Tech Support Forum - View Single Post - Photoshop Cs3 and IE7 crash on Kernel32.dll offset:00018943

coolboyxxx · 11-28-2007, 05:07 PM

Thanks for your response

i have fallowed your instructions
here is the Combofix.txt along with the new HijackThis log after the combofix.exe has processed

ComboFix 07-11-29.3 - hasansas 2007-11-29 1:38:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1254.1.1033.18.164 [GMT 2:00]
Running from: C:\Documents and Settings\hasansas\Desktop\ComboFix.exe
* Created a new restore point
.
ADS - system32: deleted 12 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\avaslar\Application Data\HbTools
C:\Documents and Settings\hasansas\Application Data\HbTools\v3.0\HbTools\static\2\btntrans.idx
C:\Documents and Settings\hasansas\Application Data\hidires
C:\Documents and Settings\hasansas\Application Data\macromedia\Flash Player\#SharedObjects\8Y8H7V8M\www.broadcaster.com
C:\Documents and Settings\hasansas\Application Data\macromedia\Flash Player\#SharedObjects\8Y8H7V8M\www.broadcaster.com\played_list.sol
C:\Documents and Settings\hasansas\Application Data\macromedia\Flash Player\#SharedObjects\8Y8H7V8M\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\hasansas\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\hasansas\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\Downloaded Program Files.\egauth.inf
C:\WINDOWS\Downloaded Program Files.\nethv32.inf
C:\WINDOWS\Downloaded Program Files\Cache
C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\keyboard51.dat
C:\WINDOWS\newname.dat
C:\WINDOWS\system32\command.pif
C:\WINDOWS\system32\dlh9jkdq8.exe
C:\WINDOWS\system32\vxgame1.exe
C:\WINDOWS\tmlpcert2005
G:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_M_HOOK
-------\LEGACY_NWSAPAGENT
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\NwSapAgent

((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 )))))))))))))))))))))))))))))))
.

2007-11-26 19:47 . 2007-11-26 19:47 <DIR> d-------- C:\Program Files\Bonjour
2007-11-23 00:59 . 2007-11-23 00:59 <DIR> d-------- C:\Documents and Settings\ahmet\Application Data\ACD Systems
2007-11-19 21:40 . 1996-11-17 00:00 326,656 --a------ C:\WINDOWS\system\MSVCRT40.DLL
2007-11-17 22:35 . 2007-11-17 22:39 <DIR> d-------- C:\Program Files\XP Repair Pro 2007
2007-11-17 21:59 . 2007-11-17 21:59 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-11-17 21:04 . 2007-11-17 21:08 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-17 17:02 . 2007-11-20 20:11 <DIR> d-------- C:\Program Files\MSECACHE
2007-11-17 16:06 . 2003-03-11 09:04 266,240 --a------ C:\WINDOWS\system32\hpdj3600
2007-11-17 16:05 . 2003-12-14 14:03 438,799 --a------ C:\WINDOWS\hpdj3600.hi2
2007-11-17 16:05 . 2003-12-14 14:03 9,050 --a------ C:\WINDOWS\hpdj3600.bu2
2007-11-17 15:57 . 2007-11-17 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-02 22:12 . 2007-11-02 23:09 <DIR> d-------- C:\ebooks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-28 23:51 118,531,872 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-28 23:49 3,384,096 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-28 23:47 323,504 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-28 23:47 1,595,792 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-28 23:35 --------- d-----w C:\Documents and Settings\hasansas\Application Data\AVG7
2007-11-28 23:18 362 ----a-w C:\Eurojava.sys
2007-11-27 22:47 --------- d-----w C:\Program Files\FlashGet
2007-11-26 17:47 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-26 17:28 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-11-21 17:44 --------- d-----w C:\Program Files\xat.com JPEG Optimizer
2007-11-21 17:44 --------- d-----w C:\Program Files\WinISO
2007-11-21 17:44 --------- d-----w C:\Program Files\Lavasoft Ad- Aware
2007-11-21 17:44 --------- d-----w C:\Program Files\Eng-Ger Dictionary
2007-11-21 17:44 --------- d-----w C:\Program Files\AZR
2007-11-21 17:44 --------- d-----w C:\Program Files\APDFPRP
2007-11-21 16:02 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-21-2007_17-56-48_5055604.dnp
2007-11-21 16:02 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-21-2007_17-56-48_3435695.dnp
2007-11-21 15:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-21-2007_17-56-48_8478519.dnp
2007-11-21 15:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-21-2007_17-56-48_4290064.dnp
2007-11-17 20:48 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-17-2007_22-39-32_6006188.dnp
2007-11-17 20:48 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-17-2007_22-39-32_1365664.dnp
2007-11-17 20:43 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-17-2007_22-39-32_9160329.dnp
2007-11-17 20:43 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-17-2007_22-39-32_6060886.dnp
2007-11-17 14:05 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-06 18:06 --------- d-----w C:\Program Files\ICQ6
2007-10-31 22:15 724,992 ----a-w C:\WINDOWS\iun6002.exe
2007-10-26 15:48 --------- d-----w C:\Documents and Settings\hasansas\Application Data\Apple Computer
2007-10-10 23:12 --------- d-----w C:\Program Files\Equis
2007-10-08 20:19 --------- d-----w C:\Program Files\Common Files\Equis
2007-10-08 18:47 --------- d-----w C:\Program Files\ZoomBook The Temple Of The Sun
2007-10-07 14:17 --------- d-----w C:\Documents and Settings\hasansas\Application Data\Azureus
2007-09-30 20:47 --------- d-----w C:\Program Files\iPod
2007-09-30 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-30 20:33 --------- d-----w C:\Program Files\Apple Software Update
2007-09-30 20:31 --------- d-----w C:\Program Files\Common Files\Apple
2007-09-30 20:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2005-10-31 00:05 1,560 -c--a-w C:\Program Files\INSTALL.LOG
2004-10-31 11:39 489 ----a-w C:\Documents and Settings\hasansas\Application Data\dcuser.dat
1998-02-10 16:34 128,000 ----a-w C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81A35F39-4850-474E-92C9-B4CF283207E0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{904413A4-8B06-486E-62F3-504AAE43DFE0}]
2001-08-18 14:00 11922 --a------ C:\WINDOWS\system32\vdxfkivl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4DD4B92-B79B-E2B7-0418-943D4A3AF4EB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA909BCE-4552-48F6-2D36-835D4B8A0E7D}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UPSMON"="D:\\UPSMON.exe" [2005-03-30 15:13]
"kis"="D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 19:09]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:56]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-31 21:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="cshnf.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2003-08-25 09:25 139264 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\google\google~1\goec62~1.dll d:\progra~1\agnitum\outpos~1\wl_hook.dll,D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSFIE]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlackICE PC Protection.lnk]
backup=C:\WINDOWS\pss\BlackICE PC Protection.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Net Send GUI.lnk]
backup=C:\WINDOWS\pss\Net Send GUI.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^U.S. Robotics Wireless USB Adapter.lnk]
backup=C:\WINDOWS\pss\U.S. Robotics Wireless USB Adapter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^hasansas^Start Menu^Programs^Startup^palmOne Registration.lnk]
backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti Trojan Elite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoShutdown]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
2002-10-07 00:23 90112 --a------ C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cc_app]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMSystem]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 09:56 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
2004-09-23 09:33 1019392 --a------ C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskCalc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
2002-12-02 20:56 40960 --a------ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dgp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmnwb.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drag'n'Drop_Autolaunch]
2004-05-13 10:01 131072 --a------ D:\Program Files\Iomega HotBurn Pro\Autolaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dywuopzc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzdMontr]
C:\Program Files\Quik Touch\EzdMontr.exe install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro]
2003-09-11 23:15 278528 --a------ C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-03-11 10:08 172032 --a------ C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Inst]
C:\WINDOWS\System\Inst.exe install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Access]
rundll32.exe p2esocks_1021.dll,InstantAccess

