1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Csrrs.exe, msconfig32.exe, mc-110-12-0000137.exe in Startup list

Discussion in 'Virus & Other Malware Removal' started by edgren48, Jul 28, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. edgren48

    edgren48 Thread Starter

    Joined:
    May 14, 2006
    Messages:
    19
    I have everything in my Startup tab for System Configuration Utility disabled and was checking it when I noticed a couple of programs that I didn't recognize. I Googled them and a couple came back saying they were trojans, spyware, and a virus. I'm planning on backing up all of my data soon and reformatting the HD. I was just wondering if it would be a good idea to try and remove the problems before I backed up my documents and drivers. The one was the W32.Gaobot.AO Worm, another was called the Tulu Trojan (I think) and SurfSideKick was an obvious one. I've posted a HJT log but haven't run any scans other than that. So should I clean before I reformat? Thanks in advance!

    Logfile of HijackThis v1.99.1
    Scan saved at 6:27:19 PM, on 7/28/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5346.0005)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Ben Edgren\My Documents\Ben\Setups\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - Default URLSearchHook is missing
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - blank (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - blank (file missing)
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143421852711
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125903236015
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
    O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\Program Files\Common Files\Microsoft Shared\Themes\blank
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
    O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\Program Files\Common Files\Microsoft Shared\Themes\blank
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    Download Combofix to your desktop:

    * Double-click combofix.exe & follow the prompts.
    * When finished, it shall produce a log for you. Post that log in your next reply.


    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    and then

    • Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Dont do anything with it yet!

    Reboot into Safe Mode
    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Doubleclick WinPFind.exe
    • Click " Configure Scan Options"
    • Select " Run Add ONs" and then select ALL the options in the box below it, Press Apply
    • Now Click "Start Scan"
    • It will scan the entire System, so please be patient!
    • Once the Scan is Complete
      • Reboot back to Normal Mode!
      • Go to the WinPFind folder
      • Locate WinPFind.txt
      • Place those results in the next post!. It will be too big to post so you will need to attach it to your reply
     
  3. edgren48

    edgren48 Thread Starter

    Joined:
    May 14, 2006
    Messages:
    19
    Here is the first part of the Combofix log. And the WinPFind.txt file is attached.

    Start Time= Sat 07/29/2006 16:30:48.75
    Running from: C:\Documents and Settings\Ben Edgren\Desktop

