Thread: My hijackthis log
View Single Post
Old 10-06-2006, 04:18 PM   #21 (permalink)
smiffy2006
Registered User
 
Join Date: Sep 2006
Posts: 23
OS: win xp pro


Send a message via AIM to smiffy2006 Send a message via Yahoo to smiffy2006
alright glaswegian here is the log from combofix

smiffy - 06-10-06 23:12:30.92 Service Pack 2
ComboFix 06.09.28 - Running from: "F:\Documents and Settings\smiffy\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-06 to 2006-10-06 ))))))))))))))))))))))))))))))))))


2006-10-06 17:25 8,704 --a------ F:\WINDOWS\system32\kbdjpn.dll
2006-10-06 17:25 8,192 --a------ F:\WINDOWS\system32\kbdkor.dll
2006-10-06 17:25 6,144 --a------ F:\WINDOWS\system32\kbd106.dll
2006-10-06 17:25 6,144 --a------ F:\WINDOWS\system32\kbd101c.dll
2006-10-06 17:25 6,144 --a------ F:\WINDOWS\system32\kbd101b.dll
2006-10-06 17:25 5,632 --a------ F:\WINDOWS\system32\kbd103.dll
2006-10-05 16:01 3,968 --a------ F:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-02 23:01 76,560 --a------ F:\WINDOWS\system32\drivers\tmcomm.sys
2006-09-30 18:56 47,360 --a------ F:\WINDOWS\system32\drivers\pcouffin.sys
2006-09-26 19:24 24,816 --a------ F:\WINDOWS\system32\mdimon.dll
2006-09-25 12:06 7,168 --a------ F:\WINDOWS\lq.dll
2006-09-25 12:06 468,480 --a------ F:\WINDOWS\system32\NMDll.dll
2006-09-25 12:06 208,896 --a------ F:\WINDOWS\system32\HDBHO.dll
2006-09-25 12:06 20,480 --a------ F:\WINDOWS\yhl.dll
2006-09-24 21:25 737,280 --a------ F:\WINDOWS\iun6002.exe
2006-09-06 18:28 34,308 --a------ F:\WINDOWS\system32\BASSMOD.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-06 23:10 -------- d-------- F:\Program Files\Mozilla Firefox
2006-10-06 17:51 -------- d-------- F:\Documents and Settings\smiffy\Application Data\Vso
2006-10-06 15:13 -------- d-------- F:\Program Files\HiDownload
2006-10-06 13:09 -------- d-------- F:\Program Files\Common Files\Microsoft Shared
2006-10-06 10:33 -------- d-------- F:\Program Files\SpywareBlaster
2006-10-06 09:19 -------- d-------- F:\Program Files\Hello
2006-10-05 16:01 -------- d-------- F:\Program Files\Grisoft
2006-10-04 19:15 -------- d-------- F:\Program Files\WinRAR
2006-10-04 19:11 -------- d-------- F:\Program Files\Internet Explorer
2006-10-04 18:14 -------- d-------- F:\Program Files\Full Speed
2006-10-04 18:13 -------- d--h----- F:\Program Files\InstallShield Installation Information
2006-10-04 18:12 -------- d-------- F:\Program Files\SatelliteTVforPC
2006-10-04 18:12 -------- d-------- F:\Program Files\RegistryRepair
2006-10-04 18:12 -------- d-------- F:\Program Files\RapidLeecher
2006-10-04 18:12 -------- d-------- F:\Program Files\RapidCheck
2006-10-04 18:10 -------- d-------- F:\Program Files\WM Recorder 10
2006-10-04 18:10 -------- d-------- F:\Program Files\WM Recorder
2006-10-04 16:26 -------- d-------- F:\Program Files\CleanUp!
2006-10-02 22:43 -------- d-------- F:\Program Files\Windows Defender
2006-10-02 20:51 -------- d---s---- F:\Documents and Settings\smiffy\Application Data\Microsoft
2006-09-30 18:57 34 --a------ F:\Documents and Settings\smiffy\Application Data\pcouffin.log
2006-09-30 18:56 81920 --a------ F:\Documents and Settings\smiffy\Application Data\ezpinst.exe
2006-09-30 18:56 7176 --a------ F:\Documents and Settings\smiffy\Application Data\pcouffin.cat
2006-09-30 18:56 47360 --a------ F:\Documents and Settings\smiffy\Application Data\pcouffin.sys
2006-09-30 18:56 1144 --a------ F:\Documents and Settings\smiffy\Application Data\pcouffin.inf
2006-09-30 18:56 -------- d-------- F:\Program Files\vso
2006-09-30 12:20 -------- d-------- F:\Documents and Settings\smiffy\Application Data\BitTorrent
2006-09-30 12:19 -------- d-------- F:\Program Files\Viewpoint
2006-09-30 12:19 -------- d-------- F:\Program Files\Common Files\aolshare
2006-09-30 12:19 -------- d-------- F:\Documents and Settings\smiffy\Application Data\acccore
2006-09-30 12:18 -------- d-------- F:\Program Files\Microsoft ActiveSync
2006-09-30 12:18 -------- d-------- F:\Program Files\Common Files\DESIGNER
2006-09-30 12:16 -------- d-------- F:\Program Files\WinPcap
2006-09-30 12:16 -------- d-------- F:\Program Files\FrameShots
2006-09-30 12:16 -------- d-------- F:\Program Files\Common Files\AOL
2006-09-30 12:16 -------- d-------- F:\Program Files\CoCSoft Stream Down