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
2001-10-04 01:00 28672 --a------ C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Access]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgrn]
2002-12-12 14:24 421888 --a------ C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\navapp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Connection Monitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Overnet]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2004-09-15 14:36 148992 --a------ C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
D:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-17 10:42 69632 --a------ C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
2005-05-18 21:51 81920 --a------ C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 01:00 90112 -----c--- C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
2004-11-12 19:24 106557 --a------ C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"XPRepairPro2007"=C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe /r
"RegClean Expert Scheduler"="D:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TIxDSL"=C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" -atboottime
"Viewbar"=D:\Program Files\AGLOCO Viewbar\Viewbar.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
"Nokia Tray Application"=C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
"CTStartup"=C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
"Inst"=C:\WINDOWS\System\Inst.exe install
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

R1 ts_lb;ts_lb;C:\WINDOWS\system32\drivers\ts_lb.sys
R2 BT848;Conexant's BtPCI WDM Video Capture;C:\WINDOWS\system32\DRIVERS\BT848.sys
R2 BTTUNER;BtTuner, WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys
R2 MDServ;MDServ;"g:\Program Files\Messenger Detect\MDServ.exe"
R2 NokiaSuite3;NokiaSuite3;C:\WINDOWS\system32\drivers\NokiaSuite3.sys
R3 AtmElan;ATM Emulated LAN;C:\WINDOWS\system32\DRIVERS\atmlane.sys
R3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
R3 TSCOMM;CommStudio Virtual Adapter by TamoSoft;C:\WINDOWS\system32\DRIVERS\tscomm.sys
S2 BulkUsb;Genius ColorPage USB Scanner;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S2 MSFIE;MainSafe Service;C:\WINDOWS\system32\mainsafe.exe C:\WINDOWS\system32\mainsafe.empty.ini
S3 Allied;CopperJet ADSL modem Installer;C:\WINDOWS\system32\DRIVERS\instl.sys
S3 Aruba;QuikTouch/USB2 Device;C:\WINDOWS\system32\DRIVERS\Aruba.sys
S3 AtmLane;ATM LAN Emulation;C:\WINDOWS\system32\DRIVERS\atmlane.sys
S3 CV2K1;CommView Network Monitor;C:\WINDOWS\system32\DRIVERS\cv2k1.sys
S3 KCIRNET;KC Technology Device Driver;C:\WINDOWS\system32\DRIVERS\kcirnet.sys
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys
S3 RapFile;RapFile;\??\C:\WINDOWS\system32\drivers\RapFile.sys
S3 RapNet;RapNet;\??\C:\WINDOWS\system32\drivers\RapNet.sys
S3 TIAu5Bt;AU5 USB DSL Modem Boot Device;C:\WINDOWS\system32\Drivers\tiau5bt.sys
S3 TIAU5CO;AU5 USB DSL Modem(WAN);C:\WINDOWS\system32\DRIVERS\TIAU5CO.sys
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys
S4 ewido security suite driver;ewido security suite driver;\??\D:\Program Files\ewido\security suite\guard.sys
S4 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53b5a0fe-8896-11dc-aaff-0002440b43c0}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe

.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 01:51:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-29 1:55:25 - machine was rebooted
.
--- E O F ---

=====================================================================================

HijackThis after Combofix:

