sellout007
New member
Also, I just got a IE window that popped up with this address...
http://207.44.196.104/searchframes.html
http://207.44.196.104/searchframes.html
DriverCleaner/Compaq Conections Agent/Pop ups
- Thread starter sellout007
- Start date
sellout007
New member
SmitFraudFix v2.139
Scan done at 19:41:37.09, Mon 02/05/2007
Run from C:\Documents and Settings\Compaq_Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Administrator
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Administrator\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Common Files\\rteqe.html"
"SubscribedURL"=""
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Scan done at 19:41:37.09, Mon 02/05/2007
Run from C:\Documents and Settings\Compaq_Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Administrator
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Administrator\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Common Files\\rteqe.html"
"SubscribedURL"=""
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
sellout007
New member
No infected files.
What do I do with the program? Delete it or leave it?
What do I do with the program? Delete it or leave it?
Remove this program in add and remove programs
C:\Program Files\Bodog Poker
Then remove the folder.
C:\Program Files\Bodog Poker
Then remove the folder.
sellout007
New member
After checking it looks like the program is clean. Thought it may have installed
Lets run combofix.exe again
http://www.techsupportforum.com/sectools/combofix.exe
Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Then rename myFTP.exe to myFTP.old
Lets run combofix.exe again
http://www.techsupportforum.com/sectools/combofix.exe
Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Then rename myFTP.exe to myFTP.old
sellout007
New member
I renamed the 3 myFTP.exe files I have.
One is in c:\programfiles\disc
One is in c:\windows\prefetch
One is in c:\programfiles\disc\systemupdates
"Compaq_Administrator" - 07-02-05 20:33:44 Service Pack 2
ComboFix 07.01.31 - Running from: "C:\Spyware"
((((((((((((((((((((((((((((((( Files Created from 2007-01-05 to 2007-02-05 ))))))))))))))))))))))))))))))))))
2007-02-05 19:58 <DIR> d-------- C:\VundoFix Backups
2007-02-05 19:41 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-02-05 19:41 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-02-05 19:41 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-02-05 19:41 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-02-05 19:41 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-02-05 19:41 2,746 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-05 19:41 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-02-04 13:30 <DIR> d-------- C:\WINDOWS\WBEM
2007-02-04 13:30 <DIR> d-------- C:\WINDOWS\system32\en-US
2007-02-04 13:29 <DIR> d--h-c--- C:\WINDOWS\ie7
2007-02-04 13:28 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-02-04 13:28 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-02-04 12:02 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-02-04 12:02 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-02-04 12:02 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-02-04 12:02 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-02-04 12:01 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-02-04 11:49 34,304 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2007-02-04 11:49 14,848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2007-02-04 11:49 <DIR> d-------- C:\Program Files\AntiVir PersonalEdition Classic
2007-02-04 11:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AntiVir PersonalEdition Classic
2007-02-04 01:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-02-03 11:00 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-31 16:47 93,564 --a------ C:\WINDOWS\TTC.exe
2007-01-28 10:15 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\Application Data\Viewpoint
2007-01-15 19:02 <DIR> d-------- C:\Spyware
2007-01-12 08:01 <DIR> d-------- C:\Program Files\Viewpoint
2007-01-12 08:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Viewpoint
2007-01-12 08:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL OCP
2007-01-12 08:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL
2007-01-12 07:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL Downloads
2007-01-09 17:00 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\Application Data\System Restore
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-05 20:34 -------- d-------- C:\Program Files\disc
2007-02-05 18:10 -------- d-------- C:\Program Files\google
2007-02-04 12:08 -------- d-------- C:\DOCUME~1\COMPAQ~1\Application Data\adobeum
2007-02-03 11:22 -------- d-------- C:\Program Files\quicktime
2007-02-03 11:19 -------- d-------- C:\Program Files\messenger
2007-02-03 11:17 -------- d-a------ C:\Program Files\Common Files\lightscribe
2007-02-03 10:23 12462 --a------ C:\DOCUME~1\COMPAQ~1\Application Data\wklnhst.dat
2007-02-03 10:18 379 --a------ C:\Program Files\Common Files\quha
2007-01-28 22:28 -------- d-------- C:\Program Files\bodog poker
2007-01-12 08:00 -------- d-------- C:\DOCUME~1\COMPAQ~1\Application Data\mozilla
2007-01-12 07:55 -------- d---s---- C:\DOCUME~1\COMPAQ~1\Application Data\microsoft
2007-01-04 06:50 -------- d-------- C:\DOCUME~1\COMPAQ~1\Application Data\adobe
2007-01-02 16:22 -------- d-------- C:\Program Files\java
2006-12-28 20:25 -------- d-------- C:\Program Files\Common Files\symantec shared
2006-12-28 17:04 -------- d-------- C:\Program Files\Common Files\blizzard entertainment
2006-12-28 16:41 -------- d-------- C:\Program Files\lavasoft
2006-12-28 16:41 -------- d-------- C:\DOCUME~1\COMPAQ~1\Application Data\lavasoft
2006-12-06 22:14 2330624 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-02 15:21 142 --a------ C:\Program Files\Common Files\rteqe.html
2006-11-07 23:06 679424 --------- C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"DiscUpdateManager"="C:\\Program Files\\DISC\\DiscUpdateMgr.exe"
"DMAScheduler"="c:\\Program Files\\Sonic\\DigitalMedia Plus\\DigitalMedia Archive\\DMAScheduler.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
@=""
"PCDrProfiler"=""
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ C:\Program Files\Common Files\rteqe.html
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{720e29cd-d9f7-11da-877f-0015f2f10a83}]
Shell\AutoRun\command J:\setupSNK.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbf1a3f9-d97e-11da-95a0-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
Completion time: 07-02-05 20:35:43
One is in c:\programfiles\disc
One is in c:\windows\prefetch
One is in c:\programfiles\disc\systemupdates
"Compaq_Administrator" - 07-02-05 20:33:44 Service Pack 2
ComboFix 07.01.31 - Running from: "C:\Spyware"
((((((((((((((((((((((((((((((( Files Created from 2007-01-05 to 2007-02-05 ))))))))))))))))))))))))))))))))))
2007-02-05 19:58 <DIR> d-------- C:\VundoFix Backups
2007-02-05 19:41 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-02-05 19:41 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-02-05 19:41 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-02-05 19:41 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-02-05 19:41 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-02-05 19:41 2,746 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-05 19:41 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-02-04 13:30 <DIR> d-------- C:\WINDOWS\WBEM
2007-02-04 13:30 <DIR> d-------- C:\WINDOWS\system32\en-US
2007-02-04 13:29 <DIR> d--h-c--- C:\WINDOWS\ie7
2007-02-04 13:28 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-02-04 13:28 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-02-04 12:02 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-02-04 12:02 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-02-04 12:02 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-02-04 12:02 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-02-04 12:01 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-02-04 11:49 34,304 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2007-02-04 11:49 14,848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2007-02-04 11:49 <DIR> d-------- C:\Program Files\AntiVir PersonalEdition Classic
2007-02-04 11:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AntiVir PersonalEdition Classic
2007-02-04 01:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-02-03 11:00 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-31 16:47 93,564 --a------ C:\WINDOWS\TTC.exe
2007-01-28 10:15 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\Application Data\Viewpoint
2007-01-15 19:02 <DIR> d-------- C:\Spyware
2007-01-12 08:01 <DIR> d-------- C:\Program Files\Viewpoint
2007-01-12 08:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Viewpoint
2007-01-12 08:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL OCP
2007-01-12 08:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL
2007-01-12 07:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL Downloads
2007-01-09 17:00 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\Application Data\System Restore
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-05 20:34 -------- d-------- C:\Program Files\disc
2007-02-05 18:10 -------- d-------- C:\Program Files\google
2007-02-04 12:08 -------- d-------- C:\DOCUME~1\COMPAQ~1\Application Data\adobeum
2007-02-03 11:22 -------- d-------- C:\Program Files\quicktime
2007-02-03 11:19 -------- d-------- C:\Program Files\messenger
2007-02-03 11:17 -------- d-a------ C:\Program Files\Common Files\lightscribe
2007-02-03 10:23 12462 --a------ C:\DOCUME~1\COMPAQ~1\Application Data\wklnhst.dat
2007-02-03 10:18 379 --a------ C:\Program Files\Common Files\quha
2007-01-28 22:28 -------- d-------- C:\Program Files\bodog poker
2007-01-12 08:00 -------- d-------- C:\DOCUME~1\COMPAQ~1\Application Data\mozilla
2007-01-12 07:55 -------- d---s---- C:\DOCUME~1\COMPAQ~1\Application Data\microsoft
2007-01-04 06:50 -------- d-------- C:\DOCUME~1\COMPAQ~1\Application Data\adobe
2007-01-02 16:22 -------- d-------- C:\Program Files\java
2006-12-28 20:25 -------- d-------- C:\Program Files\Common Files\symantec shared
2006-12-28 17:04 -------- d-------- C:\Program Files\Common Files\blizzard entertainment
2006-12-28 16:41 -------- d-------- C:\Program Files\lavasoft
2006-12-28 16:41 -------- d-------- C:\DOCUME~1\COMPAQ~1\Application Data\lavasoft
2006-12-06 22:14 2330624 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-02 15:21 142 --a------ C:\Program Files\Common Files\rteqe.html
2006-11-07 23:06 679424 --------- C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"DiscUpdateManager"="C:\\Program Files\\DISC\\DiscUpdateMgr.exe"
"DMAScheduler"="c:\\Program Files\\Sonic\\DigitalMedia Plus\\DigitalMedia Archive\\DMAScheduler.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
@=""
"PCDrProfiler"=""
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ C:\Program Files\Common Files\rteqe.html
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{720e29cd-d9f7-11da-877f-0015f2f10a83}]
Shell\AutoRun\command J:\setupSNK.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbf1a3f9-d97e-11da-95a0-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
Completion time: 07-02-05 20:35:43
sellout007
New member
Bah, stupid thing froze on me when it was fixing the problems. I have to redo the scan.