2006-09-30 12:15 -------- d-------- F:\Program Files\AOL
2006-09-29 19:33 -------- d-------- F:\Program Files\Common Files\Nullsoft
2006-09-29 19:33 -------- d-------- F:\Program Files\Common Files
2006-09-29 19:32 -------- d-------- F:\Documents and Settings\smiffy\Application Data\Mozilla
2006-09-26 19:20 -------- d-------- F:\Program Files\Microsoft Office
2006-09-26 19:20 -------- d-------- F:\Program Files\Common Files\System
2006-09-25 12:12 -------- d-------- F:\Program Files\Teleport Ultra
2006-09-25 12:09 -------- d-------- F:\Program Files\Magellass
2006-09-25 00:19 -------- d-------- F:\Program Files\Sytexis Software
2006-09-24 21:24 -------- d-------- F:\Program Files\WMR11
2006-09-24 21:17 -------- d-------- F:\Program Files\Download Plugin
2006-09-24 17:04 -------- d-------- F:\Program Files\BitTorrent
2006-09-06 18:55 -------- d-------- F:\Documents and Settings\smiffy\Application Data\XericDesign
2006-09-06 18:28 -------- d-------- F:\Program Files\XericDesign
2006-09-05 22:02 -------- d-------- F:\Program Files\VVSN
2006-09-01 16:30 -------- d-------- F:\Documents and Settings\smiffy\Application Data\Ahead
2006-08-31 20:29 -------- d-------- F:\Program Files\Common Files\Ahead
2006-08-31 20:26 -------- d-------- F:\Program Files\Nero
2006-08-27 14:03 -------- d-------- F:\Program Files\LimeWire
2006-08-25 19:34 -------- d-------- F:\Documents and Settings\smiffy\Application Data\EPSON
2006-08-25 19:01 -------- d-------- F:\Program Files\Common Files\InstallShield
2006-08-25 18:54 -------- d-------- F:\Program Files\EPSON Print CD
2006-08-25 18:54 -------- d-------- F:\Program Files\EPSON
2006-08-23 16:53 -------- d-------- F:\Program Files\Logitech
2006-08-23 16:53 -------- d-------- F:\Program Files\Common Files\FotoWire
2006-08-23 16:53 -------- d-------- F:\Documents and Settings\smiffy\Application Data\FotoWire
2006-08-23 16:49 81920 -r------- F:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2006-08-23 16:48 -------- d-------- F:\Program Files\Common Files\Logitech
2006-08-21 13:21 16896 --a------ F:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ F:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14 128896 --------- F:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-19 10:18 -------- d-------- F:\Documents and Settings\smiffy\Application Data\RapidGet
2006-08-18 19:43 -------- d-------- F:\Program Files\My-Proxy
2006-08-14 17:55 -------- d-------- F:\Program Files\AresP2P_WhenUSave_Installer
2006-08-08 18:30 -------- d-------- F:\Program Files\Analog Devices
2006-08-08 17:54 -------- d-------- F:\Documents and Settings\smiffy\Application Data\VersionTracker Pro
2006-08-08 09:57 -------- d-------- F:\Documents and Settings\smiffy\Application Data\Real
2006-08-08 09:53 -------- d-------- F:\Program Files\Real
2006-08-08 09:53 -------- d-------- F:\Program Files\Common Files\xing shared
2006-08-08 09:53 -------- d-------- F:\Program Files\Common Files\Real
2006-08-06 12:16 -------- d-------- F:\Documents and Settings\smiffy\Application Data\Help
2006-08-06 12:08 -------- d-------- F:\Program Files\Turtle Beach
2006-07-27 14:24 679424 --a------ F:\WINDOWS\system32\inetcomm.dll
2006-07-22 10:02 274432 --a------ F:\WINDOWS\system32\imon.dll
2006-07-21 09:24 72704 --a------ F:\WINDOWS\system32\hlink.dll
2006-07-20 18:52 62 --ahs---- F:\Documents and Settings\smiffy\Application Data\desktop.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="\"F:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Yahoo! Pager"="\"F:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"BitTorrent"="\"F:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE F:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"kis"="\"F:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""
"TkBellExe"="\"F:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SoundMAXPnP"="F:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"LVCOMSX"="F:\\WINDOWS\\system32\\LVCOMSX.EXE"
"!AVG Anti-Spyware"="\"F:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,3e,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Broadband Desktop Help.lnk]
"path"="F:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Broadband Desktop Help.lnk"
