Tech Support Forum - View Single Post - HijackThis Log virus and things not working correct

dojharris · 07-30-2006, 02:37 PM

hope this shows somthing,,,,lol,,, thanks agiain
Start Time= 30/07/2006 21:29:55.81
Running from: C:\Documents and Settings\shared\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-07-30 14:45:52 ( .D... ) "C:\Program Files\CleanUp!"
2006-07-27 23:17:48 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-18 11:28:38 ( .D... ) "C:\Documents and Settings\shared\Application Data\WinPatrol"
2006-07-18 11:24:34 ( .D... ) "C:\Program Files\BillP Studios"
2006-07-15 10:10:18 ( .D... ) "C:\Program Files\CCleaner"
2006-07-12 15:43:58 ( .D... ) "C:\Program Files\Belarc"
2006-07-08 21

54 ( .D... ) "C:\Documents and Settings\shared\Application Data\VersionTracker Pro"
2006-07-07 19

30 123 ( A.... ) "C:\WINDOWS\TMPCPYIS.BAT"
2006-07-07 19

30 122 ( A.... ) "C:\WINDOWS\TMPDELIS.BAT"
2006-07-07 19

30 26 ( A.... ) "C:\WINDOWS\WINSTART.BAT"
2006-07-01 17:24:12 80 ( ..SHR ) "C:\WINDOWS\system32\F52DC64942.dll"
2006-06-29 11:05:02 ( .D... ) "C:\Program Files\Avant Browser"
2006-06-29 11:05:00 ( .D... ) "C:\Documents and Settings\shared\Application Data\Avant Browser"
2006-06-26 16:25:02 ( .D... ) "C:\Program Files\greenstreet junior"
2006-06-20 23:17:12 ( .D... ) "C:\Program Files\Common Files\DirectX"
2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-19 08:43:18 ( .D... ) "C:\Documents and Settings\shared\Application Data\Vista Start Menu"
2006-06-18 11:42:20 ( .D... ) "C:\Documents and Settings\shared\Application Data\uTorrent"
2006-06-18 11:41:54 ( .D... ) "C:\Program Files\uTorrent"
2006-06-17 23:36:32 ( .D... ) "C:\Program Files\Anders Kjersem"
2006-06-17 23:33:36 2735616 ( A.... ) "C:\WINDOWS\system32\TopThemesLogonUI.exe"
2006-06-17 23:33:36 2318976 ( A.... ) "C:\WINDOWS\system32\boot.exe"
2006-06-17 23:27:48 ( .D... ) "C:\Program Files\TopThemesXP"
2006-06-17 14:03:06 ( .D... ) "C:\Documents and Settings\shared\Application Data\Philips"
2006-06-17 12:43:54 ( .D... ) "C:\Program Files\Philips"
2006-06-16 14:34:44 48936 ( A.... ) "C:\WINDOWS\system32\sirenacm.dll"
2006-06-16 09:00:32 ( .D... ) "C:\Program Files\Ubisoft"
2006-06-15 08:21:40 57384 ( A.... ) "C:\WINDOWS\system32\avsda.dll"
2006-06-13 14:34:36 ( .D... ) "C:\Documents and Settings\shared\Application Data\Microsoft Web Folders"
2006-06-13 14:25:50 ( .D... ) "C:\Program Files\OfficeUpdate11"
2006-06-01 19:09:24 208896 ( A.... ) "C:\WINDOWS\system32\nvunrm.exe"
2006-06-01 19:09:24 208896 ( A.... ) "C:\WINDOWS\system32\NVUninst.exe"
2006-06-01 19:09:24 208896 ( A.... ) "C:\WINDOWS\system32\nvugart.exe"
2006-06-01 19:09:24 208896 ( A.... ) "C:\WINDOWS\system32\nvudisp.exe"
2006-06-01 17:22:00 7618560 ( A.... ) "C:\WINDOWS\system32\nvcpl.dll"
2006-06-01 17:22:00 5652480 ( A.... ) "C:\WINDOWS\system32\nvdisps.dll"
2006-06-01 17:22:00 5632000 ( A.... ) "C:\WINDOWS\system32\nvoglnt.dll"
2006-06-01 17:22:00 5246976 ( A.... ) "C:\WINDOWS\system32\nvdispsr.dll"
2006-06-01 17:22:00 4529408 ( A.... ) "C:\WINDOWS\system32\nv4_disp.dll"
2006-06-01 17:22:00 3100672 ( A.... ) "C:\WINDOWS\system32\nvgames.dll"