    QuickScan did not find any signs of infected files

    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-07-24 18:33:56 ( .D... ) "C:\Program Files\Common Files\Pure Networks Shared"
    2006-07-24 18:32:04 ( .D... ) "C:\Program Files\Pure Networks"
    2006-07-22 10:45:10 ( .D... ) "C:\Documents and Settings\Ben Edgren\Application Data\PlayFirst"
    2006-07-17 21:20:12 ( .D... ) "C:\Program Files\Shockwave.com"
    2006-07-09 13:42:44 392824 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
    2006-07-09 13:42:44 392824 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
    2006-07-09 13:42:14 83960 ( A.... ) "C:\WINDOWS\system32\zlcomm.dll"
    2006-07-09 13:42:14 71672 ( A.... ) "C:\WINDOWS\system32\zlcommdb.dll"
    2006-07-09 13:42:12 100344 ( A.... ) "C:\WINDOWS\system32\vsxml.dll"
    2006-07-09 13:42:12 59384 ( A.... ) "C:\WINDOWS\system32\vswmi.dll"
    2006-07-09 13:42:10 440312 ( A.... ) "C:\WINDOWS\system32\vsutil.dll"
    2006-07-09 13:42:10 71672 ( A.... ) "C:\WINDOWS\system32\vsregexp.dll"
    2006-07-09 13:42:08 268280 ( A.... ) "C:\WINDOWS\system32\vspubapi.dll"
    2006-07-09 13:42:08 157688 ( A.... ) "C:\WINDOWS\system32\vsinit.dll"
    2006-07-09 13:42:08 104440 ( A.... ) "C:\WINDOWS\system32\vsmonapi.dll"
    2006-07-09 13:42:06 83960 ( A.... ) "C:\WINDOWS\system32\vsdata.dll"
    2006-07-04 17:41:36 ( .D... ) "C:\Program Files\Starcraft"
    2006-07-04 17:32:44 ( .D... ) "C:\Program Files\DAEMON Tools"
    2006-07-02 18:40:56 ( .D... ) "C:\Program Files\EULAlyzer"
    2006-07-02 15:35:20 ( .D... ) "C:\Program Files\CDBurnerXP Pro 3"
    2006-07-01 22:56:10 ( .D... ) "C:\Program Files\Project64 1.6"
    2006-07-01 19:03:02 ( .D... ) "C:\Program Files\Jnes 0.6"
    2006-07-01 18:26:54 ( .D... ) "C:\Program Files\DivX"
    2006-07-01 18:15:48 ( .D... ) "C:\Program Files\XviD"
    2006-07-01 17:48:30 ( .D... ) "C:\Program Files\Common Files\xing shared"
    2006-07-01 17:47:52 176167 ( A.... ) "C:\WINDOWS\system32\rmoc3260.dll"
    2006-07-01 17:47:18 6656 ( A.... ) "C:\WINDOWS\system32\pndx5016.dll"
    2006-07-01 17:47:18 5632 ( A.... ) "C:\WINDOWS\system32\pndx5032.dll"
    2006-07-01 17:47:14 278528 ( A.... ) "C:\WINDOWS\system32\pncrt.dll"
    2006-07-01 17:46:58 ( .D... ) "C:\Program Files\Common Files\Real"
    2006-07-01 17:46:50 ( .D... ) "C:\Program Files\Real"
    2006-07-01 17:46:38 ( .D... ) "C:\Documents and Settings\Ben Edgren\Application Data\Real"
    2006-07-01 17:40:26 ( .D... ) "C:\Documents and Settings\Ben Edgren\Application Data\Media Player Classic"
    2006-07-01 12:14:28 ( .D... ) "C:\Program Files\Zone Labs"
    2006-06-30 20:24:54 ( .D... ) "C:\Program Files\BitComet"
    2006-06-30 17:37:10 ( .D... ) "C:\Program Files\Windows Installer Clean Up"
    2006-06-29 22:45:26 ( .D... ) "C:\Program Files\Microsoft ActiveSync"
    2006-06-29 22:44:18 ( .D... ) "C:\Program Files\Microsoft.NET"
    2006-06-29 22:14:34 ( .D... ) "C:\Documents and Settings\Ben Edgren\Application Data\Skype"
    2006-06-29 22:14:14 ( .D... ) "C:\Program Files\Skype"
    2006-06-21 18:55:30 ( .D... ) "C:\Program Files\Alwil Software"
    2006-06-18 17:54:08 796584 ( A.... ) "C:\WINDOWS\system32\libeay32_0.9.6l.dll"
    2006-06-17 22:13:42 ( .D... ) "C:\Documents and Settings\Ben Edgren\Application Data\Windows Live Safety Center"
    2006-06-17 20:54:28 ( .D... ) "C:\Program Files\Windows Live Safety Center"
    2006-06-15 14:55:04 778240 ( A.... ) "C:\WINDOWS\system32\divx_xx0c.dll"
    2006-06-15 14:55:04 778240 ( A.... ) "C:\WINDOWS\system32\divx_xx07.dll"
    2006-06-15 14:55:04 761856 ( A.... ) "C:\WINDOWS\system32\divx_xx11.dll"
    2006-06-15 14:55:04 620180 ( A.... ) "C:\WINDOWS\system32\DivX.dll"
    2006-06-14 10:49:08 118784 ( A.... ) "C:\WINDOWS\system32\DivXCodecUpdateChecker.exe"
    2006-06-12 12:22:08 520192 ( A.... ) "C:\WINDOWS\system32\DivXsm.exe"
    2006-06-08 20:45:50 ( .D... ) "C:\Program Files\Common Files\Command Software"
    2006-06-08 20:45:48 ( .D... ) "C:\Program Files\Common Files\PestPatrol"
