Tech Support Forum - View Single Post

Crazylink · 07-03-2007, 10:49 AM

ComboFix 07-06-18.2 - C:\Documents and Settings\User\Desktop\ComboFix.exe
"User" - 2007-07-02 19:26:51 - Service Pack 2

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\emjhycdo.dll
C:\WINDOWS\system32\rxmpqnyu.dll
C:\WINDOWS\system32\rlagsyod.dll
C:\WINDOWS\system32\xjsbtini.dll
C:\WINDOWS\system32\cdeeg.ini
C:\WINDOWS\system32\cdeeg.bak1
C:\WINDOWS\system32\uynqpmxr.ini
C:\WINDOWS\system32\doysgalr.ini
C:\WINDOWS\system32\cdeeg.ini
C:\WINDOWS\system32\cdeeg.bak1
C:\WINDOWS\system32\xxyaxxv.dll
C:\WINDOWS\system32\geedc.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\svhost.exe
C:\WINDOWS\system32\msxml3a.dll

((((((((((((((((((((((((( Files Created from 2007-06-02 to 2007-07-02 )))))))))))))))))))))))))))))))

2007-07-02 19:24 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-07-02 18:54 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-07-02 18:43 122,900 --a------ C:\WINDOWS\system32\ugyvgqib.exe
2007-07-02 18:43 <DIR> d-------- C:\Program Files\svhost
2007-07-01 16:14 4,628 --a------ C:\WINDOWS\system32\iopuwwyp.exe
2007-07-01 16:14 122,900 --a------ C:\WINDOWS\system32\cquvlooe.exe
2007-07-01 16:07 <DIR> d-------- C:\Program Files\poolsv
2007-07-01 16:04 36,352 --a------ C:\WINDOWS\poolsv.exe
2007-06-24 13:05 <DIR> d-------- C:\Program Files\iTunes
2007-06-24 13:01 <DIR> d-------- C:\Program Files\Apple Software Update
2007-06-24 12:55 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Apple Computer
2007-06-20 10:55 <DIR> d-------- C:\DOCUME~1\Cayla\APPLIC~1\ImageBadger
2007-06-20 00:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-06-20 00:45 <DIR> d-------- C:\Program Files\ImageBadger
2007-06-20 00:45 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\ImageBadger
2007-06-19 02:00 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\Media Player Classic
2007-06-18 20:46 <DIR> d-------- C:\Program Files\Immortal Defense
2007-06-14 14:16 <DIR> d-------- C:\Program Files\Wondershare
2007-06-11 20:15 <DIR> d-------- C:\DOCUME~1\User\Contacts
2007-06-11 20:14 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2007-06-11 20:14 <DIR> d-------- C:\Program Files\MSN Messenger

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-02 23:35:16 833 ----a-w C:\WINDOWS\system32\MMF.SYS
2007-06-02 19:00:12 3,198 ----a-w C:\DOCUME~1\User\APPLIC~1\wklnhst.dat
2007-05-31 03:39:16 -------- d-----w C:\Program Files\Aimersoft
2007-05-26 00:21:16 -------- d-----w C:\Program Files\Gish demo
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 20

02 -------- d-----w C:\Program Files\Elprime Media Recovery
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-25 14:21:16 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-12 05:52:44 27,636 ----a-w C:\WINDOWS\mozver.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-10-08 04:41 C:\WINDOWS\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2004-02-04 13:37 C:\WINDOWS\system32\nwiz.exe]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2002-09-12 12:13]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-07-24 22:39]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"NI.UWAS7_0001_N91M2703"="C:\Program Files\poolsv\WinAntiSpyware2007FreeInstall.exe" [2007-07-01 16:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"COM Service"=C:\WINDOWS\msagent\msqxap.com

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
backup=C:\WINDOWS\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Folding@Home 5.03.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Folding@Home 5.03.lnk
backup=C:\WINDOWS\pss\Folding@Home 5.03.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^World Community Grid Agent.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\World Community Grid Agent.lnk
backup=C:\WINDOWS\pss\World Community Grid Agent.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CORSAIR_PLUtil]
C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

Contents of the 'Scheduled Tasks' folder
2007-06-30 18:04:02 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1049051031.job
2007-07-01 05:47:04 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-07-01 02:20:04 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\emjhycdo.dll
C:\WINDOWS\system32\rxmpqnyu.dll
C:\WINDOWS\system32\rlagsyod.dll
C:\WINDOWS\system32\xjsbtini.dll
C:\WINDOWS\system32\cdeeg.ini
C:\WINDOWS\system32\cdeeg.bak1
C:\WINDOWS\system32\uynqpmxr.ini
C:\WINDOWS\system32\doysgalr.ini
C:\WINDOWS\system32\cdeeg.ini
C:\WINDOWS\system32\cdeeg.bak1
C:\WINDOWS\system32\xxyaxxv.dll
C:\WINDOWS\system32\geedc.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\svhost.exe
C:\WINDOWS\system32\msxml3a.dll