2006-06-01 17:22:00 2977792 ( A.... ) "C:\WINDOWS\system32\nvvitvsr.dll"
2006-06-01 17:22:00 2924544 ( A.... ) "C:\WINDOWS\system32\nvvitvs.dll"
2006-06-01 17:22:00 2916352 ( A.... ) "C:\WINDOWS\system32\nvgamesr.dll"
2006-06-01 17:22:00 2859008 ( A.... ) "C:\WINDOWS\system32\nvmoblsr.dll"
2006-06-01 17:22:00 1740800 ( A.... ) "C:\WINDOWS\system32\nvwssr.dll"
2006-06-01 17:22:00 1662976 ( A.... ) "C:\WINDOWS\system32\nvwdmcpl.dll"
2006-06-01 17:22:00 1519616 ( A.... ) "C:\WINDOWS\system32\nwiz.exe"
2006-06-01 17:22:00 1466368 ( A.... ) "C:\WINDOWS\system32\nview.dll"
2006-06-01 17:22:00 1339392 ( A.... ) "C:\WINDOWS\system32\nvdspsch.exe"
2006-06-01 17:22:00 1257472 ( A.... ) "C:\WINDOWS\system32\nvwss.dll"
2006-06-01 17:22:00 1019904 ( A.... ) "C:\WINDOWS\system32\nvwimg.dll"
2006-06-01 17:22:00 1011712 ( A.... ) "C:\WINDOWS\system32\nvcpluir.dll"
2006-06-01 17:22:00 888832 ( A.... ) "C:\WINDOWS\system32\nvmobls.dll"
2006-06-01 17:22:00 794624 ( A.... ) "C:\WINDOWS\system32\nvcplui.exe"
2006-06-01 17:22:00 581632 ( A.... ) "C:\WINDOWS\system32\nvhwvid.dll"
2006-06-01 17:22:00 466944 ( A.... ) "C:\WINDOWS\system32\nvshell.dll"
2006-06-01 17:22:00 462848 ( A.... ) "C:\WINDOWS\system32\nvmccssr.dll"
2006-06-01 17:22:00 442368 ( A.... ) "C:\WINDOWS\system32\nvappbar.exe"
2006-06-01 17:22:00 425984 ( A.... ) "C:\WINDOWS\system32\keystone.exe"
2006-06-01 17:22:00 311296 ( A.... ) "C:\WINDOWS\system32\nvexpbar.dll"
2006-06-01 17:22:00 286720 ( A.... ) "C:\WINDOWS\system32\nvnt4cpl.dll"
2006-06-01 17:22:00 229376 ( A.... ) "C:\WINDOWS\system32\nvmccs.dll"
2006-06-01 17:22:00 196608 ( A.... ) "C:\WINDOWS\system32\nvapi.dll"
2006-06-01 17:22:00 188416 ( A.... ) "C:\WINDOWS\system32\nvmccss.dll"
2006-06-01 17:22:00 155715 ( A.... ) "C:\WINDOWS\system32\nvsvc32.exe"
2006-06-01 17:22:00 147456 ( A.... ) "C:\WINDOWS\system32\nvcolor.exe"
2006-06-01 17:22:00 86016 ( A.... ) "C:\WINDOWS\system32\nvmctray.dll"
2006-06-01 17:22:00 81920 ( A.... ) "C:\WINDOWS\system32\nvwddi.dll"
2006-06-01 17:22:00 45056 ( A.... ) "C:\WINDOWS\system32\nvmccsrs.dll"
2006-06-01 17:22:00 35840 ( A.... ) "C:\WINDOWS\system32\nvcodins.dll"
2006-06-01 17:22:00 35840 ( A.... ) "C:\WINDOWS\system32\nvcod.dll"
2006-05-21 23:37:20 1216 ( A.... ) "C:\Documents and Settings\shared\Application Data\AdobeDLM.log"
2006-05-19 13:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 13:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 13:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
2006-05-01 14:13:14 21 ( ..SH. ) "C:\WINDOWS\prwttrxp.dll"
2006-05-01 14:13:10 2 ( ..SH. ) "C:\WINDOWS\system32\verwttxp.dll"
2006-05-01 14:03:00 21 ( ..SH. ) "C:\WINDOWS\system32\dpwttaxp.dll"
2006-05-01 14:03:00 14 ( ..SH. ) "C:\WINDOWS\system32\mswtpaxp.dll"
2006-05-01 14:03:00 14 ( ..SH. ) "C:\WINDOWS\mswtpdxp.dll"
2006-03-17 17:49:04 774144 ( A.... ) "C:\Program Files\RngInterstitial.dll"
2004-12-06 19:23:24 4002659 ( A.... ) "C:\Program Files\flip_words.exe"
2004-12-04 23:40:46 11079 ( ...H. ) "C:\Program Files\folder.htt"
2004-12-04 23:40:46 266 ( ..SH. ) "C:\Program Files\desktop.ini"
2004-03-11 13:27:22 40960 ( A.... ) "C:\Program Files\Uninstall_CDS.exe"

