Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

I've had them all BUT............

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

I've had them all BUT............

Unread postby Sirobloud » March 22nd, 2011, 9:22 am

HI,
I'm new to this site and what brought me here is all the great things I've heard about it.
I think I've stepped in all the malware manure that anyone can ever step in and I've been lucky to rid myself of all of them. This one is something new. I ran combofix (simply a great program) and I've been asked to post the log and ask what I should do next.
Well here it is. Am I clean? Or do is there something else that stinks.
Any help would be appreciated.
Thanks in advance.
Bo :drunken:
ComboFix 11-03-21.02 - New User 03/22/2011 8:12.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.781 [GMT -4:00]
Running from: n:\downloads\ComboFix.exe
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\aboutbuster\AboutBuster.exe
c:\documents and settings\Boris Kowal\Application Data\inst.exe
c:\documents and settings\Boris Kowal\Application Data\Mozilla\Firefox\Profiles\4bpwaez6.default\extensions\{39242b80-8c84-41b8-8425-5ba2f6b2636e}
c:\documents and settings\Boris Kowal\Application Data\Mozilla\Firefox\Profiles\4bpwaez6.default\extensions\{39242b80-8c84-41b8-8425-5ba2f6b2636e}\chrome.manifest
c:\documents and settings\Boris Kowal\Application Data\Mozilla\Firefox\Profiles\4bpwaez6.default\extensions\{39242b80-8c84-41b8-8425-5ba2f6b2636e}\chrome\xulcache.jar
c:\documents and settings\Boris Kowal\Application Data\Mozilla\Firefox\Profiles\4bpwaez6.default\extensions\{39242b80-8c84-41b8-8425-5ba2f6b2636e}\defaults\preferences\xulcache.js
c:\documents and settings\Boris Kowal\Application Data\Mozilla\Firefox\Profiles\4bpwaez6.default\extensions\{39242b80-8c84-41b8-8425-5ba2f6b2636e}\install.rdf
c:\documents and settings\Boris Kowal\Application Data\syswin
c:\documents and settings\Boris Kowal\Desktop\Perfect Optimizer.lnk
c:\documents and settings\Boris Kowal\Start Menu\Programs\Perfect Optimizer
c:\documents and settings\Boris Kowal\Start Menu\Programs\Perfect Optimizer\Perfect Optimizer.lnk
c:\documents and settings\Boris Kowal\Start Menu\Programs\Perfect Optimizer\Uninstall.lnk
c:\documents and settings\Boris Kowal\Start Menu\Programs\Perfect Optimizer\Website.lnk
c:\documents and settings\Guest 2\Application Data\Mozilla\Firefox\Profiles\721dpx1d.default\extensions\{39242b80-8c84-41b8-8425-5ba2f6b2636e}
c:\documents and settings\Guest 2\Application Data\Mozilla\Firefox\Profiles\721dpx1d.default\extensions\{39242b80-8c84-41b8-8425-5ba2f6b2636e}\chrome.manifest
c:\documents and settings\Guest 2\Application Data\Mozilla\Firefox\Profiles\721dpx1d.default\extensions\{39242b80-8c84-41b8-8425-5ba2f6b2636e}\chrome\xulcache.jar
c:\documents and settings\Guest 2\Application Data\Mozilla\Firefox\Profiles\721dpx1d.default\extensions\{39242b80-8c84-41b8-8425-5ba2f6b2636e}\defaults\preferences\xulcache.js
c:\documents and settings\Guest 2\Application Data\Mozilla\Firefox\Profiles\721dpx1d.default\extensions\{39242b80-8c84-41b8-8425-5ba2f6b2636e}\install.rdf
c:\documents and settings\LocalService\Application Data\02000000f1c9693c1203C.manifest
c:\documents and settings\LocalService\Application Data\02000000f1c9693c1203O.manifest
c:\documents and settings\LocalService\Application Data\02000000f1c9693c1203P.manifest
c:\documents and settings\LocalService\Application Data\02000000f1c9693c1203S.manifest
c:\documents and settings\Marta Kowal\Application Data\Dealio
c:\documents and settings\Marta Kowal\Application Data\Mozilla\Firefox\Profiles\67kqixas.default\extensions\{39242b80-8c84-41b8-8425-5ba2f6b2636e}
c:\documents and settings\Marta Kowal\Application Data\Mozilla\Firefox\Profiles\67kqixas.default\extensions\{39242b80-8c84-41b8-8425-5ba2f6b2636e}\chrome.manifest
c:\documents and settings\Marta Kowal\Application Data\Mozilla\Firefox\Profiles\67kqixas.default\extensions\{39242b80-8c84-41b8-8425-5ba2f6b2636e}\chrome\xulcache.jar
c:\documents and settings\Marta Kowal\Application Data\Mozilla\Firefox\Profiles\67kqixas.default\extensions\{39242b80-8c84-41b8-8425-5ba2f6b2636e}\defaults\preferences\xulcache.js
