Tech Support Forum - View Single Post - Technicolor screen, Popups, Error messages running programs, random programs starting

Nigel4 · 10-07-2007, 05:34 PM

ComboFix 07-10-07.2 - Owner 2007-10-07 9:03:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.266 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\My Documents\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
C:\Documents and Settings\Owner\Application Data\inst.exe
C:\Documents and Settings\Owner\Application Data\inst.exe
C:\Temp\fse
C:\WINDOWS\cookies.ini
C:\WINDOWS\hosts
C:\WINDOWS\system32\ddayw.dll
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\vtustqo.dll
C:\WINDOWS\system32\wyadd.bak1
C:\WINDOWS\system32\wyadd.bak2
C:\WINDOWS\system32\wyadd.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_FOPN
-------\LEGACY_SFSYNC02
-------\nm
-------\sfsync02

((((((((((((((((((((((((( Files Created from 2007-09-07 to 2007-10-07 )))))))))))))))))))))))))))))))
.

2007-10-07 09:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-06 23:27 516,096 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-10-06 23:24 451,072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.252 Uninstall.exe
2007-10-06 23:24 <DIR> d-------- C:\Program Files\Radeon Omega Drivers
2007-10-06 23:24 <DIR> d-------- C:\Program Files\MultiRes
2007-10-05 22:50 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-03 21:06 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-02 20:29 2,104 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-01 21:46 <DIR> d-------- C:\VundoFix Backups
2007-09-30 15:41 <DIR> d-------- C:\Deckard
2007-09-29 15:11 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-09-21 14:37 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Jetico Personal Firewall
2007-09-21 14:37 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Jetico Personal Firewall
2007-09-20 22:36 <DIR> d-------- C:\Program Files\Jetico Personal Firewall
2007-09-20 09:01 <DIR> d-------- C:\Temp
2007-09-15 10:13 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-09-14 21:30 <DIR> d-------- C:\Program Files\TrackMania Nations ESWC
2007-09-13 20:59 <DIR> d-------- C:\Program Files\Halo
2007-09-13 20:55 <DIR> d-------- C:\sysprep
2007-09-13 20:55 <DIR> d-------- C:\Program Files\Worms Armageddon
2007-09-13 20:55 <DIR> d-------- C:\Program Files\ItsDeductible2006
2007-09-13 20:55 <DIR> d-------- C:\Program Files\IntelliMover Data Transfer Demo
2007-09-13 20:55 <DIR> d-------- C:\Program Files\Atari
2007-09-13 20:48 <DIR> d-------- C:\ATI
2007-09-13 20:06 <DIR> d-------- C:\Program Files\TrackMania Nations ESWC(2)
2007-09-11 22:37 <DIR> d-------- C:\Program Files\DriverCleanerDotNET
2007-09-11 21:04 1,100 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-09-11 18:56 <DIR> d-------- C:\Program Files\Xfire
2007-09-11 18:34 <DIR> d-------- C:\WINDOWS\system32\AGEIA(2)
2007-09-09 12:56 <DIR> d-------- C:\Program Files\InterActual
2007-09-08 15:39 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\RipIt4Me
2007-09-08 15:39 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\RipIt4Me

