Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Help with an old laptop
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Help with an old laptop  
Forum Quick Jump
 
New Topic Locked Topic Printable version of : Help with an old laptop
[ << Previous Thread | Next Thread >> ]

Runie
New Member


Date Joined Jun 2008
Total Posts : 8
  		   Posted 6-29-2008 3:16 (GMT +2)    Quote: Help with an old laptopAlert an admin about: Help with an old laptop
My brother had this laptop that he took with him to his dorm, and to say that he is careless is an understatement. He spilled this laptop with coffee, broke the moniter, lost the "backspace" key, destroyed all three USB ports, and the software is as slow as hell.

Anyways I managed to get it fixed (at least it works), but I'm still suspicious of spywate/viruses. Can any of you guys help me with this?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:54 AM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrialReset] C:\WINDOWS\fix.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 5940 bytes

--------------------------------------------------------------------------------------------------------------------------------

and another problem though, I can't see hidden files even if I set it to show hidden files and folders. I'm thinking my brother used some kind of program to hide something like pr0n, any help with this as well? I wanna get rid of it

Thanks in advance :p
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13069
  		   Posted 6-29-2008 6:09 (GMT +2)    Quote: Help with an old laptopAlert an admin about: Help with an old laptop
Hi Runie smile


Click here - ->>  http://www.bullguard.com/forum/14/Before-posting-a-log_43561.html 
 
 
 After You have run the scan tools -
 
Reboot normally
 
Post Hijackthis log along with SuperAntiSpyware log, , C: combofix TXT  in this topic
 
Please copy and paste your log. DO NOT add it as an attachment
Kindly do not annotate or format the log with color or font changes.
 
NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.
 


Do NOT post your problem in someone elses thread.

Back to Top
 

Runie
New Member


Date Joined Jun 2008
Total Posts : 8
  		   Posted 6-29-2008 11:47 (GMT +2)    Quote: Help with an old laptopAlert an admin about: Help with an old laptop
Wow, thanks for the fast reply.

Um...I don't know how to make a log file with Superanti spyware free edition. It just scanned my pc and found no threats


Hijackthis Log
------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:41:33 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrialReset] C:\WINDOWS\fix.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 5650 bytes
--------------------------------------------------------------------------------------------------------------------------------------








Combofix log
--------------------------------------------------------------------------------------------------------------------------------------
ComboFix 08-06-20.4 - User 2008-06-29 17:18:39.1 - FAT32x86
Running from: C:\Documents and Settings\User\Desktop\Downloads\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\microsoft 0ffice
C:\WINDOWS\system\_sv_CMD_

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DNSCON
-------\Legacy_NETMANAGER
-------\Service_dnscon
-------\Service_NetManager


((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-29 16:31 . 2008-06-29 16:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-29 16:31 . 2008-06-29 16:31 <DIR> d-------- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2008-06-29 16:31 . 2008-06-29 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-29 16:30 . 2008-06-29 16:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-29 09:04 . 2008-06-29 09:04 <DIR> d-------- C:\HJT
2008-06-25 21:48 . 2008-06-25 21:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-25 21:48 . 2008-06-25 21:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-24 16:03 . 2008-06-24 16:03 159,916 --a------ C:\WINDOWS\Marsu-Fix 2.3 Uninstaller.exe
2008-06-24 15:58 . 2008-06-24 15:58 <DIR> d-------- C:\Program Files\ESET
2008-06-24 15:58 . 2008-06-24 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-24 15:46 . 2008-06-24 15:46 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-24 15:46 . 2008-06-24 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-24 15:42 . 2008-06-24 15:42 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-24 15:15 . 2008-06-24 15:15 <DIR> d-------- C:\Program Files\CCleaner
2008-06-24 15:13 . 2008-06-24 15:13 <DIR> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 18:57 208,353 ----a-w C:\WINDOWS\fix.exe
2007-10-18 02:52 11 ----a-w C:\Documents and Settings\User\a.bat
2006-08-02 00:55 37,518,744 ----a-w C:\Program Files\iTunesSetup.exe
2006-02-01 23:34 1,014,477 ----a-w C:\Program Files\wrar351.exe
2006-02-01 01:21 12,754,672 ----a-w C:\Program Files\MP10Setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"TrialReset"="C:\WINDOWS\fix.exe" [2008-04-29 02:57 208353]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PCSuiteForNokia6600 Detect.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PCSuiteForNokia6600 Detect.lnk.disabled
backup=C:\WINDOWS\pss\PCSuiteForNokia6600 Detect.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PCSuiteForNokia6600 TS.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PCSuiteForNokia6600 TS.lnk.disabled
backup=C:\WINDOWS\pss\PCSuiteForNokia6600 TS.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk.disabled
backup=C:\WINDOWS\pss\Status Monitor.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^HotSync Manager.lnk.disabled]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\HotSync Manager.lnk.disabled
backup=C:\WINDOWS\pss\HotSync Manager.lnk.disabledStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AASecuUFD]
--a------ 2006-03-12 20:19 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
C:\WINDOWS\system32\amvo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccPrxy.exe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
--------- 2006-08-07 10:06 700416 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FS6519]
C:\WINDOWS\FS6519.dll.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-12-13 19:10 1688872 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-23 15:45 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
--a------ 2006-11-17 13:39 136768 C:\Program Files\McAfee\Common Framework\UdaterUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
--------- 2006-08-07 10:06 700416 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-08-02 09:00 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SP00LSV.EXE]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-03-12 20:19 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UTSCSI"=2 (0x2)
"IDriverT"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Power2GoExpress"="C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
"AVG7_EMC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
"Nokia Tray Application"=C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"SetDefPrt"=C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
"SoundMan"=SOUNDMAN.EXE
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe
"AASecuUFD"=
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"EPSON Stylus CX3500 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P26 "EPSON Stylus CX3500 Series" /O6 "USB003" /M "Stylus CX3500"
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"SP00LSV.EXE"=SP00LSV.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Intuwave\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\kav\\kav7\\setup.exe"=
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17911:TCP"= 17911:TCP:NortonAV
"16841:TCP"= 16841:TCP:NortonAV

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-09-24 00:42]
R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-08-25 18:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a552cb2-1c3c-11db-9fe3-0015003c9045}]
\Shell\AutoRun\command - F:\USBNB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a552cb3-1c3c-11db-9fe3-0015003c9045}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ed1d68a-b4d6-11dc-a502-0015003c9045}]
\Shell\AutoRun\command - F:\
\Shell\explore\Command - WScript.exe .\__.vbs
\Shell\open\Command - WScript.exe .\__.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e5ad144-7f3d-11db-a0f2-0015003c9045}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NETSVCS.EXE
\Shell\é_†™\command - NETSVCS.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2319f42d-f88f-11dc-a5e8-0015003c9045}]
\Shell\Autoplay\Command - D:\xmss.exe
\Shell\AutoRun\command - D:\xmss.exe
\Shell\Explore\Command - D:\xmss.exe
\Shell\Open\Command - D:\xmss.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26a2e9d8-e817-11dc-a5bb-0015003c9045}]
\Shell\AutoRun\command - D:\xo8wr9.exe
\Shell\explore\Command - D:\xo8wr9.exe
\Shell\open\Command - D:\xo8wr9.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{294b12b0-e8b6-11dc-a5c0-0015003c9045}]
\Shell\AutoRun\command - D:\xo8wr9.exe
\Shell\explore\Command - D:\xo8wr9.exe
\Shell\open\Command - D:\xo8wr9.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29634c0b-3f46-11dc-a3d2-0015003c9045}]
\Shell\AutoRun\command - F:\u.bat
\Shell\explore\Command - F:\u.bat
\Shell\open\Command - F:\u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d6cc164-0c9d-11db-9fa8-0015003c9045}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NETSVCS.EXE
\Shell\é_†™\command - F:\NETSVCS.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{387f5506-00c7-11dd-a5fd-0015003c9045}]
\Shell\Autoplay\Command - D:\xmss.exe
\Shell\AutoRun\command - D:\xmss.exe
\Shell\Explore\Command - D:\xmss.exe
\Shell\Open\Command - D:\xmss.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{401e46ab-ec54-11dc-a5ce-0015003c9045}]
\Shell\AutoRun\command - D:\xo8wr9.exe
\Shell\explore\Command - D:\xo8wr9.exe
\Shell\open\Command - D:\xo8wr9.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44b2b0bc-f50f-11db-a28e-0015003c9045}]
\Shell\AutoRun\command - F:\u.bat
\Shell\explore\Command - F:\u.bat
\Shell\open\Command - F:\u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48280052-11a8-11dc-a345-0015003c9045}]
\Shell\AutoRun\command - F:\u.bat
\Shell\explore\Command - F:\u.bat
\Shell\open\Command - F:\u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b4971bc-7d7a-11da-9d3e-0015003c9045}]
\Shell\AutoRun\command - New Document.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54ac89d4-8d30-11dc-a48b-0015003c9045}]
\Shell\AutoRun\command - G:\tio8x6.cmd
\Shell\explore\Command - G:\tio8x6.cmd
\Shell\open\Command - G:\tio8x6.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{573c49d6-a2f3-11dc-a4c8-0015003c9045}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a7a2420-1314-11dc-a34d-0015003c9045}]
\Shell\AutoRun\command - D:\xo8wr9.exe
\Shell\explore\Command - D:\xo8wr9.exe
\Shell\open\Command - D:\xo8wr9.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c397558-ba67-11dc-a513-0015003c9045}]
