Tech Support Forum - View Single Post - Some pop-up problems, and DSS problem

Xolias · 08-13-2007, 06:24 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:24:14 PM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Comodo\Firewall\cpf.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4255 bytes

ComboFix 07-08-14 - "Owner" 2007-08-13 14:20:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1469 [GMT -10:00]
* Created a new restore point

((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 )))))))))))))))))))))))))))))))

2007-08-16 23:19 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-08-16 23:19 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-16 23:19 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-08-16 23:19 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-16 23:19 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-16 23:19 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-16 23:18 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-08-13 14:20 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 07:59 <DIR> d-------- C:\Program Files\Webteh
2007-08-10 07:59 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2007-08-09 00:27 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-08-09 00:27 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-08-09 00:27 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-08-09 00:27 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-08-09 00:27 <DIR> d-------- C:\Program Files\Winamp
2007-08-08 20:55 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-08-07 23:48 <DIR> d-------- C:\Program Files\uTorrent
2007-08-07 23:48 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\uTorrent
2007-08-07 12:00 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-07 09:42 <DIR> d-------- C:\Program Files\QuickTime
2007-08-07 09:42 <DIR> d-------- C:\Program Files\Apple Software Update
2007-08-07 09:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-07 09:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-06 23:06 <DIR> d-------- C:\Deckard
2007-08-06 23:03 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-08-06 23:03 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-05 22:58 <DIR> d-------- C:\Program Files\Trillian
2007-08-04 22:35 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-08-04 22:32 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-02 22:34 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Comodo
2007-08-02 22:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-08-01 22:15 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Talkback
2007-08-01 22:13 <DIR> d-------- C:\Program Files\Comodo
2007-08-01 21:12 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-01 21:12 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Thunderbird
2007-08-01 21:11 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2007-08-01 11:48 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-08-01 11:48 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-08-01 11:48 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-08-01 11:48 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-08-01 11:48 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-08-01 11:48 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-08-01 11:48 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-08-01 11:48 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-08-01 11:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-08-01 11:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-07-31 12:19 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-07-31 12:19 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-07-31 12:19 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-07-31 12:19 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-07-31 12:19 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-07-31 12:19 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-07-31 12:19 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-07-31 12:19 <DIR> d-------- C:\Program Files\Ahead
2007-07-31 12:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-07-31 12:16 <DIR> d-------- C:\Program Files\CyberLink
2007-07-31 11:46 <DIR> d-------- C:\Driver
2007-07-31 11:33 <DIR> d-------- C:\WINDOWS\system32\Defaults
2007-07-31 11:31 10,240 --a------ C:\WINDOWS\CTDCRES.DLL
2007-07-31 11:19 77,824 --------- C:\WINDOWS\system32\ctdvda32.dll
2007-07-31 10:17 3,072 --a------ C:\WINDOWS\CTXFIRES.DLL
2007-07-31 10:17 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Creative
2007-07-31 10:05 42,911 --a------ C:\WINDOWS\system32\drivers\DVCam.sys
2007-07-31 10:05 <DIR> d-------- C:\WINDOWS\catroot
2007-07-31 10:05 <DIR> d-------- C:\Program Files\Texas Instruments Inc
2007-07-31 10:01 277,200 --a------ C:\WINDOWS\system32\CTAA1.DAT
2007-07-31 10:01 12,288 --a------ C:\WINDOWS\system32\AHQCpURes.dll
2007-07-31 10:01 11,776 --a------ C:\WINDOWS\INRES.DLL
2007-07-30 16:53 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\gtopala
2007-07-30 16:15 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-07-30 16:15 <DIR> d-------- C:\Program Files\Creative
2007-07-30 13:57 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-07-27 16:22 <DIR> d-------- C:\Program Files\CCleaner
2007-07-27 15:45 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-07-27 15:45 <DIR> d-------- C:\Program Files\Alwil Software
2007-07-27 11:58 <DIR> d-------- C:\WINDOWS\system32\data
2007-07-27 11:57 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-07-27 11:56 <DIR> d-------- C:\Program Files\MSBuild
2007-07-27 11:53 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-07-27 11:53 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-07-27 11:53 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-07-27 11:52 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-07-27 11:52 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-07-27 11:52 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-07-27 11:49 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-07-27 11:48 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-07-27 11:45 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-07-27 11:45 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-07-27 11:45 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-07-26 18:42 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-07-26 18:42 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-07-26 18:41 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2007-07-26 18:41 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2007-07-26 18:41 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2007-07-26 18:41 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-07-26 18:39 <DIR> d-------- C:\Program Files\Futuremark
2007-07-26 18:37 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-07-26 18:37 <DIR> d-------- C:\WINDOWS\nview
2007-07-26 18:34 10,624 --a--c--- C:\WINDOWS\system32\dllcache\gameenum.sys
2007-07-26 18:34 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-02 10:13 2722 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
2007-08-02 10:12 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-06-29 00:43 6807328 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-06-29 00:43 6807328 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-06-29 00:43 5690624 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll
2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll
2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll
2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll
2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll
2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll
2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-06-29 00:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll
2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll
2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"CTSysVol"="C:\Program Files\Creative\Surround Mixer\CTSysVol.exe" [2002-09-11 11:04]
"CTDVDDET"="C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-08-01 22:13]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-10 23:25]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 12:22]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 12:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARAID5.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARAID5.lnk
backup=C:\WINDOWS\pss\SATARAID5.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

R0 SiRemFil;SATALink External Device Filter;C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
S3 COMMONFX.DLL;COMMONFX.DLL;C:\WINDOWS\system32\COMMONFX.DLL
S3 CT20XUT.DLL;CT20XUT.DLL;C:\WINDOWS\system32\CT20XUT.DLL
S3 CTAUDFX.DLL;CTAUDFX.DLL;C:\WINDOWS\system32\CTAUDFX.DLL
S3 CTEAPSFX.DLL;CTEAPSFX.DLL;C:\WINDOWS\system32\CTEAPSFX.DLL
S3 CTEDSPFX.DLL;CTEDSPFX.DLL;C:\WINDOWS\system32\CTEDSPFX.DLL
S3 CTEDSPIO.DLL;CTEDSPIO.DLL;C:\WINDOWS\system32\CTEDSPIO.DLL
S3 CTEDSPSY.DLL;CTEDSPSY.DLL;C:\WINDOWS\system32\CTEDSPSY.DLL
S3 CTERFXFX.DLL;CTERFXFX.DLL;C:\WINDOWS\system32\CTERFXFX.DLL
S3 CTEXFIFX.DLL;CTEXFIFX.DLL;C:\WINDOWS\system32\CTEXFIFX.DLL
S3 CTHWIUT.DLL;CTHWIUT.DLL;C:\WINDOWS\system32\CTHWIUT.DLL
S3 CTSBLFX.DLL;CTSBLFX.DLL;C:\WINDOWS\system32\CTSBLFX.DLL
S3 hap17v2k;Creative P17V HAL Driver;C:\WINDOWS\system32\drivers\hap17v2k.sys
S3 WINFLASH;WINFLASH;\??\C:\Driver\flash184\WinFlash.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adeb7e17-4533-11dc-8cc5-044b80808003}]
AutoRun\command- F:\Launch.exe

Contents of the 'Scheduled Tasks' folder
2007-08-13 18:36:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-13 14:21:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-13 14:22:32

--- E O F ---

08-13-2007, 06:24 PM	#5 (permalink)
Xolias Registered User Join Date: Apr 2005 Posts: 149 OS: WinXP My System	Re: Some pop-up problems, and DSS problem Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:24:14 PM, on 8/13/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Creative\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE C:\WINDOWS\CTHELPER.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Comodo\Firewall\cpf.exe C:\Program Files\Trillian\trillian.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\PROGRA~1\MOZILL~2\FIREFOX.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 4255 bytes ComboFix 07-08-14 - "Owner" 2007-08-13 14:20:50.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1469 [GMT -10:00] * Created a new restore point ((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 ))))))))))))))))))))))))))))))) 2007-08-16 23:19 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-08-16 23:19 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-08-16 23:19 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-08-16 23:19 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-08-16 23:19 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-08-16 23:19 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-08-16 23:18 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-08-13 14:20 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-10 07:59 <DIR> d-------- C:\Program Files\Webteh 2007-08-10 07:59 <DIR> d-------- C:\Program Files\Combined Community Codec Pack 2007-08-09 00:27 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-08-09 00:27 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-08-09 00:27 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-08-09 00:27 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-08-09 00:27 <DIR> d-------- C:\Program Files\Winamp 2007-08-08 20:55 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2007-08-07 23:48 <DIR> d-------- C:\Program Files\uTorrent 2007-08-07 23:48 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\uTorrent 2007-08-07 12:00 <DIR> d-------- C:\Program Files\Trend Micro 2007-08-07 09:42 <DIR> d-------- C:\Program Files\QuickTime 2007-08-07 09:42 <DIR> d-------- C:\Program Files\Apple Software Update 2007-08-07 09:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer 2007-08-07 09:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple 2007-08-06 23:06 <DIR> d-------- C:\Deckard 2007-08-06 23:03 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL 2007-08-06 23:03 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-08-05 22:58 <DIR> d-------- C:\Program Files\Trillian 2007-08-04 22:35 <DIR> d-------- C:\WINDOWS\system32\appmgmt 2007-08-04 22:32 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-08-02 22:34 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Comodo 2007-08-02 22:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo 2007-08-01 22:15 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Talkback 2007-08-01 22:13 <DIR> d-------- C:\Program Files\Comodo 2007-08-01 21:12 0 --a------ C:\WINDOWS\nsreg.dat 2007-08-01 21:12 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Thunderbird 2007-08-01 21:11 <DIR> d-------- C:\Program Files\Mozilla Thunderbird 2007-08-01 11:48 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys 2007-08-01 11:48 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-08-01 11:48 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2007-08-01 11:48 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-08-01 11:48 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll 2007-08-01 11:48 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2007-08-01 11:48 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2007-08-01 11:48 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2007-08-01 11:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys 2007-08-01 11:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-07-31 12:19 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2007-07-31 12:19 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2007-07-31 12:19 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2007-07-31 12:19 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-07-31 12:19 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-07-31 12:19 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2007-07-31 12:19 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-07-31 12:19 <DIR> d-------- C:\Program Files\Ahead 2007-07-31 12:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink 2007-07-31 12:16 <DIR> d-------- C:\Program Files\CyberLink 2007-07-31 11:46 <DIR> d-------- C:\Driver 2007-07-31 11:33 <DIR> d-------- C:\WINDOWS\system32\Defaults 2007-07-31 11:31 10,240 --a------ C:\WINDOWS\CTDCRES.DLL 2007-07-31 11:19 77,824 --------- C:\WINDOWS\system32\ctdvda32.dll 2007-07-31 10:17 3,072 --a------ C:\WINDOWS\CTXFIRES.DLL 2007-07-31 10:17 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Creative 2007-07-31 10:05 42,911 --a------ C:\WINDOWS\system32\drivers\DVCam.sys 2007-07-31 10:05 <DIR> d-------- C:\WINDOWS\catroot 2007-07-31 10:05 <DIR> d-------- C:\Program Files\Texas Instruments Inc 2007-07-31 10:01 277,200 --a------ C:\WINDOWS\system32\CTAA1.DAT 2007-07-31 10:01 12,288 --a------ C:\WINDOWS\system32\AHQCpURes.dll 2007-07-31 10:01 11,776 --a------ C:\WINDOWS\INRES.DLL 2007-07-30 16:53 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\gtopala 2007-07-30 16:15 41,984 --------- C:\WINDOWS\Ctregrun.exe 2007-07-30 16:15 <DIR> d-------- C:\Program Files\Creative 2007-07-30 13:57 <DIR> d-------- C:\Program Files\MSXML 6.0 2007-07-27 16:22 <DIR> d-------- C:\Program Files\CCleaner 2007-07-27 15:45 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-07-27 15:45 <DIR> d-------- C:\Program Files\Alwil Software 2007-07-27 11:58 <DIR> d-------- C:\WINDOWS\system32\data 2007-07-27 11:57 <DIR> d-------- C:\WINDOWS\network diagnostic 2007-07-27 11:56 <DIR> d-------- C:\Program Files\MSBuild 2007-07-27 11:53 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-07-27 11:53 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2007-07-27 11:53 <DIR> d-------- C:\Program Files\Reference Assemblies 2007-07-27 11:52 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-07-27 11:52 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-07-27 11:52 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2007-07-27 11:49 <DIR> d-------- C:\WINDOWS\RegisteredPackages 2007-07-27 11:48 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2007-07-27 11:45 36,352 --------- C:\WINDOWS\system32\tsgqec.dll 2007-07-27 11:45 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll 2007-07-27 11:45 116,736 --------- C:\WINDOWS\system32\aaclient.dll 2007-07-26 18:42 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2007-07-26 18:42 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll 2007-07-26 18:41 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys 2007-07-26 18:41 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys 2007-07-26 18:41 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys 2007-07-26 18:41 <DIR> d-------- C:\WINDOWS\system32\Futuremark 2007-07-26 18:39 <DIR> d-------- C:\Program Files\Futuremark 2007-07-26 18:37 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-07-26 18:37 <DIR> d-------- C:\WINDOWS\nview 2007-07-26 18:34 10,624 --a--c--- C:\WINDOWS\system32\dllcache\gameenum.sys 2007-07-26 18:34 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-02 10:13 2722 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin 2007-08-02 10:12 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin 2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll 2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll 2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll 2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe 2007-06-29 00:43 6807328 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys 2007-06-29 00:43 6807328 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll 2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll 2007-06-29 00:43 5690624 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll 2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll 2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll 2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll 2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll 2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe 2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll 2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll 2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll 2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll 2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll 2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll 2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll 2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll 2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll 2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll 2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll 2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll 2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll 2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll 2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll 2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe 2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe 2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll 2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe 2007-06-29 00:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll 2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll 2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll 2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43] "nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "CTSysVol"="C:\Program Files\Creative\Surround Mixer\CTSysVol.exe" [2002-09-11 11:04] "CTDVDDET"="C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00] "CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 C:\WINDOWS\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-08-01 22:13] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-10 23:25] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 12:22] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 12:03] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARAID5.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARAID5.lnk backup=C:\WINDOWS\pss\SATARAID5.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" R0 SiRemFil;SATALink External Device Filter;C:\WINDOWS\system32\DRIVERS\SiRemFil.sys S3 COMMONFX.DLL;COMMONFX.DLL;C:\WINDOWS\system32\COMMONFX.DLL S3 CT20XUT.DLL;CT20XUT.DLL;C:\WINDOWS\system32\CT20XUT.DLL S3 CTAUDFX.DLL;CTAUDFX.DLL;C:\WINDOWS\system32\CTAUDFX.DLL S3 CTEAPSFX.DLL;CTEAPSFX.DLL;C:\WINDOWS\system32\CTEAPSFX.DLL S3 CTEDSPFX.DLL;CTEDSPFX.DLL;C:\WINDOWS\system32\CTEDSPFX.DLL S3 CTEDSPIO.DLL;CTEDSPIO.DLL;C:\WINDOWS\system32\CTEDSPIO.DLL S3 CTEDSPSY.DLL;CTEDSPSY.DLL;C:\WINDOWS\system32\CTEDSPSY.DLL S3 CTERFXFX.DLL;CTERFXFX.DLL;C:\WINDOWS\system32\CTERFXFX.DLL S3 CTEXFIFX.DLL;CTEXFIFX.DLL;C:\WINDOWS\system32\CTEXFIFX.DLL S3 CTHWIUT.DLL;CTHWIUT.DLL;C:\WINDOWS\system32\CTHWIUT.DLL S3 CTSBLFX.DLL;CTSBLFX.DLL;C:\WINDOWS\system32\CTSBLFX.DLL S3 hap17v2k;Creative P17V HAL Driver;C:\WINDOWS\system32\drivers\hap17v2k.sys S3 WINFLASH;WINFLASH;\??\C:\Driver\flash184\WinFlash.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adeb7e17-4533-11dc-8cc5-044b80808003}] AutoRun\command- F:\Launch.exe Contents of the 'Scheduled Tasks' folder 2007-08-13 18:36:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-13 14:21:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-08-13 14:22:32 --- E O F ---