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-04 20:53 --------- d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-03 09:29 --------- d-------- C:\Program Files\PokerStars
2007-09-29 15:29 --------- d-------- C:\Documents and Settings\Owner\Application Data\Xfire
2007-09-29 15:29 --------- d-------- C:\Documents and Settings\Owner\Application Data\Xfire
2007-09-29 15:03 --------- d-------- C:\Program Files\EA GAMES
2007-09-29 14:57 --------- d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-09-29 14:57 --------- d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-09-29 00:10 --------- d-------- C:\Program Files\PokerStars.TEST
2007-09-14 16:11 --------- d-------- C:\Program Files\LEGO Media
2007-09-14 14:33 --------- d-------- C:\Program Files\LogMeIn
2007-09-13 20:59 --------- d-------- C:\Program Files\Electronic Arts
2007-09-13 20:49 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-13 20:48 --------- d-------- C:\Documents and Settings\Owner\Application Data\ATI
2007-09-13 20:48 --------- d-------- C:\Documents and Settings\Owner\Application Data\ATI
2007-09-10 21:58 --------- d-------- C:\Program Files\Midway Home Entertainment
2007-09-09 17:21 --------- d-------- C:\Documents and Settings\Owner\Application Data\IGN_DLM
2007-09-09 17:21 --------- d-------- C:\Documents and Settings\Owner\Application Data\IGN_DLM
2007-09-06 06:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 06:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 06:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 06:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 06:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-14 21:15 --------- d-------- C:\Documents and Settings\Owner\Application Data\Ahead
2007-08-14 21:15 --------- d-------- C:\Documents and Settings\Owner\Application Data\Ahead
2007-08-14 16:04 --------- d-------- C:\Program Files\MSXML 6.0
2007-04-21 14:34 47360 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.sys
2007-04-21 14:34 47360 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.sys
2006-11-21 20:58 1 --a--c--- C:\Documents and Settings\Owner\SI.bin
2005-04-29 16:21 774144 --a--c--- C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 06:06]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 C:\WINDOWS\soundman.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"JeticoPFStartup"="C:\Program Files\Jetico Personal Firewall\fwsrv.exe" [2005-07-19 02:22]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-12-14 19:11]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"AtiPTA"="atiptaxx.exe" [2006-02-21 20:05 C:\WINDOWS\system32\atiptaxx.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{35B2861B-2B26-4691-9FF0-09083722C736}"= C:\WINDOWS\system32\RadExe.dll [2005-04-27 04:49 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^HP Organize.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\HP Organize.lnk
backup=C:\WINDOWS\pss\HP Organize.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^IMStart.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\IMStart.lnk
backup=C:\WINDOWS\pss\IMStart.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Zeno.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Zeno.lnk
backup=C:\WINDOWS\pss\Zeno.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Z_Start.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Z_Start.lnk
backup=C:\WINDOWS\pss\Z_Start.lnkStartup
c:\windowsupdate\ufp\irs7\csrss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
C:\PROGRA~1\HPINST~1\Pavilion\XPHNABS4EN\plugin\bin\pchbutton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserUpdateSched]
C:\WINDOWS\system32\pwinqsap.exe FI002

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1139081734\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
C:\WINDOWS\System32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
"C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
"C:\Windows\Creator\Remind_XP.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyAxe]
C:\Program Files\SpyAxe\spyaxe.exe /h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
"C:\Program Files\support.com\bin\tgcmd.exe" /server

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tukati:4]
C:\Program Files\Tukati\Redistributor\4\TukatiRedistributor.exe -r:4 -x:1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
"C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinUpdateProtection]
c:\windowsupdate\ufp\008\csrss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{08-8B-BF-FC-ZN}]
C:\windows\system32\rpdsregs.exe FI002

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ewido security suite control"=2 (0x2)
"vsmon"=2 (0x2)
"StarWindService"=2 (0x2)
"RadClock"=2 (0x2)
"PnkBstrA"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"WANMiniportService"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)

R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
R1 bc_filter;BC_Filter;C:\WINDOWS\system32\drivers\bc_filter.sys
R1 bc_ip_f;BC_IP_Filter;C:\WINDOWS\system32\drivers\bc_ip_f.sys
R1 bc_ngn;BC_Engine;C:\WINDOWS\system32\drivers\bc_ngn.sys
R1 bc_pat_f;BC_PAT_Filter;C:\WINDOWS\system32\drivers\bc_pat_f.sys
R1 bc_prt_f;BC_Protocol_Filter;C:\WINDOWS\system32\drivers\bc_prt_f.sys
R1 bc_tdi_f;BC_TDI_Filter;C:\WINDOWS\system32\drivers\bc_tdi_f.sys
R1 bcftdi;BCFTDI;C:\WINDOWS\system32\drivers\bcftdi.sys
R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
R2 SVKP;SVKP;\??\C:\WINDOWS\system32\SVKP.sys
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys
R3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImirr.sys
R3 RadProbe;Radeon Probe Driver;C:\WINDOWS\system32\DRIVERS\RadProbe.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
S3 pnicml;pnicml;\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\pnicml.sys
S3 W8100PCI;D-Link AirPlus G Wireless Driver;C:\WINDOWS\system32\DRIVERS\MRV8K51.sys
S3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS
S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2007-10-07 10:45:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2007-09-29 17:22:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-07-01 17:22:45 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-07 09:15:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-07 9:17:55 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-07 09:17
.
--- E O F ---

10-07-2007, 05:34 PM	#18 (permalink)
Nigel4 Registered User Join Date: Aug 2006 Location: Detroit Posts: 18 OS: XP/Vista	Re: Technicolor screen, Popups, Error messages running programs, random programs star ComboFix 07-10-07.2 - Owner 2007-10-07 9:03:56.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.266 [GMT -4:00] Running from: C:\Documents and Settings\Owner\My Documents\Downloads\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\check_LSA7.txt C:\Documents and Settings\All Users\Application Data.\winantispyware 2007 C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\ProductCode C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode C:\Documents and Settings\Owner\Application Data\inst.exe C:\Documents and Settings\Owner\Application Data\inst.exe C:\Temp\fse C:\WINDOWS\cookies.ini C:\WINDOWS\hosts C:\WINDOWS\system32\ddayw.dll C:\WINDOWS\system32\drivers\sfsync02.sys C:\WINDOWS\system32\f02WtR C:\WINDOWS\system32\vtustqo.dll C:\WINDOWS\system32\wyadd.bak1 C:\WINDOWS\system32\wyadd.bak2 C:\WINDOWS\system32\wyadd.ini D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_FOPN -------\LEGACY_SFSYNC02 -------\nm -------\sfsync02 ((((((((((((((((((((((((( Files Created from 2007-09-07 to 2007-10-07 ))))))))))))))))))))))))))))))) . 2007-10-07 09:02 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-06 23:27 516,096 --a------ C:\WINDOWS\system32\ati2sgag.exe 2007-10-06 23:24 451,072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.252 Uninstall.exe 2007-10-06 23:24 <DIR> d-------- C:\Program Files\Radeon Omega Drivers 2007-10-06 23:24 <DIR> d-------- C:\Program Files\MultiRes 2007-10-05 22:50 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-03 21:06 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-10-02 20:29 2,104 --a------ C:\WINDOWS\system32\tmp.reg 2007-10-01 21:46 <DIR> d-------- C:\VundoFix Backups 2007-09-30 15:41 <DIR> d-------- C:\Deckard 2007-09-29 15:11 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire 2007-09-21 14:37 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Jetico Personal Firewall 2007-09-21 14:37 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Jetico Personal Firewall 2007-09-20 22:36 <DIR> d-------- C:\Program Files\Jetico Personal Firewall 2007-09-20 09:01 <DIR> d-------- C:\Temp 2007-09-15 10:13 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-09-14 21:30 <DIR> d-------- C:\Program Files\TrackMania Nations ESWC 2007-09-13 20:59 <DIR> d-------- C:\Program Files\Halo 2007-09-13 20:55 <DIR> d-------- C:\sysprep 2007-09-13 20:55 <DIR> d-------- C:\Program Files\Worms Armageddon 2007-09-13 20:55 <DIR> d-------- C:\Program Files\ItsDeductible2006 2007-09-13 20:55 <DIR> d-------- C:\Program Files\IntelliMover Data Transfer Demo 2007-09-13 20:55 <DIR> d-------- C:\Program Files\Atari 2007-09-13 20:48 <DIR> d-------- C:\ATI 2007-09-13 20:06 <DIR> d-------- C:\Program Files\TrackMania Nations ESWC(2) 2007-09-11 22:37 <DIR> d-------- C:\Program Files\DriverCleanerDotNET 2007-09-11 21:04 1,100 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-09-11 18:56 <DIR> d-------- C:\Program Files\Xfire 2007-09-11 18:34 <DIR> d-------- C:\WINDOWS\system32\AGEIA(2) 2007-09-09 12:56 <DIR> d-------- C:\Program Files\InterActual 2007-09-08 15:39 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\RipIt4Me 2007-09-08 15:39 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\RipIt4Me . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-04 20:53 --------- d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-10-03 09:29 --------- d-------- C:\Program Files\PokerStars 2007-09-29 15:29 --------- d-------- C:\Documents and Settings\Owner\Application Data\Xfire 2007-09-29 15:29 --------- d-------- C:\Documents and Settings\Owner\Application Data\Xfire 2007-09-29 15:03 --------- d-------- C:\Program Files\EA GAMES 2007-09-29 14:57 --------- d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer 2007-09-29 14:57 --------- d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer 2007-09-29 00:10 --------- d-------- C:\Program Files\PokerStars.TEST 2007-09-14 16:11 --------- d-------- C:\Program Files\LEGO Media 2007-09-14 14:33 --------- d-------- C:\Program Files\LogMeIn 2007-09-13 20:59 --------- d-------- C:\Program Files\Electronic Arts 2007-09-13 20:49 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-09-13 20:48 --------- d-------- C:\Documents and Settings\Owner\Application Data\ATI 2007-09-13 20:48 --------- d-------- C:\Documents and Settings\Owner\Application Data\ATI 2007-09-10 21:58 --------- d-------- C:\Program Files\Midway Home Entertainment 2007-09-09 17:21 --------- d-------- C:\Documents and Settings\Owner\Application Data\IGN_DLM 2007-09-09 17:21 --------- d-------- C:\Documents and Settings\Owner\Application Data\IGN_DLM 2007-09-06 06:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-06 06:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-06 06:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-06 06:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-06 06:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-08-14 21:15 --------- d-------- C:\Documents and Settings\Owner\Application Data\Ahead 2007-08-14 21:15 --------- d-------- C:\Documents and Settings\Owner\Application Data\Ahead 2007-08-14 16:04 --------- d-------- C:\Program Files\MSXML 6.0 2007-04-21 14:34 47360 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.sys 2007-04-21 14:34 47360 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.sys 2006-11-21 20:58 1 --a--c--- C:\Documents and Settings\Owner\SI.bin 2005-04-29 16:21 774144 --a--c--- C:\Program Files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 06:06] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 C:\WINDOWS\soundman.exe] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40] "JeticoPFStartup"="C:\Program Files\Jetico Personal Firewall\fwsrv.exe" [2005-07-19 02:22] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-12-14 19:11] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25] "AtiPTA"="atiptaxx.exe" [2006-02-21 20:05 C:\WINDOWS\system32\atiptaxx.exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{35B2861B-2B26-4691-9FF0-09083722C736}"= C:\WINDOWS\system32\RadExe.dll [2005-04-27 04:49 200704] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^HP Organize.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\HP Organize.lnk backup=C:\WINDOWS\pss\HP Organize.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^IMStart.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\IMStart.lnk backup=C:\WINDOWS\pss\IMStart.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Zeno.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Zeno.lnk backup=C:\WINDOWS\pss\Zeno.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Z_Start.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Z_Start.lnk backup=C:\WINDOWS\pss\Z_Start.lnkStartup c:\windowsupdate\ufp\irs7\csrss.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton] C:\PROGRA~1\HPINST~1\Pavilion\XPHNABS4EN\plugin\bin\pchbutton.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] AGRSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor] ALCXMNTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserUpdateSched] C:\WINDOWS\system32\pwinqsap.exe FI002 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] C:\Program Files\Common Files\AOL\1139081734\ee\AOLSoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05] C:\WINDOWS\System32\hphmon05.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] c:\windows\system\hpsysdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] C:\HP\KBD\KBD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2] C:\WINDOWS\system32\ps2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] "C:\Windows\Creator\Remind_XP.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tukati:4] C:\Program Files\Tukati\Redistributor\4\TukatiRedistributor.exe -r:4 -x:1 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] %systemroot%\system32\dumprep 0 -u [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinUpdateProtection] c:\windowsupdate\ufp\008\csrss.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{08-8B-BF-FC-ZN}] C:\windows\system32\rpdsregs.exe FI002 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ewido security suite control"=2 (0x2) "vsmon"=2 (0x2) "StarWindService"=2 (0x2) "RadClock"=2 (0x2) "PnkBstrA"=2 (0x2) "ATI Smart"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "WANMiniportService"=2 (0x2) "AVG Anti-Spyware Guard"=2 (0x2) R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys R1 bc_filter;BC_Filter;C:\WINDOWS\system32\drivers\bc_filter.sys R1 bc_ip_f;BC_IP_Filter;C:\WINDOWS\system32\drivers\bc_ip_f.sys R1 bc_ngn;BC_Engine;C:\WINDOWS\system32\drivers\bc_ngn.sys R1 bc_pat_f;BC_PAT_Filter;C:\WINDOWS\system32\drivers\bc_pat_f.sys R1 bc_prt_f;BC_Protocol_Filter;C:\WINDOWS\system32\drivers\bc_prt_f.sys R1 bc_tdi_f;BC_TDI_Filter;C:\WINDOWS\system32\drivers\bc_tdi_f.sys R1 bcftdi;BCFTDI;C:\WINDOWS\system32\drivers\bcftdi.sys R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys R2 SVKP;SVKP;\??\C:\WINDOWS\system32\SVKP.sys R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys R3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImirr.sys R3 RadProbe;Radeon Probe Driver;C:\WINDOWS\system32\DRIVERS\RadProbe.sys R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys S3 pnicml;pnicml;\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\pnicml.sys S3 W8100PCI;D-Link AirPlus G Wireless Driver;C:\WINDOWS\system32\DRIVERS\MRV8K51.sys S3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- D:\Info.exe folder.htt 480 480 . Contents of the 'Scheduled Tasks' folder "2007-10-07 10:45:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE "2007-09-29 17:22:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2007-07-01 17:22:45 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-07 09:15:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-10-07 9:17:55 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-10-07 09:17 . --- E O F ---