Missing msconfig.exe

enveralisahin · 04-13-2009, 03:46 AM

Hi

I scanned my computer with combofix and it deleted msconfig.exe and now I can't open it. It says windows cannot find msconfig make sure you wrote the name true and try again.

I tried
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MSCONFIG.EXE" /ve /t REG_SZ /d %systemroot%\pchealth\helpctr\Binaries\MSCONFIG.EXE /f

but it didn't work again. I am using Vista Home basic.

Please help me

tetonbob · 04-13-2009, 11:54 AM

A Reminder....

As seen in Post #2 of our sticky topic 'NEW INSTRUCTIONS Read this Before Posting For Malware Removal Help'

Quote:

Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

We first need to verify if there's any rootkits present and how they could affect our tools. DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present & decide whether to deploy ComboFix

Also...from Post #1

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

Quote:

DO NOT FIX ANY ENTRIES OR DELETE ANY FILES YOURSELF. Do not run any specialized tools that you see being used in other threads without direct supervision from one of our trained analysts. Be advised that running any specialized tools not listed in this topic, on your own, is done solely at your own risk

Since you have, let's see what we can do to try to help you resolve this.

First, post the log ComboFix created, C:\ComboFix.txt

Also, post this log:

Please press the Windows key + R > in the Run box copy/paste the following, then press Enter:

C:\QooBox\ComboFix-quarantined-files.txt

Post the contents of the logfile which will open.

enveralisahin · 04-17-2009, 05:27 AM

Here is C:\QooBox\ComboFix-quarantined-files.txt

2009-04-17 11:01:10 . 2009-04-17 11:01:10 4,819 ----a-w C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-04-17 10:56:57 . 2009-04-17 10:56:57 54 ----a-w C:\Qoobox\Quarantine\catchme.log
2009-04-16 21:11:02 . 2008-01-19 07:33:16 227,840 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\System32\msconfig.exe.vir
2009-04-14 20:47:30 . 2009-04-14 20:47:30 87,608 ----a-w C:\Qoobox\Quarantine\C\Users\Ali Enver.AliEnver-PC.000\AppData\Roaming\inst.exe.vir
2009-04-13 20

26 . 2009-01-07 18:14:10 60,273 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\System32\pthreadGC2.dll.vir
2009-04-13 18:58:41 . 2009-04-13 18:58:41 0 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\System32\serauth1.dll.vir
2009-04-13 18:58:41 . 2009-04-13 18:58:41 0 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\System32\serauth2.dll.vir
2009-04-13 18:58:40 . 2009-04-13 18:58:40 0 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\System32\nsprs.dll.vir
2009-04-13 18:58:40 . 2009-04-13 18:58:40 0 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\System32\ssprs.dll.vir
2009-04-13 18:55:19 . 2009-04-13 18:55:19 205 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\System32\lsprst7.dll.vir

enveralisahin · 04-17-2009, 05:29 AM

Combofix.txt

ComboFix 09-04-13.06 - Ali Enver 2009-04-17 13:57.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1254.1.1055.18.2551.1618 [GMT 3:00]
Running from: c:\users\Ali Enver.AliEnver-PC.000\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
FW: BitDefender Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\inst.exe
c:\windows\system32\lsprst7.dll
c:\windows\system32\msconfig.exe
c:\windows\system32\nsprs.dll
c:\windows\system32\pthreadGC2.dll
c:\windows\system32\serauth1.dll
c:\windows\system32\serauth2.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2009-03-17 to 2009-04-17 )))))))))))))))))))))))))))))))
.

