Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Winmedia Regkey


  • Please log in to reply

#1
DragonKnight

DragonKnight

    New Member

  • Member
  • Pip
  • 2 posts
I have this key that keys comeing back in Regestry: O4 - HKCU\..\Run: [WinMedia] C:\361101032253072.exe

The key keeps coming back, have tried Spybot, ewido, symantic antivirus, trend micro, etc.. But either they dont see it, or they see it and it keeps comeing back.

THe file it refers to has been deleted and it does not seem to recreate the file as well ast the number stays the same in the registry. I thought i got rid of it once when i disconneted router to the internet, but after reconnecting the key came back.. its in both Run locations in regestry.. (Router other comp ip is blocked between comps)


Logfile of HijackThis v1.99.1
Scan saved at 9:37:50 AM, on 9/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
D:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\PROGRA~1\Aston\aston.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Ideazon\ZEngine\Zboard.exe
D:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDET.EXE
D:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
D:\Program Files\Unlocker\UnlockerAssistant.exe
D:\Program Files\ewido anti-spyware 4.0\ewido.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\Program Files\Spyware Doctor\swdoctor.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
D:\WINDOWS\SYSTEM32\CTXFISPI.EXE
D:\WINDOWS\system32\services.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\WINDOWS\system32\oodag.exe
D:\Program Files\Spyware Doctor\sdhelp.exe
D:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
D:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
D:\WINDOWS\system32\MsPMSPSv.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
E:\unzipped\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dark-riseing.com/Enter2.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - D:\PROGRA~1\POPUPP~1\PopLib.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [LClock] D:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Zboard] D:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [CTDVDDET] "D:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [AudioDrvEmulator] "D:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "D:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] "D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [WinMedia] C:\361101032253072.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Shortcut to TeaTimer.lnk = D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - D:\Program Files\PopupPopper\SiteList.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: NavLogon - D:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WB - D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - D:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - D:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - D:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
  • 0

Advertisements


#2
DragonKnight

DragonKnight

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Ok secondary question.. Am wondering if possible that since the reg key just keeps redoing a key for no real .exe file that the trojan/virus whatever it is, is dead and just that simple command set remain hidden somewhere, Scans say im pretty well clean.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP