Tech Support Forum - View Single Post - regedit - another program is currently using this log

cyntharris1 · 05-03-2007, 05:32 AM

"Cynthia" - 07-05-02 23:31:20 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Cynthia\Desktop\"

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\bwiopemq.dll
C:\WINDOWS\system32\khfcyxw.dll
C:\WINDOWS\system32\qttss.bak1
C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\qmepoiwb.ini

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\b.exe
C:\Program Files\outlook\p.zip
C:\WINDOWS\system32\unsvchosts.lzma
C:\Program Files\outlook

((((((((((((((((((((((((((((((( Files Created from 2007-04-02 to 2007-05-02 ))))))))))))))))))))))))))))))))))

2007-05-02 22:12 <DIR> d-------- C:\WINDOWS\LastGood
2007-05-02 20:55 <DIR> d-------- C:\ie-spyad2
2007-05-02 19:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
2007-05-02 18:55 916,096 -ra------ C:\WINDOWS\system32\drivers\LV302AV.SYS
2007-05-02 18:55 527,136 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2007-05-02 18:55 41,504 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-05-02 18:55 264,992 --a------ C:\WINDOWS\system32\lvcodec2.dll
2007-05-02 18:55 215,840 --a------ C:\WINDOWS\system32\LVUI2.dll
2007-05-02 18:55 14,240 --a------ C:\WINDOWS\system32\drivers\lv302af.sys
2007-05-02 18:55 13,398 --a------ C:\WINDOWS\system32\Repository.reg
2007-05-02 18:55 110,592 -ra------ C:\WINDOWS\system32\lvcoinst.dll
2007-04-30 14:59 <DIR> d-------- C:\Deckard
2007-04-30 14:45 <DIR> d-------- C:\ie-spyad
2007-04-30 14:40 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-04-30 13:09 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-30 11:32 245,824 -ra------ C:\WINDOWS\system32\InstExec.exe
2007-04-30 11:32 245,824 -ra------ C:\WINDOWS\Instexec.exe
2007-04-30 11:24 <DIR> d-------- C:\Program Files\RegistryFix
2007-04-30 11:00 938,272 --a------ C:\WINDOWS\system32\drivers\LV302V32.SYS
2007-04-30 11:00 129,824 --a------ C:\WINDOWS\system32\lvci1051.dll
2007-04-30 10:54 <DIR> d-------- C:\Program Files\Logitech
2007-04-30 09:59 <DIR> d-------- C:\EmergencyUtils
2007-04-30 07:48 <DIR> d--h----- C:\WINDOWS\PIF
2007-04-23 20:57 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-23 20:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-23 00:02 4 --ah----- C:\WINDOWS\uccspecb.sys
2007-04-19 10:26 <DIR> d-------- C:\DOCUME~1\Denesha\APPLIC~1\Viewpoint
2007-04-09 16:42 <DIR> d-------- C:\Program Files\Ace Utilities
2007-04-09 16:17 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2007-04-09 16:08 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-04-09 16:08 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2007-04-09 16:04 <DIR> d-------- C:\Program Files\Spyware Doctor

