:48 <DIR> d-------- C:\397c5117beb6d992a215
2007-01-16 12:41 23,040 --------- C:\WINDOWS\kb913800.exe
2007-01-16 12:36 <DIR> d--h----- C:\WINDOWS\PIF
2007-01-16 00:58 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-01-15 21:54 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-01-15 21:05 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Incomplete
2007-01-15 21:04 <DIR> d-------- C:\Program Files\LimeWire
2007-01-15 21:03 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.limewire
2007-01-15 20:52 <DIR> d-------- C:\Program Files\BitTorrent
2007-01-15 20:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\BitTorrent
2007-01-15 18:48 <DIR> d-------- C:\WINDOWS\system32\bak
2007-01-15 16:10 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-15 16:08 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-01-15 16:08 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-01-15 15:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-15 14:38 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Yahoo!
2007-01-15 14:36 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2007-01-15 14:36 65,536 --a------ C:\WINDOWS\system32\YCRWin32.dll
2007-01-15 14:36 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-01-15 14:36 <DIR> d-------- C:\Program Files\Yahoo!
2007-01-15 14:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\yahoo!
2007-01-15 14:17 <DIR> d-------- C:\WINDOWS\cache
2007-01-15 14:14 <DIR> d---s---- C:\DOCUME~1\ADMINI~1\UserData
2007-01-15 14:05 <DIR> d-------- C:\Program Files\BroadJump
2007-01-15 14:01 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2007-01-15 14:01 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-01-15 14:01 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2007-01-15 14:01 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-01-15 14:01 404,752 --a------ C:\WINDOWS\system32\javart.dll
2007-01-15 14:01 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-01-15 14:01 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-01-15 14:01 253,952 --------- C:\WINDOWS\SBCDSL.exe
2007-01-15 14:01 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2007-01-15 14:01 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2007-01-15 14:01 172,304 --a------ C:\WINDOWS\system32\jview.exe
2007-01-15 14:01 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2007-01-15 14:01 171,280 --a------ C:\WINDOWS\system32\jit.dll
2007-01-15 14:01 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2007-01-15 14:01 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2007-01-15 14:01 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-01-15 14:01 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-01-15 14:01 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-01-15 13:19 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\acccore
2007-01-15 13:18 <DIR> d-------- C:\Program Files\Viewpoint
2007-01-15 13:18 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2007-01-15 13:18 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-01-15 13:18 <DIR> d-------- C:\Program Files\AIM6
2007-01-15 13:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Viewpoint
2007-01-15 13:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL OCP
2007-01-15 13:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL
2007-01-15 13:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL Downloads
2007-01-15 12:52 <DIR> d-------- C:\Program Files\World of Warcraft
2007-01-15 12:52 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-01-15 12:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Google
2007-01-15 12:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-11 11:18 53,168,545 --a------ C:\4060-15.EXE
2007-01-11 11:18 4,877 --a------ C:\WAIT.EXE
2007-01-11 11:18 1,371 --a------ C:\GO.BAT
2007-01-11 11:18 <DIR> d-------- C:\temp
2007-01-11 10:38 2,963 --a------ C:\FINAL.BAT
2007-01-10 09:28 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-01-10 09:28 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-01-08 11:25 <DIR> d-------- C:\documents
2007-01-08 11:13 783,872 --a------ C:\WINDOWS\RDBios32.dll
2007-01-08 11:13 493,253 --a------ C:\WINDOWS\BIOSLock.exe
2007-01-08 11:13 371,581 --a------ C:\WINDOWS\WBDED44I.DLL


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-18 13:16 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-17 23:31 -------- d---s---- C:\DOCUME~1\ADMINI~1\Application Data\microsoft
2007-01-16 12:57 -------- d-------- C:\Program Files\norton internet security
2007-01-15 22:27 -------- d-------- C:\Program Files\symantec
2007-01-15 19:25 -------- d-------- C:\Program Files\pc-doctor 5 for windows
2007-01-15 19:25 -------- d-------- C:\Program Files\disc
2007-01-15 18:48 -------- d-------- C:\Program Files\messenger
2007-01-15 15:21 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\real
2007-01-15 12:55 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\macromedia
2007-01-15 12:34 -------- d-------- C:\Program Files\google
2006-11-07 23:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-19 07:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 23:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 23:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 23:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 23:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 23:47 937984 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-10-18 23:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 23:47 767488 --------- C:\WINDOWS\system32\wmvsencd.dll
2006-10-18 23:47 757248 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-10-18 23:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 23:47 656896 --------- C:\WINDOWS\system32\wmvxencd.dll
2006-10-18 23:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 23:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 23:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 23:47 603648 --a------ C:\WINDOWS\system32\wmspdmod.dll
2006-10-18 23:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 23:47 535040 --a------ C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 23:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 23:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 23:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 23:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 23:47 4096 --a------ C:\WINDOWS\system32\wmvadve.dll
2006-10-18 23:47 4096 --a------ C:\WINDOWS\system32\wmvadvd.dll
2006-10-18 23:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 23:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 23:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 23:47 4096 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-10-18 23:47 4096 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2006-10-18 23:47 4096 --a------ C:\WINDOWS\system32\mp43dmod.dll
2006-10-18 23:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 23:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 23:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 23:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 23:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 23:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 23:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 23:47 317440 --------- C:\WINDOWS\system32\mp4sdecd.dll
2006-10-18 23:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 23:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 23:47 284160 --------- C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 23:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 23:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 23:47 2603008 --------- C:\WINDOWS\system32\wpdshext.dll
2006-10-18 23:47 259072 --------- C:\WINDOWS\system32\mpg4decd.dll
2006-10-18 23:47 259072 --------- C:\WINDOWS\system32\mp43decd.dll
2006-10-18 23:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 23:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 23:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 23:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 23:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 23:47 212992 --a------ C:\WINDOWS\system32\mfplat.dll
2006-10-18 23:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 23:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 23:47 199168 --------- C:\WINDOWS\system32\portabledevicewmdrm.dll
2006-10-18 23:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 23:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 23:47 166912 --------- C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 23:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 23:47 1574912 --------- C:\WINDOWS\system32\wmvencod.dll
2006-10-18 23:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 23:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 23:47 1543680 --------- C:\WINDOWS\system32\wmvdecod.dll
2006-10-18 23:47 1382912 --------- C:\WINDOWS\system32\wmvsdecd.dll
2006-10-18 23:47 133632 --------- C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 23:47 1329152 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2006-10-18 23:47 132096 --------- C:\WINDOWS\system32\portabledevicewiacompat.dll
2006-10-18 23:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 23:47 11264 --a------ C:\WINDOWS\system32\laprxy.dll
2006-10-18 23:47 1117696 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-10-18 23:47 101888 --------- C:\WINDOWS\system32\portabledeviceclassextension.dll
2006-10-18 22:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 22:00 249856 --a------ C:\WINDOWS\system32\drmupgds.exe
2006-10-18 22:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.8472\\GoogleToolbarNotifier.exe"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"AlwaysReady Power Message APP"="ARPWRMSG.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"RTHDCPL"="RTHDCPL.EXE"
"HPHUPD08"="c:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"DISCover"="C:\\Program Files\\DISC\\DISCover.exe"
"DiscUpdateManager"="C:\\Program Files\\DISC\\DiscUpdateMgr.exe"
"DMAScheduler"="c:\\Program Files\\Sonic\\DigitalMedia Plus\\DigitalMedia Archive\\DMAScheduler.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
@=""
"PCDrProfiler"="\"C:\\Program Files\\PC-Doctor 5 for Windows\\RunProfiler.exe\" -r"
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SSC_UserPrompt"="\"c:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe\""
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
48,50,5c,48,50,20,53,6f,66,74,77,61,72,65,20,55,70,64,61,74,65,5c,48,50,77,\
75,53,63,68,64,32,2e,65,78,65,00
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"YBrowser"="C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2bc75cb8-9c79-11da-99cc-0015f2a9f7da}]
Shell\AutoRun\command ~tmp0.1st.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68db5071-9f38-11db-8a24-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Administrator.job

Completion time: 07-01-18 16:02:49
Let free your emotions so I can destroy them!

PSP M33 USER.

MY new PC is a laptop and I love it.

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:09 PM

Posted 28 January 2007 - 09:05 AM

Hello DemonSui and welcome to the BC HijackThis forum. I see no signs of viruses or malware in the log. It is clean.

There are a couple of housekeeping items we can clean out so let's do that while you are here.

Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

Other than that all the logs look good.

Post back with the details of what issues you are encountering and I can point you to the correct forum for assistance.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users