    2006-06-08 19:54:12 ( .D... ) "C:\Documents and Settings\Ben Edgren\Application Data\MSN6"
    2006-06-08 19:40:44 ( .D... ) "C:\Documents and Settings\Ben Edgren\Application Data\MSNInstaller"
    2006-06-08 19:38:46 ( .D... ) "C:\Documents and Settings\Ben Edgren\Application Data\Verizon"
    2006-06-08 19:31:04 ( .D... ) "C:\Program Files\verizon"
    2006-06-08 18:10:48 ( .D... ) "C:\Program Files\Common Files\SupportSoft"
    2006-06-06 20:44:10 ( .D... ) "C:\Program Files\iTunes"
    2006-06-06 20:44:10 ( .D... ) "C:\Program Files\iPod"
    2006-06-06 12:37:54 48936 ( A.... ) "C:\WINDOWS\system32\sirenacm.dll"
    2006-06-04 16:19:12 ( .D... ) "C:\Program Files\Photo Story 3 for Windows"
    2006-05-31 18:41:20 ( .D... ) "C:\Documents and Settings\Ben Edgren\Application Data\Help"
    2006-05-31 02:02:04 624640 ( A.... ) "C:\WINDOWS\system32\aswBoot.exe"
    2006-05-31 01:54:36 90112 ( A.... ) "C:\WINDOWS\system32\AVASTSS.scr"
    2006-05-30 19:54:12 ( .D... ) "C:\Documents and Settings\Ben Edgren\Application Data\Lavasoft"
    2006-05-30 14:17:46 ( .D... ) "C:\Program Files\Common Files\urkk"
    2006-05-24 15:48:04 109568 ( ..... ) "C:\WINDOWS\system32\pxinsi64.exe"
    2006-05-24 15:48:04 108544 ( ..... ) "C:\WINDOWS\system32\pxcpyi64.exe"
    2006-05-24 15:47:12 3596288 ( A.... ) "C:\WINDOWS\system32\qt-dx331.dll"
    2006-05-24 15:46:52 53248 ( A.... ) "C:\WINDOWS\system32\dpuGUI10.dll"
    2006-05-24 15:46:44 593920 ( A.... ) "C:\WINDOWS\system32\dpuGUI11.dll"
    2006-05-24 15:46:44 344064 ( A.... ) "C:\WINDOWS\system32\dpus11.dll"
    2006-05-24 15:46:44 294912 ( A.... ) "C:\WINDOWS\system32\dpu11.dll"
    2006-05-24 15:46:44 294912 ( A.... ) "C:\WINDOWS\system32\dpu10.dll"
    2006-05-24 15:46:44 200704 ( A.... ) "C:\WINDOWS\system32\dtu100.dll"
    2006-05-24 15:46:44 90112 ( A.... ) "C:\WINDOWS\system32\dpl100.dll"
    2006-05-24 15:46:44 57344 ( A.... ) "C:\WINDOWS\system32\dpv11.dll"
    2006-05-24 15:43:44 1044480 ( A.... ) "C:\WINDOWS\system32\libdivx.dll"
    2006-05-24 15:43:44 200704 ( A.... ) "C:\WINDOWS\system32\ssldivx.dll"
    2006-05-24 15:43:40 245408 ( A.... ) "C:\WINDOWS\system32\unicows.dll"
    2006-05-19 05:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
    2006-05-19 05:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
    2006-05-19 05:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
    2006-05-12 11:52:28 290 ( A.... ) "C:\WINDOWS\system32\n.bat"
    2006-05-09 22:36:46 6656 ( A.... ) "C:\WINDOWS\system32\WdfMgr.exe"
    2006-05-09 22:36:46 6656 ( A.... ) "C:\WINDOWS\system32\uWDF.exe"
    2006-05-09 22:26:34 7706112 ( A.... ) "C:\WINDOWS\system32\wmploc.dll"
    2006-05-09 22:26:34 1641472 ( A.... ) "C:\WINDOWS\system32\wmpencen.dll"
    2006-05-09 22:26:34 1280000 ( A.... ) "C:\WINDOWS\system32\WMSPDMOE.dll"
    2006-05-09 22:26:34 1063424 ( A.... ) "C:\WINDOWS\system32\WMADMOE.dll"
    2006-05-09 22:26:34 992256 ( A.... ) "C:\WINDOWS\system32\wmnetmgr.dll"
    2006-05-09 22:26:34 705024 ( A.... ) "C:\WINDOWS\system32\wmadmod.dll"
    2006-05-09 22:26:34 564736 ( A.... ) "C:\WINDOWS\system32\WMSPDMOD.dll"
    2006-05-09 22:26:34 433152 ( ..... ) "C:\WINDOWS\system32\wmpeffects.dll"
    2006-05-09 22:26:34 417280 ( A.... ) "C:\WINDOWS\system32\wmdrmdev.dll"
    2006-05-09 22:26:34 337408 ( A.... ) "C:\WINDOWS\system32\wmdrmnet.dll"
    2006-05-09 22:26:34 306688 ( A.... ) "C:\WINDOWS\system32\MSWMDM.dll"
    2006-05-09 22:26:34 301056 ( A.... ) "C:\WINDOWS\system32\wmpdxm.dll"
    2006-05-09 22:26:34 267776 ( A.... ) "C:\WINDOWS\system32\Audiodev.dll"
    2006-05-09 22:26:34 237056 ( A.... ) "C:\WINDOWS\system32\wmpasf.dll"
    2006-05-09 22:26:34 221696 ( A.... ) "C:\WINDOWS\system32\wmasf.dll"
    2006-05-09 22:26:34 219648 ( A.... ) "C:\WINDOWS\system32\CEWMDM.dll"
    2006-05-09 22:26:34 212480 ( A.... ) "C:\WINDOWS\system32\msnetobj.dll"
    2006-05-09 22:26:34 203776 ( A.... ) "C:\WINDOWS\system32\wmpsrcwp.dll"
    2006-05-09 22:26:34 201728 ( A.... ) "C:\WINDOWS\system32\qasf.dll"
    2006-05-09 22:26:34 165376 ( A.... ) "C:\WINDOWS\system32\MsPMSP.dll"