"backup"="F:\\WINDOWS\\pss\\Broadband Desktop Help.lnkCommon Startup"
"location"="Common Startup"
"command"="F:\\PROGRA~1\\BTBROA~1\\Help\\bin\\matcli.exe -boot"
"item"="Broadband Desktop Help"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"path"="F:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech Desktop Messenger.lnk"
"backup"="F:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~2\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\F:^Documents and Settings^smiffy^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
"path"="F:\\Documents and Settings\\smiffy\\Start Menu\\Programs\\Startup\\LimeWire On Startup.lnk"
"backup"="F:\\WINDOWS\\pss\\LimeWire On Startup.lnkStartup"
"location"="Startup"
"command"="F:\\PROGRA~1\\LimeWire\\LimeWire.exe -startup"
"item"="LimeWire On Startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLLaunch"
"hkey"="HKCU"
"command"="\"F:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-GB ee://aol/imApp"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ares lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ares"
"hkey"="HKCU"
"command"="\"F:\\Program Files\\ARES\\Ares.exe\" -h"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"F:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"command"="\"F:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Crazaa]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Crazaa"
"hkey"="HKCU"
"command"="F:\\Program Files\\Crazaa\\Crazaa.exe /hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="F:\\WINDOWS\\System32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="F:\\Program Files\\Common Files\\AOL\\1159554764\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IPHSend]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IPHSend"
"hkey"="HKLM"
"command"="F:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"F:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KCeasy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KCeasy"
"hkey"="HKCU"
"command"="F:\\Program Files\\KCeasy\\KCeasy.exe /hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LogitechSoftwareUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ManifestEngine"
"hkey"="HKCU"
"command"="\"F:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LogitechVideoRepair]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISStart"
"hkey"="HKLM"
"command"="F:\\Program Files\\Logitech\\Video\\ISStart.exe "
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LogitechVideoTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"command"="F:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BTHelpNotifier"
"hkey"="HKLM"
"command"="F:\\PROGRA~1\\BTBROA~1\\Help\\SMARTB~1\\BTHelpNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"F:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"F:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="F:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE F:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NVMCTRAY"
"hkey"="HKCU"
"command"="RUNDLL32.EXE F:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"F:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RapidCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RapidCheck"
"hkey"="HKCU"
"command"="F:\\Program Files\\RapidCheck\\RapidCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="F:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="F:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="F:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSASCui"
"hkey"="HKLM"
"command"="\"F:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"F:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\YBrowser]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ybrwicon"
"hkey"="HKLM"
"command"="F:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe"
"inimapping"="0"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
F:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06/10/2006 23:14:08.57
ComboFix.txt

my system might look pretty clean but firefox.exe/explorer.exe,and svchost.exe still show high in memory useage in processes

firefox even when i have just one browser open,and not even using it,the mem usage is 39.444
Last edited by smiffy2006; 10-06-2006 at 04:20 PM.
smiffy2006 is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here