c:\documents and settings\Marta Kowal\Application Data\Mozilla\Firefox\Profiles\67kqixas.default\extensions\{39242b80-8c84-41b8-8425-5ba2f6b2636e}\install.rdf
c:\documents and settings\NetworkService\Application Data\02000000f1c9693c1203C.manifest
c:\documents and settings\NetworkService\Application Data\02000000f1c9693c1203O.manifest
c:\documents and settings\NetworkService\Application Data\02000000f1c9693c1203P.manifest
c:\documents and settings\NetworkService\Application Data\02000000f1c9693c1203S.manifest
c:\hijackthis\HijackThis.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Installr\2.bin\F3EZSETP.DLL
c:\program files\FunWebProducts\Installr\2.bin\F3PLUGIN.DLL
c:\program files\FunWebProducts\Installr\2.bin\NPFUNWEB.DLL
c:\program files\INSTALL.LOG
c:\program files\Perfect Optimizer
c:\program files\Perfect Optimizer\aamd532.dll
c:\program files\Perfect Optimizer\ActiveX.dat
c:\program files\Perfect Optimizer\Apps.dat
c:\program files\Perfect Optimizer\Components.dat
c:\program files\Perfect Optimizer\Config.db
c:\program files\Perfect Optimizer\config\about.bmp
c:\program files\Perfect Optimizer\config\head.bmp
c:\program files\Perfect Optimizer\config\Lng2Const.xml
c:\program files\Perfect Optimizer\config\logo.ico
c:\program files\Perfect Optimizer\config\Menu.xml
c:\program files\Perfect Optimizer\config\PerfectOptimzer.chm
c:\program files\Perfect Optimizer\config\register.jpg
c:\program files\Perfect Optimizer\config\SmallLogo.bmp
c:\program files\Perfect Optimizer\config\splash.jpg
c:\program files\Perfect Optimizer\config\website.url
c:\program files\Perfect Optimizer\Data\Service\campus_model.bat
c:\program files\Perfect Optimizer\Data\Service\default_model.bat
c:\program files\Perfect Optimizer\Data\Service\home_model.bat
c:\program files\Perfect Optimizer\Data\Service\interner_model.bat
c:\program files\Perfect Optimizer\Data\Service\notebook_model.bat
c:\program files\Perfect Optimizer\Data\Service\office_model.bat
c:\program files\Perfect Optimizer\FreeUse.dll
c:\program files\Perfect Optimizer\InstallDll.dll
c:\program files\Perfect Optimizer\License.dll
c:\program files\Perfect Optimizer\License.ini
c:\program files\Perfect Optimizer\MiracleLib.dll
c:\program files\Perfect Optimizer\PerfectOptimizer.exe
c:\program files\Perfect Optimizer\PerfectOptimizer.ini
c:\program files\Perfect Optimizer\report.html
c:\program files\Perfect Optimizer\SEClean.DLL
c:\program files\Perfect Optimizer\SERes.DLL
c:\program files\Perfect Optimizer\sqlite3.dll
c:\program files\Perfect Optimizer\unins000.dat
c:\program files\Perfect Optimizer\unins000.exe
c:\program files\Perfect Optimizer\Update.exe
c:\program files\Perfect Optimizer\website.url
c:\program files\Perfect Optimizer\WinUpdate.exe
c:\program files\Search Settings
c:\windows\BackUp
c:\windows\BackUp\TB040912.DAT
c:\windows\Fonts\acrsec.fon
c:\windows\mscmswow.exe
c:\windows\patch.exe
c:\windows\Readme.txt
c:\windows\system32\337105991
c:\windows\system32\337105991\new.i0.kwd
c:\windows\system32\337105991\new.i1.kwd
c:\windows\system32\337105991\new.i2.kwd
c:\windows\system32\337105991\new.i3.kwd
c:\windows\system32\964830911
c:\windows\system32\964830911\frt0.rar
c:\windows\system32\964830911\frt0.rar.ver
c:\windows\system32\964830911\frt1.rar
c:\windows\system32\964830911\frt1.rar.ver
c:\windows\system32\964830911\frt2.rar
c:\windows\system32\964830911\frt3.rar
c:\windows\system32\964830911\frt4.rar
c:\windows\system32\964830911\frt5.rar
c:\windows\system32\964830911\frt6.rar
c:\windows\system32\964830911\frt7.rar
c:\windows\system32\964830911\frt7.rar.ver
c:\windows\system32\SysWoW32
c:\windows\system32\SysWoW32\_u2088757626v0
c:\windows\system32\SysWoW32\_u2088757626v1
c:\windows\system32\SysWoW32\_u2088757626v2
c:\windows\system32\SysWoW32\_u2088757626v3
c:\windows\system32\SysWoW32\mu2088757626v4
c:\windows\system32\SysWoW32\mu2088757626v4.kwd
c:\windows\system32\SysWoW32\mu2088757626v5
c:\windows\system32\SysWoW32\mu2088757626v5.kwd
c:\windows\system32\SysWoW32\mu2088757626v6
c:\windows\system32\SysWoW32\mu2088757626v6.kwd
c:\windows\system32\SysWoW32\mu2088757626v7
c:\windows\system32\SysWoW32\mu2088757626v7.kwd
c:\windows\system32\SysWoW32\wu2088757626v0
c:\windows\system32\SysWoW32\wu2088757626v0.kwd
c:\windows\system32\SysWoW32\wu2088757626v1
c:\windows\system32\SysWoW32\wu2088757626v1.kwd
c:\windows\system32\SysWoW32\wu2088757626v2
c:\windows\system32\SysWoW32\wu2088757626v2.kwd
c:\windows\system32\SysWoW32\wu2088757626v3
c:\windows\system32\SysWoW32\wu2088757626v3.kwd
c:\windows\trafficwow.exe
L:\Autorun.inf
M:\autorun.inf
N:\autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SVCPROC
.
.
((((((((((((((((((((((((( Files Created from 2011-02-22 to 2011-03-22 )))))))))))))))))))))))))))))))
.
.
2011-03-22 12:31 . 2011-03-22 12:31 -------- d-----w- c:\windows\system32\337105991
2011-03-21 23:17 . 2011-03-21 23:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Trend Micro
2011-03-21 22:27 . 2011-03-21 23:12 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2011-03-21 22:27 . 2011-03-21 23:12 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2011-03-21 22:27 . 2011-03-21 23:12 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-03-21 21:24 . 2011-03-21 21:24 -------- d-sh--w- c:\documents and settings\Boris Kowal\PrivacIE
2011-03-21 19:54 . 2011-03-21 19:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2011-03-21 17:17 . 2011-03-21 17:17 -------- d-----w- c:\program files\VS Revo Group
2011-03-21 15:54 . 2011-03-21 15:54 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-21 09:14 . 2011-03-21 09:14 1075200 --sha-w- c:\windows\system32\47.tmp
2011-03-20 13:12 . 2011-03-20 13:12 1074688 --sha-w- c:\windows\system32\68.tmp
2011-03-18 14:59 . 2011-03-18 15:33 -------- d-----w- c:\program files\Lotto007
2011-03-18 14:19 . 2011-03-18 14:19 203776 --sh--w- c:\windows\system32\unrar.exe
2011-03-18 14:19 . 2011-03-21 16:58 -------- d-sh--w- c:\windows\system32\6E5CEB233999F15FA373936550C72042
2011-03-18 14:19 . 2011-03-19 17:12 1074688 --sha-w- c:\windows\system32\294.tmp
2011-03-18 14:19 . 2011-03-18 14:19 1074688 --sha-w- c:\windows\system32\293.tmp
2011-03-18 14:19 . 2011-03-15 23:15 1430528 ----a-w- c:\windows\system32\CDWHrdwr32.exe
2011-03-18 14:19 . 2011-03-18 14:19 257536 ----a-w- c:\windows\system32\javacypt32.dll
2011-03-18 14:18 . 2011-03-15 23:15 1430528 ----a-w- c:\windows\system32\polstore32.exe
2011-03-18 14:18 . 2011-03-18 14:18 210432 ----a-w- c:\windows\system32\javacypt32.exe
2011-03-18 14:18 . 2011-03-18 14:18 416768 ----a-w- c:\windows\system32\atiexdxx32.dll
2011-03-18 13:39 . 2011-03-22 11:05 -------- d-----w- c:\program files\LottoWhiz 4G
2011-03-11 20:42 . 2011-03-18 14:06 -------- d-----w- c:\documents and settings\Boris Kowal\Application Data\FrostWire
2011-03-11 20:40 . 2011-03-11 20:46 -------- d-----w- c:\program files\FrostWire
2011-03-07 19:07 . 2011-03-07 19:07 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Ahead
2011-03-07 00:21 . 2011-03-07 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2011-03-04 17:56 . 2011-03-04 18:04 -------- d-----w- c:\program files\Microsoft Streets & Trips 2010
2011-03-03 15:26 . 2011-03-03 21:00 -------- d-----w- c:\documents and settings\Boris Kowal\Application Data\uPlayer
2011-03-03 15:24 . 2011-03-03 15:26 -------- d-----w- c:\program files\uPlayer
2011-02-27 16:28 . 2011-03-16 07:19 -------- d-----w- c:\program files\PeerBlock
2011-02-27 08:06 . 2011-02-27 08:06 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2011-02-26 18:49 . 2006-10-27 00:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-02-26 18:49 . 2008-11-10 16:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2011-02-26 18:35 . 2011-02-26 18:35 -------- d-----w- c:\program files\Microsoft.NET
2011-02-26 18:26 . 2011-02-26 18:26 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-02-26 18:22 . 2011-02-26 18:22 -------- d-----w- c:\documents and settings\Boris Kowal\Local Settings\Application Data\Microsoft Help
2011-02-26 18:22 . 2011-03-10 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2011-02-26 18:15 . 2011-02-26 18:15 -------- d-----r- C:\MSOCache
2011-02-25 17:30 . 2011-02-25 17:30 -------- d-sh--w- c:\documents and settings\Marta Kowal\PrivacIE