(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))

2006-07-30 15:33 11,776 C:\WINDOWS\system32\ZPORT4AS.dll
2006-07-27 17:02 <DIR> C:\WINDOWS\McAfee.com
2006-07-07 19:06 26 C:\WINDOWS\WINSTART.BAT
2006-07-07 19:06 13,008 C:\WINDOWS\BBCWG2SS.SCR
2006-07-07 19:06 123 C:\WINDOWS\TMPCPYIS.BAT
2006-07-07 19:06 122 C:\WINDOWS\TMPDELIS.BAT
2006-07-07 19:04 247,648 C:\WINDOWS\UNINST16.EXE
2006-06-20 23:15 80 C:\WINDOWS\system32\F52DC64942.dll
2006-06-17 23:33 2,735,616 C:\WINDOWS\system32\TopThemesLogonUI.exe
2006-06-17 23:33 2,318,976 C:\WINDOWS\system32\boot.exe
2006-06-17 23:27 218,624 C:\WINDOWS\system32\uxtheme.dll
2006-06-17 12:43 246,424 C:\WINDOWS\system32\unicows.dll
2006-06-16 14:34 48,936 C:\WINDOWS\system32\sirenacm.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ASUS Probe"="C:\\Program Files\\ASUS\\Probe\\AsusProb.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"MaxtorOneTouch"="C:\\PROGRA~1\\Maxtor\\OneTouch\\Utils\\OneTouch.exe"
"MXOBG"="C:\\WINDOWS\\MXOALDR.EXE"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"EPSON Stylus C66 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I0S2.EXE /P23 \"EPSON Stylus C66 Series\" /O6 \"USB001\" /M \"Stylus C66\""
"Glass2k"="C:\\Documents and Settings\\shared\\Desktop\\shazar downloads\\Aero windows\\Glass2k.exe"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"SoundMan"="SOUNDMAN.EXE"
"WinPatrol"="C:\\PROGRA~1\\BILLPS~1\\WINPAT~1\\winpatrol.exe"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Anders Kjersem: TransBar"="C:\\Program Files\\Anders Kjersem\\TransBar\\TransBar.exe /NoConfig"
"Power2GoExpress"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=""

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LimeWire 4.2.6.lnk]
"backup"="C:\\WINDOWS\\pss\\LimeWire 4.2.6.lnkCommon Startup"
"location"="Common Startup"
"item"="LimeWire 4.2.6"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sam.lnk]
"backup"="C:\\WINDOWS\\pss\\Sam.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SILICO~1\\Sam\\sam.jar "
"item"="Sam"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APVXDWIN"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneDVDElbyDelay]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ElbyCheck"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PlaxoHelper"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Power2GoExpress"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\CyberLink DVD Solution\\Power2Go\\Power2GoExpress.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PowerBar"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PromptCast]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PromptCast"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RetroExpress]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RetroExpress"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Dantz\\RETROS~1\\RetroExpress.exe /h"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RoboTaskBarIcon"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCANINICIO]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Inicio"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dragdiag"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swdoctor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="txp"
"hkey"="HKLM"
"command"="c:\\program files\\topthemesxp\\txp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StartMenu"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableRegistryTools REG_DWORD 0 (0x0)

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\XoftSpy.job
C:\WINDOWS\tasks\SCHEDLGU.TXT

Completion time: 30/07/2006 21:30:09.23
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