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-02 20:34 -------- d-------- C:\Program Files\quicktime
2007-05-02 20:29 -------- d-------- C:\Program Files\microsoft intellitype pro
2007-05-02 20:29 -------- d-------- C:\Program Files\microsoft intellipoint
2007-05-02 20:26 -------- d-------- C:\Program Files\digital line detect
2007-05-02 18:50 -------- d-------- C:\Program Files\Common Files\logitech
2007-04-30 14:20 -------- d-------- C:\Program Files\msn messenger
2007-04-09 17:41 -------- d-------- C:\Program Files\yahoo!
2007-04-09 17:41 -------- d-------- C:\Program Files\support.com
2007-04-09 17:41 -------- d-------- C:\Program Files\modem helper
2007-04-09 17:40 -------- dr------- C:\DOCUME~1\Cynthia\APPLIC~1\yahoo!
2007-04-09 17:40 -------- d-------- C:\Program Files\finepixviewer
2007-04-09 17:40 -------- d-------- C:\Program Files\dell
2007-04-09 17:40 -------- d-------- C:\Program Files\america online 9.0
2007-04-09 16:19 -------- d-------- C:\Program Files\irfanview
2007-04-09 16:17 -------- d-------- C:\Program Files\msecache
2007-04-06 12:01 -------- d-------- C:\DOCUME~1\Cynthia\APPLIC~1\limewire
2007-04-06 00:03 -------- d-------- C:\DOCUME~1\Cynthia\APPLIC~1\lavasoft
2007-04-03 17:49 -------- d-------- C:\DOCUME~1\Cynthia\APPLIC~1\image zone express
2007-03-31 17:38 -------- d--h----- C:\Program Files\installshield installation information
2007-03-31 17:37 -------- d-------- C:\Program Files\regshave
2007-03-23 23:42 88 -r-hs---- C:\WINDOWS\system32\4765c39811.sys
2007-03-23 23:42 3610 --ahs---- C:\WINDOWS\system32\kgygaavl.sys
2007-03-23 19:40 -------- d-------- C:\Program Files\kodak
2007-03-19 16:47 -------- d-------- C:\Program Files\gustosoft
2007-03-18 18:51 -------- d-------- C:\Program Files\gamehouse
2007-03-17 08:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-16 14:07 81920 --a------ C:\DOCUME~1\Cynthia\APPLIC~1\ezpinst.exe
2007-03-16 14:07 7176 --a------ C:\DOCUME~1\Cynthia\APPLIC~1\pcouffin.cat
2007-03-16 14:07 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-03-16 14:07 47360 --a------ C:\DOCUME~1\Cynthia\APPLIC~1\pcouffin.sys
2007-03-16 14:07 34 --a------ C:\DOCUME~1\Cynthia\APPLIC~1\pcouffin.log
2007-03-16 14:07 1144 --a------ C:\DOCUME~1\Cynthia\APPLIC~1\pcouffin.inf
2007-03-16 14:07 -------- d-------- C:\DOCUME~1\Cynthia\APPLIC~1\vso
2007-03-15 12:23 497496 --a------ C:\WINDOWS\system32\xceedzip.dll
2007-03-15 12:19 526184 --a------ C:\WINDOWS\system32\xceedcry.dll
2007-03-15 07:36 -------- d-------- C:\Program Files\enigma software group
2007-03-14 22:45 24576 --a------ C:\WINDOWS\system32\vundofixsvc.exe
2007-03-14 17:32 1125814 ---hs---- C:\WINDOWS\system32\yybeg.bak1
2007-03-13 18:28 1129128 ---hs---- C:\WINDOWS\system32\pstwa.ini2
2007-03-13 17:39 1127002 ---hs---- C:\WINDOWS\system32\pstwa.bak2
2007-03-13 07:21 1124554 ---hs---- C:\WINDOWS\system32\pstwa.bak1
2007-03-13 00:25 -------- d-------- C:\Program Files\intel desktop board
2007-03-12 22:49 26637 --------- C:\WINDOWS\system32\khffdde.dll
2007-03-12 18:05 -------- d-------- C:\Program Files\hp
2007-03-10 14:15 164 --a------ C:\install.dat
2007-03-09 12:14 15781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2007-03-09 12:14 -------- d-------- C:\Program Files\smc
2007-03-08 10:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 10:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 10:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 08:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-01 21:35 66816 --a------ C:\DOCUME~1\Cynthia\APPLIC~1\gdipfontcachev1.dat
2007-02-22 16:31 384 --a------ C:\DOCUME~1\Cynthia\APPLIC~1\internaldb6334.dat
2007-02-22 16:31 18432 --a------ C:\DOCUME~1\Cynthia\APPLIC~1\internaldb41.dat
2007-02-22 16:28 363980 --a------ C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe
2007-02-22 16:28 194 --a------ C:\DOCUME~1\Cynthia\APPLIC~1\internaldb8467.dat
2007-02-22 14:37 8 --ah----- C:\WINDOWS\system32\adb.dat
2007-02-19 10:59 72 --a------ C:\WINDOWS\sysinf.dat
2007-02-05 15:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SigmatelSysTrayApp"="stsystra.exe"
"REGSHAVE"="\"C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE\" /AUTORUN"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PRISMSVR.EXE"="\"C:\\Program Files\\SMC\\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\\PRISMSVR.EXE\" /APPLY"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -startup"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\""
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"DMXLauncher"="\"C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe\""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"LogitechCommunicationsManager"="\"C:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\Communications_Helper.exe\""
"LogitechQuickCamRibbon"="\"C:\\Program Files\\Logitech\\QuickCam10\\QuickCam10.exe\" /hide"
"SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Aim6"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"WUAppSetup"="C:\\Program Files\\Common Files\\logishrd\\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 10.5.1.2023"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{733FD72F-103E-4B9E-BCB9-A76064AF3C72}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebyw

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
Shell\AutoRun\command E:\setup.exe

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IType_exe.job
C:\WINDOWS\tasks\wrSpySweeper_B0977865B4214C8394AFF52D1410AA9F.job
C:\WINDOWS\tasks\wrSpySweeper_D9224AE3BB2F4AFD852B03735F9EAA25.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-02 23:36:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

cmd.exe [16524]

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-05-02 23:38:02
C:\ComboFix-quarantined-files.txt ... 07-05-02 23:38

PANDA
Incident Status Location

Potentially unwanted tool:application/winantivirus2006 Not disinfected c:\documents and settings\all users\application data\WinAntiVirus Pro 2006
Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@adrevolver[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@ads.pointroll[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@atwola[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@bluestreak[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@casalemedia[2].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@citi.bridgetrack[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@doubleclick[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@fastclick[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@media.adrevolver[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@realmedia[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@tribalfusion[2].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Cynthia\Desktop\ComboFix.exe[ComboFixT\nircmd.cfexe]
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Denesha\Cookies\denesha@cgi-bin[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Denesha\Cookies\denesha@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Denesha\Cookies\denesha@doubleclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Denesha\Cookies\denesha@ehg-dig.hitbox[2].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Denesha\Cookies\denesha@entrepreneur[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Denesha\Cookies\denesha@errorsafe[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Denesha\Cookies\denesha@fastclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Denesha\Cookies\denesha@hitbox[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Denesha\Cookies\denesha@searchportal.information[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Denesha\Cookies\denesha@winantispyware[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Denesha\Cookies\denesha@winantivirus[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Denesha\Cookies\denesha@www.errorsafe[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Denesha\Cookies\denesha@www3.addfreestats[1].txt
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bwiopemq.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\khfcyxw.dll.vir
Adware:Adware/Searchtool Not disinfected C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Adware:Adware/AdRotator Not disinfected C:\WINDOWS\system32\br_rt.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\khffdde.dll
Adware:Adware/Searchtool Not disinfected C:\WINDOWS\system32\UpMedia\ContentTool.dll
Adware:Adware/Searchtool Not disinfected C:\WINDOWS\system32\UpMedia\SearchTool.dll
Adware:Adware/Searchtool Not disinfected C:\WINDOWS\system32\UpMedia\uninstallSE.exe
Logfile of HijackThis v1.99.1
Scan saved at 6:31:42 AM, on 5/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1173764241890
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: gebyw - C:\WINDOWS\system32\gebyw.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

System is running better. I can access the regedit now.