((((((((((((((((((((((((( Files Created from 2007-06-02 to 2007-07-02 )))))))))))))))))))))))))))))))

No new files created in this timespan

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-02 23:35:16 833 ----a-w C:\WINDOWS\system32\MMF.SYS
2007-06-02 19:00:12 3,198 ----a-w C:\DOCUME~1\User\APPLIC~1\wklnhst.dat
2007-05-31 03:39:16 -------- d-----w C:\Program Files\Aimersoft
2007-05-26 00:21:16 -------- d-----w C:\Program Files\Gish demo
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 20

02 -------- d-----w C:\Program Files\Elprime Media Recovery
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-25 14:21:16 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-12 05:52:44 27,636 ----a-w C:\WINDOWS\mozver.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-10-08 04:41 C:\WINDOWS\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2004-02-04 13:37 C:\WINDOWS\system32\nwiz.exe]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2002-09-12 12:13]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-07-24 22:39]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"COM Service"=C:\WINDOWS\msagent\msqxap.com

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
backup=C:\WINDOWS\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Folding@Home 5.03.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Folding@Home 5.03.lnk
backup=C:\WINDOWS\pss\Folding@Home 5.03.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^World Community Grid Agent.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\World Community Grid Agent.lnk
backup=C:\WINDOWS\pss\World Community Grid Agent.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CORSAIR_PLUtil]
C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

Contents of the 'Scheduled Tasks' folder
2007-06-30 18:04:02 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1049051031.job
2007-07-03 05:47:04 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-07-01 02:20:04 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\emjhycdo.dll
C:\WINDOWS\system32\rxmpqnyu.dll
C:\WINDOWS\system32\rlagsyod.dll
C:\WINDOWS\system32\xjsbtini.dll
C:\WINDOWS\system32\cdeeg.ini
C:\WINDOWS\system32\cdeeg.bak1
C:\WINDOWS\system32\uynqpmxr.ini
C:\WINDOWS\system32\doysgalr.ini
C:\WINDOWS\system32\cdeeg.ini
C:\WINDOWS\system32\cdeeg.bak1
C:\WINDOWS\system32\xxyaxxv.dll
C:\WINDOWS\system32\geedc.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\svhost.exe
C:\WINDOWS\system32\msxml3a.dll

((((((((((((((((((((((((( Files Created from 2007-06-02 to 2007-07-02 )))))))))))))))))))))))))))))))

No new files created in this timespan

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-02 23:35:16 833 ----a-w C:\WINDOWS\system32\MMF.SYS
2007-06-02 19:00:12 3,198 ----a-w C:\DOCUME~1\User\APPLIC~1\wklnhst.dat
2007-05-31 03:39:16 -------- d-----w C:\Program Files\Aimersoft
2007-05-26 00:21:16 -------- d-----w C:\Program Files\Gish demo
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 20

02 -------- d-----w C:\Program Files\Elprime Media Recovery
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-25 14:21:16 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-12 05:52:44 27,636 ----a-w C:\WINDOWS\mozver.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-10-08 04:41 C:\WINDOWS\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2004-02-04 13:37 C:\WINDOWS\system32\nwiz.exe]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2002-09-12 12:13]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-07-24 22:39]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"COM Service"=C:\WINDOWS\msagent\msqxap.com

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
backup=C:\WINDOWS\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Folding@Home 5.03.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Folding@Home 5.03.lnk
backup=C:\WINDOWS\pss\Folding@Home 5.03.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^World Community Grid Agent.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\World Community Grid Agent.lnk
backup=C:\WINDOWS\pss\World Community Grid Agent.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CORSAIR_PLUtil]
C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

Contents of the 'Scheduled Tasks' folder
2007-06-30 18:04:02 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1049051031.job
2007-07-03 05:47:04 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-07-01 02:20:04 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

07-03-2007, 10:49 AM	#13 (permalink)
Crazylink Registered User Join Date: Jul 2007 Posts: 11 OS: Windows XP My System	Re: What is this stuff? HJT Log ComboFix 07-06-18.2 - C:\Documents and Settings\User\Desktop\ComboFix.exe "User" - 2007-07-02 19:26:51 - Service Pack 2 (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\emjhycdo.dll C:\WINDOWS\system32\rxmpqnyu.dll C:\WINDOWS\system32\rlagsyod.dll C:\WINDOWS\system32\xjsbtini.dll C:\WINDOWS\system32\cdeeg.ini C:\WINDOWS\system32\cdeeg.bak1 C:\WINDOWS\system32\uynqpmxr.ini C:\WINDOWS\system32\doysgalr.ini C:\WINDOWS\system32\cdeeg.ini C:\WINDOWS\system32\cdeeg.bak1 C:\WINDOWS\system32\xxyaxxv.dll C:\WINDOWS\system32\geedc.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\svhost.exe C:\WINDOWS\system32\msxml3a.dll ((((((((((((((((((((((((( Files Created from 2007-06-02 to 2007-07-02 ))))))))))))))))))))))))))))))) 2007-07-02 19:24 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-07-02 18:54 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-07-02 18:43 122,900 --a------ C:\WINDOWS\system32\ugyvgqib.exe 2007-07-02 18:43 <DIR> d-------- C:\Program Files\svhost 2007-07-01 16:14 4,628 --a------ C:\WINDOWS\system32\iopuwwyp.exe 2007-07-01 16:14 122,900 --a------ C:\WINDOWS\system32\cquvlooe.exe 2007-07-01 16:07 <DIR> d-------- C:\Program Files\poolsv 2007-07-01 16:04 36,352 --a------ C:\WINDOWS\poolsv.exe 2007-06-24 13:05 <DIR> d-------- C:\Program Files\iTunes 2007-06-24 13:01 <DIR> d-------- C:\Program Files\Apple Software Update 2007-06-24 12:55 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Apple Computer 2007-06-20 10:55 <DIR> d-------- C:\DOCUME~1\Cayla\APPLIC~1\ImageBadger 2007-06-20 00:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-06-20 00:45 <DIR> d-------- C:\Program Files\ImageBadger 2007-06-20 00:45 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\ImageBadger 2007-06-19 02:00 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\Media Player Classic 2007-06-18 20:46 <DIR> d-------- C:\Program Files\Immortal Defense 2007-06-14 14:16 <DIR> d-------- C:\Program Files\Wondershare 2007-06-11 20:15 <DIR> d-------- C:\DOCUME~1\User\Contacts 2007-06-11 20:14 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE 2007-06-11 20:14 <DIR> d-------- C:\Program Files\MSN Messenger (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-02 23:35:16 833 ----a-w C:\WINDOWS\system32\MMF.SYS 2007-06-02 19:00:12 3,198 ----a-w C:\DOCUME~1\User\APPLIC~1\wklnhst.dat 2007-05-31 03:39:16 -------- d-----w C:\Program Files\Aimersoft 2007-05-26 00:21:16 -------- d-----w C:\Program Files\Gish demo 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-14 2002 -------- d-----w C:\Program Files\Elprime Media Recovery 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-25 14:21:16 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:12:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-12 05:52:44 27,636 ----a-w C:\WINDOWS\mozver.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2003-10-08 04:41 C:\WINDOWS\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2004-02-04 13:37 C:\WINDOWS\system32\nwiz.exe] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2002-09-12 12:13] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-07-24 22:39] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51] "NI.UWAS7_0001_N91M2703"="C:\Program Files\poolsv\WinAntiSpyware2007FreeInstall.exe" [2007-07-01 16:07] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe "tscuninstall"=%systemroot%\system32\tscupgrd.exe [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run] "COM Service"=C:\WINDOWS\msagent\msqxap.com [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk backup=C:\WINDOWS\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Folding@Home 5.03.lnk] path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Folding@Home 5.03.lnk backup=C:\WINDOWS\pss\Folding@Home 5.03.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^World Community Grid Agent.lnk] path=C:\Documents and Settings\User\Start Menu\Programs\Startup\World Community Grid Agent.lnk backup=C:\WINDOWS\pss\World Community Grid Agent.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CORSAIR_PLUtil] C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet Contents of the 'Scheduled Tasks' folder 2007-06-30 18:04:02 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1049051031.job 2007-07-01 05:47:04 C:\WINDOWS\tasks\MP Scheduled Scan.job 2007-07-01 02:20:04 C:\WINDOWS\tasks\AppleSoftwareUpdate.job (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\emjhycdo.dll C:\WINDOWS\system32\rxmpqnyu.dll C:\WINDOWS\system32\rlagsyod.dll C:\WINDOWS\system32\xjsbtini.dll C:\WINDOWS\system32\cdeeg.ini C:\WINDOWS\system32\cdeeg.bak1 C:\WINDOWS\system32\uynqpmxr.ini C:\WINDOWS\system32\doysgalr.ini C:\WINDOWS\system32\cdeeg.ini C:\WINDOWS\system32\cdeeg.bak1 C:\WINDOWS\system32\xxyaxxv.dll C:\WINDOWS\system32\geedc.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\svhost.exe C:\WINDOWS\system32\msxml3a.dll ((((((((((((((((((((((((( Files Created from 2007-06-02 to 2007-07-02 ))))))))))))))))))))))))))))))) No new files created in this timespan (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-02 23:35:16 833 ----a-w C:\WINDOWS\system32\MMF.SYS 2007-06-02 19:00:12 3,198 ----a-w C:\DOCUME~1\User\APPLIC~1\wklnhst.dat 2007-05-31 03:39:16 -------- d-----w C:\Program Files\Aimersoft 2007-05-26 00:21:16 -------- d-----w C:\Program Files\Gish demo 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-14 2002 -------- d-----w C:\Program Files\Elprime Media Recovery 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-25 14:21:16 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:12:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-12 05:52:44 27,636 ----a-w C:\WINDOWS\mozver.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2003-10-08 04:41 C:\WINDOWS\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2004-02-04 13:37 C:\WINDOWS\system32\nwiz.exe] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2002-09-12 12:13] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-07-24 22:39] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe "tscuninstall"=%systemroot%\system32\tscupgrd.exe [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run] "COM Service"=C:\WINDOWS\msagent\msqxap.com [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk backup=C:\WINDOWS\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Folding@Home 5.03.lnk] path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Folding@Home 5.03.lnk backup=C:\WINDOWS\pss\Folding@Home 5.03.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^World Community Grid Agent.lnk] path=C:\Documents and Settings\User\Start Menu\Programs\Startup\World Community Grid Agent.lnk backup=C:\WINDOWS\pss\World Community Grid Agent.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CORSAIR_PLUtil] C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet Contents of the 'Scheduled Tasks' folder 2007-06-30 18:04:02 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1049051031.job 2007-07-03 05:47:04 C:\WINDOWS\tasks\MP Scheduled Scan.job 2007-07-01 02:20:04 C:\WINDOWS\tasks\AppleSoftwareUpdate.job (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\emjhycdo.dll C:\WINDOWS\system32\rxmpqnyu.dll C:\WINDOWS\system32\rlagsyod.dll C:\WINDOWS\system32\xjsbtini.dll C:\WINDOWS\system32\cdeeg.ini C:\WINDOWS\system32\cdeeg.bak1 C:\WINDOWS\system32\uynqpmxr.ini C:\WINDOWS\system32\doysgalr.ini C:\WINDOWS\system32\cdeeg.ini C:\WINDOWS\system32\cdeeg.bak1 C:\WINDOWS\system32\xxyaxxv.dll C:\WINDOWS\system32\geedc.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\svhost.exe C:\WINDOWS\system32\msxml3a.dll ((((((((((((((((((((((((( Files Created from 2007-06-02 to 2007-07-02 ))))))))))))))))))))))))))))))) No new files created in this timespan (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-02 23:35:16 833 ----a-w C:\WINDOWS\system32\MMF.SYS 2007-06-02 19:00:12 3,198 ----a-w C:\DOCUME~1\User\APPLIC~1\wklnhst.dat 2007-05-31 03:39:16 -------- d-----w C:\Program Files\Aimersoft 2007-05-26 00:21:16 -------- d-----w C:\Program Files\Gish demo 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-14 2002 -------- d-----w C:\Program Files\Elprime Media Recovery 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-25 14:21:16 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:12:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-12 05:52:44 27,636 ----a-w C:\WINDOWS\mozver.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2003-10-08 04:41 C:\WINDOWS\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2004-02-04 13:37 C:\WINDOWS\system32\nwiz.exe] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2002-09-12 12:13] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-07-24 22:39] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe "tscuninstall"=%systemroot%\system32\tscupgrd.exe [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run] "COM Service"=C:\WINDOWS\msagent\msqxap.com [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk backup=C:\WINDOWS\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Folding@Home 5.03.lnk] path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Folding@Home 5.03.lnk backup=C:\WINDOWS\pss\Folding@Home 5.03.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^World Community Grid Agent.lnk] path=C:\Documents and Settings\User\Start Menu\Programs\Startup\World Community Grid Agent.lnk backup=C:\WINDOWS\pss\World Community Grid Agent.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CORSAIR_PLUtil] C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet Contents of the 'Scheduled Tasks' folder 2007-06-30 18:04:02 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1049051031.job 2007-07-03 05:47:04 C:\WINDOWS\tasks\MP Scheduled Scan.job 2007-07-01 02:20:04 C:\WINDOWS\tasks\AppleSoftwareUpdate.job Last edited by sUBs; 07-03-2007 at 10:56 AM.