======================================================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:00:55, on 29.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
g:\Program Files\Messenger Detect\MDServ.exe
g:\Program Files\Messenger Detect\MDetect.exe
C:\WINDOWS\System32\svchost.exe
D:\UPSMON_Service.Exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
D:\UPSMON.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {81A35F39-4850-474E-92C9-B4CF283207E0} - (no file)
O2 - BHO: (no name) - {904413A4-8B06-486E-62F3-504AAE43DFE0} - C:\WINDOWS\system32\vdxfkivl.dll
O2 - BHO: (no name) - {A4DD4B92-B79B-E2B7-0418-943D4A3AF4EB} - (no file)
O2 - BHO: (no name) - {AA909BCE-4552-48F6-2D36-835D4B8A0E7D} - (no file)
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O2 - BHO: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - E:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [UPSMON] D:\\UPSMON.exe
O4 - HKLM\..\Run: [kis] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - E:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Descargas - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Options - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{282D156A-6381-4570-BE37-251BEDDE1A00}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{37A539A9-6C02-407B-98B5-F6B7F727193D}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{A31C5FD6-96F9-407C-AFB7-B6EE31F12416}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE3A2212-1A00-4CD8-863F-3B971463BC99}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6F69E76-479C-4EE8-93BA-6A7D326D673C}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.51 85.255.112.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CAFE162-794E-4983-A6F7-1C2E9D88D432}: NameServer = 195.175.39.39 195.175.39.40
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.51 85.255.112.8
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.51 85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.51 85.255.112.8
O20 - AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll d:\progra~1\agnitum\outpos~1\wl_hook.dll,D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Advanced Software Technologies - C:\WINDOWS\SYSTEM32\astsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: MDServ - formessengers.com - g:\Program Files\Messenger Detect\MDServ.exe
O23 - Service: MainSafe Service (MSFIE) - Unknown owner - C:\WINDOWS\system32\mainsafe.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: UPSMONService - Unknown owner - D:\UPSMON_Service.Exe
O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 2: (no name) - http://online.platodata.com.tr/desktop/desktop.asp

--
End of file - 10904 bytes

11-28-2007, 05:07 PM	#4 (permalink)
coolboyxxx Registered User Join Date: Nov 2007 Posts: 15 OS: xp home edition	Re: Photoshop Cs3 and IE7 crash on Kernel32.dll offset:00018943 Thanks for your response i have fallowed your instructions here is the Combofix.txt along with the new HijackThis log after the combofix.exe has processed ComboFix 07-11-29.3 - hasansas 2007-11-29 1:38:06.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1254.1.1033.18.164 [GMT 2:00] Running from: C:\Documents and Settings\hasansas\Desktop\ComboFix.exe * Created a new restore point . ADS - system32: deleted 12 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users.\documents\settings C:\Documents and Settings\All Users.\documents\settings\desktop.ini C:\Documents and Settings\avaslar\Application Data\HbTools C:\Documents and Settings\hasansas\Application Data\HbTools\v3.0\HbTools\static\2\btntrans.idx C:\Documents and Settings\hasansas\Application Data\hidires C:\Documents and Settings\hasansas\Application Data\macromedia\Flash Player\#SharedObjects\8Y8H7V8M\www.broadcaster.com C:\Documents and Settings\hasansas\Application Data\macromedia\Flash Player\#SharedObjects\8Y8H7V8M\www.broadcaster.com\played_list.sol C:\Documents and Settings\hasansas\Application Data\macromedia\Flash Player\#SharedObjects\8Y8H7V8M\www.broadcaster.com\video_queue.sol C:\Documents and Settings\hasansas\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\Documents and Settings\hasansas\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\WINDOWS\Downloaded Program Files.\egauth.inf C:\WINDOWS\Downloaded Program Files.\nethv32.inf C:\WINDOWS\Downloaded Program Files\Cache C:\WINDOWS\drsmartload2.dat C:\WINDOWS\keyboard51.dat C:\WINDOWS\newname.dat C:\WINDOWS\system32\command.pif C:\WINDOWS\system32\dlh9jkdq8.exe C:\WINDOWS\system32\vxgame1.exe C:\WINDOWS\tmlpcert2005 G:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_M_HOOK -------\LEGACY_NWSAPAGENT -------\LEGACY_WINDOWS_OVERLAY_COMPONENTS -------\NwSapAgent ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))) . 2007-11-26 19:47 . 2007-11-26 19:47 <DIR> d-------- C:\Program Files\Bonjour 2007-11-23 00:59 . 2007-11-23 00:59 <DIR> d-------- C:\Documents and Settings\ahmet\Application Data\ACD Systems 2007-11-19 21:40 . 1996-11-17 00:00 326,656 --a------ C:\WINDOWS\system\MSVCRT40.DLL 2007-11-17 22:35 . 2007-11-17 22:39 <DIR> d-------- C:\Program Files\XP Repair Pro 2007 2007-11-17 21:59 . 2007-11-17 21:59 0 --a------ C:\WINDOWS\ativpsrm.bin 2007-11-17 21:04 . 2007-11-17 21:08 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-11-17 17:02 . 2007-11-20 20:11 <DIR> d-------- C:\Program Files\MSECACHE 2007-11-17 16:06 . 2003-03-11 09:04 266,240 --a------ C:\WINDOWS\system32\hpdj3600 2007-11-17 16:05 . 2003-12-14 14:03 438,799 --a------ C:\WINDOWS\hpdj3600.hi2 2007-11-17 16:05 . 2003-12-14 14:03 9,050 --a------ C:\WINDOWS\hpdj3600.bu2 2007-11-17 15:57 . 2007-11-17 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2007-11-02 22:12 . 2007-11-02 23:09 <DIR> d-------- C:\ebooks . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-28 23:51 118,531,872 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-11-28 23:49 3,384,096 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2007-11-28 23:47 323,504 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-11-28 23:47 1,595,792 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-11-28 23:35 --------- d-----w C:\Documents and Settings\hasansas\Application Data\AVG7 2007-11-28 23:18 362 ----a-w C:\Eurojava.sys 2007-11-27 22:47 --------- d-----w C:\Program Files\FlashGet 2007-11-26 17:47 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-26 17:28 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2007-11-21 17:44 --------- d-----w C:\Program Files\xat.com JPEG Optimizer 2007-11-21 17:44 --------- d-----w C:\Program Files\WinISO 2007-11-21 17:44 --------- d-----w C:\Program Files\Lavasoft Ad- Aware 2007-11-21 17:44 --------- d-----w C:\Program Files\Eng-Ger Dictionary 2007-11-21 17:44 --------- d-----w C:\Program Files\AZR 2007-11-21 17:44 --------- d-----w C:\Program Files\APDFPRP 2007-11-21 16:02 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-21-2007_17-56-48_5055604.dnp 2007-11-21 16:02 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-21-2007_17-56-48_3435695.dnp 2007-11-21 15:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-21-2007_17-56-48_8478519.dnp 2007-11-21 15:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-21-2007_17-56-48_4290064.dnp 2007-11-17 20:48 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-17-2007_22-39-32_6006188.dnp 2007-11-17 20:48 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-17-2007_22-39-32_1365664.dnp 2007-11-17 20:43 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-17-2007_22-39-32_9160329.dnp 2007-11-17 20:43 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-17-2007_22-39-32_6060886.dnp 2007-11-17 14:05 --------- d-----w C:\Program Files\Hewlett-Packard 2007-11-06 18:06 --------- d-----w C:\Program Files\ICQ6 2007-10-31 22:15 724,992 ----a-w C:\WINDOWS\iun6002.exe 2007-10-26 15:48 --------- d-----w C:\Documents and Settings\hasansas\Application Data\Apple Computer 2007-10-10 23:12 --------- d-----w C:\Program Files\Equis 2007-10-08 20:19 --------- d-----w C:\Program Files\Common Files\Equis 2007-10-08 18:47 --------- d-----w C:\Program Files\ZoomBook The Temple Of The Sun 2007-10-07 14:17 --------- d-----w C:\Documents and Settings\hasansas\Application Data\Azureus 2007-09-30 20:47 --------- d-----w C:\Program Files\iPod 2007-09-30 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-09-30 20:33 --------- d-----w C:\Program Files\Apple Software Update 2007-09-30 20:31 --------- d-----w C:\Program Files\Common Files\Apple 2007-09-30 20:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2005-10-31 00:05 1,560 -c--a-w C:\Program Files\INSTALL.LOG 2004-10-31 11:39 489 ----a-w C:\Documents and Settings\hasansas\Application Data\dcuser.dat 1998-02-10 16:34 128,000 ----a-w C:\Program Files\UNWISE.