2011-02-25 14:48 . 2011-02-25 14:48 -------- d-----w- c:\documents and settings\Marta Kowal\Local Settings\Application Data\Scansoft
2011-02-25 14:46 . 2011-02-25 14:46 -------- d-sh--w- c:\documents and settings\Marta Kowal\IETldCache
2011-02-25 12:14 . 2011-02-25 12:14 -------- d-----w- c:\documents and settings\Boris Kowal\Local Settings\Application Data\Scansoft
2011-02-24 15:53 . 2010-12-20 23:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-24 15:53 . 2010-12-20 23:59 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-24 15:53 . 2010-12-20 23:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-24 15:13 . 2011-02-24 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2011-02-24 15:12 . 2011-02-24 15:12 -------- d-----w- c:\documents and settings\Boris Kowal\Application Data\Nuance
2011-02-24 14:42 . 2011-02-24 14:42 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2011-02-24 14:42 . 2011-02-24 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2011-02-24 14:42 . 2011-02-24 14:42 -------- d-----w- c:\program files\Common Files\Nuance
2011-02-24 14:37 . 2011-02-24 14:37 -------- d-----w- c:\program files\Nuance
2011-02-24 14:37 . 2011-02-24 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance
2011-02-24 14:37 . 2011-02-24 15:13 -------- d-----w- c:\windows\speech
2011-02-23 20:41 . 2011-02-23 20:41 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Trend Micro
2011-02-23 20:26 . 2011-02-23 20:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\Trend Micro
2011-02-23 20:26 . 2011-02-23 20:00 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2011-02-23 19:56 . 2011-02-23 19:56 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-02-23 19:55 . 2011-02-23 19:55 -------- d-sh--w- c:\documents and settings\Boris Kowal\IETldCache
2011-02-23 19:46 . 2011-02-23 19:47 -------- dc-h--w- c:\windows\ie8
2011-02-23 16:27 . 2011-02-23 16:27 -------- d-----w- c:\program files\Microsoft Easy Assist
2011-02-23 16:26 . 2011-02-23 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Applications
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-18 20:11 . 2011-03-18 20:11 1409 ----a-w- c:\windows\Fonts\LetGothL_PD.fot
2011-02-09 13:53 . 2004-08-29 16:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-09 13:53 . 2004-08-29 16:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58 . 2004-08-29 16:49 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-29 16:49 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-29 16:48 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 20:07 . 2006-03-12 15:51 96384 ----a-w- c:\windows\system32\drivers\sptd1773.sys
2011-01-07 14:09 . 2004-08-29 16:49 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-29 16:48 1854976 ----a-w- c:\windows\system32\win32k.sys
2007-03-21 00:50 . 2010-09-18 14:51 400784 ----a-w- c:\program files\NDCH53E.exe
2002-02-01 22:05 . 2003-07-21 16:53 105717 -c--a-w- c:\program files\WaveLab.exe
2002-02-01 22:04 . 2003-07-21 16:53 1737295 -c--a-w- c:\program files\WaveLab-app.exe
2002-01-31 13:03 . 2003-07-21 16:49 176128 -c--a-w- c:\program files\UITabVcPh.dll
2002-01-31 12:54 . 2003-07-21 16:45 884736 -c--a-w- c:\program files\Ter32.dll
2002-01-04 18:29 . 2002-07-25 15:18 86016 -c--a-w- c:\program files\UDFLib.dll
2001-11-22 21:18 . 2002-08-28 15:09 619008 -c--a-w- c:\program files\vobhw.dll
2001-11-05 13:30 . 2006-05-28 21:41 165376 -c--a-w- c:\program files\UNWISE.EXE
2001-10-31 17:57 . 2004-10-05 00:45 498688 -c--a-w- c:\program files\icdwAPI.dll
2001-10-23 20:33 . 2002-08-23 19:01 708096 -c--a-w- c:\program files\CDWizard.fr
2001-10-23 20:33 . 2002-08-23 19:01 678400 -c--a-w- c:\program files\CDWizard.jp
2001-10-23 20:33 . 2002-08-23 19:01 708096 -c--a-w- c:\program files\CDWizard.de
2001-10-23 20:33 . 2002-08-23 19:17 3346944 -c--a-w- c:\program files\CDWizard.exe
2001-10-04 17:54 . 2002-07-22 19:15 129024 -c--a-w- c:\program files\MultiCopy.fr
2001-10-04 17:54 . 2002-07-22 19:15 113664 -c--a-w- c:\program files\MultiCopy.jp
2001-10-04 17:54 . 2002-07-22 19:15 125952 -c--a-w- c:\program files\MultiCopy.de
2001-10-04 17:54 . 2002-07-22 19:16 1012224 -c--a-w- c:\program files\MultiCopy.exe
2000-09-07 18:06 . 2004-10-05 01:00 1441792 -c--a-w- c:\program files\NSpW7.dll
2000-09-07 18:06 . 2004-10-05 01:00 1429504 -c--a-w- c:\program files\NSpA6.dll
2000-09-07 18:06 . 2004-10-05 01:00 1335296 -c--a-w- c:\program files\NSpM5.dll
2000-09-07 18:06 . 2004-10-05 01:00 1318912 -c--a-w- c:\program files\NSpP6.dll
2000-09-07 18:06 . 2004-10-05 01:00 1404928 -c--a-w- c:\program files\NSpM6.dll
2000-09-07 18:05 . 2004-10-05 01:00 1306624 -c--a-w- c:\program files\NSpPX.dll
2000-09-07 18:04 . 2004-10-05 01:00 114688 -c--a-w- c:\program files\NSp.dll
1999-12-13 05:50 . 2004-10-05 00:45 1167052 -c--a-w- c:\program files\WaveLab.bin
1999-12-07 18:00 . 2004-10-05 00:45 295000 -c--a-w- c:\program files\Msvcrt.dll
1999-11-09 20:57 . 2004-10-05 00:45 61440 -c--a-w- c:\program files\Dac32.dll
.
.
------- Sigcheck -------
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\javacypt32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
backup=c:\windows\pss\DataViz Inc Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
backup=c:\windows\pss\GStartup.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^USBControl.lnk]
backup=c:\windows\pss\USBControl.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZoneAlarm Pro.lnk]
backup=c:\windows\pss\ZoneAlarm Pro.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Boris Kowal^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Boris Kowal^Start Menu^Programs^Startup^Creative Element Power Tools Startup.lnk]
path=c:\documents and settings\Boris Kowal\Start Menu\Programs\Startup\Creative Element Power Tools Startup.lnk
backup=c:\windows\pss\Creative Element Power Tools Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Boris Kowal^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk]
path=c:\documents and settings\Boris Kowal\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk
backup=c:\windows\pss\Dragon NaturallySpeaking.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Boris Kowal^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Marta Kowal^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
backup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2LRX2W83X2T3MQ
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2YX
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aEaCczLNT
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alchem
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dpi
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eZmmod
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gvùõš/‚²‘ÆßfÏNb‰»9C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gvùõš/‚²‘ÆßfÏNb‰»9C:\Program Files
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gvùõš/‚²‘ÆßfÏNb‰»9c:\program files\ISTsvc
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gvOBgp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icfgnt5
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pcsv
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPMemCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QD FastAndSafe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qyedgfalh
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RSync
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchUpgrader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysService32
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysUpd
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Memory Card Detector
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updater
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\upnp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wfpzlufdtek
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³#  L"h'þ9Óœð3rÅWC:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³#  L"h'þ9Óœð3rÅWC:\Program Files
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³#  L"h'þ9Óœð3rÅWc:\program files\ISTsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-aware]
2003-02-09 01:18 750080 -c--a-w- c:\program files\Lavasoft\Ad-aware 6\Ad-aware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-09-14 12:55 61440 ----a-w- c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 09:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