05-03-2007, 05:32 AM	#8 (permalink)
cyntharris1 Registered User Join Date: Apr 2007 Posts: 10 OS: XP	Re: regedit - another program is currently using this log "Cynthia" - 07-05-02 23:31:20 Service Pack 2 ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Cynthia\Desktop\" (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\ssttq.dll C:\WINDOWS\system32\bwiopemq.dll C:\WINDOWS\system32\khfcyxw.dll C:\WINDOWS\system32\qttss.bak1 C:\WINDOWS\system32\qttss.ini C:\WINDOWS\system32\qmepoiwb.ini * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\b.exe C:\Program Files\outlook\p.zip C:\WINDOWS\system32\unsvchosts.lzma C:\Program Files\outlook ((((((((((((((((((((((((((((((( Files Created from 2007-04-02 to 2007-05-02 )))))))))))))))))))))))))))))))))) 2007-05-02 22:12 <DIR> d-------- C:\WINDOWS\LastGood 2007-05-02 20:55 <DIR> d-------- C:\ie-spyad2 2007-05-02 19:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd 2007-05-02 18:55 916,096 -ra------ C:\WINDOWS\system32\drivers\LV302AV.SYS 2007-05-02 18:55 527,136 --a------ C:\WINDOWS\system32\LVUI2RC.dll 2007-05-02 18:55 41,504 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys 2007-05-02 18:55 264,992 --a------ C:\WINDOWS\system32\lvcodec2.dll 2007-05-02 18:55 215,840 --a------ C:\WINDOWS\system32\LVUI2.dll 2007-05-02 18:55 14,240 --a------ C:\WINDOWS\system32\drivers\lv302af.sys 2007-05-02 18:55 13,398 --a------ C:\WINDOWS\system32\Repository.reg 2007-05-02 18:55 110,592 -ra------ C:\WINDOWS\system32\lvcoinst.dll 2007-04-30 14:59 <DIR> d-------- C:\Deckard 2007-04-30 14:45 <DIR> d-------- C:\ie-spyad 2007-04-30 14:40 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-04-30 13:09 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-04-30 11:32 245,824 -ra------ C:\WINDOWS\system32\InstExec.exe 2007-04-30 11:32 245,824 -ra------ C:\WINDOWS\Instexec.exe 2007-04-30 11:24 <DIR> d-------- C:\Program Files\RegistryFix 2007-04-30 11:00 938,272 --a------ C:\WINDOWS\system32\drivers\LV302V32.SYS 2007-04-30 11:00 129,824 --a------ C:\WINDOWS\system32\lvci1051.dll 2007-04-30 10:54 <DIR> d-------- C:\Program Files\Logitech 2007-04-30 09:59 <DIR> d-------- C:\EmergencyUtils 2007-04-30 07:48 <DIR> d--h----- C:\WINDOWS\PIF 2007-04-23 20:57 <DIR> d-------- C:\Program Files\Lavasoft 2007-04-23 20:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-04-23 00:02 4 --ah----- C:\WINDOWS\uccspecb.sys 2007-04-19 10:26 <DIR> d-------- C:\DOCUME~1\Denesha\APPLIC~1\Viewpoint 2007-04-09 16:42 <DIR> d-------- C:\Program Files\Ace Utilities 2007-04-09 16:17 <DIR> d-------- C:\Program Files\Windows Installer Clean Up 2007-04-09 16:08 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2007-04-09 16:08 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2007-04-09 16:04 <DIR> d-------- C:\Program Files\Spyware Doctor (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-02 20:34 -------- d-------- C:\Program Files\quicktime 2007-05-02 20:29 -------- d-------- C:\Program Files\microsoft intellitype pro 2007-05-02 20:29 -------- d-------- C:\Program Files\microsoft intellipoint 2007-05-02 20:26 -------- d-------- C:\Program Files\digital line detect 2007-05-02 18:50 -------- d-------- C:\Program Files\Common Files\logitech 2007-04-30 14:20 -------- d-------- C:\Program Files\msn messenger 2007-04-09 17:41 -------- d-------- C:\Program Files\yahoo! 2007-04-09 17:41 -------- d-------- C:\Program Files\support.com 2007-04-09 17:41 -------- d-------- C:\Program Files\modem helper 2007-04-09 17:40 -------- dr------- C:\DOCUME~1\Cynthia\APPLIC~1\yahoo! 2007-04-09 17:40 -------- d-------- C:\Program Files\finepixviewer 2007-04-09 17:40 -------- d-------- C:\Program Files\dell 2007-04-09 17:40 -------- d-------- C:\Program Files\america online 9.0 2007-04-09 16:19 -------- d-------- C:\Program Files\irfanview 2007-04-09 16:17 -------- d-------- C:\Program Files\msecache 2007-04-06 12:01 -------- d-------- C:\DOCUME~1\Cynthia\APPLIC~1\limewire 2007-04-06 00:03 -------- d-------- C:\DOCUME~1\Cynthia\APPLIC~1\lavasoft 2007-04-03 17:49 -------- d-------- C:\DOCUME~1\Cynthia\APPLIC~1\image zone express 2007-03-31 17:38 -------- d--h----- C:\Program Files\installshield installation information 2007-03-31 17:37 -------- d-------- C:\Program Files\regshave 2007-03-23 23:42 88 -r-hs---- C:\WINDOWS\system32\4765c39811.sys 2007-03-23 23:42 3610 --ahs---- C:\WINDOWS\system32\kgygaavl.sys 2007-03-23 19:40 -------- d-------- C:\Program Files\kodak 2007-03-19 16:47 -------- d-------- C:\Program Files\gustosoft 2007-03-18 18:51 -------- d-------- C:\Program Files\gamehouse 2007-03-17 08:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-16 14:07 81920 --a------ C:\DOCUME~1\Cynthia\APPLIC~1\ezpinst.exe 2007-03-16 14:07 7176 --a------ C:\DOCUME~1\Cynthia\APPLIC~1\pcouffin.cat 2007-03-16 14:07 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-03-16 14:07 47360 --a------ C:\DOCUME~1\Cynthia\APPLIC~1\pcouffin.sys 2007-03-16 14:07 34 --a------ C:\DOCUME~1\Cynthia\APPLIC~1\pcouffin.log 2007-03-16 14:07 1144 --a------ C:\DOCUME~1\Cynthia\APPLIC~1\pcouffin.inf 2007-03-16 14:07 -------- d-------- C:\DOCUME~1\Cynthia\APPLIC~1\vso 2007-03-15 12:23 497496 --a------ C:\WINDOWS\system32\xceedzip.dll 2007-03-15 12:19 526184 --a------ C:\WINDOWS\system32\xceedcry.dll 2007-03-15 07:36 -------- d-------- C:\Program Files\enigma software group 2007-03-14 22:45 24576 --a------ C:\WINDOWS\system32\vundofixsvc.exe 2007-03-14 17:32 1125814 ---hs---- C:\WINDOWS\system32\yybeg.bak1 2007-03-13 18:28 1129128 ---hs---- C:\WINDOWS\system32\pstwa.ini2 2007-03-13 17:39 1127002 ---hs---- C:\WINDOWS\system32\pstwa.bak2 2007-03-13 07:21 1124554 ---hs---- C:\WINDOWS\system32\pstwa.bak1 2007-03-13 00:25 -------- d-------- C:\Program Files\intel desktop board 2007-03-12 22:49 26637 --------- C:\WINDOWS\system32\khffdde.dll 2007-03-12 18:05 -------- d-------- C:\Program Files\hp 2007-03-10 14:15 164 --a------ C:\install.dat 2007-03-09 12:14 15781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys 2007-03-09 12:14 -------- d-------- C:\Program Files\smc 2007-03-08 10:36 577536 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 10:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 10:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 08:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys 2007-03-01 21:35 66816 --a------ C:\DOCUME~1\Cynthia\APPLIC~1\gdipfontcachev1.dat 2007-02-22 16:31 384 --a------ C:\DOCUME~1\Cynthia\APPLIC~1\internaldb6334.dat 2007-02-22 16:31 18432 --a------ C:\DOCUME~1\Cynthia\APPLIC~1\internaldb41.dat 2007-02-22 16:28 363980 --a------ C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe 2007-02-22 16:28 194 --a------ C:\DOCUME~1\Cynthia\APPLIC~1\internaldb8467.dat 2007-02-22 14:37 8 --ah----- C:\WINDOWS\system32\adb.dat 2007-02-19 10:59 72 --a------ C:\WINDOWS\sysinf.dat 2007-02-05 15:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\"" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "SigmatelSysTrayApp"="stsystra.exe" "REGSHAVE"="\"C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE\" /AUTORUN" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "PRISMSVR.EXE"="\"C:\\Program Files\\SMC\\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\\PRISMSVR.EXE\" /APPLY" "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" "ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -startup" "IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\"" "HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\"" "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "DMXLauncher"="\"C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe\"" "DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE" "ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\"" "LogitechCommunicationsManager"="\"C:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\Communications_Helper.exe\"" "LogitechQuickCamRibbon"="\"C:\\Program Files\\Logitech\\QuickCam10\\QuickCam10.exe\" /hide" "SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Aim6"="" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "WUAppSetup"="C:\\Program Files\\Common Files\\logishrd\\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 10.5.1.2023" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{733FD72F-103E-4B9E-BCB9-A76064AF3C72}"="" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebyw HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] Shell\AutoRun\command E:\setup.exe Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\EasyShare Registration Task.job C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IType_exe.job C:\WINDOWS\tasks\wrSpySweeper_B0977865B4214C8394AFF52D1410AA9F.job C:\WINDOWS\tasks\wrSpySweeper_D9224AE3BB2F4AFD852B03735F9EAA25.job ****************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-02 23:36:44 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... cmd.exe [16524] scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 1 hidden services: 0 hidden files: 0 **************************************************************** Completion time: 07-05-02 23:38:02 C:\ComboFix-quarantined-files.txt ... 07-05-02 23:38 PANDA** Incident Status Location Potentially unwanted tool:application/winantivirus2006 Not disinfected c:\documents and settings\all users\application data\WinAntiVirus Pro 2006 Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@ad.yieldmanager[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@adrevolver[2].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@ads.pointroll[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@advertising[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@atwola[1].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@bluestreak[1].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@casalemedia[2].txt Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@citi.bridgetrack[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@com[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@doubleclick[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@fastclick[2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@media.adrevolver[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@mediaplex[2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@overture[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@questionmarket[2].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@realmedia[2].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@trafficmp[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Cynthia\Cookies\cynthia@tribalfusion[2].txt Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Cynthia\Desktop\ComboFix.exe[ComboFixT\nircmd.cfexe] Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Denesha\Cookies\denesha@cgi-bin[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Denesha\Cookies\denesha@com[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Denesha\Cookies\denesha@doubleclick[2].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Denesha\Cookies\denesha@ehg-dig.hitbox[2].txt Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Denesha\Cookies\denesha@entrepreneur[1].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Denesha\Cookies\denesha@errorsafe[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Denesha\Cookies\denesha@fastclick[2].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Denesha\Cookies\denesha@hitbox[1].txt Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Denesha\Cookies\denesha@searchportal.information[1].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Denesha\Cookies\denesha@winantispyware[1].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Denesha\Cookies\denesha@winantivirus[2].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Denesha\Cookies\denesha@www.errorsafe[2].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Denesha\Cookies\denesha@www3.addfreestats[1].txt Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bwiopemq.dll.vir Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\khfcyxw.dll.vir Adware:Adware/Searchtool Not disinfected C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe Adware:Adware/AdRotator Not disinfected C:\WINDOWS\system32\br_rt.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\khffdde.dll Adware:Adware/Searchtool Not disinfected C:\WINDOWS\system32\UpMedia\ContentTool.dll Adware:Adware/Searchtool Not disinfected C:\WINDOWS\system32\UpMedia\SearchTool.dll Adware:Adware/Searchtool Not disinfected C:\WINDOWS\system32\UpMedia\uninstallSE.exe Logfile of HijackThis v1.99.1 Scan saved at 6:31:42 AM, on 5/3/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\stsystra.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1173764241890 O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: gebyw - C:\WINDOWS\system32\gebyw.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing) O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe System is running better. I can access the regedit now.