Tech Support Forum - View Single Post

debbie3 · 11-28-2006, 07:53 AM

here is the report

Owner - 06-11-28 9:50:24.57 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Owner\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-28 to 2006-11-28 ))))))))))))))))))))))))))))))))))

2006-11-27 08:59 <DIR> d-------- C:\BFU
2006-11-26 14:42 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-11-26 13:37 3,362 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-26 13:09 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-26 10:44 <DIR> d-------- C:\WINDOWS\WBEM
2006-11-26 10:43 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-11-25 09:31 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2006-11-16 22:55 <DIR> d-------- C:\d593694770b888fc5d3c47ad8ebc
2006-11-14 09:41 <DIR> d-------- C:\Documents and Settings\Owner\Shared
2006-11-14 09:41 <DIR> d-------- C:\Documents and Settings\Owner\Incomplete
2006-11-14 09:36 <DIR> d-------- C:\Program Files\LimeWire
2006-11-14 09:33 <DIR> d-------- C:\Documents and Settings\Owner\.limewire
2006-11-07 21:03 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 180,736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 03:26 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-01 21:50 <DIR> dr-h----- C:\Documents and Settings\Owner\Application Data\yahoo!
2006-11-01 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\yahoo!

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-11-28 09:46 -------- d-------- C:\Program Files\Common Files
2006-11-27 10:20 -------- d-------- C:\Program Files\ewido anti-malware
2006-11-26 14:59 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-26 14:59 -------- d-------- C:\Program Files\QuickTime
2006-11-26 14:56 -------- d-------- C:\Program Files\Messenger
2006-11-26 14:56 -------- d-------- C:\Program Files\LexmarkX84-X85
2006-11-26 14:56 -------- d-------- C:\Program Files\Internet Explorer
2006-11-26 14:55 -------- d-------- C:\Program Files\Digital Media Reader
2006-11-26 14:54 -------- d-------- C:\Program Files\BigFix
2006-11-26 13:43 -------- d-------- C:\Program Files\CleanUp!
2006-11-26 13:09 -------- d-------- C:\Program Files\Grisoft
2006-11-26 10:25 -------- d-------- C:\Program Files\AIM
2006-11-26 10:25 -------- d-------- C:\Documents and Settings\Owner\Application Data\Aim
2006-11-25 19:19 -------- d-------- C:\Program Files\BearShare
2006-11-25 18:38 -------- d-------- C:\Program Files\Stamps.com Internet Postage
2006-11-25 18:37 -------- d-------- C:\Program Files\Oberon Media
2006-11-25 18:29 -------- d-------- C:\Program Files\Windows Media Player
2006-11-25 18:29 -------- d-------- C:\Program Files\NetMeeting
2006-11-25 18:29 -------- d-------- C:\Program Files\Microsoft AntiSpyware
2006-11-25 18:29 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-25 18:29 -------- d-------- C:\Program Files\Common Files\AOL
2006-11-25 18:29 -------- d-------- C:\Program Files\Adobe
2006-11-25 18:19 -------- d-------- C:\Program Files\Java
2006-11-25 16:32 -------- d-------- C:\Program Files\America Online 9.0
2006-11-25 16:32 -------- d-------- C:\Documents and Settings\Owner\Application Data\AOL
2006-11-25 16:29 -------- d-------- C:\Program Files\Yahoo!
2006-11-25 09:33 -------- d-------- C:\Program Files\The Weather Channel FW
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-01 01:28 3216 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2006-10-22 20:34 -------- d-------- C:\Program Files\BearShare Applications
2006-10-22 00:13 -------- d-------- C:\Documents and Settings\Owner\Application Data\WholeSecurity
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-01 20:58 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-28 07:45 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 16:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"AccuWeatherDesktopAlerts"="C:\\Program Files\\AccuWeatherDesktopAlerts\\AccuWeatherDesktopAlerts.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"CHotkey"="zHotkey.exe"
"SunKistEM"="C:\\Program Files\\Digital Media Reader\\shwiconem.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"SoundMan"="SOUNDMAN.EXE"
"Lexmark X84-X85 Button Monitor"="C:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X84-X85.exe"
"Lexmark X84-X85 Button Manager"="C:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X84-X85.exe"
"PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061127-102323-526
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
backup-20061126-133427-631
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20061126-133427-976
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
backup-20051228-173924-341
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
backup-20051228-173924-227
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
backup-20051228-173924-422
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
backup-20051228-173924-677
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
backup-20051228-173924-697
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
backup-20051228-173924-180
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
backup-20051228-173924-750
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
backup-20051228-173924-260
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20051228-173924-923
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
backup-20051228-173924-929
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
backup-20051228-173924-972
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20051228-173924-762
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20051228-173924-795
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20051228-173924-158
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20051228-173924-920
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-11-28 9:51:36.17
C:\ComboFix.txt ... 06-11-28 09:51