07-30-2006, 02:37 PM	#5 (permalink)
dojharris Registered User Join Date: Jul 2006 Location: uk Posts: 282 OS: xp pro My System	hope this shows somthing,,,,lol,,, thanks agiain Start Time= 30/07/2006 21:29:55.81 Running from: C:\Documents and Settings\shared\Desktop QuickScan did not find any signs of infected files (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-07-30 14:45:52 ( .D... ) "C:\Program Files\CleanUp!" 2006-07-27 23:17:48 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0" 2006-07-18 11:28:38 ( .D... ) "C:\Documents and Settings\shared\Application Data\WinPatrol" 2006-07-18 11:24:34 ( .D... ) "C:\Program Files\BillP Studios" 2006-07-15 10:10:18 ( .D... ) "C:\Program Files\CCleaner" 2006-07-12 15:43:58 ( .D... ) "C:\Program Files\Belarc" 2006-07-08 2154 ( .D... ) "C:\Documents and Settings\shared\Application Data\VersionTracker Pro" 2006-07-07 1930 123 ( A.... ) "C:\WINDOWS\TMPCPYIS.BAT" 2006-07-07 1930 122 ( A.... ) "C:\WINDOWS\TMPDELIS.BAT" 2006-07-07 1930 26 ( A.... ) "C:\WINDOWS\WINSTART.BAT" 2006-07-01 17:24:12 80 ( ..SHR ) "C:\WINDOWS\system32\F52DC64942.dll" 2006-06-29 11:05:02 ( .D... ) "C:\Program Files\Avant Browser" 2006-06-29 11:05:00 ( .D... ) "C:\Documents and Settings\shared\Application Data\Avant Browser" 2006-06-26 16:25:02 ( .D... ) "C:\Program Files\greenstreet junior" 2006-06-20 23:17:12 ( .D... ) "C:\Program Files\Common Files\DirectX" 2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\system32\WgaLogon.dll" 2006-06-19 08:43:18 ( .D... ) "C:\Documents and Settings\shared\Application Data\Vista Start Menu" 2006-06-18 11:42:20 ( .D... ) "C:\Documents and Settings\shared\Application Data\uTorrent" 2006-06-18 11:41:54 ( .D... ) "C:\Program Files\uTorrent" 2006-06-17 23:36:32 ( .D... ) "C:\Program Files\Anders Kjersem" 2006-06-17 23:33:36 2735616 ( A.... ) "C:\WINDOWS\system32\TopThemesLogonUI.exe" 2006-06-17 23:33:36 2318976 ( A.... ) "C:\WINDOWS\system32\boot.exe" 2006-06-17 23:27:48 ( .D... ) "C:\Program Files\TopThemesXP" 2006-06-17 14:03:06 ( .D... ) "C:\Documents and Settings\shared\Application Data\Philips" 2006-06-17 12:43:54 ( .D... ) "C:\Program Files\Philips" 2006-06-16 14:34:44 48936 ( A.... ) "C:\WINDOWS\system32\sirenacm.dll" 2006-06-16 09:00:32 ( .D... ) "C:\Program Files\Ubisoft" 2006-06-15 08:21:40 57384 ( A.... ) "C:\WINDOWS\system32\avsda.dll" 2006-06-13 14:34:36 ( .D... ) "C:\Documents and Settings\shared\Application Data\Microsoft Web Folders" 2006-06-13 14:25:50 ( .D... ) "C:\Program Files\OfficeUpdate11" 2006-06-01 19:09:24 208896 ( A.... ) "C:\WINDOWS\system32\nvunrm.exe" 2006-06-01 19:09:24 208896 ( A.... ) "C:\WINDOWS\system32\NVUninst.exe" 2006-06-01 19:09:24 208896 ( A.... ) "C:\WINDOWS\system32\nvugart.exe" 2006-06-01 19:09:24 208896 ( A.... ) "C:\WINDOWS\system32\nvudisp.exe" 2006-06-01 17:22:00 7618560 ( A.... ) "C:\WINDOWS\system32\nvcpl.dll" 2006-06-01 17:22:00 5652480 ( A.... ) "C:\WINDOWS\system32\nvdisps.dll" 2006-06-01 17:22:00 5632000 ( A.... ) "C:\WINDOWS\system32\nvoglnt.dll" 2006-06-01 17:22:00 5246976 ( A.... ) "C:\WINDOWS\system32\nvdispsr.dll" 2006-06-01 17:22:00 4529408 ( A.... ) "C:\WINDOWS\system32\nv4_disp.dll" 2006-06-01 17:22:00 3100672 ( A.... ) "C:\WINDOWS\system32\nvgames.dll" 2006-06-01 17:22:00 2977792 ( A.... ) "C:\WINDOWS\system32\nvvitvsr.dll" 2006-06-01 17:22:00 2924544 ( A.... ) "C:\WINDOWS\system32\nvvitvs.dll" 2006-06-01 17:22:00 2916352 ( A.... ) "C:\WINDOWS\system32\nvgamesr.dll" 2006-06-01 17:22:00 2859008 ( A.... ) "C:\WINDOWS\system32\nvmoblsr.dll" 2006-06-01 17:22:00 1740800 ( A.... ) "C:\WINDOWS\system32\nvwssr.dll" 2006-06-01 17:22:00 1662976 ( A.... ) "C:\WINDOWS\system32\nvwdmcpl.dll" 2006-06-01 17:22:00 1519616 ( A.... ) "C:\WINDOWS\system32\nwiz.exe" 2006-06-01 17:22:00 1466368 ( A.... ) "C:\WINDOWS\system32\nview.dll" 2006-06-01 17:22:00 1339392 ( A.... ) "C:\WINDOWS\system32\nvdspsch.exe" 2006-06-01 17:22:00 1257472 ( A.... ) "C:\WINDOWS\system32\nvwss.dll" 2006-06-01 17:22:00 1019904 ( A.... ) "C:\WINDOWS\system32\nvwimg.dll" 2006-06-01 17:22:00 1011712 ( A.... ) "C:\WINDOWS\system32\nvcpluir.dll" 2006-06-01 17:22:00 888832 ( A.... ) "C:\WINDOWS\system32\nvmobls.dll" 2006-06-01 17:22:00 794624 ( A.... ) "C:\WINDOWS\system32\nvcplui.exe" 2006-06-01 17:22:00 581632 ( A.... ) "C:\WINDOWS\system32\nvhwvid.dll" 2006-06-01 17:22:00 466944 ( A.... ) "C:\WINDOWS\system32\nvshell.dll" 2006-06-01 17:22:00 462848 ( A.... ) "C:\WINDOWS\system32\nvmccssr.dll" 2006-06-01 17:22:00 442368 ( A.... ) "C:\WINDOWS\system32\nvappbar.exe" 2006-06-01 17:22:00 425984 ( A.... ) "C:\WINDOWS\system32\keystone.exe" 2006-06-01 17:22:00 311296 ( A.... ) "C:\WINDOWS\system32\nvexpbar.dll" 2006-06-01 17:22:00 286720 ( A.... ) "C:\WINDOWS\system32\nvnt4cpl.dll" 2006-06-01 17:22:00 229376 ( A.... ) "C:\WINDOWS\system32\nvmccs.dll" 2006-06-01 17:22:00 196608 ( A.... ) "C:\WINDOWS\system32\nvapi.dll" 2006-06-01 17:22:00 188416 ( A.... ) "C:\WINDOWS\system32\nvmccss.dll" 2006-06-01 17:22:00 155715 ( A.... ) "C:\WINDOWS\system32\nvsvc32.exe" 2006-06-01 17:22:00 147456 ( A.... ) "C:\WINDOWS\system32\nvcolor.exe" 2006-06-01 17:22:00 86016 ( A.... ) "C:\WINDOWS\system32\nvmctray.dll" 2006-06-01 17:22:00 81920 ( A.... ) "C:\WINDOWS\system32\nvwddi.dll" 2006-06-01 17:22:00 45056 ( A.... ) "C:\WINDOWS\system32\nvmccsrs.dll" 2006-06-01 17:22:00 35840 ( A.... ) "C:\WINDOWS\system32\nvcodins.dll" 2006-06-01 17:22:00 35840 ( A.... ) "C:\WINDOWS\system32\nvcod.dll" 2006-05-21 23:37:20 1216 ( A.... ) "C:\Documents and Settings\shared\Application Data\AdobeDLM.log" 2006-05-19 13:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll" 2006-05-19 13:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll" 2006-05-19 13:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll" 2006-05-01 14:13:14 21 ( ..SH. ) "C:\WINDOWS\prwttrxp.dll" 2006-05-01 14:13:10 2 ( ..SH. ) "C:\WINDOWS\system32\verwttxp.dll" 2006-05-01 14:03:00 21 ( ..SH. ) "C:\WINDOWS\system32\dpwttaxp.dll" 2006-05-01 14:03:00 14 ( ..SH. ) "C:\WINDOWS\system32\mswtpaxp.dll" 2006-05-01 14:03:00 14 ( ..SH. ) "C:\WINDOWS\mswtpdxp.dll" 2006-03-17 17:49:04 774144 ( A.... ) "C:\Program Files\RngInterstitial.dll" 2004-12-06 19:23:24 4002659 ( A.... ) "C:\Program Files\flip_words.exe" 2004-12-04 23:40:46 11079 ( ...H. ) "C:\Program Files\folder.htt" 2004-12-04 23:40:46 266 ( ..SH. ) "C:\Program Files\desktop.ini" 2004-03-11 13:27:22 40960 ( A.... ) "C:\Program Files\Uninstall_CDS.exe" (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))) 2006-07-30 15:33 11,776 C:\WINDOWS\system32\ZPORT4AS.dll 2006-07-27 17:02 <DIR> C:\WINDOWS\McAfee.com 2006-07-07 19:06 26 C:\WINDOWS\WINSTART.BAT 2006-07-07 19:06 13,008 C:\WINDOWS\BBCWG2SS.SCR 2006-07-07 19:06 123 C:\WINDOWS\TMPCPYIS.BAT 2006-07-07 19:06 122 C:\WINDOWS\TMPDELIS.BAT 2006-07-07 19:04 247,648 C:\WINDOWS\UNINST16.EXE 2006-06-20 23:15 80 C:\WINDOWS\system32\F52DC64942.dll 2006-06-17 23:33 2,735,616 C:\WINDOWS\system32\TopThemesLogonUI.exe 2006-06-17 23:33 2,318,976 C:\WINDOWS\system32\boot.exe 2006-06-17 23:27 218,624 C:\WINDOWS\system32\uxtheme.dll 2006-06-17 12:43 246,424 C:\WINDOWS\system32\unicows.dll 2006-06-16 14:34 48,936 C:\WINDOWS\system32\sirenacm.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ASUS Probe"="C:\\Program Files\\ASUS\\Probe\\AsusProb.