2009-04-17 06:25 . 2008-04-12 03:32 784896 ----a-w c:\windows\system32\rpcrt4.dll
2009-04-17 05:57 . 2009-04-17 05:57 197 ----a-w c:\windows\ODBCINST.INI
2009-04-17 05:36 . 2009-04-17 05:36 -------- d-----w c:\windows\CheckSur
2009-04-16 22:11 . 2009-04-16 22:11 -------- d-----w C:\PerfLogs
2009-04-16 21:42 . 2009-04-16 21:42 -------- d-----w c:\windows\system32\ShellExt
2009-04-16 21:11 . 2008-01-19 07:36 448512 ----a-w c:\windows\system32\termsrv.dll
2009-04-16 21:10 . 2008-01-19 07:36 293376 ----a-w c:\windows\system32\wlanmsm.dll
2009-04-16 21:09 . 2008-01-19 07:36 723968 ----a-w c:\windows\system32\powercpl.dll
2009-04-16 21:08 . 2008-01-19 05:57 8192 ----a-w c:\windows\system32\drivers\rootmdm.sys
2009-04-16 21:07 . 2008-01-19 07:36 357888 ----a-w c:\windows\system32\wbemcomn.dll
2009-04-16 21:06 . 2008-01-19 07:36 129536 ----a-w c:\windows\system32\sqmapi.dll
2009-04-16 21:06 . 2008-01-19 07:36 704512 ----a-w c:\windows\system32\SmiEngine.dll
2009-04-16 21:06 . 2008-01-19 07:36 139264 ----a-w c:\windows\system32\SmiInstaller.dll
2009-04-16 21:05 . 2008-01-19 07:36 218624 ----a-w c:\windows\system32\wdscore.dll
2009-04-16 21:05 . 2008-01-19 07:33 130560 ----a-w c:\windows\system32\PkgMgr.exe
2009-04-16 21:03 . 2008-01-19 07:34 246784 ----a-w c:\windows\system32\drvstore.dll
2009-04-16 21:03 . 2008-01-19 07:35 35328 ----a-w c:\windows\system32\mspatcha.dll
2009-04-16 21:03 . 2008-01-19 07:34 305152 ----a-w c:\windows\system32\msdelta.dll
2009-04-16 21:03 . 2008-01-19 07:34 258560 ----a-w c:\windows\system32\dpx.dll
2009-04-15 12:45 . 2009-04-15 12:45 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\Acronis
2009-04-15 11:29 . 2009-04-15 11:29 -------- d-----w c:\users\All Users\Acronis
2009-04-15 11:29 . 2009-04-15 11:29 -------- d-----w c:\programdata\Acronis
2009-04-15 11:24 . 2009-04-15 11:24 971552 ----a-w c:\windows\system32\drivers\tdrpm174.sys
2009-04-15 11:24 . 2009-04-15 11:24 540000 ----a-w c:\windows\system32\drivers\timntr.sys
2009-04-15 11:24 . 2009-04-15 11:24 44704 ----a-w c:\windows\system32\drivers\tifsfilt.sys
2009-04-15 11:24 . 2009-04-15 11:24 134272 ----a-w c:\windows\system32\drivers\snman380.sys
2009-04-15 08:40 . 2009-04-15 08:40 -------- d-----w C:\dell
2009-04-14 21:26 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-14 21:20 . 2008-04-18 05:48 269312 ----a-w c:\windows\system32\es.dll
2009-04-14 20:55 . 2009-04-14 20:55 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\DAEMON Tools Pro
2009-04-14 20:55 . 2009-04-14 20:55 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\DAEMON Tools
2009-04-14 20:54 . 2009-04-14 20:54 -------- d-----w c:\users\All Users\DAEMON Tools Lite
2009-04-14 20:54 . 2009-04-14 20:54 -------- d-----w c:\programdata\DAEMON Tools Lite
2009-04-14 20:54 . 2009-04-14 21:03 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\DAEMON Tools Lite
2009-04-14 20:47 . 2009-04-14 20:47 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-04-14 20:47 . 2009-04-14 20:47 47360 ----a-w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\pcouffin.sys
2009-04-14 20:47 . 2009-04-14 20:47 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\Vso
2009-04-14 20:28 . 2009-04-14 20:28 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Local\MicroVision Applications
2009-04-14 20:19 . 2009-04-17 07:59 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\Tracing
2009-04-14 20:14 . 2006-11-29 10:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-04-14 18:35 . 2009-04-17 03:19 1140850688 --sha-w C:\NRTPage.sys
2009-04-14 14:12 . 2009-04-17 07:45 450 ----a-w c:\windows\system32\BDUpdateV1.xml
2009-04-14 12:26 . 2009-04-14 12:26 -------- d-----w c:\users\Administrator\AppData\Roaming\BitDefender
2009-04-14 09:51 . 2009-04-17 11:02 81984 ----a-w c:\windows\system32\bdod.bin
2009-04-14 09:46 . 2009-04-14 09:46 850 ----a-w c:\windows\system32\ProductTweaks.xml
2009-04-14 09:46 . 2009-04-14 09:46 385 ----a-w c:\windows\system32\user_gensett.xml
2009-04-14 09:42 . 2009-04-14 09:42 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\BitDefender
2009-04-14 09:42 . 2009-04-14 09:46 -------- d-----w c:\users\All Users\BitDefender
2009-04-14 09:42 . 2009-04-14 09:46 -------- d-----w c:\programdata\BitDefender
2009-04-14 09:04 . 2009-04-14 09:04 61440 ----a-w c:\windows\system32\winipsec.dll
2009-04-14 09:04 . 2009-04-14 09:04 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
2009-04-14 09:04 . 2009-04-14 09:04 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll
2009-04-14 09:04 . 2009-04-14 09:04 272896 ----a-w c:\windows\system32\polstore.dll
2009-04-14 09:02 . 2009-04-14 09:02 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-04-14 09:02 . 2009-04-14 09:02 2927104 ----a-w c:\windows\explorer.exe
2009-04-14 09:00 . 2009-04-14 09:00 288768 ----a-w c:\windows\system32\drivers\srv.sys
2009-04-14 07:27 . 2009-04-14 07:27 1820 ----a-w c:\windows\system32\rasctrnm.h
2009-04-14 07:27 . 2009-04-14 07:27 94720 ----a-w c:\windows\system32\PortableDeviceClassExtension.dll
2009-04-14 07:27 . 2009-04-14 07:27 241152 ----a-w c:\windows\system32\PortableDeviceApi.dll
2009-04-14 07:27 . 2009-04-14 07:27 160768 ----a-w c:\windows\system32\PortableDeviceTypes.dll
2009-04-14 07:23 . 2009-04-14 07:23 -------- d-----w c:\windows\system32\logs
2009-04-14 07:20 . 2009-04-14 07:20 296960 ----a-w c:\windows\system32\gdi32.dll
2009-04-14 07:19 . 2009-04-14 07:19 28672 ----a-w c:\windows\system32\Apphlpdm.dll
2009-04-14 07:19 . 2009-04-14 07:19 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-14 07:19 . 2009-04-14 07:19 1695744 ----a-w c:\windows\system32\gameux.dll
2009-04-14 07:19 . 2009-04-14 07:19 303616 ----a-w c:\windows\system32\wmpeffects.dll
2009-04-14 07:18 . 2009-04-14 07:18 2048 ----a-w c:\windows\system32\msxml3r.dll
2009-04-14 07:18 . 2009-04-14 07:18 1191936 ----a-w c:\windows\system32\msxml3.dll
2009-04-14 07:17 . 2009-04-14 07:17 712704 ----a-w c:\windows\system32\WindowsCodecs.dll
2009-04-14 07:17 . 2009-04-14 07:17 425472 ----a-w c:\windows\system32\PhotoMetadataHandler.dll
2009-04-14 07:17 . 2009-04-14 07:17 347648 ----a-w c:\windows\system32\WindowsCodecsExt.dll
2009-04-14 07:15 . 2009-04-14 07:15 443392 ----a-w c:\windows\system32\win32spl.dll
2009-04-14 07:15 . 2009-04-14 07:15 37888 ----a-w c:\windows\system32\printcom.dll
2009-04-14 07:15 . 2009-04-14 07:15 14848 ----a-w c:\windows\system32\wshrm.dll
2009-04-14 07:15 . 2009-04-14 07:15 113664 ----a-w c:\windows\system32\drivers\rmcast.sys
2009-04-14 07:13 . 2009-04-14 07:13 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\Media Player Classic
2009-04-13 22:22 . 2009-04-13 22:22 2048 ----a-w c:\windows\system32\tzres.dll
2009-04-13 22:21 . 2009-04-13 22:21 8147456 ----a-w c:\windows\system32\wmploc.DLL
2009-04-13 22:21 . 2009-04-13 22:21 7680 ----a-w c:\windows\system32\spwmp.dll
2009-04-13 22:21 . 2009-04-13 22:21 4096 ----a-w c:\windows\system32\dxmasf.dll
2009-04-13 22:21 . 2009-04-13 22:21 4096 ----a-w c:\windows\system32\msdxm.ocx
2009-04-13 22:18 . 2008-01-19 07:34 15872 ----a-w c:\windows\system32\hcrstco.dll
2009-04-13 22:18 . 2006-11-02 09:46 8704 ----a-w c:\windows\system32\hccoin.dll
2009-04-13 22:15 . 2009-04-13 22:15 9892864 ----a-w c:\windows\system32\NlsLexicons000a.dll
2009-04-13 22:13 . 2009-04-13 22:13 6656 ----a-w c:\windows\system32\kbd106n.dll
2009-04-13 22:13 . 2009-04-13 22:13 988216 ----a-w c:\windows\system32\winload.exe
2009-04-13 22:13 . 2009-04-13 22:13 927288 ----a-w c:\windows\system32\winresume.exe
2009-04-13 22:13 . 2009-04-13 22:13 40960 ----a-w c:\windows\system32\srclient.dll
2009-04-13 22:13 . 2009-04-13 22:13 378368 ----a-w c:\windows\system32\srcore.dll
2009-04-13 22:13 . 2009-04-13 22:13 318464 ----a-w c:\windows\system32\rstrui.exe
2009-04-13 22:13 . 2009-04-13 22:13 14848 ----a-w c:\windows\system32\srdelayed.exe
2009-04-13 22:13 . 2009-04-13 22:13 615992 ----a-w c:\windows\system32\ci.dll
2009-04-13 22:13 . 2009-04-13 22:13 46592 ----a-w c:\windows\system32\setbcdlocale.dll
2009-04-13 22:13 . 2009-04-13 22:13 19000 ----a-w c:\windows\system32\kd1394.dll
2009-04-13 22:08 . 2009-04-13 22:08 268288 ----a-w c:\windows\system32\schannel.dll
2009-04-13 21:35 . 2009-04-13 21:35 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\URSoft
2009-04-13 21:35 . 2009-04-17 08:38 -------- d---a-w c:\users\All Users\TEMP
2009-04-13 21:35 . 2009-04-17 08:38 -------- d---a-w c:\programdata\TEMP
2009-04-13 21:24 . 2003-08-14 15:59 26013 ----a-w c:\windows\system32\sleep.exe
2009-04-13 20:29 . 2009-04-13 20:29 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-13 20:29 . 2009-04-13 20:29 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-13 20:29 . 2009-04-13 20:29 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-13 20:29 . 2009-04-13 20:29 37384 ----a-w c:\windows\system32\infocardcpl.cpl
2009-04-13 20:29 . 2009-04-13 20:29 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-13 20:29 . 2009-04-13 20:29 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-13 20:29 . 2009-04-13 20:29 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-13 20:29 . 2009-04-13 20:29 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-04-13 20:10 . 2009-04-13 20:10 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Local\Apps
2009-04-13 20:10 . 2009-04-13 20:11 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Local\Deployment
2009-04-13 20:06 . 2008-09-16 19:23 168448 ----a-w c:\windows\system32\unrar.dll
2009-04-13 20:06 . 2008-10-03 12:30 414 ----a-w c:\windows\system32\lame_acm.xml
2009-04-13 20:06 . 2008-09-24 18:41 839680 ----a-w c:\windows\system32\lameACM.acm
2009-04-13 20:06 . 2007-09-21 00:52 118784 ----a-w c:\windows\system32\ac3acm.acm
2009-04-13 20:06 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll
2009-04-13 20:06 . 2008-12-11 00:33 86016 ----a-w c:\windows\system32\dpl100.dll
2009-04-13 20:06 . 2008-12-07 18:08 795648 ----a-w c:\windows\system32\xvidcore.dll
2009-04-13 20:06 . 2008-12-07 18:08 130048 ----a-w c:\windows\system32\xvidvfw.dll
2009-04-13 20:06 . 2008-11-06 16:37 3596288 ----a-w c:\windows\system32\qt-dx331.dll
2009-04-13 20:06 . 2008-11-06 16:33 684032 ----a-w c:\windows\system32\divx.dll
2009-04-13 20:06 . 2007-07-10 16:10 547 ----a-w c:\windows\system32\ff_vfw.dll.manifest
2009-04-13 20:06 . 2009-02-09 18:56 67584 ----a-w c:\windows\system32\ff_vfw.dll
2009-04-13 19:53 . 2009-04-13 20:02 65536 ----a-w c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-04-13 19:53 . 2009-04-13 20:02 196608 ----a-w c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-04-13 19:53 . 2009-04-13 20:02 13107200 ----a-w c:\windows\ocsetup_install_NetFx3.etl
2009-04-13 19:53 . 2009-04-13 19:53 -------- d--h--w c:\windows\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-17 10:56 . 2007-01-05 05:12 598182 ----a-w c:\windows\System32\perfh01F.dat
2009-04-17 10:56 . 2007-01-05 05:12 119904 ----a-w c:\windows\System32\perfc01F.dat
2009-04-16 22:25 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2009-04-16 22:22 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-16 22:22 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-16 22:22 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-04-16 22:16 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Calendar
2009-04-16 22:16 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 22:16 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Sidebar
2009-04-16 22:16 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Collaboration
2009-04-16 22:16 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Photo Gallery
2009-04-16 22:16 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Defender
2009-04-16 22:11 . 2006-11-02 10:25 665600 ----a-w c:\windows\Inf\drvindex.dat
2009-04-16 21:51 . 2006-11-02 10:32 101888 ----a-w c:\windows\System32\ifxcardm.dll
2009-04-16 21:51 . 2006-11-02 10:32 82432 ----a-w c:\windows\System32\axaltocm.dll
2009-04-16 21:38 . 2009-04-16 21:38 -------- d-----w c:\program files\Yamicsoft
2009-04-16 21:33 . 2009-04-16 21:31 -------- d-----w c:\program files\USBScan
2009-04-15 11:23 . 2009-04-15 11:23 -------- d-----w c:\program files\Common Files\Acronis
2009-04-15 11:23 . 2009-04-15 11:23 -------- d-----w c:\program files\Acronis
2009-04-15 08:40 . 2009-04-15 08:40 -------- d-----w c:\program files\Broadcom
2009-04-14 20:54 . 2009-04-14 20:54 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-04-14 20:54 . 2009-04-14 20:54 -------- d-----w c:\program files\DAEMON Tools Lite
2009-04-14 20:47 . 2009-04-14 20:47 -------- d-----w c:\program files\LG Software Innovations
2009-04-14 20:15 . 2009-04-14 20:11 -------- d-----w c:\program files\Windows Live
2009-04-14 20:15 . 2009-04-14 20:15 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-14 20:13 . 2009-04-14 20:13 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-04-14 20:12 . 2009-04-14 20:12 -------- d-----w c:\program files\Microsoft
2009-04-14 20:11 . 2009-04-14 20:11 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-14 19:54 . 2009-04-14 19:54 -------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-04-14 19:54 . 2009-04-14 19:54 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-14 19:54 . 2009-04-14 19:54 -------- d-----w c:\program files\MSECache
2009-04-14 14:10 . 2009-04-14 09:42 -------- d-----w c:\program files\BitDefender
2009-04-14 13:33 . 2009-04-14 13:33 -------- d-----w c:\program files\GetData
2009-04-14 12:26 . 2009-04-14 12:25 119568 ----a-w c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-14 12:25 . 2009-04-13 19:05 -------- d-----w c:\program files\USB Disk Security
2009-04-14 09:42 . 2009-04-14 09:41 -------- d-----w c:\program files\Common Files\BitDefender
2009-04-14 09:00 . 2007-03-08 21:25 -------- d-----w c:\program files\Analog Devices
2009-04-14 07:19 . 2009-04-14 07:19 2560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-04-14 07:19 . 2009-04-14 07:19 541696 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-04-14 07:19 . 2009-04-14 07:19 460288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-04-14 07:19 . 2009-04-14 07:19 2154496 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-04-14 07:19 . 2009-04-14 07:19 173056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-04-14 07:19 . 2009-04-14 07:19 52736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-04-14 07:12 . 2007-03-08 21:45 -------- d-----w c:\programdata\Sonic
2009-04-14 07:06 . 2007-03-08 22:01 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-13 22:15 . 2009-04-13 22:15 6237696 ----a-w c:\windows\System32\NlsLexicons000c.dll
2009-04-13 21:59 . 2007-03-08 22:01 -------- d-----w c:\programdata\Symantec
2009-04-13 21:51 . 2009-04-13 21:50 -------- d-----w c:\program files\Common Files\Adobe
2009-04-13 21:39 . 2009-04-13 21:35 -------- d-----w c:\program files\Your Uninstaller 2008
2009-04-13 21:23 . 2009-04-13 21:23 -------- d-----w c:\program files\Alcohol Soft
2009-04-13 20:07 . 2009-04-13 20:06 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-13 19:34 . 2009-04-13 19:34 -------- d-----w c:\program files\LSI SoftModem
2009-04-13 19:33 . 2009-04-13 19:33 -------- d-----w c:\program files\IObit
2009-04-13 19:28 . 2009-04-13 19:28 -------- d-----w c:\program files\CCleaner
2009-04-13 19:25 . 2009-04-13 19:25 -------- d-----w c:\program files\GlobFX
2009-04-13 19:23 . 2009-04-13 19:23 -------- d-----w c:\program files\GRETECH
2009-04-13 19:17 . 2009-04-13 19:17 -------- d-----w c:\program files\Macmillan Dictionaries
2009-04-13 19:14 . 2009-04-13 19:14 -------- d-----w c:\program files\IDM
2009-04-13 19:06 . 2009-04-13 19:06 -------- d-----w c:\program files\Cambridge
2009-04-13 18:58 . 2009-04-13 18:55 -------- d-----w c:\program files\SPSS 15.0 for Windows
2009-04-13 18:54 . 2007-03-08 21:36 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-13 18:47 . 2009-04-13 18:47 -------- d-----w c:\program files\Microsoft Works
2009-04-13 18:47 . 2006-11-02 12:35 -------- d-----w c:\program files\MSBuild
2009-04-13 18:45 . 2009-04-13 18:45 -------- d-----w c:\program files\Microsoft.NET
2009-04-13 18:41 . 2009-04-13 18:41 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-04-13 18:28 . 2009-04-13 18:28 594 ----a-w C:\updatedatfix.log
2009-04-13 18:28 . 2007-03-08 21:35 -------- d-----w c:\program files\Hp
2009-04-13 18:16 . 2009-04-13 18:16 -------- d-----w c:\program files\WIDCOMM
2009-04-13 18:16 . 2009-04-13 18:16 -------- d-----w c:\program files\Google
2009-04-13 18:11 . 2009-04-13 18:11 -------- d-----w c:\program files\InterVideo
2009-04-13 18:11 . 2007-03-08 21:25 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-17 03:38 . 2009-04-14 21:26 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-14 21:26 13824 ----a-w c:\windows\System32\apilogen.dll
2009-03-17 03:38 . 2009-04-14 21:26 24064 ----a-w c:\windows\System32\amxread.dll
2009-03-03 04:46 . 2009-04-14 21:26 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-14 21:26 3547632 ----a-w c:\windows\System32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-14 21:27 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:39 . 2009-04-14 21:26 183296 ----a-w c:\windows\System32\sdohlp.dll
2009-03-03 04:39 . 2009-04-14 21:26 551424 ----a-w c:\windows\System32\rpcss.dll
2009-03-03 04:39 . 2009-04-14 21:26 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-14 21:27 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 04:37 . 2009-04-14 21:26 98304 ----a-w c:\windows\System32\iasrecst.dll
2009-03-03 04:37 . 2009-04-14 21:26 54784 ----a-w c:\windows\System32\iasads.dll
2009-03-03 04:37 . 2009-04-14 21:26 44032 ----a-w c:\windows\System32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-14 21:26 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-14 21:26 17408 ----a-w c:\windows\System32\iashost.exe
2009-03-03 02:28 . 2009-04-14 21:27 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-02-13 08:49 . 2009-04-14 21:26 72704 ----a-w c:\windows\System32\secur32.dll
2009-02-13 08:49 . 2009-04-14 21:26 1255936 ----a-w c:\windows\System32\lsasrv.dll
2009-02-06 16:31 . 2009-02-06 16:31 308104 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 15:52 . 2009-02-06 15:52 49504 ----a-w c:\windows\System32\sirenacm.dll
2009-04-17 11:05 . 2006-11-02 12:45 262144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
2009-04-17 11:04 . 2009-04-17 11:04 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2009-04-17 11:04 . 2009-04-17 11:04 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2009-04-17 11:05 . 2006-11-02 12:45 262144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
2009-04-17 11:04 . 2009-04-13 17:48 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2009-04-17 11:04 . 2009-04-13 17:48 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2009-04-17 11:04 . 2009-04-13 17:48 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 133656]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-16 778240]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{444E9AA3-78C1-430B-912A-E5E1DE642B5D}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{FABF33F1-B04C-4DDA-845E-A686A21C9943}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{B1BA2B8B-7497-489A-8A2B-D105179E69E4}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A81A5833-5899-4706-872E-6CF53F00546D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B1EEB425-F5D9-4F35-9BCC-7C3CDA8C5B6B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B71154B2-FDAF-4BA4-8EE1-F2B265BC6841}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 172032]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\DRIVERS\snman380.sys [2009-04-15 134272]
S0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\DRIVERS\tdrpm174.sys [2009-04-15 971552]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2006-09-28 32000]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2009-02-12 104328]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1794439710-135025153-1327788145-1003.job
- c:\users\Ali Enver.AliEnver-PC.000\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-13 23:12]

2009-04-13 c:\windows\Tasks\HPCeeScheduleForAli Enver.job
- c:\program files\Hewlett-Packard\SDP\ceement\HPCEE.exe [2006-12-20 11:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com
IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-17 14:05
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\users\ALIENV~1.000\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(728)
c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll

- - - - - - - > 'Explorer.exe'(3156)
c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\System32\AEADISRV.EXE
c:\windows\System32\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\IAM\Bin\asghost.exe
c:\windows\System32\conime.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\BitDefender\BitDefender 2009\seccenter.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-04-17 14:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-17 11:10

Pre-Run: 11.317.350.400 bayt boş
Post-Run: 11,135,836,160 bayt boş

371 --- E O F --- 2009-04-17 06:30

tetonbob · 04-17-2009, 08:01 AM

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
```
Dequarantine::
C:\Qoobox\Quarantine\C\WINDOWS\System32\msconfig.exe.vir
Quit::
```
Save this as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.

---------------------------------------------------------------------------------------------

enveralisahin · 04-18-2009, 01:42 PM

Combo fix report

ComboFix 09-04-18.01 - Ali Enver 18.04.2009 22:27.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1254.90.1055.18.2551.1647 [GMT 3:00]
Running from: c:\users\Ali Enver.AliEnver-PC.000\Desktop\ComboFix.exe
Command switches used :: c:\users\Ali Enver.AliEnver-PC.000\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
FW: BitDefender Firewall *disabled*
.

((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))))
.

2009-04-17 21:06 . 2009-04-17 21:06 -------- d-----w c:\windows\system32\config\systemprofile\ContentWatch
2009-04-17 20:44 . 2009-04-17 20:44 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\ContentWatch
2009-04-17 20:14 . 2009-04-17 20:14 -------- d--h--r C:\MSOCache
2009-04-17 14:36 . 2009-04-17 14:36 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Local\GMail Drive
2009-04-17 06:25 . 2008-04-12 03:32 784896 ----a-w c:\windows\system32\rpcrt4.dll
2009-04-17 05:57 . 2009-04-17 05:57 197 ----a-w c:\windows\ODBCINST.INI
2009-04-17 05:36 . 2009-04-17 05:36 -------- d-----w c:\windows\CheckSur
2009-04-16 22:11 . 2009-04-16 22:11 -------- d-----w C:\PerfLogs
2009-04-16 21:42 . 2009-04-16 21:42 -------- d-----w c:\windows\system32\ShellExt
2009-04-16 21:11 . 2008-01-19 07:36 448512 ----a-w c:\windows\system32\termsrv.dll
2009-04-16 21:10 . 2008-01-19 07:36 293376 ----a-w c:\windows\system32\wlanmsm.dll
2009-04-16 21:09 . 2008-01-19 07:36 723968 ----a-w c:\windows\system32\powercpl.dll
2009-04-16 21:08 . 2008-01-19 05:57 8192 ----a-w c:\windows\system32\drivers\rootmdm.sys
2009-04-16 21:07 . 2008-01-19 07:36 357888 ----a-w c:\windows\system32\wbemcomn.dll
2009-04-16 21:06 . 2008-01-19 07:36 129536 ----a-w c:\windows\system32\sqmapi.dll
2009-04-16 21:06 . 2008-01-19 07:36 704512 ----a-w c:\windows\system32\SmiEngine.dll
2009-04-16 21:06 . 2008-01-19 07:36 139264 ----a-w c:\windows\system32\SmiInstaller.dll
2009-04-16 21:05 . 2008-01-19 07:36 218624 ----a-w c:\windows\system32\wdscore.dll
2009-04-16 21:05 . 2008-01-19 07:33 130560 ----a-w c:\windows\system32\PkgMgr.exe
2009-04-16 21:03 . 2008-01-19 07:34 246784 ----a-w c:\windows\system32\drvstore.dll
2009-04-16 21:03 . 2008-01-19 07:35 35328 ----a-w c:\windows\system32\mspatcha.dll
2009-04-16 21:03 . 2008-01-19 07:34 305152 ----a-w c:\windows\system32\msdelta.dll
2009-04-16 21:03 . 2008-01-19 07:34 258560 ----a-w c:\windows\system32\dpx.dll
2009-04-15 12:45 . 2009-04-15 12:45 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\Acronis
2009-04-15 11:29 . 2009-04-15 11:29 -------- d-----w c:\users\All Users\Acronis
2009-04-15 11:29 . 2009-04-15 11:29 -------- d-----w c:\programdata\Acronis
2009-04-15 11:24 . 2009-04-15 11:24 971552 ----a-w c:\windows\system32\drivers\tdrpm174.sys
2009-04-15 11:24 . 2009-04-15 11:24 540000 ----a-w c:\windows\system32\drivers\timntr.sys
2009-04-15 11:24 . 2009-04-15 11:24 44704 ----a-w c:\windows\system32\drivers\tifsfilt.sys
2009-04-15 11:24 . 2009-04-15 11:24 134272 ----a-w c:\windows\system32\drivers\snman380.sys
2009-04-15 08:40 . 2009-04-15 08:40 -------- d-----w C:\dell
2009-04-14 21:26 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-14 21:20 . 2008-04-18 05:48 269312 ----a-w c:\windows\system32\es.dll
2009-04-14 20:55 . 2009-04-14 20:55 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\DAEMON Tools Pro
2009-04-14 20:55 . 2009-04-14 20:55 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\DAEMON Tools
2009-04-14 20:54 . 2009-04-14 20:54 -------- d-----w c:\users\All Users\DAEMON Tools Lite
2009-04-14 20:54 . 2009-04-14 20:54 -------- d-----w c:\programdata\DAEMON Tools Lite
2009-04-14 20:54 . 2009-04-14 21:03 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\DAEMON Tools Lite
2009-04-14 20:47 . 2009-04-14 20:47 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-04-14 20:47 . 2009-04-14 20:47 47360 ----a-w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\pcouffin.sys
2009-04-14 20:47 . 2009-04-14 20:47 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\Vso
2009-04-14 20:28 . 2009-04-14 20:28 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Local\MicroVision Applications
2009-04-14 20:19 . 2009-04-17 19:18 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\Tracing
2009-04-14 20:14 . 2006-11-29 10:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-04-14 18:35 . 2009-04-17 03:19 1140850688 --sha-w C:\NRTPage.sys
2009-04-14 14:12 . 2009-04-17 07:45 450 ----a-w c:\windows\system32\BDUpdateV1.xml
2009-04-14 12:26 . 2009-04-14 12:26 -------- d-----w c:\users\Administrator\AppData\Roaming\BitDefender
2009-04-14 09:51 . 2009-04-18 19:32 81984 ----a-w c:\windows\system32\bdod.bin
2009-04-14 09:46 . 2009-04-14 09:46 850 ----a-w c:\windows\system32\ProductTweaks.xml
2009-04-14 09:46 . 2009-04-14 09:46 385 ----a-w c:\windows\system32\user_gensett.xml
2009-04-14 09:42 . 2009-04-14 09:42 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\BitDefender
2009-04-14 09:42 . 2009-04-14 09:46 -------- d-----w c:\users\All Users\BitDefender
2009-04-14 09:42 . 2009-04-14 09:46 -------- d-----w c:\programdata\BitDefender
2009-04-14 09:04 . 2009-04-14 09:04 61440 ----a-w c:\windows\system32\winipsec.dll
2009-04-14 09:04 . 2009-04-14 09:04 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
2009-04-14 09:04 . 2009-04-14 09:04 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll
2009-04-14 09:04 . 2009-04-14 09:04 272896 ----a-w c:\windows\system32\polstore.dll
2009-04-14 09:02 . 2009-04-14 09:02 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-04-14 09:02 . 2009-04-14 09:02 2927104 ----a-w c:\windows\explorer.exe
2009-04-14 09:00 . 2009-04-14 09:00 288768 ----a-w c:\windows\system32\drivers\srv.sys
2009-04-14 07:27 . 2009-04-14 07:27 1820 ----a-w c:\windows\system32\rasctrnm.h
2009-04-14 07:27 . 2009-04-14 07:27 94720 ----a-w c:\windows\system32\PortableDeviceClassExtension.dll
2009-04-14 07:27 . 2009-04-14 07:27 241152 ----a-w c:\windows\system32\PortableDeviceApi.dll
2009-04-14 07:27 . 2009-04-14 07:27 160768 ----a-w c:\windows\system32\PortableDeviceTypes.dll
2009-04-14 07:23 . 2009-04-14 07:23 -------- d-----w c:\windows\system32\logs
2009-04-14 07:20 . 2009-04-14 07:20 296960 ----a-w c:\windows\system32\gdi32.dll
2009-04-14 07:19 . 2009-04-14 07:19 28672 ----a-w c:\windows\system32\Apphlpdm.dll
2009-04-14 07:19 . 2009-04-14 07:19 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-14 07:19 . 2009-04-14 07:19 1695744 ----a-w c:\windows\system32\gameux.dll
2009-04-14 07:19 . 2009-04-14 07:19 303616 ----a-w c:\windows\system32\wmpeffects.dll
2009-04-14 07:18 . 2009-04-14 07:18 2048 ----a-w c:\windows\system32\msxml3r.dll
2009-04-14 07:18 . 2009-04-14 07:18 1191936 ----a-w c:\windows\system32\msxml3.dll
2009-04-14 07:17 . 2009-04-14 07:17 712704 ----a-w c:\windows\system32\WindowsCodecs.dll
2009-04-14 07:17 . 2009-04-14 07:17 425472 ----a-w c:\windows\system32\PhotoMetadataHandler.dll
2009-04-14 07:17 . 2009-04-14 07:17 347648 ----a-w c:\windows\system32\WindowsCodecsExt.dll
2009-04-14 07:15 . 2009-04-14 07:15 443392 ----a-w c:\windows\system32\win32spl.dll
2009-04-14 07:15 . 2009-04-14 07:15 37888 ----a-w c:\windows\system32\printcom.dll
2009-04-14 07:15 . 2009-04-14 07:15 14848 ----a-w c:\windows\system32\wshrm.dll
2009-04-14 07:15 . 2009-04-14 07:15 113664 ----a-w c:\windows\system32\drivers\rmcast.sys
2009-04-14 07:13 . 2009-04-14 07:13 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\Media Player Classic
2009-04-13 22:22 . 2009-04-13 22:22 2048 ----a-w c:\windows\system32\tzres.dll
2009-04-13 22:21 . 2009-04-13 22:21 8147456 ----a-w c:\windows\system32\wmploc.DLL
2009-04-13 22:21 . 2009-04-13 22:21 7680 ----a-w c:\windows\system32\spwmp.dll
2009-04-13 22:21 . 2009-04-13 22:21 4096 ----a-w c:\windows\system32\dxmasf.dll
2009-04-13 22:21 . 2009-04-13 22:21 4096 ----a-w c:\windows\system32\msdxm.ocx
2009-04-13 22:18 . 2008-01-19 07:34 15872 ----a-w c:\windows\system32\hcrstco.dll
2009-04-13 22:18 . 2006-11-02 09:46 8704 ----a-w c:\windows\system32\hccoin.dll
2009-04-13 22:15 . 2009-04-13 22:15 9892864 ----a-w c:\windows\system32\NlsLexicons000a.dll
2009-04-13 22:13 . 2009-04-13 22:13 6656 ----a-w c:\windows\system32\kbd106n.dll
2009-04-13 22:13 . 2009-04-13 22:13 988216 ----a-w c:\windows\system32\winload.exe
2009-04-13 22:13 . 2009-04-13 22:13 927288 ----a-w c:\windows\system32\winresume.exe
2009-04-13 22:13 . 2009-04-13 22:13 40960 ----a-w c:\windows\system32\srclient.dll
2009-04-13 22:13 . 2009-04-13 22:13 378368 ----a-w c:\windows\system32\srcore.dll
2009-04-13 22:13 . 2009-04-13 22:13 318464 ----a-w c:\windows\system32\rstrui.exe
2009-04-13 22:13 . 2009-04-13 22:13 14848 ----a-w c:\windows\system32\srdelayed.exe
2009-04-13 22:13 . 2009-04-13 22:13 615992 ----a-w c:\windows\system32\ci.dll
2009-04-13 22:13 . 2009-04-13 22:13 46592 ----a-w c:\windows\system32\setbcdlocale.dll
2009-04-13 22:13 . 2009-04-13 22:13 19000 ----a-w c:\windows\system32\kd1394.dll
2009-04-13 22:08 . 2009-04-13 22:08 268288 ----a-w c:\windows\system32\schannel.dll
2009-04-13 21:35 . 2009-04-13 21:35 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\URSoft
2009-04-13 21:35 . 2009-04-17 20:04 -------- d---a-w c:\users\All Users\TEMP
2009-04-13 21:35 . 2009-04-17 20:04 -------- d---a-w c:\programdata\TEMP
2009-04-13 21:24 . 2003-08-14 15:59 26013 ----a-w c:\windows\system32\sleep.exe
2009-04-13 20:29 . 2009-04-13 20:29 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-13 20:29 . 2009-04-13 20:29 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-13 20:29 . 2009-04-13 20:29 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-13 20:29 . 2009-04-13 20:29 37384 ----a-w c:\windows\system32\infocardcpl.cpl
2009-04-13 20:29 . 2009-04-13 20:29 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-13 20:29 . 2009-04-13 20:29 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-13 20:29 . 2009-04-13 20:29 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-13 20:29 . 2009-04-13 20:29 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-04-13 20:10 . 2009-04-13 20:10 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Local\Apps
2009-04-13 20:10 . 2009-04-13 20:11 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Local\Deployment
2009-04-13 20:06 . 2008-09-16 19:23 168448 ----a-w c:\windows\system32\unrar.dll
2009-04-13 20:06 . 2008-10-03 12:30 414 ----a-w c:\windows\system32\lame_acm.xml
2009-04-13 20:06 . 2008-09-24 18:41 839680 ----a-w c:\windows\system32\lameACM.acm
2009-04-13 20:06 . 2007-09-21 00:52 118784 ----a-w c:\windows\system32\ac3acm.acm
2009-04-13 20:06 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll
2009-04-13 20:06 . 2008-12-11 00:33 86016 ----a-w c:\windows\system32\dpl100.dll
2009-04-13 20:06 . 2008-12-07 18:08 795648 ----a-w c:\windows\system32\xvidcore.dll
2009-04-13 20:06 . 2008-12-07 18:08 130048 ----a-w c:\windows\system32\xvidvfw.dll
2009-04-13 20:06 . 2008-11-06 16:37 3596288 ----a-w c:\windows\system32\qt-dx331.dll
2009-04-13 20:06 . 2008-11-06 16:33 684032 ----a-w c:\windows\system32\divx.dll
2009-04-13 20:06 . 2007-07-10 16:10 547 ----a-w c:\windows\system32\ff_vfw.dll.manifest
2009-04-13 20:06 . 2009-02-09 18:56 67584 ----a-w c:\windows\system32\ff_vfw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 19:23 . 2007-01-05 05:12 598182 ----a-w c:\windows\System32\perfh01F.dat
2009-04-18 19:23 . 2007-01-05 05:12 119904 ----a-w c:\windows\System32\perfc01F.dat
2009-04-18 19:23 . 2009-04-16 21:31 -------- d-----w c:\program files\USBScan
2009-04-17 21:40 . 2009-04-17 21:40 -------- d-----w c:\program files\MSXML 4.0
2009-04-17 21:12 . 2009-04-14 19:54 -------- d-----w c:\program files\MSECache
2009-04-17 21:05 . 2009-04-16 21:11 227840 ----a-w c:\windows\System32\msconfig.exe
2009-04-17 20:47 . 2009-04-17 20:47 -------- d-----w c:\programdata\ContentWatch
2009-04-17 20:47 . 2009-04-17 20:47 -------- d-----w c:\program files\ContentWatch
2009-04-17 20:20 . 2009-04-13 18:47 -------- d-----w c:\program files\Microsoft Works
2009-04-17 20:19 . 2006-11-02 12:35 -------- d-----w c:\program files\MSBuild
2009-04-17 13:28 . 2007-03-08 22:01 -------- d-----w c:\programdata\Symantec
2009-04-17 13:28 . 2007-03-08 22:01 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-16 22:25 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2009-04-16 22:22 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-16 22:22 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-16 22:22 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-04-16 22:16 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Calendar
2009-04-16 22:16 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 22:16 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Sidebar
2009-04-16 22:16 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Collaboration
2009-04-16 22:16 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Photo Gallery
2009-04-16 22:16 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Defender
2009-04-16 22:11 . 2006-11-02 10:25 665600 ----a-w c:\windows\Inf\drvindex.dat
2009-04-16 21:51 . 2006-11-02 10:32 101888 ----a-w c:\windows\System32\ifxcardm.dll
2009-04-16 21:51 . 2006-11-02 10:32 82432 ----a-w c:\windows\System32\axaltocm.dll
2009-04-16 21:38 . 2009-04-16 21:38 -------- d-----w c:\program files\Yamicsoft
2009-04-15 11:23 . 2009-04-15 11:23 -------- d-----w c:\program files\Common Files\Acronis
2009-04-15 11:23 . 2009-04-15 11:23 -------- d-----w c:\program files\Acronis
2009-04-15 08:40 . 2009-04-15 08:40 -------- d-----w c:\program files\Broadcom
2009-04-14 20:54 . 2009-04-14 20:54 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-04-14 20:54 . 2009-04-14 20:54 -------- d-----w c:\program files\DAEMON Tools Lite
2009-04-14 20:47 . 2009-04-14 20:47 -------- d-----w c:\program files\LG Software Innovations
2009-04-14 20:15 . 2009-04-14 20:11 -------- d-----w c:\program files\Windows Live
2009-04-14 20:15 . 2009-04-14 20:15 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-14 20:13 . 2009-04-14 20:13 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-04-14 20:12 . 2009-04-14 20:12 -------- d-----w c:\program files\Microsoft
2009-04-14 20:11 . 2009-04-14 20:11 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-14 19:54 . 2009-04-14 19:54 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-14 14:10 . 2009-04-14 09:42 -------- d-----w c:\program files\BitDefender
2009-04-14 13:33 . 2009-04-14 13:33 -------- d-----w c:\program files\GetData
2009-04-14 12:26 . 2009-04-14 12:25 119568 ----a-w c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-14 12:25 . 2009-04-13 19:05 -------- d-----w c:\program files\USB Disk Security
2009-04-14 09:42 . 2009-04-14 09:41 -------- d-----w c:\program files\Common Files\BitDefender
2009-04-14 09:00 . 2007-03-08 21:25 -------- d-----w c:\program files\Analog Devices
2009-04-14 07:19 . 2009-04-14 07:19 2560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-04-14 07:19 . 2009-04-14 07:19 541696 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-04-14 07:19 . 2009-04-14 07:19 460288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-04-14 07:19 . 2009-04-14 07:19 2154496 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-04-14 07:19 . 2009-04-14 07:19 173056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-04-14 07:19 . 2009-04-14 07:19 52736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-04-14 07:12 . 2007-03-08 21:45 -------- d-----w c:\programdata\Sonic
2009-04-13 22:15 . 2009-04-13 22:15 6237696 ----a-w c:\windows\System32\NlsLexicons000c.dll
2009-04-13 21:51 . 2009-04-13 21:50 -------- d-----w c:\program files\Common Files\Adobe
2009-04-13 21:39 . 2009-04-13 21:35 -------- d-----w c:\program files\Your Uninstaller 2008
2009-04-13 21:23 . 2009-04-13 21:23 -------- d-----w c:\program files\Alcohol Soft
2009-04-13 20:07 . 2009-04-13 20:06 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-13 19:34 . 2009-04-13 19:34 -------- d-----w c:\program files\LSI SoftModem
2009-04-13 19:33 . 2009-04-13 19:33 -------- d-----w c:\program files\IObit
2009-04-13 19:28 . 2009-04-13 19:28 -------- d-----w c:\program files\CCleaner
2009-04-13 19:25 . 2009-04-13 19:25 -------- d-----w c:\program files\GlobFX
2009-04-13 19:23 . 2009-04-13 19:23 -------- d-----w c:\program files\GRETECH
2009-04-13 19:17 . 2009-04-13 19:17 -------- d-----w c:\program files\Macmillan Dictionaries
2009-04-13 19:14 . 2009-04-13 19:14 -------- d-----w c:\program files\IDM
2009-04-13 19:06 . 2009-04-13 19:06 -------- d-----w c:\program files\Cambridge
2009-04-13 18:58 . 2009-04-13 18:55 -------- d-----w c:\program files\SPSS 15.0 for Windows
2009-04-13 18:54 . 2007-03-08 21:36 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-13 18:45 . 2009-04-13 18:45 -------- d-----w c:\program files\Microsoft.NET
2009-04-13 18:41 . 2009-04-13 18:41 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-04-13 18:28 . 2009-04-13 18:28 594 ----a-w C:\updatedatfix.log
2009-04-13 18:28 . 2007-03-08 21:35 -------- d-----w c:\program files\Hp
2009-04-13 18:16 . 2009-04-13 18:16 -------- d-----w c:\program files\WIDCOMM
2009-04-13 18:16 . 2009-04-13 18:16 -------- d-----w c:\program files\Google
2009-04-13 18:11 . 2009-04-13 18:11 -------- d-----w c:\program files\InterVideo
2009-04-13 18:11 . 2007-03-08 21:25 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-17 03:38 . 2009-04-14 21:26 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-14 21:26 13824 ----a-w c:\windows\System32\apilogen.dll
2009-03-17 03:38 . 2009-04-14 21:26 24064 ----a-w c:\windows\System32\amxread.dll
2009-03-03 04:46 . 2009-04-14 21:26 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-14 21:26 3547632 ----a-w c:\windows\System32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-14 21:27 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:39 . 2009-04-14 21:26 183296 ----a-w c:\windows\System32\sdohlp.dll
2009-03-03 04:39 . 2009-04-14 21:26 551424 ----a-w c:\windows\System32\rpcss.dll
2009-03-03 04:39 . 2009-04-14 21:26 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-14 21:27 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 04:37 . 2009-04-14 21:26 98304 ----a-w c:\windows\System32\iasrecst.dll
2009-03-03 04:37 . 2009-04-14 21:26 54784 ----a-w c:\windows\System32\iasads.dll
2009-03-03 04:37 . 2009-04-14 21:26 44032 ----a-w c:\windows\System32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-14 21:26 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-14 21:26 17408 ----a-w c:\windows\System32\iashost.exe
2009-03-03 02:28 . 2009-04-14 21:27 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-02-21 05:25 . 2009-02-21 05:25 691592 ----a-w c:\windows\System32\OGACheckControl.DLL
2009-02-13 08:49 . 2009-04-14 21:26 72704 ----a-w c:\windows\System32\secur32.dll
2009-02-13 08:49 . 2009-04-14 21:26 1255936 ----a-w c:\windows\System32\lsasrv.dll
2009-02-06 16:31 . 2009-02-06 16:31 308104 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 15:52 . 2009-02-06 15:52 49504 ----a-w c:\windows\System32\sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-14 1021224]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 133656]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-15 778240]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"cwcptray"="c:\program files\ContentWatch\Internet Protection\cwtray.exe" [2008-10-23 408848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B71154B2-FDAF-4BA4-8EE1-F2B265BC6841}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{70225C00-22B6-4109-B274-4CA6C719EC37}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{DB177E92-F1A3-473E-8C2C-C47CCB0C15A2}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D01FF88C-76D6-4E83-87BC-B8879D18579D}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{54186EEE-E7C4-4A77-95E7-A216BFB97C78}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E80881F3-C42E-4720-8B33-6B697B5D1594}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 172032]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\DRIVERS\snman380.sys [2009-04-15 134272]
S0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\DRIVERS\tdrpm174.sys [2009-04-15 971552]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2006-09-28 32000]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696]
S2 CwAltaService20;ContentWatch;c:\program files\ContentWatch\Internet Protection\cwsvc.exe [2008-10-23 1228560]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2009-02-12 104328]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-04-13 c:\windows\Tasks\HPCeeScheduleForAli Enver.job
- c:\program files\Hewlett-Packard\SDP\ceement\HPCEE.exe [2007-03-08 08:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com
IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\cwalsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 22:34
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(732)
c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll

- - - - - - - > 'Explorer.exe'(884)
c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\System32\AEADISRV.EXE
c:\windows\System32\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\microsoft shared\VS7Debug\mdm.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\IAM\Bin\asghost.exe
c:\windows\System32\conime.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\BitDefender\BitDefender 2009\seccenter.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-04-18 22:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-18 19:39

Pre-Run: 11.005.112.320 bayt boş
Post-Run: 11.011.424.256 bayt boş

355 --- E O F --- 2009-04-18 19:18

tetonbob · 04-18-2009, 01:51 PM

Hello -

That does not seem to have produced the expected results.

Please delete your existing version of ComboFix, as it's updated frequently. Download a fresh copy, and then run the script again from my previous post, Post #5.

tetonbob · 05-03-2009, 11:29 AM

Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

04-13-2009, 03:46 AM	#1 (permalink)
enveralisahin Registered User Join Date: Apr 2009 Posts: 4 OS: Vista	Missing msconfig.exe Hi I scanned my computer with combofix and it deleted msconfig.exe and now I can't open it. It says windows cannot find msconfig make sure you wrote the name true and try again. I tried reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MSCONFIG.EXE" /ve /t REG_SZ /d %systemroot%\pchealth\helpctr\Binaries\MSCONFIG.EXE /f but it didn't work again. I am using Vista Home basic. Please help me

04-17-2009, 05:27 AM	#3 (permalink)
enveralisahin Registered User Join Date: Apr 2009 Posts: 4 OS: Vista	Re: Missing msconfig.exe Here is C:\QooBox\ComboFix-quarantined-files.txt 2009-04-17 11:01:10 . 2009-04-17 11:01:10 4,819 ----a-w C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2009-04-17 10:56:57 . 2009-04-17 10:56:57 54 ----a-w C:\Qoobox\Quarantine\catchme.log 2009-04-16 21:11:02 . 2008-01-19 07:33:16 227,840 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\System32\msconfig.exe.vir 2009-04-14 20:47:30 . 2009-04-14 20:47:30 87,608 ----a-w C:\Qoobox\Quarantine\C\Users\Ali Enver.AliEnver-PC.000\AppData\Roaming\inst.exe.vir 2009-04-13 2026 . 2009-01-07 18:14:10 60,273 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\System32\pthreadGC2.dll.vir 2009-04-13 18:58:41 . 2009-04-13 18:58:41 0 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\System32\serauth1.dll.vir 2009-04-13 18:58:41 . 2009-04-13 18:58:41 0 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\System32\serauth2.dll.vir 2009-04-13 18:58:40 . 2009-04-13 18:58:40 0 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\System32\nsprs.dll.vir 2009-04-13 18:58:40 . 2009-04-13 18:58:40 0 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\System32\ssprs.dll.vir 2009-04-13 18:55:19 . 2009-04-13 18:55:19 205 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\System32\lsprst7.dll.vir

04-17-2009, 05:29 AM	#4 (permalink)
enveralisahin Registered User Join Date: Apr 2009 Posts: 4 OS: Vista	Re: Missing msconfig.exe Combofix.txt ComboFix 09-04-13.06 - Ali Enver 2009-04-17 13:57.1 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1254.1.1055.18.2551.1618 [GMT 3:00] Running from: c:\users\Ali Enver.AliEnver-PC.000\Desktop\ComboFix.exe AV: BitDefender Antivirus On-access scanning disabled (Updated) FW: BitDefender Firewall enabled . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\inst.exe c:\windows\system32\lsprst7.dll c:\windows\system32\msconfig.exe c:\windows\system32\nsprs.dll c:\windows\system32\pthreadGC2.dll c:\windows\system32\serauth1.dll c:\windows\system32\serauth2.dll c:\windows\system32\ssprs.dll c:\windows\system32\x64 . ((((((((((((((((((((((((( Files Created from 2009-03-17 to 2009-04-17 ))))))))))))))))))))))))))))))) . 2009-04-17 06:25 . 2008-04-12 03:32 784896 ----a-w c:\windows\system32\rpcrt4.dll 2009-04-17 05:57 . 2009-04-17 05:57 197 ----a-w c:\windows\ODBCINST.INI 2009-04-17 05:36 . 2009-04-17 05:36 -------- d-----w c:\windows\CheckSur 2009-04-16 22:11 . 2009-04-16 22:11 -------- d-----w C:\PerfLogs 2009-04-16 21:42 . 2009-04-16 21:42 -------- d-----w c:\windows\system32\ShellExt 2009-04-16 21:11 . 2008-01-19 07:36 448512 ----a-w c:\windows\system32\termsrv.dll 2009-04-16 21:10 . 2008-01-19 07:36 293376 ----a-w c:\windows\system32\wlanmsm.dll 2009-04-16 21:09 . 2008-01-19 07:36 723968 ----a-w c:\windows\system32\powercpl.dll 2009-04-16 21:08 . 2008-01-19 05:57 8192 ----a-w c:\windows\system32\drivers\rootmdm.sys 2009-04-16 21:07 . 2008-01-19 07:36 357888 ----a-w c:\windows\system32\wbemcomn.dll 2009-04-16 21:06 . 2008-01-19 07:36 129536 ----a-w c:\windows\system32\sqmapi.dll 2009-04-16 21:06 . 2008-01-19 07:36 704512 ----a-w c:\windows\system32\SmiEngine.dll 2009-04-16 21:06 . 2008-01-19 07:36 139264 ----a-w c:\windows\system32\SmiInstaller.dll 2009-04-16 21:05 . 2008-01-19 07:36 218624 ----a-w c:\windows\system32\wdscore.dll 2009-04-16 21:05 . 2008-01-19 07:33 130560 ----a-w c:\windows\system32\PkgMgr.exe 2009-04-16 21:03 . 2008-01-19 07:34 246784 ----a-w c:\windows\system32\drvstore.dll 2009-04-16 21:03 . 2008-01-19 07:35 35328 ----a-w c:\windows\system32\mspatcha.dll 2009-04-16 21:03 . 2008-01-19 07:34 305152 ----a-w c:\windows\system32\msdelta.dll 2009-04-16 21:03 . 2008-01-19 07:34 258560 ----a-w c:\windows\system32\dpx.dll 2009-04-15 12:45 . 2009-04-15 12:45 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\Acronis 2009-04-15 11:29 . 2009-04-15 11:29 -------- d-----w c:\users\All Users\Acronis 2009-04-15 11:29 . 2009-04-15 11:29 -------- d-----w c:\programdata\Acronis 2009-04-15 11:24 . 2009-04-15 11:24 971552 ----a-w c:\windows\system32\drivers\tdrpm174.sys 2009-04-15 11:24 . 2009-04-15 11:24 540000 ----a-w c:\windows\system32\drivers\timntr.sys 2009-04-15 11:24 . 2009-04-15 11:24 44704 ----a-w c:\windows\system32\drivers\tifsfilt.sys 2009-04-15 11:24 . 2009-04-15 11:24 134272 ----a-w c:\windows\system32\drivers\snman380.sys 2009-04-15 08:40 . 2009-04-15 08:40 -------- d-----w C:\dell 2009-04-14 21:26 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll 2009-04-14 21:20 . 2008-04-18 05:48 269312 ----a-w c:\windows\system32\es.dll 2009-04-14 20:55 . 2009-04-14 20:55 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\DAEMON Tools Pro 2009-04-14 20:55 . 2009-04-14 20:55 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\DAEMON Tools 2009-04-14 20:54 . 2009-04-14 20:54 -------- d-----w c:\users\All Users\DAEMON Tools Lite 2009-04-14 20:54 . 2009-04-14 20:54 -------- d-----w c:\programdata\DAEMON Tools Lite 2009-04-14 20:54 . 2009-04-14 21:03 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\DAEMON Tools Lite 2009-04-14 20:47 . 2009-04-14 20:47 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2009-04-14 20:47 . 2009-04-14 20:47 47360 ----a-w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\pcouffin.sys 2009-04-14 20:47 . 2009-04-14 20:47 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\Vso 2009-04-14 20:28 . 2009-04-14 20:28 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Local\MicroVision Applications 2009-04-14 20:19 . 2009-04-17 07:59 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\Tracing 2009-04-14 20:14 . 2006-11-29 10:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll 2009-04-14 18:35 . 2009-04-17 03:19 1140850688 --sha-w C:\NRTPage.sys 2009-04-14 14:12 . 2009-04-17 07:45 450 ----a-w c:\windows\system32\BDUpdateV1.xml 2009-04-14 12:26 . 2009-04-14 12:26 -------- d-----w c:\users\Administrator\AppData\Roaming\BitDefender 2009-04-14 09:51 . 2009-04-17 11:02 81984 ----a-w c:\windows\system32\bdod.bin 2009-04-14 09:46 . 2009-04-14 09:46 850 ----a-w c:\windows\system32\ProductTweaks.xml 2009-04-14 09:46 . 2009-04-14 09:46 385 ----a-w c:\windows\system32\user_gensett.xml 2009-04-14 09:42 . 2009-04-14 09:42 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\BitDefender 2009-04-14 09:42 . 2009-04-14 09:46 -------- d-----w c:\users\All Users\BitDefender 2009-04-14 09:42 . 2009-04-14 09:46 -------- d-----w c:\programdata\BitDefender 2009-04-14 09:04 . 2009-04-14 09:04 61440 ----a-w c:\windows\system32\winipsec.dll 2009-04-14 09:04 . 2009-04-14 09:04 361984 ----a-w c:\windows\system32\IPSECSVC.DLL 2009-04-14 09:04 . 2009-04-14 09:04 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll 2009-04-14 09:04 . 2009-04-14 09:04 272896 ----a-w c:\windows\system32\polstore.dll 2009-04-14 09:02 . 2009-04-14 09:02 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys 2009-04-14 09:02 . 2009-04-14 09:02 2927104 ----a-w c:\windows\explorer.exe 2009-04-14 09:00 . 2009-04-14 09:00 288768 ----a-w c:\windows\system32\drivers\srv.sys 2009-04-14 07:27 . 2009-04-14 07:27 1820 ----a-w c:\windows\system32\rasctrnm.h 2009-04-14 07:27 . 2009-04-14 07:27 94720 ----a-w c:\windows\system32\PortableDeviceClassExtension.dll 2009-04-14 07:27 . 2009-04-14 07:27 241152 ----a-w c:\windows\system32\PortableDeviceApi.dll 2009-04-14 07:27 . 2009-04-14 07:27 160768 ----a-w c:\windows\system32\PortableDeviceTypes.dll 2009-04-14 07:23 . 2009-04-14 07:23 -------- d-----w c:\windows\system32\logs 2009-04-14 07:20 . 2009-04-14 07:20 296960 ----a-w c:\windows\system32\gdi32.dll 2009-04-14 07:19 . 2009-04-14 07:19 28672 ----a-w c:\windows\system32\Apphlpdm.dll 2009-04-14 07:19 . 2009-04-14 07:19 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll 2009-04-14 07:19 . 2009-04-14 07:19 1695744 ----a-w c:\windows\system32\gameux.dll 2009-04-14 07:19 . 2009-04-14 07:19 303616 ----a-w c:\windows\system32\wmpeffects.dll 2009-04-14 07:18 . 2009-04-14 07:18 2048 ----a-w c:\windows\system32\msxml3r.dll 2009-04-14 07:18 . 2009-04-14 07:18 1191936 ----a-w c:\windows\system32\msxml3.dll 2009-04-14 07:17 . 2009-04-14 07:17 712704 ----a-w c:\windows\system32\WindowsCodecs.dll 2009-04-14 07:17 . 2009-04-14 07:17 425472 ----a-w c:\windows\system32\PhotoMetadataHandler.dll 2009-04-14 07:17 . 2009-04-14 07:17 347648 ----a-w c:\windows\system32\WindowsCodecsExt.dll 2009-04-14 07:15 . 2009-04-14 07:15 443392 ----a-w c:\windows\system32\win32spl.dll 2009-04-14 07:15 . 2009-04-14 07:15 37888 ----a-w c:\windows\system32\printcom.dll 2009-04-14 07:15 . 2009-04-14 07:15 14848 ----a-w c:\windows\system32\wshrm.dll 2009-04-14 07:15 . 2009-04-14 07:15 113664 ----a-w c:\windows\system32\drivers\rmcast.sys 2009-04-14 07:13 . 2009-04-14 07:13 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\Media Player Classic 2009-04-13 22:22 . 2009-04-13 22:22 2048 ----a-w c:\windows\system32\tzres.dll 2009-04-13 22:21 . 2009-04-13 22:21 8147456 ----a-w c:\windows\system32\wmploc.DLL 2009-04-13 22:21 . 2009-04-13 22:21 7680 ----a-w c:\windows\system32\spwmp.dll 2009-04-13 22:21 . 2009-04-13 22:21 4096 ----a-w c:\windows\system32\dxmasf.dll 2009-04-13 22:21 . 2009-04-13 22:21 4096 ----a-w c:\windows\system32\msdxm.ocx 2009-04-13 22:18 . 2008-01-19 07:34 15872 ----a-w c:\windows\system32\hcrstco.dll 2009-04-13 22:18 . 2006-11-02 09:46 8704 ----a-w c:\windows\system32\hccoin.dll 2009-04-13 22:15 . 2009-04-13 22:15 9892864 ----a-w c:\windows\system32\NlsLexicons000a.dll 2009-04-13 22:13 . 2009-04-13 22:13 6656 ----a-w c:\windows\system32\kbd106n.dll 2009-04-13 22:13 . 2009-04-13 22:13 988216 ----a-w c:\windows\system32\winload.exe 2009-04-13 22:13 . 2009-04-13 22:13 927288 ----a-w c:\windows\system32\winresume.exe 2009-04-13 22:13 . 2009-04-13 22:13 40960 ----a-w c:\windows\system32\srclient.dll 2009-04-13 22:13 . 2009-04-13 22:13 378368 ----a-w c:\windows\system32\srcore.dll 2009-04-13 22:13 . 2009-04-13 22:13 318464 ----a-w c:\windows\system32\rstrui.exe 2009-04-13 22:13 . 2009-04-13 22:13 14848 ----a-w c:\windows\system32\srdelayed.exe 2009-04-13 22:13 . 2009-04-13 22:13 615992 ----a-w c:\windows\system32\ci.dll 2009-04-13 22:13 . 2009-04-13 22:13 46592 ----a-w c:\windows\system32\setbcdlocale.dll 2009-04-13 22:13 . 2009-04-13 22:13 19000 ----a-w c:\windows\system32\kd1394.dll 2009-04-13 22:08 . 2009-04-13 22:08 268288 ----a-w c:\windows\system32\schannel.dll 2009-04-13 21:35 . 2009-04-13 21:35 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\URSoft 2009-04-13 21:35 . 2009-04-17 08:38 -------- d---a-w c:\users\All Users\TEMP 2009-04-13 21:35 . 2009-04-17 08:38 -------- d---a-w c:\programdata\TEMP 2009-04-13 21:24 . 2003-08-14 15:59 26013 ----a-w c:\windows\system32\sleep.exe 2009-04-13 20:29 . 2009-04-13 20:29 622080 ----a-w c:\windows\system32\icardagt.exe 2009-04-13 20:29 . 2009-04-13 20:29 97800 ----a-w c:\windows\system32\infocardapi.dll 2009-04-13 20:29 . 2009-04-13 20:29 11264 ----a-w c:\windows\system32\icardres.dll 2009-04-13 20:29 . 2009-04-13 20:29 37384 ----a-w c:\windows\system32\infocardcpl.cpl 2009-04-13 20:29 . 2009-04-13 20:29 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2009-04-13 20:29 . 2009-04-13 20:29 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll 2009-04-13 20:29 . 2009-04-13 20:29 326160 ----a-w c:\windows\system32\PresentationHost.exe 2009-04-13 20:29 . 2009-04-13 20:29 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll 2009-04-13 20:10 . 2009-04-13 20:10 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Local\Apps 2009-04-13 20:10 . 2009-04-13 20:11 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Local\Deployment 2009-04-13 20:06 . 2008-09-16 19:23 168448 ----a-w c:\windows\system32\unrar.dll 2009-04-13 20:06 . 2008-10-03 12:30 414 ----a-w c:\windows\system32\lame_acm.xml 2009-04-13 20:06 . 2008-09-24 18:41 839680 ----a-w c:\windows\system32\lameACM.acm 2009-04-13 20:06 . 2007-09-21 00:52 118784 ----a-w c:\windows\system32\ac3acm.acm 2009-04-13 20:06 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll 2009-04-13 20:06 . 2008-12-11 00:33 86016 ----a-w c:\windows\system32\dpl100.dll 2009-04-13 20:06 . 2008-12-07 18:08 795648 ----a-w c:\windows\system32\xvidcore.dll 2009-04-13 20:06 . 2008-12-07 18:08 130048 ----a-w c:\windows\system32\xvidvfw.dll 2009-04-13 20:06 . 2008-11-06 16:37 3596288 ----a-w c:\windows\system32\qt-dx331.dll 2009-04-13 20:06 . 2008-11-06 16:33 684032 ----a-w c:\windows\system32\divx.dll 2009-04-13 20:06 . 2007-07-10 16:10 547 ----a-w c:\windows\system32\ff_vfw.dll.manifest 2009-04-13 20:06 . 2009-02-09 18:56 67584 ----a-w c:\windows\system32\ff_vfw.dll 2009-04-13 19:53 . 2009-04-13 20:02 65536 ----a-w c:\windows\ocsetup_cbs_install_NetFx3.dpx 2009-04-13 19:53 . 2009-04-13 20:02 196608 ----a-w c:\windows\ocsetup_cbs_install_NetFx3.perf 2009-04-13 19:53 . 2009-04-13 20:02 13107200 ----a-w c:\windows\ocsetup_install_NetFx3.etl 2009-04-13 19:53 . 2009-04-13 19:53 -------- d--h--w c:\windows\PIF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-17 10:56 . 2007-01-05 05:12 598182 ----a-w c:\windows\System32\perfh01F.dat 2009-04-17 10:56 . 2007-01-05 05:12 119904 ----a-w c:\windows\System32\perfc01F.dat 2009-04-16 22:25 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini 2009-04-16 22:22 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat 2009-04-16 22:22 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat 2009-04-16 22:22 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat 2009-04-16 22:16 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Calendar 2009-04-16 22:16 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail 2009-04-16 22:16 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Sidebar 2009-04-16 22:16 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Collaboration 2009-04-16 22:16 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Photo Gallery 2009-04-16 22:16 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Defender 2009-04-16 22:11 . 2006-11-02 10:25 665600 ----a-w c:\windows\Inf\drvindex.dat 2009-04-16 21:51 . 2006-11-02 10:32 101888 ----a-w c:\windows\System32\ifxcardm.dll 2009-04-16 21:51 . 2006-11-02 10:32 82432 ----a-w c:\windows\System32\axaltocm.dll 2009-04-16 21:38 . 2009-04-16 21:38 -------- d-----w c:\program files\Yamicsoft 2009-04-16 21:33 . 2009-04-16 21:31 -------- d-----w c:\program files\USBScan 2009-04-15 11:23 . 2009-04-15 11:23 -------- d-----w c:\program files\Common Files\Acronis 2009-04-15 11:23 . 2009-04-15 11:23 -------- d-----w c:\program files\Acronis 2009-04-15 08:40 . 2009-04-15 08:40 -------- d-----w c:\program files\Broadcom 2009-04-14 20:54 . 2009-04-14 20:54 -------- d-----w c:\program files\DAEMON Tools Toolbar 2009-04-14 20:54 . 2009-04-14 20:54 -------- d-----w c:\program files\DAEMON Tools Lite 2009-04-14 20:47 . 2009-04-14 20:47 -------- d-----w c:\program files\LG Software Innovations 2009-04-14 20:15 . 2009-04-14 20:11 -------- d-----w c:\program files\Windows Live 2009-04-14 20:15 . 2009-04-14 20:15 -------- d-----w c:\program files\Microsoft Sync Framework 2009-04-14 20:13 . 2009-04-14 20:13 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition 2009-04-14 20:12 . 2009-04-14 20:12 -------- d-----w c:\program files\Microsoft 2009-04-14 20:11 . 2009-04-14 20:11 -------- d-----w c:\program files\Windows Live SkyDrive 2009-04-14 19:54 . 2009-04-14 19:54 -------- d-----w c:\program files\Microsoft Office Outlook Connector 2009-04-14 19:54 . 2009-04-14 19:54 -------- d-----w c:\program files\Common Files\Windows Live 2009-04-14 19:54 . 2009-04-14 19:54 -------- d-----w c:\program files\MSECache 2009-04-14 14:10 . 2009-04-14 09:42 -------- d-----w c:\program files\BitDefender 2009-04-14 13:33 . 2009-04-14 13:33 -------- d-----w c:\program files\GetData 2009-04-14 12:26 . 2009-04-14 12:25 119568 ----a-w c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2009-04-14 12:25 . 2009-04-13 19:05 -------- d-----w c:\program files\USB Disk Security 2009-04-14 09:42 . 2009-04-14 09:41 -------- d-----w c:\program files\Common Files\BitDefender 2009-04-14 09:00 . 2007-03-08 21:25 -------- d-----w c:\program files\Analog Devices 2009-04-14 07:19 . 2009-04-14 07:19 2560 ----a-w c:\windows\AppPatch\AcRes.dll 2009-04-14 07:19 . 2009-04-14 07:19 541696 ----a-w c:\windows\AppPatch\AcLayers.dll 2009-04-14 07:19 . 2009-04-14 07:19 460288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2009-04-14 07:19 . 2009-04-14 07:19 2154496 ----a-w c:\windows\AppPatch\AcGenral.dll 2009-04-14 07:19 . 2009-04-14 07:19 173056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2009-04-14 07:19 . 2009-04-14 07:19 52736 ----a-w c:\windows\AppPatch\iebrshim.dll 2009-04-14 07:12 . 2007-03-08 21:45 -------- d-----w c:\programdata\Sonic 2009-04-14 07:06 . 2007-03-08 22:01 -------- d-----w c:\program files\Common Files\Symantec Shared 2009-04-13 22:15 . 2009-04-13 22:15 6237696 ----a-w c:\windows\System32\NlsLexicons000c.dll 2009-04-13 21:59 . 2007-03-08 22:01 -------- d-----w c:\programdata\Symantec 2009-04-13 21:51 . 2009-04-13 21:50 -------- d-----w c:\program files\Common Files\Adobe 2009-04-13 21:39 . 2009-04-13 21:35 -------- d-----w c:\program files\Your Uninstaller 2008 2009-04-13 21:23 . 2009-04-13 21:23 -------- d-----w c:\program files\Alcohol Soft 2009-04-13 20:07 . 2009-04-13 20:06 -------- d-----w c:\program files\K-Lite Codec Pack 2009-04-13 19:34 . 2009-04-13 19:34 -------- d-----w c:\program files\LSI SoftModem 2009-04-13 19:33 . 2009-04-13 19:33 -------- d-----w c:\program files\IObit 2009-04-13 19:28 . 2009-04-13 19:28 -------- d-----w c:\program files\CCleaner 2009-04-13 19:25 . 2009-04-13 19:25 -------- d-----w c:\program files\GlobFX 2009-04-13 19:23 . 2009-04-13 19:23 -------- d-----w c:\program files\GRETECH 2009-04-13 19:17 . 2009-04-13 19:17 -------- d-----w c:\program files\Macmillan Dictionaries 2009-04-13 19:14 . 2009-04-13 19:14 -------- d-----w c:\program files\IDM 2009-04-13 19:06 . 2009-04-13 19:06 -------- d-----w c:\program files\Cambridge 2009-04-13 18:58 . 2009-04-13 18:55 -------- d-----w c:\program files\SPSS 15.0 for Windows 2009-04-13 18:54 . 2007-03-08 21:36 -------- d-----w c:\program files\Common Files\InstallShield 2009-04-13 18:47 . 2009-04-13 18:47 -------- d-----w c:\program files\Microsoft Works 2009-04-13 18:47 . 2006-11-02 12:35 -------- d-----w c:\program files\MSBuild 2009-04-13 18:45 . 2009-04-13 18:45 -------- d-----w c:\program files\Microsoft.NET 2009-04-13 18:41 . 2009-04-13 18:41 -------- d-----w c:\program files\Microsoft Visual Studio 8 2009-04-13 18:28 . 2009-04-13 18:28 594 ----a-w C:\updatedatfix.log 2009-04-13 18:28 . 2007-03-08 21:35 -------- d-----w c:\program files\Hp 2009-04-13 18:16 . 2009-04-13 18:16 -------- d-----w c:\program files\WIDCOMM 2009-04-13 18:16 . 2009-04-13 18:16 -------- d-----w c:\program files\Google 2009-04-13 18:11 . 2009-04-13 18:11 -------- d-----w c:\program files\InterVideo 2009-04-13 18:11 . 2007-03-08 21:25 -------- d--h--w c:\program files\InstallShield Installation Information 2009-03-17 03:38 . 2009-04-14 21:26 40960 ----a-w c:\windows\AppPatch\apihex86.dll 2009-03-17 03:38 . 2009-04-14 21:26 13824 ----a-w c:\windows\System32\apilogen.dll 2009-03-17 03:38 . 2009-04-14 21:26 24064 ----a-w c:\windows\System32\amxread.dll 2009-03-03 04:46 . 2009-04-14 21:26 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe 2009-03-03 04:46 . 2009-04-14 21:26 3547632 ----a-w c:\windows\System32\ntoskrnl.exe 2009-03-03 04:40 . 2009-04-14 21:27 827392 ----a-w c:\windows\System32\wininet.dll 2009-03-03 04:39 . 2009-04-14 21:26 183296 ----a-w c:\windows\System32\sdohlp.dll 2009-03-03 04:39 . 2009-04-14 21:26 551424 ----a-w c:\windows\System32\rpcss.dll 2009-03-03 04:39 . 2009-04-14 21:26 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll 2009-03-03 04:37 . 2009-04-14 21:27 78336 ----a-w c:\windows\System32\ieencode.dll 2009-03-03 04:37 . 2009-04-14 21:26 98304 ----a-w c:\windows\System32\iasrecst.dll 2009-03-03 04:37 . 2009-04-14 21:26 54784 ----a-w c:\windows\System32\iasads.dll 2009-03-03 04:37 . 2009-04-14 21:26 44032 ----a-w c:\windows\System32\iasdatastore.dll 2009-03-03 03:04 . 2009-04-14 21:26 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe 2009-03-03 02:38 . 2009-04-14 21:26 17408 ----a-w c:\windows\System32\iashost.exe 2009-03-03 02:28 . 2009-04-14 21:27 26624 ----a-w c:\windows\System32\ieUnatt.exe 2009-02-13 08:49 . 2009-04-14 21:26 72704 ----a-w c:\windows\System32\secur32.dll 2009-02-13 08:49 . 2009-04-14 21:26 1255936 ----a-w c:\windows\System32\lsasrv.dll 2009-02-06 16:31 . 2009-02-06 16:31 308104 ----a-w c:\windows\WLXPGSS.SCR 2009-02-06 15:52 . 2009-02-06 15:52 49504 ----a-w c:\windows\System32\sirenacm.dll 2009-04-17 11:05 . 2006-11-02 12:45 262144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT 2009-04-17 11:04 . 2009-04-17 11:04 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat 2009-04-17 11:04 . 2009-04-17 11:04 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat 2009-04-17 11:05 . 2006-11-02 12:45 262144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT 2009-04-17 11:04 . 2009-04-13 17:48 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2009-04-17 11:04 . 2009-04-13 17:48 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2009-04-17 11:04 . 2009-04-13 17:48 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 133656] "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-16 778240] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "PromptOnSecureDesktop"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ASWLNPkg [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{444E9AA3-78C1-430B-912A-E5E1DE642B5D}"= TCP:6004\|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{FABF33F1-B04C-4DDA-845E-A686A21C9943}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{B1BA2B8B-7497-489A-8A2B-D105179E69E4}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{A81A5833-5899-4706-872E-6CF53F00546D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{B1EEB425-F5D9-4F35-9BCC-7C3CDA8C5B6B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{B71154B2-FDAF-4BA4-8EE1-F2B265BC6841}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 172032] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936] S0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\DRIVERS\snman380.sys [2009-04-15 134272] S0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\DRIVERS\tdrpm174.sys [2009-04-15 971552] S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2006-09-28 32000] S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504] S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504] S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696] S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112] S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2009-02-12 104328] S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480] --- Other Services/Drivers In Memory --- Deregistered - sptd [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ Cognizance REG_MULTI_SZ ASBroker ASChannel bdx REG_MULTI_SZ scan . Contents of the 'Scheduled Tasks' folder 2009-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1794439710-135025153-1327788145-1003.job - c:\users\Ali Enver.AliEnver-PC.000\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-13 23:12] 2009-04-13 c:\windows\Tasks\HPCeeScheduleForAli Enver.job - c:\program files\Hewlett-Packard\SDP\ceement\HPCEE.exe [2006-12-20 11:51] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.hp.com IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ************************************************************************ catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-17 14:05 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\users\ALIENV~1.000\AppData\Local\Temp\catchme.dll 53248 bytes executable scan completed successfully hidden files: 1 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(728) c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll - - - - - - - > 'Explorer.exe'(3156) c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll c:\windows\system32\btncopy.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe c:\program files\BitDefender\BitDefender 2009\vsserv.exe c:\windows\System32\audiodg.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\windows\System32\AEADISRV.EXE c:\windows\System32\agrsmsvc.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\Hewlett-Packard\IAM\Bin\asghost.exe c:\windows\System32\conime.exe c:\windows\System32\igfxsrvc.exe c:\program files\BitDefender\BitDefender 2009\seccenter.exe c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe c:\windows\System32\wbem\WMIADAP.exe . ************************************************************************ . Completion time: 2009-04-17 14:10 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-17 11:10 Pre-Run: 11.317.350.400 bayt boş Post-Run: 11,135,836,160 bayt boş 371 --- E O F --- 2009-04-17 06:30

04-17-2009, 08:01 AM	#5 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,546 OS: 2000 Pro; XP Pro; XP Home	Re: Missing msconfig.exe Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix. Open notepad and copy/paste the text in the quotebox below into it: Code: Dequarantine:: C:\Qoobox\Quarantine\C\WINDOWS\System32\msconfig.exe.vir Quit:: Save this as CFScript.txt Referring to the picture above, drag CFScript.txt into ComboFix.exe Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this. --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

04-18-2009, 01:42 PM	#6 (permalink)
enveralisahin Registered User Join Date: Apr 2009 Posts: 4 OS: Vista	Re: Missing msconfig.exe Combo fix report ComboFix 09-04-18.01 - Ali Enver 18.04.2009 22:27.2 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1254.90.1055.18.2551.1647 [GMT 3:00] Running from: c:\users\Ali Enver.AliEnver-PC.000\Desktop\ComboFix.exe Command switches used :: c:\users\Ali Enver.AliEnver-PC.000\Desktop\CFScript.txt AV: BitDefender Antivirus On-access scanning disabled (Updated) FW: BitDefender Firewall disabled . ((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 ))))))))))))))))))))))))))))))) . 2009-04-17 21:06 . 2009-04-17 21:06 -------- d-----w c:\windows\system32\config\systemprofile\ContentWatch 2009-04-17 20:44 . 2009-04-17 20:44 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\ContentWatch 2009-04-17 20:14 . 2009-04-17 20:14 -------- d--h--r C:\MSOCache 2009-04-17 14:36 . 2009-04-17 14:36 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Local\GMail Drive 2009-04-17 06:25 . 2008-04-12 03:32 784896 ----a-w c:\windows\system32\rpcrt4.dll 2009-04-17 05:57 . 2009-04-17 05:57 197 ----a-w c:\windows\ODBCINST.INI 2009-04-17 05:36 . 2009-04-17 05:36 -------- d-----w c:\windows\CheckSur 2009-04-16 22:11 . 2009-04-16 22:11 -------- d-----w C:\PerfLogs 2009-04-16 21:42 . 2009-04-16 21:42 -------- d-----w c:\windows\system32\ShellExt 2009-04-16 21:11 . 2008-01-19 07:36 448512 ----a-w c:\windows\system32\termsrv.dll 2009-04-16 21:10 . 2008-01-19 07:36 293376 ----a-w c:\windows\system32\wlanmsm.dll 2009-04-16 21:09 . 2008-01-19 07:36 723968 ----a-w c:\windows\system32\powercpl.dll 2009-04-16 21:08 . 2008-01-19 05:57 8192 ----a-w c:\windows\system32\drivers\rootmdm.sys 2009-04-16 21:07 . 2008-01-19 07:36 357888 ----a-w c:\windows\system32\wbemcomn.dll 2009-04-16 21:06 . 2008-01-19 07:36 129536 ----a-w c:\windows\system32\sqmapi.dll 2009-04-16 21:06 . 2008-01-19 07:36 704512 ----a-w c:\windows\system32\SmiEngine.dll 2009-04-16 21:06 . 2008-01-19 07:36 139264 ----a-w c:\windows\system32\SmiInstaller.dll 2009-04-16 21:05 . 2008-01-19 07:36 218624 ----a-w c:\windows\system32\wdscore.dll 2009-04-16 21:05 . 2008-01-19 07:33 130560 ----a-w c:\windows\system32\PkgMgr.exe 2009-04-16 21:03 . 2008-01-19 07:34 246784 ----a-w c:\windows\system32\drvstore.dll 2009-04-16 21:03 . 2008-01-19 07:35 35328 ----a-w c:\windows\system32\mspatcha.dll 2009-04-16 21:03 . 2008-01-19 07:34 305152 ----a-w c:\windows\system32\msdelta.dll 2009-04-16 21:03 . 2008-01-19 07:34 258560 ----a-w c:\windows\system32\dpx.dll 2009-04-15 12:45 . 2009-04-15 12:45 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\Acronis 2009-04-15 11:29 . 2009-04-15 11:29 -------- d-----w c:\users\All Users\Acronis 2009-04-15 11:29 . 2009-04-15 11:29 -------- d-----w c:\programdata\Acronis 2009-04-15 11:24 . 2009-04-15 11:24 971552 ----a-w c:\windows\system32\drivers\tdrpm174.sys 2009-04-15 11:24 . 2009-04-15 11:24 540000 ----a-w c:\windows\system32\drivers\timntr.sys 2009-04-15 11:24 . 2009-04-15 11:24 44704 ----a-w c:\windows\system32\drivers\tifsfilt.sys 2009-04-15 11:24 . 2009-04-15 11:24 134272 ----a-w c:\windows\system32\drivers\snman380.sys 2009-04-15 08:40 . 2009-04-15 08:40 -------- d-----w C:\dell 2009-04-14 21:26 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll 2009-04-14 21:20 . 2008-04-18 05:48 269312 ----a-w c:\windows\system32\es.dll 2009-04-14 20:55 . 2009-04-14 20:55 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\DAEMON Tools Pro 2009-04-14 20:55 . 2009-04-14 20:55 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\DAEMON Tools 2009-04-14 20:54 . 2009-04-14 20:54 -------- d-----w c:\users\All Users\DAEMON Tools Lite 2009-04-14 20:54 . 2009-04-14 20:54 -------- d-----w c:\programdata\DAEMON Tools Lite 2009-04-14 20:54 . 2009-04-14 21:03 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\DAEMON Tools Lite 2009-04-14 20:47 . 2009-04-14 20:47 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2009-04-14 20:47 . 2009-04-14 20:47 47360 ----a-w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\pcouffin.sys 2009-04-14 20:47 . 2009-04-14 20:47 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\Vso 2009-04-14 20:28 . 2009-04-14 20:28 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Local\MicroVision Applications 2009-04-14 20:19 . 2009-04-17 19:18 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\Tracing 2009-04-14 20:14 . 2006-11-29 10:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll 2009-04-14 18:35 . 2009-04-17 03:19 1140850688 --sha-w C:\NRTPage.sys 2009-04-14 14:12 . 2009-04-17 07:45 450 ----a-w c:\windows\system32\BDUpdateV1.xml 2009-04-14 12:26 . 2009-04-14 12:26 -------- d-----w c:\users\Administrator\AppData\Roaming\BitDefender 2009-04-14 09:51 . 2009-04-18 19:32 81984 ----a-w c:\windows\system32\bdod.bin 2009-04-14 09:46 . 2009-04-14 09:46 850 ----a-w c:\windows\system32\ProductTweaks.xml 2009-04-14 09:46 . 2009-04-14 09:46 385 ----a-w c:\windows\system32\user_gensett.xml 2009-04-14 09:42 . 2009-04-14 09:42 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\BitDefender 2009-04-14 09:42 . 2009-04-14 09:46 -------- d-----w c:\users\All Users\BitDefender 2009-04-14 09:42 . 2009-04-14 09:46 -------- d-----w c:\programdata\BitDefender 2009-04-14 09:04 . 2009-04-14 09:04 61440 ----a-w c:\windows\system32\winipsec.dll 2009-04-14 09:04 . 2009-04-14 09:04 361984 ----a-w c:\windows\system32\IPSECSVC.DLL 2009-04-14 09:04 . 2009-04-14 09:04 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll 2009-04-14 09:04 . 2009-04-14 09:04 272896 ----a-w c:\windows\system32\polstore.dll 2009-04-14 09:02 . 2009-04-14 09:02 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys 2009-04-14 09:02 . 2009-04-14 09:02 2927104 ----a-w c:\windows\explorer.exe 2009-04-14 09:00 . 2009-04-14 09:00 288768 ----a-w c:\windows\system32\drivers\srv.sys 2009-04-14 07:27 . 2009-04-14 07:27 1820 ----a-w c:\windows\system32\rasctrnm.h 2009-04-14 07:27 . 2009-04-14 07:27 94720 ----a-w c:\windows\system32\PortableDeviceClassExtension.dll 2009-04-14 07:27 . 2009-04-14 07:27 241152 ----a-w c:\windows\system32\PortableDeviceApi.dll 2009-04-14 07:27 . 2009-04-14 07:27 160768 ----a-w c:\windows\system32\PortableDeviceTypes.dll 2009-04-14 07:23 . 2009-04-14 07:23 -------- d-----w c:\windows\system32\logs 2009-04-14 07:20 . 2009-04-14 07:20 296960 ----a-w c:\windows\system32\gdi32.dll 2009-04-14 07:19 . 2009-04-14 07:19 28672 ----a-w c:\windows\system32\Apphlpdm.dll 2009-04-14 07:19 . 2009-04-14 07:19 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll 2009-04-14 07:19 . 2009-04-14 07:19 1695744 ----a-w c:\windows\system32\gameux.dll 2009-04-14 07:19 . 2009-04-14 07:19 303616 ----a-w c:\windows\system32\wmpeffects.dll 2009-04-14 07:18 . 2009-04-14 07:18 2048 ----a-w c:\windows\system32\msxml3r.dll 2009-04-14 07:18 . 2009-04-14 07:18 1191936 ----a-w c:\windows\system32\msxml3.dll 2009-04-14 07:17 . 2009-04-14 07:17 712704 ----a-w c:\windows\system32\WindowsCodecs.dll 2009-04-14 07:17 . 2009-04-14 07:17 425472 ----a-w c:\windows\system32\PhotoMetadataHandler.dll 2009-04-14 07:17 . 2009-04-14 07:17 347648 ----a-w c:\windows\system32\WindowsCodecsExt.dll 2009-04-14 07:15 . 2009-04-14 07:15 443392 ----a-w c:\windows\system32\win32spl.dll 2009-04-14 07:15 . 2009-04-14 07:15 37888 ----a-w c:\windows\system32\printcom.dll 2009-04-14 07:15 . 2009-04-14 07:15 14848 ----a-w c:\windows\system32\wshrm.dll 2009-04-14 07:15 . 2009-04-14 07:15 113664 ----a-w c:\windows\system32\drivers\rmcast.sys 2009-04-14 07:13 . 2009-04-14 07:13 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\Media Player Classic 2009-04-13 22:22 . 2009-04-13 22:22 2048 ----a-w c:\windows\system32\tzres.dll 2009-04-13 22:21 . 2009-04-13 22:21 8147456 ----a-w c:\windows\system32\wmploc.DLL 2009-04-13 22:21 . 2009-04-13 22:21 7680 ----a-w c:\windows\system32\spwmp.dll 2009-04-13 22:21 . 2009-04-13 22:21 4096 ----a-w c:\windows\system32\dxmasf.dll 2009-04-13 22:21 . 2009-04-13 22:21 4096 ----a-w c:\windows\system32\msdxm.ocx 2009-04-13 22:18 . 2008-01-19 07:34 15872 ----a-w c:\windows\system32\hcrstco.dll 2009-04-13 22:18 . 2006-11-02 09:46 8704 ----a-w c:\windows\system32\hccoin.dll 2009-04-13 22:15 . 2009-04-13 22:15 9892864 ----a-w c:\windows\system32\NlsLexicons000a.dll 2009-04-13 22:13 . 2009-04-13 22:13 6656 ----a-w c:\windows\system32\kbd106n.dll 2009-04-13 22:13 . 2009-04-13 22:13 988216 ----a-w c:\windows\system32\winload.exe 2009-04-13 22:13 . 2009-04-13 22:13 927288 ----a-w c:\windows\system32\winresume.exe 2009-04-13 22:13 . 2009-04-13 22:13 40960 ----a-w c:\windows\system32\srclient.dll 2009-04-13 22:13 . 2009-04-13 22:13 378368 ----a-w c:\windows\system32\srcore.dll 2009-04-13 22:13 . 2009-04-13 22:13 318464 ----a-w c:\windows\system32\rstrui.exe 2009-04-13 22:13 . 2009-04-13 22:13 14848 ----a-w c:\windows\system32\srdelayed.exe 2009-04-13 22:13 . 2009-04-13 22:13 615992 ----a-w c:\windows\system32\ci.dll 2009-04-13 22:13 . 2009-04-13 22:13 46592 ----a-w c:\windows\system32\setbcdlocale.dll 2009-04-13 22:13 . 2009-04-13 22:13 19000 ----a-w c:\windows\system32\kd1394.dll 2009-04-13 22:08 . 2009-04-13 22:08 268288 ----a-w c:\windows\system32\schannel.dll 2009-04-13 21:35 . 2009-04-13 21:35 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Roaming\URSoft 2009-04-13 21:35 . 2009-04-17 20:04 -------- d---a-w c:\users\All Users\TEMP 2009-04-13 21:35 . 2009-04-17 20:04 -------- d---a-w c:\programdata\TEMP 2009-04-13 21:24 . 2003-08-14 15:59 26013 ----a-w c:\windows\system32\sleep.exe 2009-04-13 20:29 . 2009-04-13 20:29 622080 ----a-w c:\windows\system32\icardagt.exe 2009-04-13 20:29 . 2009-04-13 20:29 97800 ----a-w c:\windows\system32\infocardapi.dll 2009-04-13 20:29 . 2009-04-13 20:29 11264 ----a-w c:\windows\system32\icardres.dll 2009-04-13 20:29 . 2009-04-13 20:29 37384 ----a-w c:\windows\system32\infocardcpl.cpl 2009-04-13 20:29 . 2009-04-13 20:29 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2009-04-13 20:29 . 2009-04-13 20:29 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll 2009-04-13 20:29 . 2009-04-13 20:29 326160 ----a-w c:\windows\system32\PresentationHost.exe 2009-04-13 20:29 . 2009-04-13 20:29 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll 2009-04-13 20:10 . 2009-04-13 20:10 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Local\Apps 2009-04-13 20:10 . 2009-04-13 20:11 -------- d-----w c:\users\Ali Enver.AliEnver-PC.000\AppData\Local\Deployment 2009-04-13 20:06 . 2008-09-16 19:23 168448 ----a-w c:\windows\system32\unrar.dll 2009-04-13 20:06 . 2008-10-03 12:30 414 ----a-w c:\windows\system32\lame_acm.xml 2009-04-13 20:06 . 2008-09-24 18:41 839680 ----a-w c:\windows\system32\lameACM.acm 2009-04-13 20:06 . 2007-09-21 00:52 118784 ----a-w c:\windows\system32\ac3acm.acm 2009-04-13 20:06 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll 2009-04-13 20:06 . 2008-12-11 00:33 86016 ----a-w c:\windows\system32\dpl100.dll 2009-04-13 20:06 . 2008-12-07 18:08 795648 ----a-w c:\windows\system32\xvidcore.dll 2009-04-13 20:06 . 2008-12-07 18:08 130048 ----a-w c:\windows\system32\xvidvfw.dll 2009-04-13 20:06 . 2008-11-06 16:37 3596288 ----a-w c:\windows\system32\qt-dx331.dll 2009-04-13 20:06 . 2008-11-06 16:33 684032 ----a-w c:\windows\system32\divx.dll 2009-04-13 20:06 . 2007-07-10 16:10 547 ----a-w c:\windows\system32\ff_vfw.dll.manifest 2009-04-13 20:06 . 2009-02-09 18:56 67584 ----a-w c:\windows\system32\ff_vfw.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-18 19:23 . 2007-01-05 05:12 598182 ----a-w c:\windows\System32\perfh01F.dat 2009-04-18 19:23 . 2007-01-05 05:12 119904 ----a-w c:\windows\System32\perfc01F.dat 2009-04-18 19:23 . 2009-04-16 21:31 -------- d-----w c:\program files\USBScan 2009-04-17 21:40 . 2009-04-17 21:40 -------- d-----w c:\program files\MSXML 4.0 2009-04-17 21:12 . 2009-04-14 19:54 -------- d-----w c:\program files\MSECache 2009-04-17 21:05 . 2009-04-16 21:11 227840 ----a-w c:\windows\System32\msconfig.exe 2009-04-17 20:47 . 2009-04-17 20:47 -------- d-----w c:\programdata\ContentWatch 2009-04-17 20:47 . 2009-04-17 20:47 -------- d-----w c:\program files\ContentWatch 2009-04-17 20:20 . 2009-04-13 18:47 -------- d-----w c:\program files\Microsoft Works 2009-04-17 20:19 . 2006-11-02 12:35 -------- d-----w c:\program files\MSBuild 2009-04-17 13:28 . 2007-03-08 22:01 -------- d-----w c:\programdata\Symantec 2009-04-17 13:28 . 2007-03-08 22:01 -------- d-----w c:\program files\Common Files\Symantec Shared 2009-04-16 22:25 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini 2009-04-16 22:22 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat 2009-04-16 22:22 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat 2009-04-16 22:22 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat 2009-04-16 22:16 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Calendar 2009-04-16 22:16 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail 2009-04-16 22:16 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Sidebar 2009-04-16 22:16 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Collaboration 2009-04-16 22:16 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Photo Gallery 2009-04-16 22:16 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Defender 2009-04-16 22:11 . 2006-11-02 10:25 665600 ----a-w c:\windows\Inf\drvindex.dat 2009-04-16 21:51 . 2006-11-02 10:32 101888 ----a-w c:\windows\System32\ifxcardm.dll 2009-04-16 21:51 . 2006-11-02 10:32 82432 ----a-w c:\windows\System32\axaltocm.dll 2009-04-16 21:38 . 2009-04-16 21:38 -------- d-----w c:\program files\Yamicsoft 2009-04-15 11:23 . 2009-04-15 11:23 -------- d-----w c:\program files\Common Files\Acronis 2009-04-15 11:23 . 2009-04-15 11:23 -------- d-----w c:\program files\Acronis 2009-04-15 08:40 . 2009-04-15 08:40 -------- d-----w c:\program files\Broadcom 2009-04-14 20:54 . 2009-04-14 20:54 -------- d-----w c:\program files\DAEMON Tools Toolbar 2009-04-14 20:54 . 2009-04-14 20:54 -------- d-----w c:\program files\DAEMON Tools Lite 2009-04-14 20:47 . 2009-04-14 20:47 -------- d-----w c:\program files\LG Software Innovations 2009-04-14 20:15 . 2009-04-14 20:11 -------- d-----w c:\program files\Windows Live 2009-04-14 20:15 . 2009-04-14 20:15 -------- d-----w c:\program files\Microsoft Sync Framework 2009-04-14 20:13 . 2009-04-14 20:13 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition 2009-04-14 20:12 . 2009-04-14 20:12 -------- d-----w c:\program files\Microsoft 2009-04-14 20:11 . 2009-04-14 20:11 -------- d-----w c:\program files\Windows Live SkyDrive 2009-04-14 19:54 . 2009-04-14 19:54 -------- d-----w c:\program files\Common Files\Windows Live 2009-04-14 14:10 . 2009-04-14 09:42 -------- d-----w c:\program files\BitDefender 2009-04-14 13:33 . 2009-04-14 13:33 -------- d-----w c:\program files\GetData 2009-04-14 12:26 . 2009-04-14 12:25 119568 ----a-w c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2009-04-14 12:25 . 2009-04-13 19:05 -------- d-----w c:\program files\USB Disk Security 2009-04-14 09:42 . 2009-04-14 09:41 -------- d-----w c:\program files\Common Files\BitDefender 2009-04-14 09:00 . 2007-03-08 21:25 -------- d-----w c:\program files\Analog Devices 2009-04-14 07:19 . 2009-04-14 07:19 2560 ----a-w c:\windows\AppPatch\AcRes.dll 2009-04-14 07:19 . 2009-04-14 07:19 541696 ----a-w c:\windows\AppPatch\AcLayers.dll 2009-04-14 07:19 . 2009-04-14 07:19 460288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2009-04-14 07:19 . 2009-04-14 07:19 2154496 ----a-w c:\windows\AppPatch\AcGenral.dll 2009-04-14 07:19 . 2009-04-14 07:19 173056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2009-04-14 07:19 . 2009-04-14 07:19 52736 ----a-w c:\windows\AppPatch\iebrshim.dll 2009-04-14 07:12 . 2007-03-08 21:45 -------- d-----w c:\programdata\Sonic 2009-04-13 22:15 . 2009-04-13 22:15 6237696 ----a-w c:\windows\System32\NlsLexicons000c.dll 2009-04-13 21:51 . 2009-04-13 21:50 -------- d-----w c:\program files\Common Files\Adobe 2009-04-13 21:39 . 2009-04-13 21:35 -------- d-----w c:\program files\Your Uninstaller 2008 2009-04-13 21:23 . 2009-04-13 21:23 -------- d-----w c:\program files\Alcohol Soft 2009-04-13 20:07 . 2009-04-13 20:06 -------- d-----w c:\program files\K-Lite Codec Pack 2009-04-13 19:34 . 2009-04-13 19:34 -------- d-----w c:\program files\LSI SoftModem 2009-04-13 19:33 . 2009-04-13 19:33 -------- d-----w c:\program files\IObit 2009-04-13 19:28 . 2009-04-13 19:28 -------- d-----w c:\program files\CCleaner 2009-04-13 19:25 . 2009-04-13 19:25 -------- d-----w c:\program files\GlobFX 2009-04-13 19:23 . 2009-04-13 19:23 -------- d-----w c:\program files\GRETECH 2009-04-13 19:17 . 2009-04-13 19:17 -------- d-----w c:\program files\Macmillan Dictionaries 2009-04-13 19:14 . 2009-04-13 19:14 -------- d-----w c:\program files\IDM 2009-04-13 19:06 . 2009-04-13 19:06 -------- d-----w c:\program files\Cambridge 2009-04-13 18:58 . 2009-04-13 18:55 -------- d-----w c:\program files\SPSS 15.0 for Windows 2009-04-13 18:54 . 2007-03-08 21:36 -------- d-----w c:\program files\Common Files\InstallShield 2009-04-13 18:45 . 2009-04-13 18:45 -------- d-----w c:\program files\Microsoft.NET 2009-04-13 18:41 . 2009-04-13 18:41 -------- d-----w c:\program files\Microsoft Visual Studio 8 2009-04-13 18:28 . 2009-04-13 18:28 594 ----a-w C:\updatedatfix.log 2009-04-13 18:28 . 2007-03-08 21:35 -------- d-----w c:\program files\Hp 2009-04-13 18:16 . 2009-04-13 18:16 -------- d-----w c:\program files\WIDCOMM 2009-04-13 18:16 . 2009-04-13 18:16 -------- d-----w c:\program files\Google 2009-04-13 18:11 . 2009-04-13 18:11 -------- d-----w c:\program files\InterVideo 2009-04-13 18:11 . 2007-03-08 21:25 -------- d--h--w c:\program files\InstallShield Installation Information 2009-03-17 03:38 . 2009-04-14 21:26 40960 ----a-w c:\windows\AppPatch\apihex86.dll 2009-03-17 03:38 . 2009-04-14 21:26 13824 ----a-w c:\windows\System32\apilogen.dll 2009-03-17 03:38 . 2009-04-14 21:26 24064 ----a-w c:\windows\System32\amxread.dll 2009-03-03 04:46 . 2009-04-14 21:26 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe 2009-03-03 04:46 . 2009-04-14 21:26 3547632 ----a-w c:\windows\System32\ntoskrnl.exe 2009-03-03 04:40 . 2009-04-14 21:27 827392 ----a-w c:\windows\System32\wininet.dll 2009-03-03 04:39 . 2009-04-14 21:26 183296 ----a-w c:\windows\System32\sdohlp.dll 2009-03-03 04:39 . 2009-04-14 21:26 551424 ----a-w c:\windows\System32\rpcss.dll 2009-03-03 04:39 . 2009-04-14 21:26 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll 2009-03-03 04:37 . 2009-04-14 21:27 78336 ----a-w c:\windows\System32\ieencode.dll 2009-03-03 04:37 . 2009-04-14 21:26 98304 ----a-w c:\windows\System32\iasrecst.dll 2009-03-03 04:37 . 2009-04-14 21:26 54784 ----a-w c:\windows\System32\iasads.dll 2009-03-03 04:37 . 2009-04-14 21:26 44032 ----a-w c:\windows\System32\iasdatastore.dll 2009-03-03 03:04 . 2009-04-14 21:26 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe 2009-03-03 02:38 . 2009-04-14 21:26 17408 ----a-w c:\windows\System32\iashost.exe 2009-03-03 02:28 . 2009-04-14 21:27 26624 ----a-w c:\windows\System32\ieUnatt.exe 2009-02-21 05:25 . 2009-02-21 05:25 691592 ----a-w c:\windows\System32\OGACheckControl.DLL 2009-02-13 08:49 . 2009-04-14 21:26 72704 ----a-w c:\windows\System32\secur32.dll 2009-02-13 08:49 . 2009-04-14 21:26 1255936 ----a-w c:\windows\System32\lsasrv.dll 2009-02-06 16:31 . 2009-02-06 16:31 308104 ----a-w c:\windows\WLXPGSS.SCR 2009-02-06 15:52 . 2009-02-06 15:52 49504 ----a-w c:\windows\System32\sirenacm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-14 1021224] "USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 133656] "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-15 778240] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "cwcptray"="c:\program files\ContentWatch\Internet Protection\cwtray.exe" [2008-10-23 408848] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "PromptOnSecureDesktop"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ASWLNPkg [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{B71154B2-FDAF-4BA4-8EE1-F2B265BC6841}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync "{70225C00-22B6-4109-B274-4CA6C719EC37}"= TCP:6004\|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{DB177E92-F1A3-473E-8C2C-C47CCB0C15A2}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{D01FF88C-76D6-4E83-87BC-B8879D18579D}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{54186EEE-E7C4-4A77-95E7-A216BFB97C78}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{E80881F3-C42E-4720-8B33-6B697B5D1594}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 172032] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936] S0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\DRIVERS\snman380.sys [2009-04-15 134272] S0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\DRIVERS\tdrpm174.sys [2009-04-15 971552] S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2006-09-28 32000] S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504] S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504] S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696] S2 CwAltaService20;ContentWatch;c:\program files\ContentWatch\Internet Protection\cwsvc.exe [2008-10-23 1228560] S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112] S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2009-02-12 104328] S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480] --- Other Services/Drivers In Memory --- Deregistered - sptd [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ Cognizance REG_MULTI_SZ ASBroker ASChannel bdx REG_MULTI_SZ scan . Contents of the 'Scheduled Tasks' folder 2009-04-13 c:\windows\Tasks\HPCeeScheduleForAli Enver.job - c:\program files\Hewlett-Packard\SDP\ceement\HPCEE.exe [2007-03-08 08:51] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.hp.com IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: c:\windows\system32\cwalsp.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-18 22:34 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(732) c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll - - - - - - - > 'Explorer.exe'(884) c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll c:\windows\system32\btncopy.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe c:\program files\BitDefender\BitDefender 2009\vsserv.exe c:\windows\System32\audiodg.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\windows\System32\AEADISRV.EXE c:\windows\System32\agrsmsvc.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\microsoft shared\VS7Debug\mdm.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\Hewlett-Packard\IAM\Bin\asghost.exe c:\windows\System32\conime.exe c:\windows\System32\igfxsrvc.exe c:\program files\BitDefender\BitDefender 2009\seccenter.exe c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe c:\windows\System32\wbem\WMIADAP.exe . ************************************************************************ . Completion time: 2009-04-18 22:39 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-18 19:39 Pre-Run: 11.005.112.320 bayt boş Post-Run: 11.011.424.256 bayt boş 355 --- E O F --- 2009-04-18 19:18

04-18-2009, 01:51 PM	#7 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,546 OS: 2000 Pro; XP Pro; XP Home	Re: Missing msconfig.exe Hello - That does not seem to have produced the expected results. Please delete your existing version of ComboFix, as it's updated frequently. Download a fresh copy, and then run the script again from my previous post, Post #5. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

05-03-2009, 11:29 AM	#8 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,546 OS: 2000 Pro; XP Pro; XP Home	Re: Missing msconfig.exe Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here: NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009