\Shell\0pen\command - krag.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL krag.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72844af8-a4ac-11dc-a4cf-0015003c9045}]
\Shell\AutoRun\command - D:\
\Shell\explore\Command - WScript.exe .\__.vbs
\Shell\open\Command - WScript.exe .\__.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73fff984-b999-11dc-a512-0015003c9045}]
\Shell\AutoRun\command - G:\u.bat
\Shell\explore\Command - G:\u.bat
\Shell\open\Command - G:\u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7aa2f429-f5fc-11db-a296-0015003c9045}]
\Shell\Autoplay\Command - D:\xmss.exe
\Shell\AutoRun\command - D:\xmss.exe
\Shell\Explore\Command - D:\xmss.exe
\Shell\Open\Command - D:\xmss.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91718f56-af45-11da-9df8-0015003c9045}]
\Shell\AutoRun\command - u.bat
\Shell\explore\Command - u.bat
\Shell\open\Command - u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5316d16-dd3a-11dc-a586-0015003c9045}]
\Shell\AutoRun\command - D:\
\Shell\explore\Command - WScript.exe .\__.vbs
\Shell\open\Command - WScript.exe .\__.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7931239-066e-11dc-a310-0015003c9045}]
\Shell\AutoRun\command - scvshosts.exe
\Shell\Open\command - scvshosts.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7d4dc5c-f9eb-11db-a2b0-0015003c9045}]
\Shell\Autoplay\Command - G:\xmss.exe
\Shell\AutoRun\command - G:\xmss.exe
\Shell\Explore\Command - G:\xmss.exe
\Shell\Open\Command - G:\xmss.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7d4dc5f-f9eb-11db-a2b0-0015003c9045}]
\Shell\AutoRun\command - D:\xo8wr9.exe
\Shell\explore\Command - D:\xo8wr9.exe
\Shell\open\Command - D:\xo8wr9.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aeb4cef6-ed66-11db-a270-0015003c9045}]
\Shell\AutoRun\command - F:\u.bat
\Shell\explore\Command - F:\u.bat
\Shell\open\Command - F:\u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cadcb1e8-90c7-11dc-a498-0015003c9045}]
\Shell\AutoRun\command - D:\u.bat
\Shell\explore\Command - D:\u.bat
\Shell\open\Command - D:\u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7fd85b0-c532-11db-a1d6-0015003c9045}]
\Shell\AutoRun\command - E:\USBNB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec8aa008-c50a-11dc-a536-0015003c9045}]
\Shell\AutoRun\command - F:\u.bat
\Shell\explore\Command - F:\u.bat
\Shell\open\Command - F:\u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7d1673a-f52b-11db-a291-0015003c9045}]
\Shell\AutoRun\command - F:\u.bat
\Shell\explore\Command - F:\u.bat
\Shell\open\Command - F:\u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcbe305c-bb29-11db-a1b8-0015003c9045}]
\Shell\AutoRun\command - D:\xo8wr9.exe
\Shell\explore\Command - D:\xo8wr9.exe
\Shell\open\Command - D:\xo8wr9.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 17:25:34
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\BRSS01A.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\EKRN.EXE
C:\PROGRAM FILES\MCAFEE\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
.
**************************************************************************
.
Completion time: 2008-06-29 17:28:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-29 09:28:20

