Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Followup


  • This topic is locked This topic is locked
1 reply to this topic

#1 Johnhazen

Johnhazen

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 31 March 2007 - 08:24 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:19:51 PM, on 3/31/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wfxsnt40.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\WinFax\WFXCTL32.EXE
C:\UPS\UOWS\Messages\WSDMessaging.exe
C:\Program Files\Microsoft Office 97\Office\OSA.EXE
C:\Program Files\Microsoft Office XP\Office10\msoffice.exe
C:\Program Files\WinFax\WFXMOD32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\notepad.exe
C:\WINDOWS\System32\notepad.exe
C:\My Downloads\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mossfoam.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office 97\Office\OSA.EXE
O4 - Global Startup: Controller.LNK = C:\Program Files\WinFax\WFXCTL32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office XP\Office10\OSA.EXE
O4 - Global Startup: UPS WorldShip Messaging Utility.lnk = C:\UPS\UOWS\Messages\WSDMessaging.exe
O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI01DA~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175141749921
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe


"John Hazen" - 07-03-31 18:13:29 Service Pack 1
ComboFix 07-03-27.4.2 - Running from: "C:\Documents and Settings\John Hazen\Desktop"

/wow section - STAGE #3

((((((((((((((((((((((((((((((( Files Created from 2007-02-28 to 2007-03-31 ))))))))))))))))))))))))))))))))))


2007-03-31 15:43 <DIR> d-------- C:\VundoFix Backups
2007-03-31 10:38 106,539 --a------ C:\WINDOWS\fccdde.dll
2007-03-29 18:49 454,656 --a------ C:\WINDOWS\ssndii.exe
2007-03-29 18:49 44,544 --a------ C:\WINDOWS\SYSTEM32\msxml4a.dll
2007-03-29 18:49 21,776 --a------ C:\WINDOWS\SYSTEM32\msxml2a.dll
2007-03-29 18:49 <DIR> d-------- C:\WINDOWS\Samsung
2007-03-29 18:47 57,344 --a------ C:\WINDOWS\SYSTEM32\SUGO3CI.dll
2007-03-29 18:47 151,552 --a------ C:\WINDOWS\SYSTEM32\SUGO3CI.exe
2007-03-28 21:27 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-03-28 21:27 <DIR> d-------- C:\WINDOWS\SYSTEM32\PreInstall
2007-03-28 21:27 <DIR> d-------- C:\WINDOWS\SYSTEM32\bits
2007-03-28 20:30 <DIR> d-------- C:\7c995415af88527d0ec856149e
2007-03-28 20:15 <DIR> d-------- C:\Program Files\NoAdware5.0
2007-03-28 16:37 <DIR> d-------- C:\DOCUME~1\JOHNHA~1\.housecall6.6
2007-03-28 15:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sunbelt Software
2007-03-28 14:51 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-03-28 13:36 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-03-26 18:26 31,366 --a------ C:\WINDOWS\Trojan9129837.exe
2007-03-24 13:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-03-24 10:21 32,768 --a------ C:\WINDOWS\SYSTEM32\mp43.exe
2007-03-24 10:21 32,768 --a------ C:\WINDOWS\NOTEDAD.EXE
2007-03-22 16:15 <DIR> d-------- C:\DOCUME~1\JOHNHA~1\APPLIC~1\Screenshot Sender
2007-03-20 09:25 32,768 --a------ C:\WINDOWS\SYSTEM32\svchtoost.exe
2007-03-17 15:26 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-03-17 14:51 <DIR> d-------- C:\DOCUME~1\JOHNHA~1\APPLIC~1\Musicmatch
2007-03-17 14:41 966,144 --a------ C:\WINDOWS\SYSTEM32\NCTAudioInformation2.dll
2007-03-17 14:41 877,568 --a------ C:\WINDOWS\SYSTEM32\NCTAudioFile2.dll
2007-03-17 14:41 724,992 --a------ C:\WINDOWS\SYSTEM32\ebCrypt.dll
2007-03-17 14:41 253,952 --a------ C:\WINDOWS\SYSTEM32\SkinBoxer43.dll
2007-03-17 14:16 <DIR> d-------- C:\Program Files\One-click CD Converter
2007-03-17 03:07 <DIR> d-------- C:\moody
2007-03-17 02:41 <DIR> d-------- C:\Program Files\MediaMonkey
2007-03-17 02:24 <DIR> d-------- C:\New Folder
2007-03-17 01:17 <DIR> d-------- C:\Program Files\APE To MP3 Plus
2007-03-16 23:56 <DIR> d-------- C:\Program Files\BitTorrent
2007-03-16 23:56 <DIR> d-------- C:\DOCUME~1\JOHNHA~1\APPLIC~1\BitTorrent
2007-03-16 23:01 27,110 --a------ C:\WINDOWS\SYSTEM32\jkhhi.exe
2007-03-16 22:52 <DIR> d-------- C:\WINDOWS\SYSTEM32\bak
2007-03-14 21:53 5,767,168 --a------ C:\DOCUME~1\JOHNHA~1\ntuser.dat
2007-03-13 15:02 9,584 --a------ C:\WINDOWS\SYSTEM32\LMImirr2.dll
2007-03-13 15:02 8,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\LMImirr.sys
2007-03-13 15:02 23,024 --a------ C:\WINDOWS\SYSTEM32\LMImirr.dll
2007-03-13 15:02 11,504 --a------ C:\WINDOWS\SYSTEM32\LMIinit.dll
2007-03-13 15:01 <DIR> d-------- C:\Program Files\LogMeIn
2007-03-13 14:58 <DIR> d-------- C:\LMI
2007-03-09 09:57 27,376 --a------ C:\WINDOWS\SYSTEM32\SBBD.exe
2007-02-28 17:07 <DIR> d-------- C:\DOCUME~1\JOHNHA~1\APPLIC~1\ZoomBrowser EX
2007-02-28 16:57 <DIR> d-------- C:\Program Files\Common Files\Canon
2007-02-28 16:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZoomBrowser


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-29 18:49 -------- d--h----- C:\Program Files\installshield installation information
2007-03-29 17:12 -------- d-------- C:\Program Files\winfax
2007-03-28 18:14 -------- d--h----- C:\Program Files\microsoft word
2007-03-28 11:02 -------- d-------- C:\Program Files\quicktime
2007-03-22 16:14 -------- d-------- C:\Program Files\messenger plus! live
2007-03-17 14:50 28256 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\MxlW2k.sys
2007-02-28 16:59 -------- d-------- C:\Program Files\canon
2007-01-15 10:32 689280 --a------ C:\WINDOWS\SYSTEM32\aswboot.exe
2007-01-15 10:23 90112 --a------ C:\WINDOWS\SYSTEM32\avastss.scr


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"PopUpStopperFreeEdition"="C:\\PROGRA~1\\PANICW~1\\POP-UP~1\\PSFree.exe"
"IESet"="IExplorer.dll .dbt"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"WinFaxAppPortStarter"="wfxsnt40.exe"
"Samsung PanelMgr"="C:\\WINDOWS\\Samsung\\PanelMgr\\SSMMgr.exe /autorun"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 4.0 SE Calendar Checker .lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Ulead Photo Express 4.0 SE Calendar Checker .lnk"
"backup"="C:\\WINDOWS\\pss\\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\ULEADS~1\\ULEADP~1.0SE\\CalCheck.exe "
"item"="Ulead Photo Express 4.0 SE Calendar Checker "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^John Hazen^Start Menu^Programs^Startup^BJ Status Monitor Canon i860.lnk]
"path"="C:\\Documents and Settings\\John Hazen\\Start Menu\\Programs\\Startup\\BJ Status Monitor Canon i860.lnk"
"backup"="C:\\WINDOWS\\pss\\BJ Status Monitor Canon i860.lnkStartup"
"location"="Startup"
"command"="C:\\DOCUME~1\\JOHNHA~1\\CNMSSC~1.EXE LPT1:;Canon i860;cnmss Canon i860 (Local).exe;BJ Status Monitor Canon i860.lnk"
"item"="BJ Status Monitor Canon i860"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^John Hazen^Start Menu^Programs^Startup^SUPPORT.GID]
"path"="C:\\Documents and Settings\\John Hazen\\Start Menu\\Programs\\Startup\\SUPPORT.GID"
"backup"="C:\\WINDOWS\\pss\\SUPPORT.GIDStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\John Hazen\\Start Menu\\Programs\\Startup\\SUPPORT.GID"
"item"="SUPPORT"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^John Hazen^Start Menu^Programs^Startup^symdiag.GID]
"path"="C:\\Documents and Settings\\John Hazen\\Start Menu\\Programs\\Startup\\symdiag.GID"
"backup"="C:\\WINDOWS\\pss\\symdiag.GIDStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\John Hazen\\Start Menu\\Programs\\Startup\\symdiag.GID"
"item"="symdiag"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^John Hazen^Start Menu^Programs^Startup^{4BAA3DC1-DCB0-11D2-9E6B-00805FCDA91F}.MSI]
"path"="C:\\Documents and Settings\\John Hazen\\Start Menu\\Programs\\Startup\\{4BAA3DC1-DCB0-11D2-9E6B-00805FCDA91F}.MSI"
"backup"="C:\\WINDOWS\\pss\\{4BAA3DC1-DCB0-11D2-9E6B-00805FCDA91F}.MSIStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\John Hazen\\Start Menu\\Programs\\Startup\\{4BAA3DC1-DCB0-11D2-9E6B-00805FCDA91F}.MSI"
"item"="{4BAA3DC1-DCB0-11D2-9E6B-00805FCDA91F}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2chkdsk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="efddcy"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\efddcy.dll\",setvm"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clipboard Buddy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CLIPBO~1"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\CLIPBO~1\\CLIPBO~1.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DSAgnt"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tfswctrl"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark_X79-55]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lsasss"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\lsasss.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LocationFinder"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft Location Finder\\LocationFinder.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mm_tray"
"hkey"="HKLM"
"command"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PCMService"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBCSTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SBCSTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Sunbelt Software\\CounterSpy\\SBCSTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ssqpmn"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\ssqpmn.dll\",setvm"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows auto update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"IESet"="IExplorer.dll .dbt"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SBCSSvc

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-03-31 18:15:15

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:32 PM

Posted 01 April 2007 - 03:25 PM

Thread closed, please stick with your original thread here:
http://www.bleepingcomputer.com/forums/top...tml#entry486390
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users