Thread: Popup ads starting to show on my laptop
View Single Post
Old 07-25-2007, 08:56 PM   #8 (permalink)
Husko
Registered User
 
Join Date: Jul 2007
Posts: 86
OS: WinXP


Re: Popup ads starting to show on my laptop
I'm afraid I'm still getting popups for WinAntivirus every now and then in IE. It redirects me to a new site. Combofix also did not reset my clock back to normal. Also, every time I open a new IE window, the toolbar at the bottom disappears momentarily. I'm not sure if any of that is relevant as of now. I'm just trying to give as much information as possible.

Thank you for your continued help.

Deckard's System Scanner v20070711.54
Run by husko on 2007-07-25 at 22:52:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as husko.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:52, on 2007-07-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bradford Networks\Client Security Agent\bnpagent.exe
C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Bluetooth\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\vmyfwrkk.exe
C:\WINDOWS\system32\tvqqgjgj.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Husko\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\husko.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.aol.com/segmentation...97&service=AIM
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {36F29252-D3DE-4259-A742-9E4FF16803A5} - C:\WINDOWS\system32\awtqr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7D53A523-15A2-44F4-8F33-45AB380E8559} - C:\WINDOWS\system32\vturs.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = susqu.edu
O17 - HKLM\Software\..\Telephony: DomainName = susqu.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = susqu.edu
O20 - Winlogon Notify: awtqr - C:\WINDOWS\system32\awtqr.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Client Security Agent (BNPagent) - Bradford Networks - C:\Program Files\Bradford Networks\Client Security Agent\bnpagent.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 6059 bytes

-- Files created between 2007-06-25 and 2007-07-25 -----------------------------

2007-07-25 22:50:47 4672 --a------ C:\WINDOWS\system32\tvqqgjgj.exe
2007-07-25 22:50:46 4672 --a------ C:\WINDOWS\system32\vmyfwrkk.exe
2007-07-25 22:47:46 66112 --a------ C:\WINDOWS\system32\lsievahk.exe
2007-07-25 20:58:35 126016 --a------ C:\WINDOWS\system32\wiobkoqo.dll
2007-07-25 19:54:13 0 d-------- C:\Program Files\Trend Micro
2007-07-25 19:40:10 228960 --a------ C:\WINDOWS\system32\awtqr.dll
2007-07-25 19:26:13 0 d-------- C:\VundoFix Backups
2007-07-25 09:36:45 126016 --a------ C:\WINDOWS\system32\rhgekies.dll
2007-07-25 01:24:27 8576 --a------ C:\WINDOWS\system32\drivers\fkskekiimsws.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-25 01:15:29 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-07-25 00:40:24 0 d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
2007-07-25 00:23:27 0 d-------- C:\Program Files\Enigma Software Group
2007-07-05 20:15:58 0 d-------- C:\CloneDVDTemp
2007-07-05 20:11:33 0 d-------- C:\Documents and Settings\Husko\Application Data\SlySoft
2007-07-05 20:11:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2007-07-05 2052 0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-07-05 2037 0 d-------- C:\Program Files\CloneDVD2
2007-07-05 17:59:32 0 d-------- C:\Program Files\AnyDVD
2007-07-05 17:30:25 0 d-------- C:\Documents and Settings\Husko\Application Data\Elaborate Bytes
2007-07-05 16:51:43 0 d-------- C:\DVDburner


-- Find3M Report ---------------------------------------------------------------

2007-07-25 22:46:10 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-07-25 22:27:33 0 d-------- C:\Program Files\Java
2007-07-25 19:36:08 0 d-------- C:\Program Files\Online Services
2007-07-25 02:08:18 0 d-------- C:\Program Files\iTunes
2007-07-25 02:04:28 0 d-------- C:\Program Files\Apoint
2007-07-25 02:04:24 0 d-------- C:\Program Files\AIM
2007-07-25 01:11:38 0 d-------- C:\Program Files\Viewpoint
2007-06-27 17:31:45 0 d-------- C:\Program Files\Starcraft


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{36F29252-D3DE-4259-A742-9E4FF16803A5} C:\WINDOWS\system32\awtqr.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
{7D53A523-15A2-44F4-8F33-45AB380E8559} C:\WINDOWS\system32\vturs.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqr

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-07-25 at 22:53:13 ---------


"husko" - 2007-07-25 22:38:29 [GMT -4:00] - ComboFix 07-07-24.5 - Service Pack 2 NTFS
* Created a new restore point


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\enpigrrn.exe
C:\WINDOWS\system32\hfepdrbw.exe
C:\WINDOWS\system32\kvugygls.exe
C:\WINDOWS\system32\maghlnfo.exe
C:\WINDOWS\system32\nadaafft.exe
C:\WINDOWS\system32\sqxuewor.exe
C:\WINDOWS\system32\xlyprhcu.exe
C:\WINDOWS\system32\ralveddc.dll
C:\WINDOWS\system32\wxyccgvt.dll
C:\WINDOWS\system32\rqtwa.bak1
C:\WINDOWS\system32\rqtwa.bak2
C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\rqtwa.ini2
C:\WINDOWS\system32\rqtwa.tmp


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bcdgbyfo.exe
C:\WINDOWS\system32\bsiafggg.exe
C:\WINDOWS\system32\dhdmhbuy.exe
C:\WINDOWS\system32\eundlmmd.exe
C:\WINDOWS\system32\evjtwmmp.exe
C:\WINDOWS\system32\ggbafvuv.exe
C:\WINDOWS\system32\hrwcpyqd.exe
C:\WINDOWS\system32\jbnldiiv.exe
C:\WINDOWS\system32\jcjlfxht.exe
C:\WINDOWS\system32\klbibcsg.exe
C:\WINDOWS\system32\koapomng.exe
C:\WINDOWS\system32\lxfsumau.exe
C:\WINDOWS\system32\unhwmwhw.exe
C:\WINDOWS\system32\utirncdr.exe
C:\WINDOWS\system32\uyiyurxq.exe
C:\WINDOWS\system32\vtgdgvtw.exe


((((((((((((((((((((((((( Files Created from 2007-06-26 to 2007-07-26 )))))))))))))))))))))))))))))))


2007-07-25 20:58 126,016 --a------ C:\WINDOWS\system32\wiobkoqo.dll
2007-07-25 19:54 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-25 19:40 228,960 --a------ C:\WINDOWS\system32\awtqr.dll
2007-07-25 19:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-25 19:26 <DIR> d-------- C:\VundoFix Backups
2007-07-25 09:36 126,016 --a------ C:\WINDOWS\system32\rhgekies.dll
2007-07-25 08:52 <DIR> d-------- C:\Deckard
2007-07-25 01:24 8,576 --a------ C:\WINDOWS\system32\drivers\fkskekiimsws.sys
2007-07-25 01:15 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-07-25 00:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic Anti-Spyware
2007-07-25 00:23 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-07-24 21:28 <DIR> d-------- C:\temp\0c2
2007-07-24 21:27 <DIR> d-------- C:\temp\brr
2007-07-05 20:15 <DIR> d-------- C:\CloneDVDTemp
2007-07-05 20:11 <DIR> d-------- C:\DOCUME~1\Husko\APPLIC~1\SlySoft
2007-07-05 20:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Elaborate Bytes
2007-07-05 20:06 <DIR> d-------- C:\Program Files\CloneDVD2
2007-07-05 20:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
2007-07-05 17:59 <DIR> d-------- C:\Program Files\AnyDVD
2007-07-05 17:30 <DIR> d-------- C:\DOCUME~1\Husko\APPLIC~1\Elaborate Bytes
2007-07-05 16:58 <DIR> d-------- C:\temp\dvdbackup
2007-07-05 16:51 <DIR> d-------- C:\DVDburner


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-26 02:46:10 -------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-07-25 23:36:08 -------- d-----w C:\Program Files\Online Services
2007-07-25 06:08:18 -------- d-----w C:\Program Files\iTunes
2007-07-25 06:04:28 -------- d-----w C:\Program Files\Apoint
2007-07-25 06:04:24 -------- d-----w C:\Program Files\AIM
2007-07-25 05:11:38 -------- d-----w C:\Program Files\Viewpoint
2007-06-27 21:31:45 -------- d-----w C:\Program Files\Starcraft
2007-06-22 13:54:49 99,904 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-06-20 21:08:56 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36F29252-D3DE-4259-A742-9E4FF16803A5}]
2007-07-25 19:40 228960 --a------ C:\WINDOWS\system32\awtqr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D53A523-15A2-44F4-8F33-45AB380E8559}]
C:\WINDOWS\system32\vturs.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 17:33]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-11 13:45]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 09:04]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-05-04 18:21]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 02:21]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 16:35]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-06 01:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
Bluetooth.lnk - C:\Program Files\Bluetooth\Bluetooth Software\BTTray.exe [2005-09-19 17:02:54]
EPSON Status Monitor 3 Environment Check.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [2000-09-17 22:04:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqr]
C:\WINDOWS\system32\awtqr.dll 2007-07-25 19:40 228960 C:\WINDOWS\system32\awtqr.dll

R1 ElbyCDIO;ElbyCDIO Driver;C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
R1 SbcpHid;SbcpHid;\??\C:\WINDOWS\system32\Drivers\SbcpHid.sys
R1 sscdbhk5;sscdbhk5;C:\WINDOWS\system32\drivers\sscdbhk5.sys
R1 ssrtln;ssrtln;C:\WINDOWS\system32\drivers\ssrtln.sys
R2 BASFND;BASFND;\??\C:\WINDOWS\system32\Drivers\BASFND.sys
R2 BNPagent;Client Security Agent;"C:\Program Files\Bradford Networks\Client Security Agent\bnpagent.exe"
R2 BTSERIAL;Bluetooth Serial Driver;\??\C:\WINDOWS\system32\drivers\btserial.sys
R2 BTSLBCSP;Bluetooth Port Client Driver;\??\C:\WINDOWS\system32\drivers\btslbcsp.sys
R2 drvnddm;drvnddm;C:\WINDOWS\system32\drivers\drvnddm.sys
R2 NAVAPEL;NAVAPEL;\??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
R2 tfsnboio;tfsnboio;C:\WINDOWS\system32\dla\tfsnboio.sys
R2 tfsncofs;tfsncofs;C:\WINDOWS\system32\dla\tfsncofs.sys
R2 tfsndrct;tfsndrct;C:\WINDOWS\system32\dla\tfsndrct.sys
R2 tfsndres;tfsndres;C:\WINDOWS\system32\dla\tfsndres.sys
R2 tfsnifs;tfsnifs;C:\WINDOWS\system32\dla\tfsnifs.sys
R2 tfsnopio;tfsnopio;C:\WINDOWS\system32\dla\tfsnopio.sys
R2 tfsnpool;tfsnpool;C:\WINDOWS\system32\dla\tfsnpool.sys
R2 tfsnudf;tfsnudf;C:\WINDOWS\system32\dla\tfsnudf.sys
R2 tfsnudfa;tfsnudfa;C:\WINDOWS\system32\dla\tfsnudfa.sys
R3 AnyDVD;AnyDVD;C:\WINDOWS\system32\Drivers\AnyDVD.sys
R3 Appdrv;Appdrv;\??\C:\Program Files\Dell\NICCONFIGSVC\Appdrv.sys
R3 ElbyDelay;ElbyDelay;C:\WINDOWS\system32\Drivers\ElbyDelay.sys
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
R3 NAVAP;NAVAP;\??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys
R3 Pcouffin;Low level access layer for CD devices;C:\WINDOWS\system32\Drivers\Pcouffin.sys
S2 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe
S3 BTWDNDIS;Bluetooth LAN Access Server;C:\WINDOWS\system32\DRIVERS\btwdndis.sys
S3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
S3 TnIDriver;TnIDriver;\??\C:\DOCUME~1\Husko\LOCALS~1\Temp\tni284.tmp
S4 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys


Contents of the 'Scheduled Tasks' folder
2007-07-25 04:40:32 C:\WINDOWS\tasks\Pareto UNS.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-25 22:45:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-25 22:49:25 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-25 22:49
C:\ComboFix2.txt ... 2007-07-25 19:51

--- E O F ---
Last edited by Husko; 07-25-2007 at 09:16 PM.
Husko is offline