Pre-Run: 17,208,639,488 bytes free
Post-Run: 17,108,369,408 bytes free

313
--------------------------------------------------------------------------------------------------------------------------------------

*A side note though: after running combofix my default browser changed from Mozilla Firefox to Internet Explorer. I changed it back and after about a minute or two of surfing. I got a blue screen of death and my laptop restarted. Have you ever encountered anything like this? I'm still testing if I'll get it again.

Thanks again, Touch ^_^
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13069
  		   Posted 6-29-2008 12:17 (GMT +2)    Quote: Help with an old laptopAlert an admin about: Help with an old laptop
Combofix have some "odd" behavior some times, and you´ll probably have Phishingfilter activated in Internet Explorer now ;-)
 
 
Please download Flash_Disinfector.exe by sUBs and save it to your desktop:

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.
  • Double-click Flash_Disinfector.exe to run it.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  •  
  • Your desktop will vanish for a while, and then reappear. This is normal.
  • Wait until the program has finished scanning, then please exit the program.
 
Reboot normally.
 
Please  post fresh combofix log

Do NOT post your problem in someone elses thread.

Back to Top
 

Runie
New Member


Date Joined Jun 2008
Total Posts : 8
  		   Posted 6-30-2008 12:51 (GMT +2)    Quote: Help with an old laptopAlert an admin about: Help with an old laptop
Sorry for the late reply, I had school work to do, and then I had to go to school in the morning. I'm rather embarrassed since you reply to my posts so quickly.

Anyway

Combofix log

-----------------------------------------------------------------------------------------------------------------------------------------

ComboFix 08-06-20.4 - User 2008-06-30 18:40:24.2 - FAT32x86
Running from: C:\Documents and Settings\User\Desktop\Downloads\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.

2008-06-30 18:17 . 2008-06-30 18:17 <DIR> d--hs---- C:\FOUND.030
2008-06-29 16:31 . 2008-06-29 16:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-29 16:31 . 2008-06-29 16:31 <DIR> d-------- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2008-06-29 16:31 . 2008-06-29 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-29 16:30 . 2008-06-29 16:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-29 09:04 . 2008-06-29 09:04 <DIR> d-------- C:\HJT
2008-06-25 21:48 . 2008-06-25 21:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-25 21:48 . 2008-06-25 21:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-24 16:03 . 2008-06-24 16:03 159,916 --a------ C:\WINDOWS\Marsu-Fix 2.3 Uninstaller.exe
2008-06-24 15:58 . 2008-06-24 15:58 <DIR> d-------- C:\Program Files\ESET
2008-06-24 15:58 . 2008-06-24 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-24 15:46 . 2008-06-24 15:46 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-24 15:46 . 2008-06-24 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-24 15:42 . 2008-06-24 15:42 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-24 15:15 . 2008-06-24 15:15 <DIR> d-------- C:\Program Files\CCleaner
2008-06-24 15:13 . 2008-06-24 15:13 <DIR> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 18:57 208,353 ----a-w C:\WINDOWS\fix.exe
2007-10-18 02:52 11 ----a-w C:\Documents and Settings\User\a.bat
2006-08-02 00:55 37,518,744 ----a-w C:\Program Files\iTunesSetup.exe
2006-02-01 23:34 1,014,477 ----a-w C:\Program Files\wrar351.exe
2006-02-01 01:21 12,754,672 ----a-w C:\Program Files\MP10Setup.exe
.

((((((((((((((((((((((((((((( snapshot@2008-06-29_17.27.49.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-29 09:25:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-30 10:37:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"TrialReset"="C:\WINDOWS\fix.exe" [2008-04-29 02:57 208353]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PCSuiteForNokia6600 Detect.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PCSuiteForNokia6600 Detect.lnk.disabled
backup=C:\WINDOWS\pss\PCSuiteForNokia6600 Detect.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PCSuiteForNokia6600 TS.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PCSuiteForNokia6600 TS.lnk.disabled
backup=C:\WINDOWS\pss\PCSuiteForNokia6600 TS.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk.disabled
backup=C:\WINDOWS\pss\Status Monitor.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^HotSync Manager.lnk.disabled]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\HotSync Manager.lnk.disabled
backup=C:\WINDOWS\pss\HotSync Manager.lnk.disabledStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AASecuUFD]
--a------ 2006-03-12 20:19 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
C:\WINDOWS\system32\amvo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccPrxy.exe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
--------- 2006-08-07 10:06 700416 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FS6519]
C:\WINDOWS\FS6519.dll.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-12-13 19:10 1688872 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-23 15:45 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
--a------ 2006-11-17 13:39 136768 C:\Program Files\McAfee\Common Framework\UdaterUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
--------- 2006-08-07 10:06 700416 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-08-02 09:00 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SP00LSV.EXE]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-03-12 20:19 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UTSCSI"=2 (0x2)
"IDriverT"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Power2GoExpress"="C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
"AVG7_EMC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
"Nokia Tray Application"=C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"SetDefPrt"=C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
"SoundMan"=SOUNDMAN.EXE
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe
"AASecuUFD"=
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"EPSON Stylus CX3500 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P26 "EPSON Stylus CX3500 Series" /O6 "USB003" /M "Stylus CX3500"
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"SP00LSV.EXE"=SP00LSV.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Intuwave\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\kav\\kav7\\setup.exe"=
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17911:TCP"= 17911:TCP:NortonAV
"16841:TCP"= 16841:TCP:NortonAV