    2006-05-09 22:26:34 155136 ( A.... ) "C:\WINDOWS\system32\wmidx.dll"
    2006-05-09 22:26:34 135680 ( ..... ) "C:\WINDOWS\system32\wmpps.dll"
    2006-05-09 22:26:34 97792 ( A.... ) "C:\WINDOWS\system32\wmpshell.dll"
    2006-05-09 22:26:34 36864 ( A.... ) "C:\WINDOWS\system32\WMDMPS.dll"
    2006-05-09 22:26:34 31744 ( A.... ) "C:\WINDOWS\system32\WMDMLOG.dll"
    2006-05-09 22:26:34 26112 ( A.... ) "C:\WINDOWS\system32\MsPMSNSv.dll"
    2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmvdmoe2.dll"
    2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmvdmod.dll"
    2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\WMVADVE.DLL"
    2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\WMVADVD.dll"
    2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmsdmoe2.dll"
    2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmsdmod.dll"
    2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wdfApi.dll"
    2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\MPG4DMOD.dll"
    2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\MP4SDMOD.dll"
    2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\MP43DMOD.dll"
    2006-05-09 22:26:32 218112 ( A.... ) "C:\WINDOWS\system32\wmerror.dll"
    2006-05-09 22:26:32 9728 ( A.... ) "C:\WINDOWS\system32\LAPRXY.dll"
    2006-05-09 22:26:32 7168 ( A.... ) "C:\WINDOWS\system32\asferror.dll"
    2006-05-09 22:22:32 2463744 ( A.... ) "C:\WINDOWS\system32\wmvcore.dll"
    2006-05-09 21:02:02 84480 ( A.... ) "C:\WINDOWS\system32\logagent.exe"
    2006-05-09 21:01:06 1463808 ( ..... ) "C:\WINDOWS\system32\WMVDECOD.dll"
    2006-05-09 21:01:06 1359360 ( ..... ) "C:\WINDOWS\system32\WMVSDECD.dll"
    2006-05-09 21:00:58 1455616 ( ..... ) "C:\WINDOWS\system32\WMVENCOD.dll"
    2006-05-09 21:00:58 770560 ( ..... ) "C:\WINDOWS\system32\WMVSENCD.dll"
    2006-05-09 21:00:58 299520 ( ..... ) "C:\WINDOWS\system32\MP4SDECD.dll"
    2006-05-09 21:00:58 241152 ( ..... ) "C:\WINDOWS\system32\MPG4DECD.dll"
    2006-05-09 21:00:56 636928 ( ..... ) "C:\WINDOWS\system32\WMVXENCD.dll"
    2006-05-09 21:00:56 241152 ( ..... ) "C:\WINDOWS\system32\MP43DECD.dll"
    2006-05-09 21:00:22 546816 ( ..... ) "C:\WINDOWS\system32\wmpmde.dll"
    2006-05-09 21:00:08 382976 ( ..... ) "C:\WINDOWS\system32\MFPLAT.dll"
    2006-05-09 21:00:02 1350656 ( A.... ) "C:\WINDOWS\system32\drmv2clt.dll"
    2006-05-09 20:59:34 513536 ( ..... ) "C:\WINDOWS\system32\wmdrmsdk.dll"
    2006-05-09 20:59:20 417280 ( A.... ) "C:\WINDOWS\system32\MSSCP.dll"
    2006-05-09 20:59:18 229376 ( ..... ) "C:\WINDOWS\system32\drmupgds.exe"
    2006-05-09 20:59:14 585216 ( A.... ) "C:\WINDOWS\system32\blackbox.dll"
    2006-05-09 20:58:54 3745280 ( ..... ) "C:\WINDOWS\system32\WpdShext.dll"
    2006-05-09 20:58:54 52224 ( ..... ) "C:\WINDOWS\system32\WPDShServiceObj.dll"
    2006-05-09 20:58:54 13824 ( ..... ) "C:\WINDOWS\system32\wpdshextautoplay.exe"
    2006-05-09 20:58:50 670208 ( A.... ) "C:\WINDOWS\system32\wpd_ci.dll"
    2006-05-09 20:58:50 103424 ( ..... ) "C:\WINDOWS\system32\PortableDeviceWiaCompat.dll"
    2006-05-09 20:58:48 345600 ( ..... ) "C:\WINDOWS\system32\PortableDeviceApi.dll"
    2006-05-09 20:58:48 188928 ( ..... ) "C:\WINDOWS\system32\PortableDeviceWMDRM.dll"
    2006-05-09 20:58:48 101376 ( ..... ) "C:\WINDOWS\system32\PortableDeviceClassExtension.dll"
    2006-05-09 20:58:46 343552 ( A.... ) "C:\WINDOWS\system32\WPDSp.dll"
    2006-05-09 20:58:40 144896 ( A.... ) "C:\WINDOWS\system32\wpdmtp.dll"
    2006-05-09 20:58:40 55808 ( A.... ) "C:\WINDOWS\system32\wpdmtpus.dll"
    2006-05-09 20:58:40 35840 ( A.... ) "C:\WINDOWS\system32\wpdconns.dll"
    2006-05-09 20:58:38 168960 ( ..... ) "C:\WINDOWS\system32\PortableDeviceTypes.dll"
    2006-05-09 20:58:38 13312 ( A.... ) "C:\WINDOWS\system32\wpdtrace.dll"
    2006-05-09 20:57:06 11264 ( ..... ) "C:\WINDOWS\system32\ehETW.dll"
    2006-05-09 20:45:20 304640 ( ..... ) "C:\WINDOWS\system32\MSDelta.dll"
    2006-05-09 20:00:48 22752 ( A.... ) "C:\WINDOWS\system32\spupdsvc.exe"
    2006-05-03 17:29:28 107134 ( A.... ) "C:\WINDOWS\UninstallFirefox.exe"


