Thread: Technicolor screen, Popups, Error messages running programs, random programs starting
View Single Post
Old 10-08-2007, 03:28 PM   #21 (permalink)
Nigel4
Registered User
 
Join Date: Aug 2006
Location: Detroit
Posts: 18
OS: XP/Vista


Re: Technicolor screen, Popups, Error messages running programs, random programs star
There's a java 6u3 now... I got that instead of 6u2...

ComboFix 07-10-07.2 - Owner 2007-10-08 17:34:28.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.228 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\My Documents\Downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\My Documents\Downloads\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\pwinqsap.exe
C:\windows\system32\rpdsregs.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-08 to 2007-10-08 )))))))))))))))))))))))))))))))
.

2007-10-07 19:38 <DIR> d-------- C:\AntiVirus Logs
2007-10-07 09:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-06 23:27 516,096 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-10-06 23:24 451,072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.252 Uninstall.exe
2007-10-06 23:24 <DIR> d-------- C:\Program Files\Radeon Omega Drivers
2007-10-06 23:24 <DIR> d-------- C:\Program Files\MultiRes
2007-10-05 22:50 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-03 21:06 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-02 20:29 2,104 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-01 21:46 <DIR> d-------- C:\VundoFix Backups
2007-09-30 15:41 <DIR> d-------- C:\Deckard
2007-09-29 15:11 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-09-21 14:37 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Jetico Personal Firewall
2007-09-21 14:37 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Jetico Personal Firewall
2007-09-20 22:36 <DIR> d-------- C:\Program Files\Jetico Personal Firewall
2007-09-20 09:01 <DIR> d-------- C:\Temp
2007-09-15 10:13 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-09-14 21:30 <DIR> d-------- C:\Program Files\TrackMania Nations ESWC
2007-09-13 20:59 <DIR> d-------- C:\Program Files\Halo
2007-09-13 20:55 <DIR> d-------- C:\sysprep
2007-09-13 20:55 <DIR> d-------- C:\Program Files\Worms Armageddon
2007-09-13 20:55 <DIR> d-------- C:\Program Files\ItsDeductible2006
2007-09-13 20:55 <DIR> d-------- C:\Program Files\IntelliMover Data Transfer Demo
2007-09-13 20:55 <DIR> d-------- C:\Program Files\Atari
2007-09-13 20:48 <DIR> d-------- C:\ATI
2007-09-13 20:06 <DIR> d-------- C:\Program Files\TrackMania Nations ESWC(2)
2007-09-11 22:37 <DIR> d-------- C:\Program Files\DriverCleanerDotNET
2007-09-11 21:04 1,100 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-09-11 18:56 <DIR> d-------- C:\Program Files\Xfire
2007-09-11 18:34 <DIR> d-------- C:\WINDOWS\system32\AGEIA(2)
2007-09-09 12:56 <DIR> d-------- C:\Program Files\InterActual
2007-09-08 15:39 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\RipIt4Me
2007-09-08 15:39 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\RipIt4Me

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-08 08:29 --------- d-------- C:\Program Files\PokerStars
2007-10-04 20:53 --------- d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-09-29 15:29 --------- d-------- C:\Documents and Settings\Owner\Application Data\Xfire
2007-09-29 15:29 --------- d-------- C:\Documents and Settings\Owner\Application Data\Xfire
2007-09-29 15:03 --------- d-------- C:\Program Files\EA GAMES
2007-09-29 14:57 --------- d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-09-29 14:57 --------- d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-09-29 00:10 --------- d-------- C:\Program Files\PokerStars.TEST
2007-09-28 16:52 45568 --a------ C:\WINDOWS\system32\drwtsn32.exe
2007-09-14 16:11 --------- d-------- C:\Program Files\LEGO Media
2007-09-14 14:33 --------- d-------- C:\Program Files\LogMeIn
2007-09-13 20:59 --------- d-------- C:\Program Files\Electronic Arts
2007-09-13 20:49 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-13 20:48 --------- d-------- C:\Documents and Settings\Owner\Application Data\ATI
2007-09-13 20:48 --------- d-------- C:\Documents and Settings\Owner\Application Data\ATI
2007-09-10 21:58 --------- d-------- C:\Program Files\Midway Home Entertainment
2007-09-09 17:21 --------- d-------- C:\Documents and Settings\Owner\Application Data\IGN_DLM
2007-09-09 17:21 --------- d-------- C:\Documents and Settings\Owner\Application Data\IGN_DLM
2007-09-06 06:09 801144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-06 06:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 06:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 06:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 06:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 06:00 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-09-06 06:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-14 21:15 --------- d-------- C:\Documents and Settings\Owner\Application Data\Ahead
2007-08-14 21:15 --------- d-------- C:\Documents and Settings\Owner\Application Data\Ahead
2007-08-14 16:04 --------- d-------- C:\Program Files\MSXML 6.0
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-09 15:07 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-09 15:07 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-09 15:07 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-09 15:07 129784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-07-09 15:07 118520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-07-09 15:07 116472 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-07-09 15:07 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-09 15:05 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-09 15:05 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-09 15:05 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-09 15:05 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-09 15:05 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-09 15:05 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-09 15:05 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-09 15:05 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-09 15:05 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-09 15:05 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-09 15:05 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-09 15:05 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-09 15:05 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-09 15:05 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-21 14:34 47360 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.sys
2007-04-21 14:34 47360 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.sys
2006-11-21 20:58 1 --a--c--- C:\Documents and Settings\Owner\SI.bin
2005-04-29 16:21 774144 --a--c--- C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-07_ 9.16.59.93 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 135,168 2007-09-25 02:30:28 C:\WINDOWS\system32\java.exe
----a-w 135,168 2007-09-25 02:30:30 C:\WINDOWS\system32\javaw.exe
----a-w 139,264 2007-09-25 03:31:42 C:\WINDOWS\system32\javaws.exe
----atw 16,384 2007-10-08 21:18:32 C:\WINDOWS\temp\Perflib_Perfdata_6b8.dat
.
-c--a-w 24,681 2004-04-01 07:28:09 C:\WINDOWS\system32\java.exe
-c--a-w 28,779 2004-04-01 07:28:09 C:\WINDOWS\system32\javaw.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 06:06]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 C:\WINDOWS\soundman.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"JeticoPFStartup"="C:\Program Files\Jetico Personal Firewall\fwsrv.exe" [2005-07-19 02:22]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-12-14 19:11]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"AtiPTA"="atiptaxx.exe" [2006-02-21 20:05 C:\WINDOWS\system32\atiptaxx.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{35B2861B-2B26-4691-9FF0-09083722C736}"= C:\WINDOWS\system32\RadExe.dll [2005-04-27 04:49 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^HP Organize.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\HP Organize.lnk
backup=C:\WINDOWS\pss\HP Organize.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^IMStart.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\IMStart.lnk
backup=C:\WINDOWS\pss\IMStart.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Zeno.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Zeno.lnk
backup=C:\WINDOWS\pss\Zeno.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Z_Start.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Z_Start.lnk
backup=C:\WINDOWS\pss\Z_Start.lnkStartup
c:\windowsupdate\ufp\irs7\csrss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
C:\PROGRA~1\HPINST~1\Pavilion\XPHNABS4EN\plugin\bin\pchbutton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserUpdateSched]
C:\WINDOWS\system32\pwinqsap.exe FI002

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1139081734\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
C:\WINDOWS\System32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
"C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
"C:\Windows\Creator\Remind_XP.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
"C:\Program Files\support.com\bin\tgcmd.exe" /server

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tukati:4]
C:\Program Files\Tukati\Redistributor\4\TukatiRedistributor.exe -r:4 -x:1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
"C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinUpdateProtection]
c:\windowsupdate\ufp\008\csrss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{08-8B-BF-FC-ZN}]
C:\windows\system32\rpdsregs.exe FI002

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ewido security suite control"=2 (0x2)
"vsmon"=2 (0x2)
"StarWindService"=2 (0x2)
"RadClock"=2 (0x2)
"PnkBstrA"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"WANMiniportService"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)

R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
R1 bc_filter;BC_Filter;C:\WINDOWS\system32\drivers\bc_filter.sys
R1 bc_ip_f;BC_IP_Filter;C:\WINDOWS\system32\drivers\bc_ip_f.sys
R1 bc_ngn;BC_Engine;C:\WINDOWS\system32\drivers\bc_ngn.sys
R1 bc_pat_f;BC_PAT_Filter;C:\WINDOWS\system32\drivers\bc_pat_f.sys
R1 bc_prt_f;BC_Protocol_Filter;C:\WINDOWS\system32\drivers\bc_prt_f.sys
R1 bc_tdi_f;BC_TDI_Filter;C:\WINDOWS\system32\drivers\bc_tdi_f.sys
R1 bcftdi;BCFTDI;C:\WINDOWS\system32\drivers\bcftdi.sys
R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
R2 SVKP;SVKP;\??\C:\WINDOWS\system32\SVKP.sys
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys
R3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImirr.sys
R3 RadProbe;Radeon Probe Driver;C:\WINDOWS\system32\DRIVERS\RadProbe.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
S3 pnicml;pnicml;\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\pnicml.sys
S3 W8100PCI;D-Link AirPlus G Wireless Driver;C:\WINDOWS\system32\DRIVERS\MRV8K51.sys
S3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS
S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2007-10-08 18:45:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2007-09-29 17:22:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-07-01 17:22:45 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-08 17:38:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-08 17:39:39
C:\ComboFix-quarantined-files.txt ... 2007-10-08 17:39
.
--- E O F ---
Last edited by Nigel4; 10-08-2007 at 03:40 PM.
Nigel4 is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here