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-09-24 00:42]
R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-08-25 18:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a552cb2-1c3c-11db-9fe3-0015003c9045}]
\Shell\AutoRun\command - F:\USBNB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a552cb3-1c3c-11db-9fe3-0015003c9045}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ed1d68a-b4d6-11dc-a502-0015003c9045}]
\Shell\AutoRun\command - F:\
\Shell\explore\Command - WScript.exe .\__.vbs
\Shell\open\Command - WScript.exe .\__.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e5ad144-7f3d-11db-a0f2-0015003c9045}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NETSVCS.EXE
\Shell\é_†™\command - NETSVCS.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2319f42d-f88f-11dc-a5e8-0015003c9045}]
\Shell\Autoplay\Command - D:\xmss.exe
\Shell\AutoRun\command - D:\xmss.exe
\Shell\Explore\Command - D:\xmss.exe
\Shell\Open\Command - D:\xmss.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26a2e9d8-e817-11dc-a5bb-0015003c9045}]
\Shell\AutoRun\command - D:\xo8wr9.exe
\Shell\explore\Command - D:\xo8wr9.exe
\Shell\open\Command - D:\xo8wr9.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{294b12b0-e8b6-11dc-a5c0-0015003c9045}]
\Shell\AutoRun\command - D:\xo8wr9.exe
\Shell\explore\Command - D:\xo8wr9.exe
\Shell\open\Command - D:\xo8wr9.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29634c0b-3f46-11dc-a3d2-0015003c9045}]
\Shell\AutoRun\command - F:\u.bat
\Shell\explore\Command - F:\u.bat
\Shell\open\Command - F:\u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d6cc164-0c9d-11db-9fa8-0015003c9045}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NETSVCS.EXE
\Shell\é_†™\command - F:\NETSVCS.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{387f5506-00c7-11dd-a5fd-0015003c9045}]
\Shell\Autoplay\Command - D:\xmss.exe
\Shell\AutoRun\command - D:\xmss.exe
\Shell\Explore\Command - D:\xmss.exe
\Shell\Open\Command - D:\xmss.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{401e46ab-ec54-11dc-a5ce-0015003c9045}]
\Shell\AutoRun\command - D:\xo8wr9.exe
\Shell\explore\Command - D:\xo8wr9.exe
\Shell\open\Command - D:\xo8wr9.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44b2b0bc-f50f-11db-a28e-0015003c9045}]
\Shell\AutoRun\command - F:\u.bat
\Shell\explore\Command - F:\u.bat
\Shell\open\Command - F:\u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48280052-11a8-11dc-a345-0015003c9045}]
\Shell\AutoRun\command - F:\u.bat
\Shell\explore\Command - F:\u.bat
\Shell\open\Command - F:\u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b4971bc-7d7a-11da-9d3e-0015003c9045}]
\Shell\AutoRun\command - New Document.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54ac89d4-8d30-11dc-a48b-0015003c9045}]
\Shell\AutoRun\command - G:\tio8x6.cmd
\Shell\explore\Command - G:\tio8x6.cmd
\Shell\open\Command - G:\tio8x6.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{573c49d6-a2f3-11dc-a4c8-0015003c9045}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a7a2420-1314-11dc-a34d-0015003c9045}]
\Shell\AutoRun\command - D:\xo8wr9.exe
\Shell\explore\Command - D:\xo8wr9.exe
\Shell\open\Command - D:\xo8wr9.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c397558-ba67-11dc-a513-0015003c9045}]
\Shell\0pen\command - krag.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL krag.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72844af8-a4ac-11dc-a4cf-0015003c9045}]
\Shell\AutoRun\command - D:\
\Shell\explore\Command - WScript.exe .\__.vbs
\Shell\open\Command - WScript.exe .\__.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73fff984-b999-11dc-a512-0015003c9045}]
\Shell\AutoRun\command - G:\u.bat
\Shell\explore\Command - G:\u.bat
\Shell\open\Command - G:\u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7aa2f429-f5fc-11db-a296-0015003c9045}]
\Shell\Autoplay\Command - D:\xmss.exe
\Shell\AutoRun\command - D:\xmss.exe
\Shell\Explore\Command - D:\xmss.exe
\Shell\Open\Command - D:\xmss.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91718f56-af45-11da-9df8-0015003c9045}]
\Shell\AutoRun\command - u.bat
\Shell\explore\Command - u.bat
\Shell\open\Command - u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5316d16-dd3a-11dc-a586-0015003c9045}]
\Shell\AutoRun\command - D:\
\Shell\explore\Command - WScript.exe .\__.vbs
\Shell\open\Command - WScript.exe .\__.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7931239-066e-11dc-a310-0015003c9045}]
\Shell\AutoRun\command - scvshosts.exe
\Shell\Open\command - scvshosts.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7d4dc5c-f9eb-11db-a2b0-0015003c9045}]
\Shell\Autoplay\Command - G:\xmss.exe
\Shell\AutoRun\command - G:\xmss.exe
\Shell\Explore\Command - G:\xmss.exe
\Shell\Open\Command - G:\xmss.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7d4dc5f-f9eb-11db-a2b0-0015003c9045}]
\Shell\AutoRun\command - D:\xo8wr9.exe
\Shell\explore\Command - D:\xo8wr9.exe
\Shell\open\Command - D:\xo8wr9.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aeb4cef6-ed66-11db-a270-0015003c9045}]
\Shell\AutoRun\command - F:\u.bat
\Shell\explore\Command - F:\u.bat
\Shell\open\Command - F:\u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cadcb1e8-90c7-11dc-a498-0015003c9045}]
\Shell\AutoRun\command - D:\u.bat
\Shell\explore\Command - D:\u.bat
\Shell\open\Command - D:\u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7fd85b0-c532-11db-a1d6-0015003c9045}]
\Shell\AutoRun\command - E:\USBNB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec8aa008-c50a-11dc-a536-0015003c9045}]
\Shell\AutoRun\command - F:\u.bat
\Shell\explore\Command - F:\u.bat
\Shell\open\Command - F:\u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7d1673a-f52b-11db-a291-0015003c9045}]
\Shell\AutoRun\command - F:\u.bat
\Shell\explore\Command - F:\u.bat
\Shell\open\Command - F:\u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcbe305c-bb29-11db-a1b8-0015003c9045}]
\Shell\AutoRun\command - D:\xo8wr9.exe
\Shell\explore\Command - D:\xo8wr9.exe
\Shell\open\Command - D:\xo8wr9.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 18:44:06
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-30 18:44:52
ComboFix-quarantined-files.txt 2008-06-30 10:44:46
ComboFix2.txt 2008-06-29 09:28:30

Pre-Run: 17,046,994,944 bytes free
Post-Run: 17,028,874,240 bytes free

296


--------------------------------------------------------------------------------------------------------------------------------------

Another thing though, I uninstalled an old Mcafee anti virus program my brother was using, but I noticed that there is a program "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" still running in my processes. I tried to delete the folder but the laptop won't let me. What should I do with this?

Once again, you have my thanks smilewinkgrin
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13069
  		   Posted 6-30-2008 2:49 (GMT +2)    Quote: Help with an old laptopAlert an admin about: Help with an old laptop
You don´t have to be embarrassed ;-)
 
We remove the Mcafee folder now.
 
 
 
Please connect all your external hard drive/flash drive before running Combofix
 
 
 
Open notepad and copy/paste the text in the quote box below into it:
Quote:
-----------------------------------------------------
KILLALL::
 
Snapshot::
 
File::
C:\WINDOWS\fix.exe
C:\Documents and Settings\User\a.bat
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\FS6519.dll.vbs
F:\__.vbs
D:\xmss.exe
D:\xo8wr9.exe
F:\u.bat
D:\__.vbs
F:\NETSVCS.EXE
 
Folder::
C:\Program Files\McAfee
 
 
 
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrialReset"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccPrxy.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FS6519]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SP00LSV.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SP00LSV.EXE"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ed1d68a-b4d6-11dc-a502-0015003c9045}]
 
 
----------------------------------------------
 
Save this as CFScript.txt
 
http://www.fromsej.saknet.dk/billeder/cfscript.gif
 
At this point, You MUST EXIT ALL BROWSERS NOW before continuing!
Referring to the picture above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system.
It may reboot your system when it finishes. This is normal.
 