2005-08-05 19:08 67160 ----a-w- c:\progra~1\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-07-31 15:45 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C82 Series]
2003-10-15 07:02 99840 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S0HIC1.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C84 Series]
2003-05-27 08:00 99840 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I2D1.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GigaRangeApp]
2005-03-08 01:29 3432448 ----a-w- c:\program files\GIGARANGE KX-TG55 Series\DMCPWinApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 21:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 20:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2008-07-30 18:23 177448 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
2004-12-22 13:21 823296 -c--a-w- c:\program files\Maxtor\OneTouch\Utils\OneTouch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2000-08-08 20:00 28739 -c--a-w- c:\program files\Microsoft Works\WkDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mswspl]
2006-10-19 02:46 64000 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MXOBG]
2005-11-19 22:02 94208 -c--a-w- c:\windows\MXOALDR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 14:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-12 01:03 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-01-15 13:13 180269 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³#  L"h'þ9Óœð3rÅWc:\program files\ISTsvc\istsvc.exe]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinToolsSvc"=2 (0x2)
"TBPSSvc"=2 (0x2)
"SymWSC"=2 (0x2)
"Speed Disk service"=2 (0x2)
"PccPfw"=2 (0x2)
"NProtectService"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD Cinema\\PowerDVDCinema10.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\WINDOWS\\system32\\polstore32.exe"=
"c:\\WINDOWS\\system32\\294.tmp"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65535:TCP"= 65535:TCP:Azureus
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [4/2/2005 8:51 AM 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [4/2/2005 8:51 AM 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/12/2006 11:51 AM 642560]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [10/3/2004 5:22 PM 10240]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [7/15/2010 8:45 PM 35088]
R2 RasAuto32;Remote Access Auto Connection Manager ;c:\windows\system32\polstore32.exe [3/18/2011 10:18 AM 1430528]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [11/1/2010 9:59 PM 331296]
R3 Ausbflt;Ausbflt;c:\windows\system32\drivers\ausbflt.sys [9/6/2004 4:24 PM 6353]
S0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [12/17/2010 11:58 AM 181704]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/04/18 11:48];\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl --> c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [?]
S2 ecure;FireDaemon Service: ecure;c:\windows\Temp\FireDaemon.EXE --> c:\windows\Temp\FireDaemon.EXE [?]
S3 ATICDSDr;ATICDSDr;\??\g:\w2kxp\bin\atiicdxx.sys --> g:\w2kxp\bin\atiicdxx.sys [?]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\system32\DRIVERS\COMFiltr.sys --> c:\windows\system32\DRIVERS\COMFiltr.sys [?]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [12/9/2010 1:29 PM 23608]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [11/7/2010 12:07 PM 18560]
S3 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [7/30/2008 2:23 PM 161064]
S3 gupdate1ca08a1cfa39da6;Google Update Service (gupdate1ca08a1cfa39da6);c:\program files\Google\Update\GoogleUpdate.exe [7/19/2009 2:50 PM 133104]
S3 PanasonicKX-TG5576USBD;Panasonic KX-TG55 USB;c:\windows\system32\drivers\pccusbd.sys [12/9/2005 9:43 PM 48224]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [3/14/2011 12:17 PM 19056]
S3 USB100TX;Linksys EtherFast 10/100 USB Network Adapter;c:\windows\system32\drivers\USB100TX.sys [9/5/2004 5:10 PM 26368]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [3/12/2006 12:00 PM 223128]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [11/11/2010 2:57 PM 268528]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [11/27/2010 11:52 AM 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [11/27/2010 11:53 AM 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [11/27/2010 12:03 PM 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [11/27/2010 12:04 PM 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [11/27/2010 12:04 PM 25704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-03-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-03-14 17:01]
.
2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-19 18:50]
.
2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-19 18:50]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://search.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uCustomizeSearch =
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: aol.com\free
DPF: Microsoft XML Parser for Java
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_setti ... Config.CAB
FF - ProfilePath - c:\documents and settings\Boris Kowal\Application Data\Mozilla\Firefox\Profiles\4bpwaez6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - prefs.js: network.proxy.type - 0
FF - Ext: QuickStores-Toolbar: quickstores@quickstores.de - c:\program files\Mozilla Firefox\extensions\quickstores@quickstores.de
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - c:\program files\Mozilla Firefox\extensions\searchtoolbar@zugo.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-a2r2RjZ9W - mmcudite.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-istsvc - (no file)
MSConfigStartUp-mscmswow - c:\windows\mscmswow.exe
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-r58S3tV - lighu1.exe
MSConfigStartUp-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
MSConfigStartUp-trafficwow - c:\windows\trafficwow.exe
AddRemove-{A14A8608-CF1C-4010-A348-7EA220C70305}_is1 - c:\program files\Perfect Optimizer\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-22 08:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}]
@Denied: (A 2 3) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\InProcServer32]
@="%SystemRoot%\\Explorer.exe"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\ProgID]
@="DAO.Client"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(324)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\CDWHrdwr32.exe
c:\windows\system32\294.tmp
c:\program files\Soluto\soluto.exe
c:\windows\system32\devldr32.exe
.
**************************************************************************
.
Completion time: 2011-03-22 08:42:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-22 12:42
.
Pre-Run: 5,792,907,264 bytes free
Post-Run: 6,665,351,168 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 19DE928815507C6419AE721016E8DC87
Sirobloud
Active Member
 
Posts: 1
Joined: March 22nd, 2011, 9:06 am
Top
Advertisement
Register to Remove

Re: I've had them all BUT............

Unread postby Gary R » March 22nd, 2011, 11:37 am

Running a powerful tool like Combofix without knowing what you are doing is a foolish and risky thing to do. It was not designed to be just thrown at all and every infection you might have on your computer.

The creator of Combofix goes to great trouble to specifically advise people against this practice, he does not do it for the good of his health or to pass the time of day away.

By posting just a description of your problems it is likely that your topic will be passed by and you will not receive the help you're looking for.

We need to know what's running on your computer so that we can give you appropriate instructions.

May I draw your attention to THIS topic, which you should have read, and which tells you what we need you to post so that we can help you.

This thread will now be closed.

If you still need help, please start a new thread with:-
  • DDS logs
  • Details of the problems you're experiencing.

If for any reason you can't run DDS, please let us know in your post.

User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Top
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 189 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index