Tech Support Forum - View Single Post - Possible virus -- changed windows background (not desktop background)

freefal1215 · 08-15-2007, 03:07 AM

Hi Reid,
Panda ActiveScan found no virus on my PC, strangely enough.. The unwanted window background is still there however..

Here's my ComboFix.txt:
ComboFix 07-08-13.3 - "Admin" 2007-08-14 21:18:50.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.658 [GMT 7:00]
Command switches used :: C:\Documents and Settings\Admin\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\bTbVnD0J.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\bTbVnD0J.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 )))))))))))))))))))))))))))))))

2007-08-13 11:15 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-13 10:59 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-13 10:47 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 18:00 <DIR> d-------- C:\Program Files\iTunes
2007-08-10 18:00 <DIR> d-------- C:\Program Files\iPod
2007-08-10 17:59 <DIR> d-------- C:\Program Files\QuickTime
2007-08-09 11:25 <DIR> d-------- C:\Program Files\CCleaner
2007-08-09 10:54 <DIR> d-------- C:\Deckard
2007-08-09 10:17 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-09 09:59 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Datalayer
2007-08-09 09:58 <DIR> d-------- C:\DOCUME~1\Admin\Phone Browser
2007-08-09 09:56 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Nokia
2007-08-09 09:55 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\PC Suite
2007-08-09 09:54 <DIR> d-------- C:\Program Files\Nokia
2007-08-09 09:54 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-08-09 09:54 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-08-09 09:42 <DIR> d-------- C:\Program Files\Apple Software Update
2007-08-08 13:31 <DIR> d-------- C:\Program Files\LimeWire
2007-08-08 12:32 <DIR> d-------- C:\DOCUME~1\Admin\Incomplete
2007-08-08 12:31 <DIR> d-------- C:\DOCUME~1\Admin\.limewire
2007-08-07 13:57 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-07 13:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-07 13:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-03 12:45 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-08-03 12:45 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-03 12:45 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-08-03 12:45 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-08-03 12:45 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-03 12:45 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-03 12:45 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-03 12:45 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-08-03 12:45 <DIR> d-------- C:\Program Files\Alwil Software
2007-08-02 16:24 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\PC Tools
2007-08-02 15:00 299,520 --a------ C:\WINDOWS\uninst.exe
2007-08-02 15:00 <DIR> d-------- C:\Program Files\ToniArts
2007-08-02 15:00 <DIR> d-------- C:\DOCUME~1\Admin\WINDOWS
2007-08-02 14:42 <DIR> d-------- C:\Program Files\ElcomSoft
2007-08-02 08:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
2007-08-01 19:29 <DIR> d-------- C:\DOCUME~1\Admin\Saved Games
2007-08-01 16:36 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\AdobeUM
2007-08-01 14:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\iWin
2007-08-01 14:01 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\iWin
2007-08-01 13:15 <DIR> d-------- C:\Program Files\PMStitch20
2007-08-01 13:07 86,016 --a------ C:\WINDOWS\system32\xl_x263dec.dll
2007-08-01 13:07 61,440 --a------ C:\WINDOWS\system32\camiodll.dll
2007-08-01 13:07 49,152 --a------ C:\WINDOWS\system32\CamCapEx.dll
2007-08-01 13:07 40,960 --a------ C:\WINDOWS\system32\PicEng.dll
2007-08-01 13:07 <DIR> d-------- C:\Program Files\Veo Digital Studio
2007-08-01 13:07 <DIR> d-------- C:\Program Files\Veo Connect
2007-08-01 13:02 899,884 -ra------ C:\WINDOWS\system32\drivers\ucdnt.sys
2007-08-01 13:02 86,016 --a------ C:\WINDOWS\system32\ucdintf.dll
2007-08-01 13:02 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-08-01 13:02 85,376 --a------ C:\WINDOWS\system32\dllcache\nabtsfec.sys
2007-08-01 13:02 57,344 --a------ C:\WINDOWS\system32\xl_yv12.dll
2007-08-01 13:02 57,344 --a------ C:\WINDOWS\system32\xl_yuy2.dll
2007-08-01 13:02 57,344 --a------ C:\WINDOWS\system32\xl_uyvy.dll
2007-08-01 13:02 57,344 --a------ C:\WINDOWS\system32\Xl_I420.dll
2007-08-01 13:02 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-08-01 13:02 53,760 --a------ C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-08-01 13:02 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-08-01 13:02 5,504 --a------ C:\WINDOWS\system32\dllcache\mstee.sys
2007-08-01 13:02 286,720 --a------ C:\WINDOWS\system32\CamFC.dll
2007-08-01 13:02 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-08-01 13:02 19,328 --a------ C:\WINDOWS\system32\dllcache\wstcodec.sys
2007-08-01 13:02 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-08-01 13:02 17,024 --a------ C:\WINDOWS\system32\dllcache\ccdecode.sys
2007-08-01 13:02 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-08-01 13:02 15,360 --a------ C:\WINDOWS\system32\dllcache\streamip.sys
2007-08-01 13:02 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-08-01 13:02 11,136 --a------ C:\WINDOWS\system32\dllcache\slip.sys
2007-08-01 13:02 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-08-01 13:02 10,880 --a------ C:\WINDOWS\system32\dllcache\ndisip.sys
2007-08-01 11:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9
2007-08-01 11:26 <DIR> d-------- C:\Program Files\GameHouse
2007-08-01 11:26 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\GameHouse
2007-08-01 11:11 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2007-08-01 11:10 <DIR> d-------- C:\Program Files\MSECACHE
2007-07-31 20:11 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Help
2007-07-30 10:55 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Genie-Soft
2007-07-30 10:54 <DIR> d-------- C:\Program Files\Genie-Soft
2007-07-30 09:36 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\IsolatedStorage
2007-07-28 17:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Escape From Paradise
2007-07-28 17:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-07-28 16:15 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-07-27 23:07 <DIR> d-------- C:\Program Files\VirtualVillagers_at
2007-07-27 18:52 <DIR> d-------- C:\Program Files\PizzaFrenzy_at
2007-07-27 13:35 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-07-27 12:17 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Gaijin Ent
2007-07-27 10:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
2007-07-27 10:07 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\PlayFirst
2007-07-27 10:01 <DIR> d---s---- C:\DOCUME~1\Admin\UserData
2007-07-26 19:17 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-07-26 19:17 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Sandlot Games
2007-07-26 15:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games
2007-07-26 14:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
2007-07-26 13:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-07-26 13:49 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Yahoo!
2007-07-26 13:49 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Google
2007-07-26 13:47 <DIR> d-------- C:\Program Files\MostFun
2007-07-26 13:45 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Apple Computer

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-31 10:41 64 --a------ C:\Program Files\maxscrpt.dsk
2007-07-31 10:41 2644 --a------ C:\Program Files\3dsmax.ini
2007-07-31 10:41 0 --a------ C:\Program Files\RtDxStdMtl2.log
2007-07-23 13:21 2722 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
2007-07-23 13:20 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
2007-07-18 14:45 114 --a------ C:\Program Files\plugin.ini
2004-10-05 16:12 138430 -ra------ C:\Program Files\Readme.rtf
2004-10-04 18:23 7168 --a------ C:\Program Files\viewfile.dll
2004-10-04 18:23 36864 --a------ C:\Program Files\zlibdll.dll
2004-10-04 18:23 271872 --a------ C:\Program Files\viz.dll
2004-10-04 18:23 17408 --a------ C:\Program Files\UIControls.dll
2004-10-04 18:23 151552 --a------ C:\Program Files\unzip32.dll
2004-10-04 18:23 131072 --a------ C:\Program Files\zip32.dll
2004-10-04 18:23 10752 --a------ C:\Program Files\undomgr.dll
2004-10-04 18:23 10240 --a------ C:\Program Files\UndoBody.dll
2004-10-04 18:22 97792 --a------ C:\Program Files\maxnet.dll
2004-10-04 18:22 974848 --a------ C:\Program Files\mfc70.dll
2004-10-04 18:22 97280 --a------ C:\Program Files\res2.dll
2004-10-04 18:22 97280 --a------ C:\Program Files\lsrd.dll
2004-10-04 18:22 97280 --a------ C:\Program Files\libDLcomponentManager.dll
2004-10-04 18:22 9728 --a------ C:\Program Files\helpsys.dll
2004-10-04 18:22 96256 --a------ C:\Program Files\Poly.dll
2004-10-04 18:22 92160 --a------ C:\Program Files\lpwrt.dll
2004-10-04 18:22 92160 --a------ C:\Program Files\CustDlg.dll
2004-10-04 18:22 89088 --a------ C:\Program Files\oglgfx.drv
2004-10-04 18:22 8704 --a------ C:\Program Files\resmgr.dll
2004-10-04 18:22 85504 --a------ C:\Program Files\hrigfx.drv
2004-10-04 18:22 84992 --a------ C:\Program Files\Atl70.dll
2004-10-04 18:22 843776 --a------ C:\Program Files\libpdx.dll
2004-10-04 18:22 83968 --a------ C:\Program Files\ParticleFlow.dll
2004-10-04 18:22 837632 --a------ C:\Program Files\d3dgfx.drv
2004-10-04 18:22 78968 --a------ C:\Program Files\iejfifrd80.dll
2004-10-04 18:22 78968 --a------ C:\Program Files\adlmres.dll
2004-10-04 18:22 770048 --a------ C:\Program Files\libDLbase.dll
2004-10-04 18:22 7680 --a------ C:\Program Files\rct_registry.dll
2004-10-04 18:22 74240 --a------ C:\Program Files\imageViewers.dll
2004-10-04 18:22 73216 --a------ C:\Program Files\res1.dll
2004-10-04 18:22 71680 --a------ C:\Program Files\MenuMan.dll
2004-10-04 18:22 7168 --a------ C:\Program Files\res10.dll
2004-10-04 18:22 69632 --a------ C:\Program Files\CdaLCDlg.dll
2004-10-04 18:22 68608 --a------ C:\Program Files\ManipSys.dll
2004-10-04 18:22 681472 --a------ C:\Program Files\mesh.dll
2004-10-04 18:22 66680 --a------ C:\Program Files\iepngrd80.dll
2004-10-04 18:22 65024 --a------ C:\Program Files\libDLltutility.dll
2004-10-04 18:22 649728 --a------ C:\Program Files\MNMath.dll
2004-10-04 18:22 63488 --a------ C:\Program Files\menus.dll
2004-10-04 18:22 62464 --a------ C:\Program Files\rtmax.dll
2004-10-04 18:22 6144 --a------ C:\Program Files\tessint.dll
2004-10-04 18:22 6144 --a------ C:\Program Files\res8.dll
2004-10-04 18:22 6144 --a------ C:\Program Files\libDLltutilityRes.dll
2004-10-04 18:22 610 --a------ C:\Program Files\hotkeyMap.html
2004-10-04 18:22 59904 --a------ C:\Program Files\max.task
2004-10-04 18:22 57344 --a------ C:\Program Files\libDLltgeometry.dll
2004-10-04 18:22 55808 --a------ C:\Program Files\MAXComponents.dll
2004-10-04 18:22 557568 --a------ C:\Program Files\splash.dll
2004-10-04 18:22 54904 --a------ C:\Program Files\iejfifwr80.dll
2004-10-04 18:22 54784 --a------ C:\Program Files\msvci70.dll
2004-10-04 18:22 54392 --a------ C:\Program Files\iepngwr80.dll
2004-10-04 18:22 534016 --a------ C:\Program Files\d3d81gfx.drv
2004-10-04 18:22 5264896 --a------ C:\Program Files\core.dll
2004-10-04 18:22 5129728 --a------ C:\Program Files\3dsmax.exe
2004-10-04 18:22 5104640 --a------ C:\Program Files\Maxscrpt.dll
2004-10-04 18:22 499712 --a------ C:\Program Files\msvcp71.dll
2004-10-04 18:22 495376 --a------ C:\Program Files\msxml.dll
2004-10-04 18:22 487424 --a------ C:\Program Files\msvcp70.dll
2004-10-04 18:22 486400 --a------ C:\Program Files\dbghelp.dll
2004-10-04 18:22 4853760 --a------ C:\Program Files\libiges.dll
2004-10-04 18:22 46080 --a------ C:\Program Files\geomimp.dll
2004-10-04 18:22 4608 --a------ C:\Program Files\libDLltgeometryRes.dll
2004-10-04 18:22 4590 --a------ C:\Program Files\max.tres
2004-10-04 18:22 45568 --a------ C:\Program Files\ParamRollup.dll
2004-10-04 18:22 454656 --a------ C:\Program Files\libDLprimitives.dll
2004-10-04 18:22 44032 --a------ C:\Program Files\res5.dll
2004-10-04 18:22 4096 --a------ C:\Program Files\minidumpVer.dll
2004-10-04 18:22 4096 --a------ C:\Program Files\MaxIges.msx
2004-10-04 18:22 398456 --a------ C:\Program Files\ie80.dll
2004-10-04 18:22 36352 --a------ C:\Program Files\expr.dll
2004-10-04 18:22 3604480 --a------ C:\Program Files\Ashli.dll
2004-10-04 18:22 3592192 --a------ C:\Program Files\libray.dll
2004-10-04 18:22 35840 --a------ C:\Program Files\res6.dll
2004-10-04 18:22 35448 --a------ C:\Program Files\ieproxy16.dll
2004-10-04 18:22 35328 --a------ C:\Program Files\res4.dll
2004-10-04 18:22 35328 --a------ C:\Program Files\maxutil.dll
2004-10-04 18:22 352256 --a------ C:\Program Files\liblint.dll
2004-10-04 18:22 349392 --a------ C:\Program Files\addflow4.ocx
2004-10-04 18:22 348160 --a------ C:\Program Files\msvcr71.dll
2004-10-04 18:22 344064 --a------ C:\Program Files\msvcr70.dll
2004-10-04 18:22 33280 --a------ C:\Program Files\acap.dll
2004-10-04 18:22 32819 --a------ C:\Program Files\mtl7.dll
2004-10-04 18:22 32447 --a------ C:\Program Files\AdlmLog.xml
2004-10-04 18:22 30840 --a------ C:\Program Files\ietiffrd80.dll
2004-10-04 18:22 30328 --a------ C:\Program Files\ietiffwr80.dll
2004-10-04 18:22 30208 --a------ C:\Program Files\particle.dll
2004-10-04 18:22 300544 --a------ C:\Program Files\Amodeler.dll
2004-10-04 18:22 2896896 --a------ C:\Program Files\gmi.dll
2004-10-04 18:22 28727 --a------ C:\Program Files\texture7.dll
2004-10-04 18:22 281208 --a------ C:\Program Files\Ereg.dll
2004-10-04 18:22 281088 --a------ C:\Program Files\AdskScInst.dll
2004-10-04 18:22 27648 --a------ C:\Program Files\gfx.dll
2004-10-04 18:22 26624 --a------ C:\Program Files\gcomm2.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-05 12:59 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 05:03]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2005-12-13 08:49]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-01-07 00:00]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-11-30 16:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2005-01-07 07:00]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

R3 EL2000;3Com 3C2000x EtherLink XL Adapter;C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys
S3 XIRLINK;Veo PC Camera;C:\WINDOWS\system32\DRIVERS\ucdnt.sys

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-14 21:20:25
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-14 21:20:54
C:\ComboFix-quarantined-files.txt ... 2007-08-14 21:20
C:\ComboFix2.txt ... 2007-08-13 10:52

New HijackThis report:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4

22 PM, on 8/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 5653 bytes

Thanks,
Gita

08-15-2007, 03:07 AM	#7 (permalink)
freefal1215 Registered User Join Date: Aug 2007 Posts: 8 OS: Win XP	Re: Possible virus -- changed windows background (not desktop background) Hi Reid, Panda ActiveScan found no virus on my PC, strangely enough.. The unwanted window background is still there however.. Here's my ComboFix.txt: ComboFix 07-08-13.3 - "Admin" 2007-08-14 21:18:50.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.658 [GMT 7:00] Command switches used :: C:\Documents and Settings\Admin\Desktop\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\system32\bTbVnD0J.exe C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\bTbVnD0J.exe C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job ((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 ))))))))))))))))))))))))))))))) 2007-08-13 11:15 <DIR> d-------- C:\Program Files\Trend Micro 2007-08-13 10:59 <DIR> d-------- C:\WINDOWS\ERUNT 2007-08-13 10:47 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-10 18:00 <DIR> d-------- C:\Program Files\iTunes 2007-08-10 18:00 <DIR> d-------- C:\Program Files\iPod 2007-08-10 17:59 <DIR> d-------- C:\Program Files\QuickTime 2007-08-09 11:25 <DIR> d-------- C:\Program Files\CCleaner 2007-08-09 10:54 <DIR> d-------- C:\Deckard 2007-08-09 10:17 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-08-09 09:59 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Datalayer 2007-08-09 09:58 <DIR> d-------- C:\DOCUME~1\Admin\Phone Browser 2007-08-09 09:56 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Nokia 2007-08-09 09:55 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\PC Suite 2007-08-09 09:54 <DIR> d-------- C:\Program Files\Nokia 2007-08-09 09:54 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2007-08-09 09:54 <DIR> d-------- C:\Program Files\Common Files\Nokia 2007-08-09 09:42 <DIR> d-------- C:\Program Files\Apple Software Update 2007-08-08 13:31 <DIR> d-------- C:\Program Files\LimeWire 2007-08-08 12:32 <DIR> d-------- C:\DOCUME~1\Admin\Incomplete 2007-08-08 12:31 <DIR> d-------- C:\DOCUME~1\Admin\.limewire 2007-08-07 13:57 <DIR> d-------- C:\Program Files\Lavasoft 2007-08-07 13:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-08-07 13:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-03 12:45 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-08-03 12:45 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-08-03 12:45 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-08-03 12:45 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-08-03 12:45 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-08-03 12:45 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-08-03 12:45 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-08-03 12:45 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-08-03 12:45 <DIR> d-------- C:\Program Files\Alwil Software 2007-08-02 16:24 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\PC Tools 2007-08-02 15:00 299,520 --a------ C:\WINDOWS\uninst.exe 2007-08-02 15:00 <DIR> d-------- C:\Program Files\ToniArts 2007-08-02 15:00 <DIR> d-------- C:\DOCUME~1\Admin\WINDOWS 2007-08-02 14:42 <DIR> d-------- C:\Program Files\ElcomSoft 2007-08-02 08:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear 2007-08-01 19:29 <DIR> d-------- C:\DOCUME~1\Admin\Saved Games 2007-08-01 16:36 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\AdobeUM 2007-08-01 14:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\iWin 2007-08-01 14:01 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\iWin 2007-08-01 13:15 <DIR> d-------- C:\Program Files\PMStitch20 2007-08-01 13:07 86,016 --a------ C:\WINDOWS\system32\xl_x263dec.dll 2007-08-01 13:07 61,440 --a------ C:\WINDOWS\system32\camiodll.dll 2007-08-01 13:07 49,152 --a------ C:\WINDOWS\system32\CamCapEx.dll 2007-08-01 13:07 40,960 --a------ C:\WINDOWS\system32\PicEng.dll 2007-08-01 13:07 <DIR> d-------- C:\Program Files\Veo Digital Studio 2007-08-01 13:07 <DIR> d-------- C:\Program Files\Veo Connect 2007-08-01 13:02 899,884 -ra------ C:\WINDOWS\system32\drivers\ucdnt.sys 2007-08-01 13:02 86,016 --a------ C:\WINDOWS\system32\ucdintf.dll 2007-08-01 13:02 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys 2007-08-01 13:02 85,376 --a------ C:\WINDOWS\system32\dllcache\nabtsfec.sys 2007-08-01 13:02 57,344 --a------ C:\WINDOWS\system32\xl_yv12.dll 2007-08-01 13:02 57,344 --a------ C:\WINDOWS\system32\xl_yuy2.dll 2007-08-01 13:02 57,344 --a------ C:\WINDOWS\system32\xl_uyvy.dll 2007-08-01 13:02 57,344 --a------ C:\WINDOWS\system32\Xl_I420.dll 2007-08-01 13:02 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2007-08-01 13:02 53,760 --a------ C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2007-08-01 13:02 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2007-08-01 13:02 5,504 --a------ C:\WINDOWS\system32\dllcache\mstee.sys 2007-08-01 13:02 286,720 --a------ C:\WINDOWS\system32\CamFC.dll 2007-08-01 13:02 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2007-08-01 13:02 19,328 --a------ C:\WINDOWS\system32\dllcache\wstcodec.sys 2007-08-01 13:02 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys 2007-08-01 13:02 17,024 --a------ C:\WINDOWS\system32\dllcache\ccdecode.sys 2007-08-01 13:02 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys 2007-08-01 13:02 15,360 --a------ C:\WINDOWS\system32\dllcache\streamip.sys 2007-08-01 13:02 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys 2007-08-01 13:02 11,136 --a------ C:\WINDOWS\system32\dllcache\slip.sys 2007-08-01 13:02 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys 2007-08-01 13:02 10,880 --a------ C:\WINDOWS\system32\dllcache\ndisip.sys 2007-08-01 11:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9 2007-08-01 11:26 <DIR> d-------- C:\Program Files\GameHouse 2007-08-01 11:26 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\GameHouse 2007-08-01 11:11 <DIR> d-------- C:\Program Files\Windows Installer Clean Up 2007-08-01 11:10 <DIR> d-------- C:\Program Files\MSECACHE 2007-07-31 20:11 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Help 2007-07-30 10:55 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Genie-Soft 2007-07-30 10:54 <DIR> d-------- C:\Program Files\Genie-Soft 2007-07-30 09:36 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\IsolatedStorage 2007-07-28 17:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Escape From Paradise 2007-07-28 17:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia 2007-07-28 16:15 <DIR> d-------- C:\WINDOWS\system32\appmgmt 2007-07-27 23:07 <DIR> d-------- C:\Program Files\VirtualVillagers_at 2007-07-27 18:52 <DIR> d-------- C:\Program Files\PizzaFrenzy_at 2007-07-27 13:35 4,096 --a------ C:\WINDOWS\d3dx.dat 2007-07-27 12:17 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Gaijin Ent 2007-07-27 10:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst 2007-07-27 10:07 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\PlayFirst 2007-07-27 10:01 <DIR> d---s---- C:\DOCUME~1\Admin\UserData 2007-07-26 19:17 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-07-26 19:17 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Sandlot Games 2007-07-26 15:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games 2007-07-26 14:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games 2007-07-26 13:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion 2007-07-26 13:49 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Yahoo! 2007-07-26 13:49 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Google 2007-07-26 13:47 <DIR> d-------- C:\Program Files\MostFun 2007-07-26 13:45 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Apple Computer (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-31 10:41 64 --a------ C:\Program Files\maxscrpt.dsk 2007-07-31 10:41 2644 --a------ C:\Program Files\3dsmax.ini 2007-07-31 10:41 0 --a------ C:\Program Files\RtDxStdMtl2.log 2007-07-23 13:21 2722 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin 2007-07-23 13:20 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin 2007-07-18 14:45 114 --a------ C:\Program Files\plugin.ini 2004-10-05 16:12 138430 -ra------ C:\Program Files\Readme.rtf 2004-10-04 18:23 7168 --a------ C:\Program Files\viewfile.dll 2004-10-04 18:23 36864 --a------ C:\Program Files\zlibdll.dll 2004-10-04 18:23 271872 --a------ C:\Program Files\viz.dll 2004-10-04 18:23 17408 --a------ C:\Program Files\UIControls.dll 2004-10-04 18:23 151552 --a------ C:\Program Files\unzip32.dll 2004-10-04 18:23 131072 --a------ C:\Program Files\zip32.dll 2004-10-04 18:23 10752 --a------ C:\Program Files\undomgr.dll 2004-10-04 18:23 10240 --a------ C:\Program Files\UndoBody.dll 2004-10-04 18:22 97792 --a------ C:\Program Files\maxnet.dll 2004-10-04 18:22 974848 --a------ C:\Program Files\mfc70.dll 2004-10-04 18:22 97280 --a------ C:\Program Files\res2.dll 2004-10-04 18:22 97280 --a------ C:\Program Files\lsrd.dll 2004-10-04 18:22 97280 --a------ C:\Program Files\libDLcomponentManager.dll 2004-10-04 18:22 9728 --a------ C:\Program Files\helpsys.dll 2004-10-04 18:22 96256 --a------ C:\Program Files\Poly.dll 2004-10-04 18:22 92160 --a------ C:\Program Files\lpwrt.dll 2004-10-04 18:22 92160 --a------ C:\Program Files\CustDlg.dll 2004-10-04 18:22 89088 --a------ C:\Program Files\oglgfx.drv 2004-10-04 18:22 8704 --a------ C:\Program Files\resmgr.dll 2004-10-04 18:22 85504 --a------ C:\Program Files\hrigfx.drv 2004-10-04 18:22 84992 --a------ C:\Program Files\Atl70.dll 2004-10-04 18:22 843776 --a------ C:\Program Files\libpdx.dll 2004-10-04 18:22 83968 --a------ C:\Program Files\ParticleFlow.dll 2004-10-04 18:22 837632 --a------ C:\Program Files\d3dgfx.drv 2004-10-04 18:22 78968 --a------ C:\Program Files\iejfifrd80.dll 2004-10-04 18:22 78968 --a------ C:\Program Files\adlmres.dll 2004-10-04 18:22 770048 --a------ C:\Program Files\libDLbase.dll 2004-10-04 18:22 7680 --a------ C:\Program Files\rct_registry.dll 2004-10-04 18:22 74240 --a------ C:\Program Files\imageViewers.dll 2004-10-04 18:22 73216 --a------ C:\Program Files\res1.dll 2004-10-04 18:22 71680 --a------ C:\Program Files\MenuMan.dll 2004-10-04 18:22 7168 --a------ C:\Program Files\res10.dll 2004-10-04 18:22 69632 --a------ C:\Program Files\CdaLCDlg.dll 2004-10-04 18:22 68608 --a------ C:\Program Files\ManipSys.dll 2004-10-04 18:22 681472 --a------ C:\Program Files\mesh.dll 2004-10-04 18:22 66680 --a------ C:\Program Files\iepngrd80.dll 2004-10-04 18:22 65024 --a------ C:\Program Files\libDLltutility.dll 2004-10-04 18:22 649728 --a------ C:\Program Files\MNMath.dll 2004-10-04 18:22 63488 --a------ C:\Program Files\menus.dll 2004-10-04 18:22 62464 --a------ C:\Program Files\rtmax.dll 2004-10-04 18:22 6144 --a------ C:\Program Files\tessint.dll 2004-10-04 18:22 6144 --a------ C:\Program Files\res8.dll 2004-10-04 18:22 6144 --a------ C:\Program Files\libDLltutilityRes.dll 2004-10-04 18:22 610 --a------ C:\Program Files\hotkeyMap.html 2004-10-04 18:22 59904 --a------ C:\Program Files\max.task 2004-10-04 18:22 57344 --a------ C:\Program Files\libDLltgeometry.dll 2004-10-04 18:22 55808 --a------ C:\Program Files\MAXComponents.dll 2004-10-04 18:22 557568 --a------ C:\Program Files\splash.dll 2004-10-04 18:22 54904 --a------ C:\Program Files\iejfifwr80.dll 2004-10-04 18:22 54784 --a------ C:\Program Files\msvci70.dll 2004-10-04 18:22 54392 --a------ C:\Program Files\iepngwr80.dll 2004-10-04 18:22 534016 --a------ C:\Program Files\d3d81gfx.drv 2004-10-04 18:22 5264896 --a------ C:\Program Files\core.dll 2004-10-04 18:22 5129728 --a------ C:\Program Files\3dsmax.exe 2004-10-04 18:22 5104640 --a------ C:\Program Files\Maxscrpt.dll 2004-10-04 18:22 499712 --a------ C:\Program Files\msvcp71.dll 2004-10-04 18:22 495376 --a------ C:\Program Files\msxml.dll 2004-10-04 18:22 487424 --a------ C:\Program Files\msvcp70.dll 2004-10-04 18:22 486400 --a------ C:\Program Files\dbghelp.dll 2004-10-04 18:22 4853760 --a------ C:\Program Files\libiges.dll 2004-10-04 18:22 46080 --a------ C:\Program Files\geomimp.dll 2004-10-04 18:22 4608 --a------ C:\Program Files\libDLltgeometryRes.dll 2004-10-04 18:22 4590 --a------ C:\Program Files\max.tres 2004-10-04 18:22 45568 --a------ C:\Program Files\ParamRollup.dll 2004-10-04 18:22 454656 --a------ C:\Program Files\libDLprimitives.dll 2004-10-04 18:22 44032 --a------ C:\Program Files\res5.dll 2004-10-04 18:22 4096 --a------ C:\Program Files\minidumpVer.dll 2004-10-04 18:22 4096 --a------ C:\Program Files\MaxIges.msx 2004-10-04 18:22 398456 --a------ C:\Program Files\ie80.dll 2004-10-04 18:22 36352 --a------ C:\Program Files\expr.dll 2004-10-04 18:22 3604480 --a------ C:\Program Files\Ashli.dll 2004-10-04 18:22 3592192 --a------ C:\Program Files\libray.dll 2004-10-04 18:22 35840 --a------ C:\Program Files\res6.dll 2004-10-04 18:22 35448 --a------ C:\Program Files\ieproxy16.dll 2004-10-04 18:22 35328 --a------ C:\Program Files\res4.dll 2004-10-04 18:22 35328 --a------ C:\Program Files\maxutil.dll 2004-10-04 18:22 352256 --a------ C:\Program Files\liblint.dll 2004-10-04 18:22 349392 --a------ C:\Program Files\addflow4.ocx 2004-10-04 18:22 348160 --a------ C:\Program Files\msvcr71.dll 2004-10-04 18:22 344064 --a------ C:\Program Files\msvcr70.dll 2004-10-04 18:22 33280 --a------ C:\Program Files\acap.dll 2004-10-04 18:22 32819 --a------ C:\Program Files\mtl7.dll 2004-10-04 18:22 32447 --a------ C:\Program Files\AdlmLog.xml 2004-10-04 18:22 30840 --a------ C:\Program Files\ietiffrd80.dll 2004-10-04 18:22 30328 --a------ C:\Program Files\ietiffwr80.dll 2004-10-04 18:22 30208 --a------ C:\Program Files\particle.dll 2004-10-04 18:22 300544 --a------ C:\Program Files\Amodeler.dll 2004-10-04 18:22 2896896 --a------ C:\Program Files\gmi.dll 2004-10-04 18:22 28727 --a------ C:\Program Files\texture7.dll 2004-10-04 18:22 281208 --a------ C:\Program Files\Ereg.dll 2004-10-04 18:22 281088 --a------ C:\Program Files\AdskScInst.dll 2004-10-04 18:22 27648 --a------ C:\Program Files\gfx.dll 2004-10-04 18:22 26624 --a------ C:\Program Files\gcomm2.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2003-08-05 12:59 C:\WINDOWS\SOUNDMAN.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 05:03] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2005-12-13 08:49] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-01-07 00:00] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-11-30 16:56] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2005-01-07 07:00] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe R3 EL2000;3Com 3C2000x EtherLink XL Adapter;C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys S3 XIRLINK;Veo PC Camera;C:\WINDOWS\system32\DRIVERS\ucdnt.sys ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-14 21:20:25 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** Completion time: 2007-08-14 21:20:54 C:\ComboFix-quarantined-files.txt ... 2007-08-14 21:20 C:\ComboFix2.txt ... 2007-08-13 10:52 New HijackThis report:** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 422 PM, on 8/15/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 5653 bytes Thanks, Gita