    (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


    2006-07-28 21:26 83,960 C:\WINDOWS\system32\zlcomm.dll
    2006-07-28 21:26 71,672 C:\WINDOWS\system32\zlcommdb.dll
    2006-07-27 21:43 267,767,808 C:\hiberfil.sys
    2006-07-01 18:27 109,568 C:\WINDOWS\system32\pxinsi64.exe
    2006-07-01 18:27 108,544 C:\WINDOWS\system32\pxcpyi64.exe
    2006-07-01 18:15 761,856 C:\WINDOWS\system32\xvidcore.dll
    2006-07-01 18:15 180,224 C:\WINDOWS\system32\xvidvfw.dll
    2006-07-01 17:47 6,656 C:\WINDOWS\system32\pndx5016.dll
    2006-07-01 17:47 5,632 C:\WINDOWS\system32\pndx5032.dll
    2006-07-01 17:47 278,528 C:\WINDOWS\system32\pncrt.dll
    2006-07-01 17:47 176,167 C:\WINDOWS\system32\rmoc3260.dll
    2006-07-01 16:11 796,584 C:\WINDOWS\system32\libeay32_0.9.6l.dll
    2006-07-01 16:11 59,384 C:\WINDOWS\system32\vswmi.dll
    2006-07-01 12:26 71,672 C:\WINDOWS\system32\vsregexp.dll
    2006-07-01 12:25 392,824 C:\WINDOWS\system32\vsdatant.sys
    2006-07-01 12:25 268,280 C:\WINDOWS\system32\vspubapi.dll
    2006-07-01 12:25 104,440 C:\WINDOWS\system32\vsmonapi.dll
    2006-07-01 12:25 100,344 C:\WINDOWS\system32\vsxml.dll
    2006-07-01 12:24 83,960 C:\WINDOWS\system32\vsdata.dll
    2006-07-01 12:24 440,312 C:\WINDOWS\system32\vsutil.dll
    2006-07-01 12:24 157,688 C:\WINDOWS\system32\vsinit.dll
    2006-06-30 18:12 266,360 C:\WINDOWS\system32\TweakUI.exe
    2006-06-29 22:47 24,816 C:\WINDOWS\system32\mdimon.dll
    2006-06-21 18:55 90,112 C:\WINDOWS\system32\AVASTSS.scr
    2006-06-21 18:55 624,640 C:\WINDOWS\system32\aswBoot.exe
    2006-06-15 14:55 778,240 C:\WINDOWS\system32\divx_xx0c.dll
    2006-06-15 14:55 778,240 C:\WINDOWS\system32\divx_xx07.dll
    2006-06-15 14:55 761,856 C:\WINDOWS\system32\divx_xx11.dll
    2006-06-15 14:55 620,180 C:\WINDOWS\system32\DivX.dll
    2006-06-14 10:49 118,784 C:\WINDOWS\system32\DivXCodecUpdateChecker.exe


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "RemoveWGA"="C:\\Documents and Settings\\Ben Edgren\\Desktop\\RemoveWGA.exe -startup"
    "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
    "WinUpdate.exe"="C:\\Program Files\\Windows\\WinUpdate.exe"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NVMCTRAY.DLL,NvTaskbarInit"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000003

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,c4,02,\
    00,00,04,00,00,40
    "RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,c4,02,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Compaq32 Service Drivers"="msconfig32.exe"
    "Sygate Personall Firewall"="Sygate32.exe"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
    "Compaq32 Service Drivers"="msconfig32.exe"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "Compaq32 Service Drivers"="msconfig32.exe"
    "Sygate Personall Firewall"="Sygate32.exe"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runservices]
    "Compaq32 Service Drivers"="msconfig32.exe"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
    "{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
    "backup"="C:\\WINDOWS\\pss\\Adobe Acrobat Speed Launcher.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\WINDOWS\\Installer\\{AC76BA86-1033-F400-8796-100000000002}\\SC_Acrobat.exe "
    "item"="Adobe Acrobat Speed Launcher"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
    "item"="Adobe Reader Speed Launch"
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
    "backup"="C:\\WINDOWS\\pss\\Google Updater.lnkCommon Startup"
    "location"="Common Startup"
    "item"="Google Updater"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    "backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
    "item"="Logitech Desktop Messenger"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
    "item"="Microsoft Office"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
    "backup"="C:\\WINDOWS\\pss\\Microsoft Works Calendar Reminders.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe "
    "item"="Microsoft Works Calendar Reminders"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ben Edgren^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    "backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
    "location"="Startup"
    "item"="Adobe Gamma"
    "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ben Edgren^Start Menu^Programs^Startup^CoolMon.lnk]
    "backup"="C:\\WINDOWS\\pss\\CoolMon.lnkStartup"
    "location"="Startup"
    "item"="CoolMon"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ben Edgren^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
    "backup"="C:\\WINDOWS\\pss\\OpenOffice.org 2.0.lnkStartup"
    "location"="Startup"
    "item"="OpenOffice.org 2.0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ben Edgren^Start Menu^Programs^Startup^Weather.lnk]
    "backup"="C:\\WINDOWS\\pss\\Weather.lnkStartup"
    "location"="Startup"
    "item"="Weather"
     

    Attached Files:

  4. edgren48

    edgren48 Thread Starter

    Joined:
    May 14, 2006
    Messages:
    19
    Here is the second part of the Combofix log.


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKLM"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="VERIZO~1"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\VERIZO~1\\HELPSU~1\\VERIZO~1.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ashDisp"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="avgcc"
    "hkey"="HKLM"
    "inimapping"="0"
    "command"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ccApp"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Compaq32 Service Drivers]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msconfig32"
    "hkey"="HKLM"
    "command"="msconfig32.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="csrrs"
    "hkey"="HKLM"
    "command"="csrrs.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="daemon"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="DSAgnt"
    "hkey"="HKCU"
    "command"="\"C:\\PROGRA~1\\DELLSU~1\\DSAgnt.exe\" /startup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="tfswctrl"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mc-110-12-0000137"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Common Files\\mc-110-12-0000137.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDBitSet]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="DVDBitSet"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\HP CD-DVD\\Umbrella\\DVDBitSet.exe\" /NOUI"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ezSP_Px"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\ezSP_Px.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GoogleDesktop"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="googletalk"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPCDTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="hpcdtray"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\HP CD-DVD\\Umbrella\\hpcdtray.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="iTunesHelper"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ManifestEngine"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ISStart"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="LogiTray"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="LVCOMSX"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="WksSb"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="WkUFind"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Activation"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MotiveSB"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\VERIZO~1\\HELPSU~1\\SMARTB~1\\MotiveSB.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msnmsgr"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="nmapp"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Pure Networks\\Network Magic\\nmapp.exe\" -autorun -nosplash"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton SystemWorks]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="cfgwiz"
    "hkey"="HKCU"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NvCpl"
    "hkey"="HKLM"
    "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NvMcTray"
    "hkey"="HKLM"
    "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="nwiz"
    "hkey"="HKLM"
    "command"="nwiz.exe /install"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PicasaMediaDetector"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qttask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKLM"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Satb]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="notepad"
    "hkey"="HKCU"
    "command"="\"C:\\DOCUME~1\\BENEDG~1\\MYDOCU~1\\RACLE~1\\notepad.exe\" -vt yazb"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartupDelayer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Startup Launcher GUI"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="jusched"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 3]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Ssk"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\SurfSideKick 3\\Ssk.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="realsched"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopSearch]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="TopSearch"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="VerizonServicepoint"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Verizon\\Servicepoint\\VerizonServicepoint.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusKeeper]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="VirusKeeper"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Weather"
    "hkey"="HKCU"
    "command"="C:\\PROGRA~1\\AWS\\WEATHE~1\\Weather.exe 1"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webrebates]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="webrebates"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="winampa"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Winamp\\winampa.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MSASCui"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="wkfud"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="YAHOOM~1"
    "hkey"="HKCU"
    "command"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "mpssvc"=dword:00000002
    "SPTISRV"=dword:00000003
    "PACSPTISVR"=dword:00000003
    "NVSvc"=dword:00000002
    "LiveUpdate"=dword:00000003
    "IDriverT"=dword:00000003
    "ewido security suite control"=dword:00000002
    "Automatic LiveUpdate Scheduler"=dword:00000002
    "Adobe LM Service"=dword:00000003
    "AVGEMS"=dword:00000002
    "Avg7UpdSvc"=dword:00000002
    "Avg7Alrt"=dword:00000002
    "iPodService"=dword:00000003
    "ose"=dword:00000003
    "nmraapache"=dword:00000003

    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
    DisableRegistryTools REG_DWORD 0 (0x0)

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\Print Spooler
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WinDefend


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Computer Management.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    Completion time: Sat 07/29/2006 16:31:38.71
    ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    first re-enable EVERYTHING in msconfig & reboot & post a fresh HJT log

    then runa full scan with avast & let it fix all it finds

    reboot & do this

    * Download the Trial/Demo version of Ewido Anti Spyware When the trial period expires it becomes freeware with reduced functions but still worth keeping or you have the option of buying a licence for the full version


    EWIDO DOWNLOAD

    * Install ewido.
    * Launch ewido
    * It will prompt you to update click the OK button and it will go to the main screen
    * On the top of the main screen click update
    * Click on Start and let it update.
    * now boot to safe mode by following advice here http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam
    * Now run Ewido:
    * Click on scanner then click on settings tab , select all options allowed & set the how to act to recommended actions and set recommended actions to quarantine then set automatically generate reports after every scan & only if threats were found
    * Now press the scan tab. Click the Complete System Scan button to start the scan.
    * When the scan is done you will see a list of infected objects (if any found) At the bottom of the list, Please click on "recommended action"/and choose to Set all Elements to quarantine and check the box "Perform action with all infections".
    If you get a warning about a file being in an archive, please choose *yes* to quarantine the entire archive
    * When the scan is finished, look at the bottom of the screen and click the Save report button.
    * Save the report to your desktop

    Post back with the ewido scan log and a second HJT log so we can compare & see what else is left
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/487346

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice