Tech Support Forum - View Single Post

morodashortass · 08-16-2007, 03:55 AM

here is combofix2.txt:

ComboFix 07-08-14.4 - "HP_Owner" 2007-08-14 18:46:04.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.168 [GMT 10:00]
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\svchost64.exe

((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 )))))))))))))))))))))))))))))))

2007-08-14 18:17 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-14 18:17 <DIR> d-------- C:\WINDOWS\LastGood
2007-08-14 18:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-13 20:06 <DIR> d-------- C:\Program Files\GLtron
2007-08-12 13:36 <DIR> d-------- C:\Program Files\3DGroove
2007-08-12 11:45 <DIR> d-------- C:\Program Files\Sophos
2007-08-11 20:02 <DIR> d-------- C:\Program Files\Sega
2007-08-11 17:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
2007-08-10 17:11 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-08-07 18:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
2007-08-07 18:30 88 -r-hs---- C:\WINDOWS\system32\646A91DDEB.sys
2007-08-07 18:30 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-07 18:30 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Corel
2007-08-07 18:25 <DIR> d-------- C:\Program Files\Corel
2007-08-05 18:53 <DIR> d-------- C:\Program Files\Air Guard Trial
2007-08-05 10:18 <DIR> d-------- C:\Program Files\Wolfenstein 3D
2007-08-04 22:48 <DIR> d-------- C:\Program Files\HJT
2007-08-04 20:02 <DIR> d-------- C:\Deckard
2007-08-04 17:18 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-04 15:35 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Uniblue
2007-08-04 15:06 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\LimeWire
2007-08-04 13:40 <DIR> d-------- C:\Program Files\CloneDVD
2007-08-04 11:01 9,961,472 --a------ C:\DOCUME~1\HP_Owner\ntuser.dat
2007-08-04 11:01 499,712 --a------ C:\WINDOWS\RtlExUpd.dll
2007-08-04 11:01 1,122,304 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat
2007-08-04 10:54 17,505 --------- C:\WINDOWS\hpomdl07.dat
2007-08-04 10:54 102,199 --a------ C:\WINDOWS\hpoins05.dat
2007-08-03 20:00 <DIR> d-------- C:\Program Files\Guitar Pro 5
2007-08-01 18:04 42,723 --a------ C:\WINDOWS\wilx44i.dll
2007-08-01 18:04 371,581 --a------ C:\WINDOWS\WBDED44I.DLL
2007-08-01 16:21 <DIR> d-------- C:\Program Files\uTorrent
2007-07-30 19:44 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\WinRAR
2007-07-30 18:39 <DIR> d-------- C:\Program Files\LimeWire
2007-07-29 14:48 <DIR> d-------- C:\Program Files\Marble Blast Gold Demo
2007-07-27 09:06 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-27 09:06 144,704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-27 09:03 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-27 09:03 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-27 09:03 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-27 09:03 740,442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-27 09:03 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-27 09:03 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-27 09:03 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-27 09:03 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-27 09:03 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-17 18:50 8,816 --a------ C:\dnsbak.reg
2007-07-16 19:52 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-07-16 19:51 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-07-16 19:51 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-07-16 19:50 <DIR> d-------- C:\Program Files\Symantec
2007-07-16 17:53 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\PEX
2007-07-16 17:40 <DIR> d-------- C:\WINDOWS\rnapxs
2007-07-16 17:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-14 16:08 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-13 20:32 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\uTorrent
2007-08-11 10:41 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-11 10:41 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-09 17:56 --------- d-------- C:\Program Files\XoftSpySE
2007-08-06 21:03 --------- d-------- C:\Program Files\MSN Messenger
2007-08-06 19:51 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-08-04 13:42 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Vso
2007-08-04 13:40 81920 --a------ C:\DOCUME~1\HP_Owner\APPLIC~1\ezpinst.exe
2007-08-04 13:40 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-08-04 13:40 47360 --a------ C:\DOCUME~1\HP_Owner\APPLIC~1\pcouffin.sys
2007-08-04 11:01 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-03 16:27 --------- d-------- C:\Program Files\iTunes
2007-08-03 16:27 --------- d-------- C:\Program Files\iPod
2007-08-03 16:25 --------- d-------- C:\Program Files\Apple Software Update
2007-08-01 07:42 --------- d-------- C:\Program Files\DivX
2007-07-27 09:06 43528 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-07-27 09:06 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-27 09:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-27 09:06 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-27 09:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-27 09:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-27 09:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-27 09:03 81920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-27 09:03 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-27 09:03 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-27 09:03 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-22 19:06 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Apple Computer
2007-07-20 18:19 --------- d-------- C:\Program Files\Google
2007-07-16 19:55 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-07-16 19:55 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-07-13 10:47 --------- d-------- C:\Program Files\QuickTime
2007-07-04 11:40 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\VersionTracker Pro
2007-07-04 11:06 --------- d-------- C:\Program Files\TechTracker
2007-07-04 11:03 --------- d-------- C:\Program Files\eRightSoft
2007-07-02 19:19 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\AdobeUM
2007-06-30 15:57 --------- d-------- C:\Program Files\Common Files\Apple
2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe
2007-05-17 17:30 318976 --a------ C:\WINDOWS\system32\avisynth.dll
2007-05-17 01:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-17 01:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-17 01:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-17 01:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-17 01:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-17 01:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-14 15:24 394240 --a------ C:\WINDOWS\system32\Smab.dll
2006-05-03 09

54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-09 16:43]
"ISUSScheduler"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-04-13 06:07]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 13:54]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 21:10]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 20:44]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-08-07 03:06]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-15 13:10]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-02-08 08:39]
"AutoTBar"="c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe" [2004-08-25 21:08]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00]
"Startup Manager"="C:\Documents and Settings\HP_Owner\Application Data\Systweak\ASO 2\smstartUp manager.exe" []

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideClock"=0 (0x0)
"NoManageMyComputerVerb"=0 (0x0)
"NoStartMenuPinnedList"=0 (0x0)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoUserNameInStartMenu"=0 (0x0)
"StartmenuLogoff"=0 (0x0)
"NoStartMenuSubFolders"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoPrinterTabs"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoPrinters"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoShellSearchButton"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)
"NoThemesTab"=0 (0x0)
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

R2 BCMNTIO;BCMNTIO;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
R2 MAPMEM;MAPMEM;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
S3 gkmixern;gkmixern;\??\C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\gkmixern.sys
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\system32\76.tmp
S3 ovt519;Eye Toy;C:\WINDOWS\system32\Drivers\ov519vid.sys
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys
S3 ssm_bus;Samsung Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
S3 ssm_mdfl;Samsung Mobile USB Modem II 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
S3 ssm_mdm;Samsung Mobile USB Modem II 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2007-08-10 07:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
2007-08-13 06:42:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-14 08:37:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
2007-08-13 10:00:20 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Owner.job - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
2007-01-28 10:23:53 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-14 18:49:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-14 18:50:32
C:\ComboFix-quarantined-files.txt ... 2007-08-14 18:50
C:\ComboFix2.txt ... 2007-08-13 17:28

--- E O F ---

08-16-2007, 03:55 AM	#13 (permalink)
morodashortass Registered User Join Date: Jun 2007 Posts: 35 OS: Microsoft XP Home Edition	Re: General System Maintenance here is combofix2.txt: ComboFix 07-08-14.4 - "HP_Owner" 2007-08-14 18:46:04.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.168 [GMT 10:00] Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\system32\svchost64.exe ((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 ))))))))))))))))))))))))))))))) 2007-08-14 18:17 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-08-14 18:17 <DIR> d-------- C:\WINDOWS\LastGood 2007-08-14 18:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab 2007-08-13 20:06 <DIR> d-------- C:\Program Files\GLtron 2007-08-12 13:36 <DIR> d-------- C:\Program Files\3DGroove 2007-08-12 11:45 <DIR> d-------- C:\Program Files\Sophos 2007-08-11 20:02 <DIR> d-------- C:\Program Files\Sega 2007-08-11 17:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear 2007-08-10 17:11 <DIR> d-------- C:\WINDOWS\.jagex_cache_32 2007-08-07 18:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel 2007-08-07 18:30 88 -r-hs---- C:\WINDOWS\system32\646A91DDEB.sys 2007-08-07 18:30 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-08-07 18:30 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Corel 2007-08-07 18:25 <DIR> d-------- C:\Program Files\Corel 2007-08-05 18:53 <DIR> d-------- C:\Program Files\Air Guard Trial 2007-08-05 10:18 <DIR> d-------- C:\Program Files\Wolfenstein 3D 2007-08-04 22:48 <DIR> d-------- C:\Program Files\HJT 2007-08-04 20:02 <DIR> d-------- C:\Deckard 2007-08-04 17:18 <DIR> d-------- C:\Program Files\Trend Micro 2007-08-04 15:35 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Uniblue 2007-08-04 15:06 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\LimeWire 2007-08-04 13:40 <DIR> d-------- C:\Program Files\CloneDVD 2007-08-04 11:01 9,961,472 --a------ C:\DOCUME~1\HP_Owner\ntuser.dat 2007-08-04 11:01 499,712 --a------ C:\WINDOWS\RtlExUpd.dll 2007-08-04 11:01 1,122,304 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat 2007-08-04 10:54 17,505 --------- C:\WINDOWS\hpomdl07.dat 2007-08-04 10:54 102,199 --a------ C:\WINDOWS\hpoins05.dat 2007-08-03 20:00 <DIR> d-------- C:\Program Files\Guitar Pro 5 2007-08-01 18:04 42,723 --a------ C:\WINDOWS\wilx44i.dll 2007-08-01 18:04 371,581 --a------ C:\WINDOWS\WBDED44I.DLL 2007-08-01 16:21 <DIR> d-------- C:\Program Files\uTorrent 2007-07-30 19:44 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\WinRAR 2007-07-30 18:39 <DIR> d-------- C:\Program Files\LimeWire 2007-07-29 14:48 <DIR> d-------- C:\Program Files\Marble Blast Gold Demo 2007-07-27 09:06 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-07-27 09:06 144,704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-07-27 09:03 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-07-27 09:03 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-07-27 09:03 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-07-27 09:03 740,442 --a------ C:\WINDOWS\system32\DivX.dll 2007-07-27 09:03 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2007-07-27 09:03 344,064 --a------ C:\WINDOWS\system32\dpus11.dll 2007-07-27 09:03 294,912 --a------ C:\WINDOWS\system32\dpu10.dll 2007-07-27 09:03 196,608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-07-27 09:03 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2007-07-17 18:50 8,816 --a------ C:\dnsbak.reg 2007-07-16 19:52 <DIR> d-------- C:\Program Files\Norton Internet Security 2007-07-16 19:51 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-07-16 19:51 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-07-16 19:50 <DIR> d-------- C:\Program Files\Symantec 2007-07-16 17:53 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\PEX 2007-07-16 17:40 <DIR> d-------- C:\WINDOWS\rnapxs 2007-07-16 17:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-14 16:08 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-08-13 20:32 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\uTorrent 2007-08-11 10:41 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2007-08-11 10:41 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-08-09 17:56 --------- d-------- C:\Program Files\XoftSpySE 2007-08-06 21:03 --------- d-------- C:\Program Files\MSN Messenger 2007-08-06 19:51 --------- d-------- C:\Program Files\Windows Live Toolbar 2007-08-04 13:42 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Vso 2007-08-04 13:40 81920 --a------ C:\DOCUME~1\HP_Owner\APPLIC~1\ezpinst.exe 2007-08-04 13:40 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-08-04 13:40 47360 --a------ C:\DOCUME~1\HP_Owner\APPLIC~1\pcouffin.sys 2007-08-04 11:01 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-03 16:27 --------- d-------- C:\Program Files\iTunes 2007-08-03 16:27 --------- d-------- C:\Program Files\iPod 2007-08-03 16:25 --------- d-------- C:\Program Files\Apple Software Update 2007-08-01 07:42 --------- d-------- C:\Program Files\DivX 2007-07-27 09:06 43528 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys 2007-07-27 09:06 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-07-27 09:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-07-27 09:06 129784 --------- C:\WINDOWS\system32\pxafs.dll 2007-07-27 09:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-07-27 09:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-07-27 09:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-07-27 09:03 81920 --a------ C:\WINDOWS\system32\dpl100.dll 2007-07-27 09:03 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2007-07-27 09:03 57344 --a------ C:\WINDOWS\system32\dpv11.dll 2007-07-27 09:03 294912 --a------ C:\WINDOWS\system32\dpu11.dll 2007-07-22 19:06 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Apple Computer 2007-07-20 18:19 --------- d-------- C:\Program Files\Google 2007-07-16 19:55 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-07-16 19:55 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-07-13 10:47 --------- d-------- C:\Program Files\QuickTime 2007-07-04 11:40 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\VersionTracker Pro 2007-07-04 11:06 --------- d-------- C:\Program Files\TechTracker 2007-07-04 11:03 --------- d-------- C:\Program Files\eRightSoft 2007-07-02 19:19 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\AdobeUM 2007-06-30 15:57 --------- d-------- C:\Program Files\Common Files\Apple 2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe 2007-05-17 17:30 318976 --a------ C:\WINDOWS\system32\avisynth.dll 2007-05-17 01:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-17 01:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-17 01:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-17 01:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-17 01:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-17 01:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll 2007-05-14 15:24 394240 --a------ C:\WINDOWS\system32\Smab.dll 2006-05-03 0954 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-09 16:43] "ISUSScheduler"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-04-13 06:07] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 13:54] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 21:10] "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 20:44] "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-08-07 03:06] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-15 13:10] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-02-08 08:39] "AutoTBar"="c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe" [2004-08-25 21:08] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00] "Startup Manager"="C:\Documents and Settings\HP_Owner\Application Data\Systweak\ASO 2\smstartUp manager.exe" [] C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "HideClock"=0 (0x0) "NoManageMyComputerVerb"=0 (0x0) "NoStartMenuPinnedList"=0 (0x0) "NoStartMenuMFUprogramsList"=0 (0x0) "NoUserNameInStartMenu"=0 (0x0) "StartmenuLogoff"=0 (0x0) "NoStartMenuSubFolders"=0 (0x0) "NoCommonGroups"=0 (0x0) "NoRecentDocsMenu"=0 (0x0) "NoPrinterTabs"=0 (0x0) "NoDeletePrinter"=0 (0x0) "NoAddPrinter"=0 (0x0) "NoPrinters"=0 (0x0) "NoNetworkConnections"=0 (0x0) "NoFavoritesMenu"=0 (0x0) "NoSetFolders"=0 (0x0) "NoSMHelp"=0 (0x0) "NoViewContextMenu"=0 (0x0) "NoFileMenu"=0 (0x0) "NoShellSearchButton"=0 (0x0) "NoToolbarCustomize"=0 (0x0) "NoRecentDocsNetHood"=0 (0x0) "NoChangeAnimation"=0 (0x0) "NoChangeKeyboardNavigationIndicators"=0 (0x0) "NoThemesTab"=0 (0x0) "NoViewOnDrive"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start "Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime R2 BCMNTIO;BCMNTIO;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys R2 MAPMEM;MAPMEM;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys S3 gkmixern;gkmixern;\??\C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\gkmixern.sys S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\system32\76.tmp S3 ovt519;Eye Toy;C:\WINDOWS\system32\Drivers\ov519vid.sys S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys S3 ssm_bus;Samsung Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ssm_bus.sys S3 ssm_mdfl;Samsung Mobile USB Modem II 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys S3 ssm_mdm;Samsung Mobile USB Modem II 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys Newly Created Service - COMHOST Contents of the 'Scheduled Tasks' folder 2007-08-10 07:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe 2007-08-13 06:42:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe 2007-08-14 08:37:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE 2007-08-13 10:00:20 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Owner.job - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe 2007-01-28 10:23:53 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-14 18:49:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-08-14 18:50:32 C:\ComboFix-quarantined-files.txt ... 2007-08-14 18:50 C:\ComboFix2.txt ... 2007-08-13 17:28 --- E O F ---