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "MaxtorOneTouch"="C:\\PROGRA~1\\Maxtor\\OneTouch\\Utils\\OneTouch.exe" "MXOBG"="C:\\WINDOWS\\MXOALDR.EXE" "SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui" "EPSON Stylus C66 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I0S2.EXE /P23 \"EPSON Stylus C66 Series\" /O6 \"USB001\" /M \"Stylus C66\"" "Glass2k"="C:\\Documents and Settings\\shared\\Desktop\\shazar downloads\\Aero windows\\Glass2k.exe" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit" "SoundMan"="SOUNDMAN.EXE" "WinPatrol"="C:\\PROGRA~1\\BILLPS~1\\WINPAT~1\\winpatrol.exe" "avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Anders Kjersem: TransBar"="C:\\Program Files\\Anders Kjersem\\TransBar\\TransBar.exe /NoConfig" "Power2GoExpress"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\"" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000004 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=dword:40000004 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"="Narrator.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"="" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce] "RunNarrator"="Narrator.exe" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] "backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE " "item"="Adobe Gamma Loader" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] "backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\INTERV~1\\Common\\bin\\WINCIN~1.EXE " "item"="InterVideo WinCinema Manager" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LimeWire 4.2.6.lnk] "backup"="C:\\WINDOWS\\pss\\LimeWire 4.2.6.lnkCommon Startup" "location"="Common Startup" "item"="LimeWire 4.2.6" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sam.lnk] "backup"="C:\\WINDOWS\\pss\\Sam.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\SILICO~1\\Sam\\sam.jar " "item"="Sam" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="apdproxy" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APVXDWIN" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneDVDElbyDelay] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ElbyCheck" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="InCD" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PlaxoHelper" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Power2GoExpress" "hkey"="HKCU" "command"="\"C:\\Program Files\\CyberLink DVD Solution\\Power2Go\\Power2GoExpress.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PowerBar" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PromptCast] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PromptCast" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVDServ" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RetroExpress] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RetroExpress" "hkey"="HKLM" "command"="C:\\PROGRA~1\\Dantz\\RETROS~1\\RetroExpress.exe /h" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RoboTaskBarIcon" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCANINICIO] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Inicio" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Dragdiag" "hkey"="HKLM" "command"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swdoctor" "hkey"="HKCU" "command"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TXP] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="txp" "hkey"="HKLM" "command"="c:\\program files\\topthemesxp\\txp.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeUpdateManager" "hkey"="HKCU" "command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StartMenu" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="YahooMessenger" "hkey"="HKCU" "command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system DisableRegistryTools REG_DWORD 0 (0x0) Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\XoftSpy.job C:\WINDOWS\tasks\SCHEDLGU.TXT Completion time: 30/07/2006 21:30:09.23 ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt