Tech Support Forum - View Single Post - winantispyware removal

leorot · 10-04-2007, 12:46 AM

i run combofix and in the first window it went through about 27 steps, then deleted a lot of dll's , bak's and some other weird named files. then a message said a new window will appear to complete the cleaning process, and it did. but next, the blue screen of death came up, with this error: KERNEL_STACK_INPAGE_ERROR. so, i had to restart the computer. after reboot, still disconnected from the internet, i run combofix for the second time. after that, i connected to the internet and i run hjt. you'll find both logs below.

ComboFix 07-10-04.5 - Leo 2005 2007-10-04 9:31:04.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.419 [GMT 3:00]
Running from: C:\Documents and Settings\Leo 2005\desktop\combofix.exe
Command switches used :: /killall
.

((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 )))))))))))))))))))))))))))))))
.

2007-10-04 09:19 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-03 23:18 <DIR> d-------- C:\Deckard
2007-10-03 21:04 320,608 --a------ C:\WINDOWS\SYSTEM32\ddccb.dll
2007-10-02 17:16 77,376 --a------ C:\WINDOWS\SYSTEM32\sihojuvd.dll
2007-10-02 13:31 <DIR> dr-h----- C:\Documents and Settings\Leo 2005\Application Data\SecuROM
2007-10-02 13:31 <DIR> d-------- C:\Documents and Settings\Leo 2005\Application Data\Bioshock
2007-10-02 13:10 <DIR> d-------- C:\Documents and Settings\Leo 2005\Application Data\InstallShield
2007-10-02 11:41 <DIR> d-------- C:\Program Files\DAEMON Tools 4.10
2007-10-02 11:37 685,816 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys
2007-10-02 10:20 <DIR> d-------- C:\Documents and Settings\Leo 2005\Application Data\WinRAR
2007-10-02 09:52 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-01 18:53 310,880 --a------ C:\WINDOWS\SYSTEM32\pmkhf.dll
2007-09-29 13:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2007-09-29 12:09 <DIR> d-------- C:\WINDOWS\SYSTEM32\AGEIA
2007-09-29 12:09 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-09-26 13:22 <DIR> d-------- C:\Program Files\iPod
2007-09-20 10:48 <DIR> d-------- C:\Program Files\JAlbum7.2
2007-09-18 14:43 43,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\srtspx.sys
2007-09-18 14:43 317,616 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\srtspl.sys
2007-09-18 14:43 278,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\srtsp.sys
2007-09-17 21:23 823,296 --a------ C:\WINDOWS\SYSTEM32\divx_xx0c.dll
2007-09-17 21:23 823,296 --a------ C:\WINDOWS\SYSTEM32\divx_xx07.dll
2007-09-17 21:22 802,816 --a------ C:\WINDOWS\SYSTEM32\divx_xx11.dll
2007-09-17 21:22 739,840 --a------ C:\WINDOWS\SYSTEM32\DivX.dll
2007-09-12 22:48 <DIR> d-------- C:\Documents and Settings\Leo 2005\Application Data\mIRC
2007-09-12 02:14 156,992 --a------ C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
2007-09-10 21:12 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-04 08:41 --------- d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-03 23:22 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-03 21:04 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-03 21:04 60800 --a------ C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2007-10-03 21:04 123952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-03 21:04 10740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-03 21:04 --------- d-------- C:\Program Files\Symantec
2007-10-02 18:27 647 --a------ C:\case.bin
2007-10-02 13:18 --------- d-------- C:\Program Files\DC++
2007-10-02 13:10 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-10-01 14:48 108144 --a------ C:\WINDOWS\SYSTEM32\CmdLineExt.dll
2007-09-29 18:05 --------- d-------- C:\Documents and Settings\Leo 2005\Application Data\uTorrent
2007-09-29 13:30 --------- d-------- C:\Program Files\ATI Technologies
2007-09-29 13:24 --------- d-------- C:\Program Files\Creative
2007-09-29 12:09 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-26 18:25 --------- d-------- C:\Program Files\Yahoo!
2007-09-26 18:24 --------- d-------- C:\Documents and Settings\Leo 2005\Application Data\Yahoo!
2007-09-26 18:24 --------- d-------- C:\Documents and Settings\All Users\Application Data\yahoo!
2007-09-26 15:13 --------- d-------- C:\Program Files\DivX
2007-09-26 13:27 --------- d-------- C:\Program Files\Apple Software Update
2007-09-26 13:23 --------- d-------- C:\Program Files\iTunes
2007-09-26 13:10 --------- d-------- C:\Program Files\Norton 360
2007-09-20 08:57 --------- d-------- C:\Program Files\NoAdware5.0
2007-09-18 23:26 --------- d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-18 14:44 1430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 14:44 1421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 14:44 1415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 14:44 10662 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 14:44 10662 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 14:44 10658 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-13 19:56 286720 --a------ C:\WINDOWS\iun506.exe
2007-09-13 19:56 --------- d-------- C:\Program Files\OPFV 2007
2007-08-31 13:51 --------- d-------- C:\Program Files\VoipStunt
2007-08-22 05:33 46432 --a------ C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-08-22 05:09 352256 --a------ C:\WINDOWS\SYSTEM32\ATIDEMGX.dll
2007-08-22 05:07 307200 --a------ C:\WINDOWS\SYSTEM32\atiiiexx.dll
2007-08-22 05:07 268800 --a------ C:\WINDOWS\SYSTEM32\ati2dvag.dll
2007-08-22 05:07 2417664 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-08-22 05:07 2417664 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ati2mtag.sys
2007-08-22 04:59 26112 --a------ C:\WINDOWS\SYSTEM32\Ati2mdxx.exe
2007-08-22 04:59 143360 --a------ C:\WINDOWS\SYSTEM32\atipdlxx.dll
2007-08-22 04:58 43520 --a------ C:\WINDOWS\SYSTEM32\ati2edxx.dll
2007-08-22 04:58 122880 --a------ C:\WINDOWS\SYSTEM32\ati2evxx.dll
2007-08-22 04:57 487424 --a------ C:\WINDOWS\SYSTEM32\ati2evxx.exe
2007-08-22 04:56 53248 --a------ C:\WINDOWS\SYSTEM32\ATIDDC.DLL
2007-08-22 04:48 8306688 --a------ C:\WINDOWS\SYSTEM32\atioglx2.dll
2007-08-22 04:47 3091392 --a------ C:\WINDOWS\SYSTEM32\ati3duag.dll
2007-08-22 04:35 1586816 --a------ C:\WINDOWS\SYSTEM32\ativvaxx.dll
2007-08-22 04:21 5435392 --a------ C:\WINDOWS\SYSTEM32\atioglxx.dll
2007-08-22 04:19 266240 --a------ C:\WINDOWS\SYSTEM32\atikvmag.dll
2007-08-22 04:17 17408 --a------ C:\WINDOWS\SYSTEM32\atitvo32.dll
2007-08-22 04:15 172032 --a------ C:\WINDOWS\SYSTEM32\atiok3x2.dll
2007-08-22 04:13 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
2007-08-22 04:11 450560 --a------ C:\WINDOWS\SYSTEM32\ati2cqag.dll
2007-08-21 21:05 593920 --------- C:\WINDOWS\SYSTEM32\ati2sgag.exe
2007-08-21 03:26 81920 --a------ C:\WINDOWS\SYSTEM32\dpl100.dll
2007-08-21 03:26 196608 --a------ C:\WINDOWS\SYSTEM32\dtu100.dll
2007-08-19 15:04 --------- d-------- C:\Program Files\Text-Reader programs
2007-08-16 01:33 524288 --a------ C:\WINDOWS\SYSTEM32\DivXsm.exe
2007-08-16 01:33 43528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-08-16 01:33 3596288 --a------ C:\WINDOWS\SYSTEM32\qt-dx331.dll
2007-08-16 01:33 200704 --a------ C:\WINDOWS\SYSTEM32\ssldivx.dll
2007-08-16 01:33 129784 --------- C:\WINDOWS\SYSTEM32\pxafs.dll
2007-08-16 01:33 120056 --------- C:\WINDOWS\SYSTEM32\pxcpyi64.exe
2007-08-16 01:33 118520 --------- C:\WINDOWS\SYSTEM32\pxinsi64.exe
2007-08-16 01:33 1044480 --a------ C:\WINDOWS\SYSTEM32\libdivx.dll
2007-08-16 01:31 593920 --a------ C:\WINDOWS\SYSTEM32\dpuGUI11.dll
2007-08-16 01:31 57344 --a------ C:\WINDOWS\SYSTEM32\dpv11.dll
2007-08-16 01:31 53248 --a------ C:\WINDOWS\SYSTEM32\dpuGUI10.dll
2007-08-16 01:31 344064 --a------ C:\WINDOWS\SYSTEM32\dpus11.dll
2007-08-16 01:31 294912 --a------ C:\WINDOWS\SYSTEM32\dpu11.dll
2007-08-16 01:31 294912 --a------ C:\WINDOWS\SYSTEM32\dpu10.dll
2007-08-16 01:30 12288 --a------ C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
2007-08-14 23:19 --------- d-------- C:\Program Files\Declaratii_BASS
2007-08-14 23:19 --------- d-------- C:\Program Files\D394
2007-08-14 20:25 --------- d-------- C:\Program Files\ReviSal
2007-08-14 20:24 6776 --a------ C:\denumiri_fisiere.bin
2007-08-14 20:16 --------- d-------- C:\Program Files\Bilant 0607
2007-08-14 20:13 770560 --a------ C:\WINDOWS\SYSTEM32\VFP5ENU.DLL
2007-08-14 20:13 3223824 --a------ C:\WINDOWS\SYSTEM32\VFP500.DLL
2007-08-14 20:11 --------- d-------- C:\Program Files\Declaratii fiscale 2007
2007-08-14 20:11 --------- d-------- C:\Program Files\Declaratia 205 (an 2006)
2007-08-08 22:16 --------- d-------- C:\Documents and Settings\Leo 2005\Application Data\Apple Computer
2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\SYSTEM32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{827B3A67-61E3-41C4-82B6-E9FDC2D31768}]
2007-10-03 21:04 320608 --a------ C:\WINDOWS\system32\ddccb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 18:43]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 09:00]
"CTHelper"="CTHELPER.EXE" [2007-04-09 12:32 C:\WINDOWS\SYSTEM32\CtHelper.exe]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 05:49 C:\WINDOWS\SYSTEM32\tweakui.cpl]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-15 06:10]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 22:49]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
iTunes.lnk - C:\WINDOWS\Installer\{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}\iTunesIco.exe [2007-09-26 13:23:34]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
iTunes.lnk - C:\WINDOWS\Installer\{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}\iTunesIco.exe [2007-09-26 13:23:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifddby]
iifddby.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjjq32]
winjjq32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ADSL.lnk]
backup=C:\WINDOWS\pss\ADSL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Leo 2005^Start Menu^Programs^Startup^Winamp.lnk]
backup=C:\WINDOWS\pss\Winamp.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTXFIREG]
CTxfiReg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools 4.10\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Program Files\D-Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagnostics]
"C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:en

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\PROGRA~1\MODEMO~1\moh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2kAutostart]
V330

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]
"C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime 5\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]
rundll32.exe "C:\WINDOWS\system32\hoywojum.dll",sitypnow

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetIcon]
\Program Files\WDC\SetIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
C:\Program Files\Ulead VideoStudio 10\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
WDBtnMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp5_12\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]
wfxsnt40.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wfxsvc"=2 (0x2)
"Fax"=2 (0x2)
"UleadBurningHelper"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"WMPNetworkSvc"=2 (0x2)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"RetroWDSvc"=2 (0x2)
"RetroLauncher"=2 (0x2)
"Adobe LM Service"=3 (0x3)

R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys
R2 CDRPDACC;Arrowkey Device Access;\??\C:\Program Files\dvdXcopy Platinum\Shared\CDRPDACC.SYS
S3 bcgame;Nostromo HID Device Minidriver;C:\WINDOWS\system32\drivers\bcgame.sys
S3 inibtmgr;WD Bridge Controller Driver;C:\WINDOWS\system32\DRIVERS\inibtmgr.sys
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 ST330;ST330;C:\WINDOWS\system32\drivers\st330.sys
S3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus.sys
S3 STETH;SpeedTouch Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\steth.sys
S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys
S3 XIRLINK;Veo Mobile/Advanced Web Camera;C:\WINDOWS\system32\DRIVERS\ucdnt.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34030162-e5b5-11d9-a607-00132055a651}]
AutoRun\command- J:\BSAutoRun.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-10-01 06:54:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-04 09:34:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-04 9:35:07
C:\ComboFix-quarantined-files.txt ... 2007-10-04 09:35
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:42:44, on 04.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI69DF~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {827B3A67-61E3-41C4-82B6-E9FDC2D31768} - C:\WINDOWS\system32\ddccb.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-18 Startup: ADSL.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: ADSL.lnk = ? (User 'Default user')
O4 - Startup: ADSL.lnk = ?
O4 - Global Startup: iTunes.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI69DF~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI69DF~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {29710C4C-4F0F-4A36-8312-CB5614829804} (DriverDetectiveNonMembers.nonmembers) - http://www.drivershq.com/files/cab/n...tective-nm.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-36.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120342234327
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1130356325062
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD983414-25A6-4457-9F7D-7E8B54B18CF8}: NameServer = 193.231.100.130 193.231.100.134
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI69DF~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: iifddby - iifddby.dll (file missing)
O20 - Winlogon Notify: winjjq32 - winjjq32.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12306 bytes

10-04-2007, 12:46 AM	#5 (permalink)
leorot Registered User Join Date: Sep 2007 Posts: 16 OS: win xp sp3 My System	Re: winantispyware removal - impossile i run combofix and in the first window it went through about 27 steps, then deleted a lot of dll's , bak's and some other weird named files. then a message said a new window will appear to complete the cleaning process, and it did. but next, the blue screen of death came up, with this error: KERNEL_STACK_INPAGE_ERROR. so, i had to restart the computer. after reboot, still disconnected from the internet, i run combofix for the second time. after that, i connected to the internet and i run hjt. you'll find both logs below. ComboFix 07-10-04.5 - Leo 2005 2007-10-04 9:31:04.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.419 [GMT 3:00] Running from: C:\Documents and Settings\Leo 2005\desktop\combofix.exe Command switches used :: /killall . ((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 ))))))))))))))))))))))))))))))) . 2007-10-04 09:19 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-03 23:18 <DIR> d-------- C:\Deckard 2007-10-03 21:04 320,608 --a------ C:\WINDOWS\SYSTEM32\ddccb.dll 2007-10-02 17:16 77,376 --a------ C:\WINDOWS\SYSTEM32\sihojuvd.dll 2007-10-02 13:31 <DIR> dr-h----- C:\Documents and Settings\Leo 2005\Application Data\SecuROM 2007-10-02 13:31 <DIR> d-------- C:\Documents and Settings\Leo 2005\Application Data\Bioshock 2007-10-02 13:10 <DIR> d-------- C:\Documents and Settings\Leo 2005\Application Data\InstallShield 2007-10-02 11:41 <DIR> d-------- C:\Program Files\DAEMON Tools 4.10 2007-10-02 11:37 685,816 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys 2007-10-02 10:20 <DIR> d-------- C:\Documents and Settings\Leo 2005\Application Data\WinRAR 2007-10-02 09:52 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-01 18:53 310,880 --a------ C:\WINDOWS\SYSTEM32\pmkhf.dll 2007-09-29 13:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI 2007-09-29 12:09 <DIR> d-------- C:\WINDOWS\SYSTEM32\AGEIA 2007-09-29 12:09 <DIR> d-------- C:\Program Files\AGEIA Technologies 2007-09-26 13:22 <DIR> d-------- C:\Program Files\iPod 2007-09-20 10:48 <DIR> d-------- C:\Program Files\JAlbum7.2 2007-09-18 14:43 43,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\srtspx.sys 2007-09-18 14:43 317,616 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\srtspl.sys 2007-09-18 14:43 278,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\srtsp.sys 2007-09-17 21:23 823,296 --a------ C:\WINDOWS\SYSTEM32\divx_xx0c.dll 2007-09-17 21:23 823,296 --a------ C:\WINDOWS\SYSTEM32\divx_xx07.dll 2007-09-17 21:22 802,816 --a------ C:\WINDOWS\SYSTEM32\divx_xx11.dll 2007-09-17 21:22 739,840 --a------ C:\WINDOWS\SYSTEM32\DivX.dll 2007-09-12 22:48 <DIR> d-------- C:\Documents and Settings\Leo 2005\Application Data\mIRC 2007-09-12 02:14 156,992 --a------ C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe 2007-09-10 21:12 <DIR> d-------- C:\WINDOWS\SxsCaPendDel . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-04 08:41 --------- d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-03 23:22 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-10-03 21:04 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-10-03 21:04 60800 --a------ C:\WINDOWS\SYSTEM32\S32EVNT1.DLL 2007-10-03 21:04 123952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-10-03 21:04 10740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-10-03 21:04 --------- d-------- C:\Program Files\Symantec 2007-10-02 18:27 647 --a------ C:\case.bin 2007-10-02 13:18 --------- d-------- C:\Program Files\DC++ 2007-10-02 13:10 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-10-01 14:48 108144 --a------ C:\WINDOWS\SYSTEM32\CmdLineExt.dll 2007-09-29 18:05 --------- d-------- C:\Documents and Settings\Leo 2005\Application Data\uTorrent 2007-09-29 13:30 --------- d-------- C:\Program Files\ATI Technologies 2007-09-29 13:24 --------- d-------- C:\Program Files\Creative 2007-09-29 12:09 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-09-26 18:25 --------- d-------- C:\Program Files\Yahoo! 2007-09-26 18:24 --------- d-------- C:\Documents and Settings\Leo 2005\Application Data\Yahoo! 2007-09-26 18:24 --------- d-------- C:\Documents and Settings\All Users\Application Data\yahoo! 2007-09-26 15:13 --------- d-------- C:\Program Files\DivX 2007-09-26 13:27 --------- d-------- C:\Program Files\Apple Software Update 2007-09-26 13:23 --------- d-------- C:\Program Files\iTunes 2007-09-26 13:10 --------- d-------- C:\Program Files\Norton 360 2007-09-20 08:57 --------- d-------- C:\Program Files\NoAdware5.0 2007-09-18 23:26 --------- d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-09-18 14:44 1430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf 2007-09-18 14:44 1421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf 2007-09-18 14:44 1415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf 2007-09-18 14:44 10662 --a------ C:\WINDOWS\system32\drivers\srtspx.cat 2007-09-18 14:44 10662 --a------ C:\WINDOWS\system32\drivers\srtspl.cat 2007-09-18 14:44 10658 --a------ C:\WINDOWS\system32\drivers\srtsp.cat 2007-09-13 19:56 286720 --a------ C:\WINDOWS\iun506.exe 2007-09-13 19:56 --------- d-------- C:\Program Files\OPFV 2007 2007-08-31 13:51 --------- d-------- C:\Program Files\VoipStunt 2007-08-22 05:33 46432 --a------ C:\WINDOWS\system32\drivers\ativvpxx.vp 2007-08-22 05:09 352256 --a------ C:\WINDOWS\SYSTEM32\ATIDEMGX.dll 2007-08-22 05:07 307200 --a------ C:\WINDOWS\SYSTEM32\atiiiexx.dll 2007-08-22 05:07 268800 --a------ C:\WINDOWS\SYSTEM32\ati2dvag.dll 2007-08-22 05:07 2417664 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-08-22 05:07 2417664 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ati2mtag.sys 2007-08-22 04:59 26112 --a------ C:\WINDOWS\SYSTEM32\Ati2mdxx.exe 2007-08-22 04:59 143360 --a------ C:\WINDOWS\SYSTEM32\atipdlxx.dll 2007-08-22 04:58 43520 --a------ C:\WINDOWS\SYSTEM32\ati2edxx.dll 2007-08-22 04:58 122880 --a------ C:\WINDOWS\SYSTEM32\ati2evxx.dll 2007-08-22 04:57 487424 --a------ C:\WINDOWS\SYSTEM32\ati2evxx.exe 2007-08-22 04:56 53248 --a------ C:\WINDOWS\SYSTEM32\ATIDDC.DLL 2007-08-22 04:48 8306688 --a------ C:\WINDOWS\SYSTEM32\atioglx2.dll 2007-08-22 04:47 3091392 --a------ C:\WINDOWS\SYSTEM32\ati3duag.dll 2007-08-22 04:35 1586816 --a------ C:\WINDOWS\SYSTEM32\ativvaxx.dll 2007-08-22 04:21 5435392 --a------ C:\WINDOWS\SYSTEM32\atioglxx.dll 2007-08-22 04:19 266240 --a------ C:\WINDOWS\SYSTEM32\atikvmag.dll 2007-08-22 04:17 17408 --a------ C:\WINDOWS\SYSTEM32\atitvo32.dll 2007-08-22 04:15 172032 --a------ C:\WINDOWS\SYSTEM32\atiok3x2.dll 2007-08-22 04:13 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll 2007-08-22 04:11 450560 --a------ C:\WINDOWS\SYSTEM32\ati2cqag.dll 2007-08-21 21:05 593920 --------- C:\WINDOWS\SYSTEM32\ati2sgag.exe 2007-08-21 03:26 81920 --a------ C:\WINDOWS\SYSTEM32\dpl100.dll 2007-08-21 03:26 196608 --a------ C:\WINDOWS\SYSTEM32\dtu100.dll 2007-08-19 15:04 --------- d-------- C:\Program Files\Text-Reader programs 2007-08-16 01:33 524288 --a------ C:\WINDOWS\SYSTEM32\DivXsm.exe 2007-08-16 01:33 43528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-08-16 01:33 3596288 --a------ C:\WINDOWS\SYSTEM32\qt-dx331.dll 2007-08-16 01:33 200704 --a------ C:\WINDOWS\SYSTEM32\ssldivx.dll 2007-08-16 01:33 129784 --------- C:\WINDOWS\SYSTEM32\pxafs.dll 2007-08-16 01:33 120056 --------- C:\WINDOWS\SYSTEM32\pxcpyi64.exe 2007-08-16 01:33 118520 --------- C:\WINDOWS\SYSTEM32\pxinsi64.exe 2007-08-16 01:33 1044480 --a------ C:\WINDOWS\SYSTEM32\libdivx.dll 2007-08-16 01:31 593920 --a------ C:\WINDOWS\SYSTEM32\dpuGUI11.dll 2007-08-16 01:31 57344 --a------ C:\WINDOWS\SYSTEM32\dpv11.dll 2007-08-16 01:31 53248 --a------ C:\WINDOWS\SYSTEM32\dpuGUI10.dll 2007-08-16 01:31 344064 --a------ C:\WINDOWS\SYSTEM32\dpus11.dll 2007-08-16 01:31 294912 --a------ C:\WINDOWS\SYSTEM32\dpu11.dll 2007-08-16 01:31 294912 --a------ C:\WINDOWS\SYSTEM32\dpu10.dll 2007-08-16 01:30 12288 --a------ C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll 2007-08-14 23:19 --------- d-------- C:\Program Files\Declaratii_BASS 2007-08-14 23:19 --------- d-------- C:\Program Files\D394 2007-08-14 20:25 --------- d-------- C:\Program Files\ReviSal 2007-08-14 20:24 6776 --a------ C:\denumiri_fisiere.bin 2007-08-14 20:16 --------- d-------- C:\Program Files\Bilant 0607 2007-08-14 20:13 770560 --a------ C:\WINDOWS\SYSTEM32\VFP5ENU.DLL 2007-08-14 20:13 3223824 --a------ C:\WINDOWS\SYSTEM32\VFP500.DLL 2007-08-14 20:11 --------- d-------- C:\Program Files\Declaratii fiscale 2007 2007-08-14 20:11 --------- d-------- C:\Program Files\Declaratia 205 (an 2006) 2007-08-08 22:16 --------- d-------- C:\Documents and Settings\Leo 2005\Application Data\Apple Computer 2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\SYSTEM32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll 2007-07-30 19:19 271224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll 2007-07-30 19:19 207736 --a------ C:\WINDOWS\SYSTEM32\muweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\SYSTEM32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{827B3A67-61E3-41C4-82B6-E9FDC2D31768}] 2007-10-03 21:04 320608 --a------ C:\WINDOWS\system32\ddccb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 18:43] "CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 09:00] "CTHelper"="CTHELPER.EXE" [2007-04-09 12:32 C:\WINDOWS\SYSTEM32\CtHelper.exe] "Tweak UI"="TWEAKUI.CPL" [2003-03-25 05:49 C:\WINDOWS\SYSTEM32\tweakui.cpl] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-15 06:10] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 22:49] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ iTunes.lnk - C:\WINDOWS\Installer\{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}\iTunesIco.exe [2007-09-26 13:23:34] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ iTunes.lnk - C:\WINDOWS\Installer\{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}\iTunesIco.exe [2007-09-26 13:23:34] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoThumbnailCache"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifddby] iifddby.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjjq32] winjjq32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ADSL.lnk] backup=C:\WINDOWS\pss\ADSL.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Leo 2005^Start Menu^Programs^Startup^Winamp.lnk] backup=C:\WINDOWS\pss\Winamp.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTXFIREG] CTxfiReg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "C:\Program Files\DAEMON Tools 4.10\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagnostics] "C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:en [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] C:\WINDOWS\system32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] C:\WINDOWS\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] "C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold] C:\PROGRA~1\MODEMO~1\moh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2kAutostart] V330 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash] "C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime 5\QTTask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer] rundll32.exe "C:\WINDOWS\system32\hoywojum.dll",sitypnow [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetIcon] \Program Files\WDC\SetIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] C:\WINDOWS\UpdReg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload] C:\Program Files\Ulead VideoStudio 10\uvPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager] WDBtnMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp5_12\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter] wfxsnt40.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wfxsvc"=2 (0x2) "Fax"=2 (0x2) "UleadBurningHelper"=2 (0x2) "Macromedia Licensing Service"=3 (0x3) "WMPNetworkSvc"=2 (0x2) "SandraTheSrv"=3 (0x3) "SandraDataSrv"=3 (0x3) "RetroWDSvc"=2 (0x2) "RetroLauncher"=2 (0x2) "Adobe LM Service"=3 (0x3) R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys R2 CDRPDACC;Arrowkey Device Access;\??\C:\Program Files\dvdXcopy Platinum\Shared\CDRPDACC.SYS S3 bcgame;Nostromo HID Device Minidriver;C:\WINDOWS\system32\drivers\bcgame.sys S3 inibtmgr;WD Bridge Controller Driver;C:\WINDOWS\system32\DRIVERS\inibtmgr.sys S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe -k p2psvc S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe -k p2psvc S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe -k p2psvc S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe -k p2psvc S3 ST330;ST330;C:\WINDOWS\system32\drivers\st330.sys S3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus.sys S3 STETH;SpeedTouch Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\steth.sys S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys S3 XIRLINK;Veo Mobile/Advanced Web Camera;C:\WINDOWS\system32\DRIVERS\ucdnt.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34030162-e5b5-11d9-a607-00132055a651}] AutoRun\command- J:\BSAutoRun.exe Newly Created Service - COMHOST . Contents of the 'Scheduled Tasks' folder "2007-10-01 06:54:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-04 09:34:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-10-04 9:35:07 C:\ComboFix-quarantined-files.txt ... 2007-10-04 09:35 . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:42:44, on 04.10.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\iTunes\iTunes.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI69DF~1\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {827B3A67-61E3-41C4-82B6-E9FDC2D31768} - C:\WINDOWS\system32\ddccb.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - S-1-5-18 Startup: ADSL.lnk = ? (User 'SYSTEM') O4 - .DEFAULT Startup: ADSL.lnk = ? (User 'Default user') O4 - Startup: ADSL.lnk = ? O4 - Global Startup: iTunes.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI69DF~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI69DF~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI69DF~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI69DF~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab O16 - DPF: {29710C4C-4F0F-4A36-8312-CB5614829804} (DriverDetectiveNonMembers.nonmembers) - http://www.drivershq.com/files/cab/n...tective-nm.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-36.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120342234327 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1130356325062 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FD983414-25A6-4457-9F7D-7E8B54B18CF8}: NameServer = 193.231.100.130 193.231.100.134 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI69DF~1\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: iifddby - iifddby.dll (file missing) O20 - Winlogon Notify: winjjq32 - winjjq32.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 12306 bytes