 
Post new hijackthis log along with fresh combofix log
 

Do NOT post your problem in someone elses thread.

Back to Top
 

Runie
New Member


Date Joined Jun 2008
Total Posts : 8
  		   Posted 7-1-2008 1:15 (GMT +2)    Quote: Help with an old laptopAlert an admin about: Help with an old laptop
Wow thanks, it feels good deleting a bunch of crap files I don't understand in my laptop. Btw how do you know how to do this? Did you have some kind special training in school or something? :-)

Hijackthis
-
-----------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:41 PM, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 5355 bytes
--------------------------------------------------------------------------------------------------------------------------------------


Combofix

-------------------------------------------------------------------------------------------------------------------------------------

ComboFix 08-06-20.4 - User 2008-07-01 18:54:42.3 - FAT32x86
Running from: C:\Documents and Settings\User\Desktop\Downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\User\a.bat
C:\WINDOWS\fix.exe
C:\WINDOWS\FS6519.dll.vbs
C:\WINDOWS\system32\amvo.exe
D:\__.vbs
D:\xmss.exe
D:\xo8wr9.exe
F:\__.vbs
F:\NETSVCS.EXE
F:\u.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\User\a.bat
C:\Program Files\McAfee
C:\Program Files\McAfee\Common Framework\0409\AgentRes.dll
C:\Program Files\McAfee\Common Framework\0409\AgentRes64.dll
C:\Program Files\McAfee\Common Framework\0409\CmaUIRes.dll
C:\Program Files\McAfee\Common Framework\0409\ScrptRes.dll
C:\Program Files\McAfee\Common Framework\0409\UpdRes.dll
C:\Program Files\McAfee\Common Framework\Agent64.dll
C:\Program Files\McAfee\Common Framework\applib.dll
C:\Program Files\McAfee\Common Framework\applib64.dll
C:\Program Files\McAfee\Common Framework\ClientUI.dll
C:\Program Files\McAfee\Common Framework\cmalib.dll
C:\Program Files\McAfee\Common Framework\cmalib64.dll
C:\Program Files\McAfee\Common Framework\ComponentFrameworkCallback64.dll
C:\Program Files\McAfee\Common Framework\ComponentPolicyEnforcement64.dll
C:\Program Files\McAfee\Common Framework\ComponentSubSystem.dll
C:\Program Files\McAfee\Common Framework\ComponentSubSystem64.dll
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\Common Framework\FrmInst.exe
C:\Program Files\McAfee\Common Framework\FrmPlugin.dll
C:\Program Files\McAfee\Common Framework\GenEvtInf.dll
C:\Program Files\McAfee\Common Framework\GenEvtInf64.dll
C:\Program Files\McAfee\Common Framework\InternetManager.dll
C:\Program Files\McAfee\Common Framework\InternetManager64.dll
C:\Program Files\McAfee\Common Framework\JrMac.dll
C:\Program Files\McAfee\Common Framework\ListenServer.dll
C:\Program Files\McAfee\Common Framework\Logging.dll
C:\Program Files\McAfee\Common Framework\Logging64.dll
C:\Program Files\McAfee\Common Framework\Management.dll
C:\Program Files\McAfee\Common Framework\Management64.dll
C:\Program Files\McAfee\Common Framework\McScanCheck.exe
C:\Program Files\McAfee\Common Framework\McScript.exe
C:\Program Files\McAfee\Common Framework\McScript_InUse.exe
C:\Program Files\McAfee\Common Framework\Mctray.exe
C:\Program Files\McAfee\Common Framework\mcurial.dll
C:\Program Files\McAfee\Common Framework\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
C:\Program Files\McAfee\Common Framework\Microsoft.VC80.CRT\msvcm80.dll
C:\Program Files\McAfee\Common Framework\Microsoft.VC80.CRT\msvcp80.dll
C:\Program Files\McAfee\Common Framework\Microsoft.VC80.CRT\msvcr80.dll
C:\Program Files\McAfee\Common Framework\msvcp71.dll
C:\Program Files\McAfee\Common Framework\msvcr71.dll
C:\Program Files\McAfee\Common Framework\naCmnLib64.dll
C:\Program Files\McAfee\Common Framework\naCmnLib71.dll
C:\Program Files\McAfee\Common Framework\nagshr32.dll
C:\Program Files\McAfee\Common Framework\naicrt32.dll
C:\Program Files\McAfee\Common Framework\nailog.dll
C:\Program Files\McAfee\Common Framework\nailog64.dll
C:\Program Files\McAfee\Common Framework\naInet.dll
C:\Program Files\McAfee\Common Framework\naInet64.dll
C:\Program Files\McAfee\Common Framework\naisign.dll
C:\Program Files\McAfee\Common Framework\naitcpp.dll
C:\Program Files\McAfee\Common Framework\naPolicyManager.dll
C:\Program Files\McAfee\Common Framework\naPolicyManager64.dll
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr64.exe
C:\Program Files\McAfee\Common Framework\naSPIPE.dll
C:\Program Files\McAfee\Common Framework\naSPIPE64.dll
C:\Program Files\McAfee\Common Framework\naXML64.dll
C:\Program Files\McAfee\Common Framework\naXML71.dll
C:\Program Files\McAfee\Common Framework\nmcomn32.dll
C:\Program Files\McAfee\Common Framework\patchw32.dll
C:\Program Files\McAfee\Common Framework\PcrPlug.dll
C:\Program Files\McAfee\Common Framework\PoEvtInf.dll
C:\Program Files\McAfee\Common Framework\Scheduler.dll
C:\Program Files\McAfee\Common Framework\Scheduler64.dll
C:\Program Files\McAfee\Common Framework\ScriptSubSys.dll
C:\Program Files\McAfee\Common Framework\SecureFrameworkFactory.dll
C:\Program Files\McAfee\Common Framework\SecureFrameworkFactory64.dll
C:\Program Files\McAfee\Common Framework\TCHelper.dll
C:\Program Files\McAfee\Common Framework\TCSubSys.dll
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\unicows.dll
C:\Program Files\McAfee\Common Framework\UpdateSubSys.dll
C:\Program Files\McAfee\Common Framework\UpdPlug.dll
C:\Program Files\McAfee\Common Framework\UserSpace.dll
C:\Program Files\McAfee\Common Framework\XMLWrap.dll
C:\WINDOWS\fix.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.

2008-06-30 18:17 . 2008-06-30 18:17 <DIR> d--hs---- C:\FOUND.030
2008-06-29 16:31 . 2008-06-29 16:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-29 16:31 . 2008-06-29 16:31 <DIR> d-------- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2008-06-29 16:31 . 2008-06-29 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-29 16:30 . 2008-06-29 16:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-29 09:04 . 2008-06-29 09:04 <DIR> d-------- C:\HJT
2008-06-25 21:48 . 2008-06-25 21:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-25 21:48 . 2008-06-25 21:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-24 16:03 . 2008-06-24 16:03 159,916 --a------ C:\WINDOWS\Marsu-Fix 2.3 Uninstaller.exe
2008-06-24 15:58 . 2008-06-24 15:58 <DIR> d-------- C:\Program Files\ESET
2008-06-24 15:58 . 2008-06-24 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-24 15:46 . 2008-06-24 15:46 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-24 15:46 . 2008-06-24 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-24 15:42 . 2008-06-24 15:42 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-24 15:15 . 2008-06-24 15:15 <DIR> d-------- C:\Program Files\CCleaner
2008-06-24 15:13 . 2008-06-24 15:13 <DIR> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-08-02 00:55 37,518,744 ----a-w C:\Program Files\iTunesSetup.exe
2006-02-01 23:34 1,014,477 ----a-w C:\Program Files\wrar351.exe
2006-02-01 01:21 12,754,672 ----a-w C:\Program Files\MP10Setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PCSuiteForNokia6600 Detect.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PCSuiteForNokia6600 Detect.lnk.disabled
backup=C:\WINDOWS\pss\PCSuiteForNokia6600 Detect.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PCSuiteForNokia6600 TS.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PCSuiteForNokia6600 TS.lnk.disabled
backup=C:\WINDOWS\pss\PCSuiteForNokia6600 TS.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk.disabled
backup=C:\WINDOWS\pss\Status Monitor.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^HotSync Manager.lnk.disabled]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\HotSync Manager.lnk.disabled
backup=C:\WINDOWS\pss\HotSync Manager.lnk.disabledStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AASecuUFD]
--a------ 2006-03-12 20:19 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
--------- 2006-08-07 10:06 700416 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-12-13 19:10 1688872 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-23 15:45 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\m