11-28-2006, 07:53 AM	#9 (permalink)
debbie3 Registered User Join Date: Oct 2005 Posts: 55 OS: windows xp	here is the report Owner - 06-11-28 9:50:24.57 Service Pack 2 ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Owner\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-10-28 to 2006-11-28 )))))))))))))))))))))))))))))))))) 2006-11-27 08:59 <DIR> d-------- C:\BFU 2006-11-26 14:42 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2006-11-26 13:37 3,362 --a------ C:\WINDOWS\system32\tmp.reg 2006-11-26 13:09 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2006-11-26 10:44 <DIR> d-------- C:\WINDOWS\WBEM 2006-11-26 10:43 <DIR> d--h-c--- C:\WINDOWS\ie7 2006-11-25 09:31 8,464 --a------ C:\WINDOWS\system32\sporder.dll 2006-11-16 22:55 <DIR> d-------- C:\d593694770b888fc5d3c47ad8ebc 2006-11-14 09:41 <DIR> d-------- C:\Documents and Settings\Owner\Shared 2006-11-14 09:41 <DIR> d-------- C:\Documents and Settings\Owner\Incomplete 2006-11-14 09:36 <DIR> d-------- C:\Program Files\LimeWire 2006-11-14 09:33 <DIR> d-------- C:\Documents and Settings\Owner\.limewire 2006-11-07 21:03 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll 2006-11-07 21:03 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll 2006-11-07 21:03 458,752 --------- C:\WINDOWS\system32\msfeeds.dll 2006-11-07 21:03 180,736 --------- C:\WINDOWS\system32\ieui.dll 2006-11-07 03:26 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll 2006-11-01 21:50 <DIR> dr-h----- C:\Documents and Settings\Owner\Application Data\yahoo! 2006-11-01 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\yahoo! (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-28 09:46 -------- d-------- C:\Program Files\Common Files 2006-11-27 10:20 -------- d-------- C:\Program Files\ewido anti-malware 2006-11-26 14:59 -------- d-------- C:\Program Files\Spybot - Search & Destroy 2006-11-26 14:59 -------- d-------- C:\Program Files\QuickTime 2006-11-26 14:56 -------- d-------- C:\Program Files\Messenger 2006-11-26 14:56 -------- d-------- C:\Program Files\LexmarkX84-X85 2006-11-26 14:56 -------- d-------- C:\Program Files\Internet Explorer 2006-11-26 14:55 -------- d-------- C:\Program Files\Digital Media Reader 2006-11-26 14:54 -------- d-------- C:\Program Files\BigFix 2006-11-26 13:43 -------- d-------- C:\Program Files\CleanUp! 2006-11-26 13:09 -------- d-------- C:\Program Files\Grisoft 2006-11-26 10:25 -------- d-------- C:\Program Files\AIM 2006-11-26 10:25 -------- d-------- C:\Documents and Settings\Owner\Application Data\Aim 2006-11-25 19:19 -------- d-------- C:\Program Files\BearShare 2006-11-25 18:38 -------- d-------- C:\Program Files\Stamps.com Internet Postage 2006-11-25 18:37 -------- d-------- C:\Program Files\Oberon Media 2006-11-25 18:29 -------- d-------- C:\Program Files\Windows Media Player 2006-11-25 18:29 -------- d-------- C:\Program Files\NetMeeting 2006-11-25 18:29 -------- d-------- C:\Program Files\Microsoft AntiSpyware 2006-11-25 18:29 -------- d-------- C:\Program Files\Common Files\Symantec Shared 2006-11-25 18:29 -------- d-------- C:\Program Files\Common Files\AOL 2006-11-25 18:29 -------- d-------- C:\Program Files\Adobe 2006-11-25 18:19 -------- d-------- C:\Program Files\Java 2006-11-25 16:32 -------- d-------- C:\Program Files\America Online 9.0 2006-11-25 16:32 -------- d-------- C:\Documents and Settings\Owner\Application Data\AOL 2006-11-25 16:29 -------- d-------- C:\Program Files\Yahoo! 2006-11-25 09:33 -------- d-------- C:\Program Files\The Weather Channel FW 2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll 2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll 2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll 2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll 2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll 2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll 2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll 2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe 2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll 2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll 2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll 2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2006-11-01 01:28 3216 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat 2006-10-22 20:34 -------- d-------- C:\Program Files\BearShare Applications 2006-10-22 00:13 -------- d-------- C:\Documents and Settings\Owner\Application Data\WholeSecurity 2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll 2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll 2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe 2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll 2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll 2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll 2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll 2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe 2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll 2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll 2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe 2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll 2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll 2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll 2006-10-01 20:58 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-09-28 07:45 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys 2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll 2006-09-06 16:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "AccuWeatherDesktopAlerts"="C:\\Program Files\\AccuWeatherDesktopAlerts\\AccuWeatherDesktopAlerts.exe" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "CHotkey"="zHotkey.exe" "SunKistEM"="C:\\Program Files\\Digital Media Reader\\shwiconem.exe" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe" "SoundMan"="SOUNDMAN.EXE" "Lexmark X84-X85 Button Monitor"="C:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X84-X85.exe" "Lexmark X84-X85 Button Manager"="C:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X84-X85.exe" "PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe" "MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "DisableTaskMgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20061127-102323-526 O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause backup-20061126-133427-631 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = backup-20061126-133427-976 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank backup-20051228-173924-341 O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) backup-20051228-173924-227 O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe backup-20051228-173924-422 O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 backup-20051228-173924-677 O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing) backup-20051228-173924-697 O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe backup-20051228-173924-180 O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe backup-20051228-173924-750 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE backup-20051228-173924-260 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html backup-20051228-173924-923 O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) backup-20051228-173924-929 O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) backup-20051228-173924-972 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html backup-20051228-173924-762 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html backup-20051228-173924-795 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html backup-20051228-173924-158 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html backup-20051228-173924-920 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Symantec NetDetect.job Completion time: 06-11-28 9:51:36.17 C:\ComboFix.txt ... 06-11-28 09:51