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81A35F39-4850-474E-92C9-B4CF283207E0}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{904413A4-8B06-486E-62F3-504AAE43DFE0}] 2001-08-18 14:00 11922 --a------ C:\WINDOWS\system32\vdxfkivl.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4DD4B92-B79B-E2B7-0418-943D4A3AF4EB}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA909BCE-4552-48F6-2D36-835D4B8A0E7D}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UPSMON"="D:\\UPSMON.exe" [2005-03-30 15:13] "kis"="D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 19:09] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:56] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-31 21:34] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "System"="cshnf.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient] C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2003-08-25 09:25 139264 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\google\google~1\goec62~1.dll d:\progra~1\agnitum\outpos~1\wl_hook.dll,D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSFIE] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlackICE PC Protection.lnk] backup=C:\WINDOWS\pss\BlackICE PC Protection.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Net Send GUI.lnk] backup=C:\WINDOWS\pss\Net Send GUI.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^U.S. Robotics Wireless USB Adapter.lnk] backup=C:\WINDOWS\pss\U.S. Robotics Wireless USB Adapter.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^hasansas^Start Menu^Programs^Startup^palmOne Registration.lnk] backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti Trojan Elite] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoShutdown] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor] 2002-10-07 00:23 90112 --a------ C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cc_app] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMSystem] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-04 09:56 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer] 2004-09-23 09:33 1019392 --a------ C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskCalc] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery] 2002-12-02 20:56 40960 --a------ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dgp] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmnwb.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drag'n'Drop_Autolaunch] 2004-05-13 10:01 131072 --a------ D:\Program Files\Iomega HotBurn Pro\Autolaunch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dywuopzc] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzdMontr] C:\Program Files\Quik Touch\EzdMontr.exe install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro] 2003-09-11 23:15 278528 --a------ C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] 2003-03-11 10:08 172032 --a------ C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Inst] C:\WINDOWS\System\Inst.exe install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection] 2001-10-04 01:00 28672 --a------ C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Access] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\msnmsgr.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgrn] 2002-12-12 14:24 421888 --a------ C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\navapp] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Connection Monitor] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Overnet] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] 2004-09-15 14:36 148992 --a------ C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] D:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] 2002-04-17 10:42 69632 --a------ C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler] 2005-05-18 21:51 81920 --a------ C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 01:00 90112 -----c--- C:\WINDOWS\UpdReg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr] 2004-11-12 19:24 106557 --a------ C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch] CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 "XPRepairPro2007"=C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe /r "RegClean Expert Scheduler"="D:\Program Files\Registry Clean Expert\RCHelper.exe" /startup "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TIxDSL"=C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe "iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" "QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" -atboottime "Viewbar"=D:\Program Files\AGLOCO Viewbar\Viewbar.exe "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" "Nokia Tray Application"=C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe "CTStartup"=C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run "Inst"=C:\WINDOWS\System\Inst.exe install "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP R1 ts_lb;ts_lb;C:\WINDOWS\system32\drivers\ts_lb.sys R2 BT848;Conexant's BtPCI WDM Video Capture;C:\WINDOWS\system32\DRIVERS\BT848.sys R2 BTTUNER;BtTuner, WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys R2 MDServ;MDServ;"g:\Program Files\Messenger Detect\MDServ.exe" R2 NokiaSuite3;NokiaSuite3;C:\WINDOWS\system32\drivers\NokiaSuite3.sys R3 AtmElan;ATM Emulated LAN;C:\WINDOWS\system32\DRIVERS\atmlane.sys R3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys R3 TSCOMM;CommStudio Virtual Adapter by TamoSoft;C:\WINDOWS\system32\DRIVERS\tscomm.sys S2 BulkUsb;Genius ColorPage USB Scanner;C:\WINDOWS\system32\DRIVERS\usbscan.sys S2 MSFIE;MainSafe Service;C:\WINDOWS\system32\mainsafe.exe C:\WINDOWS\system32\mainsafe.empty.ini S3 Allied;CopperJet ADSL modem Installer;C:\WINDOWS\system32\DRIVERS\instl.sys S3 Aruba;QuikTouch/USB2 Device;C:\WINDOWS\system32\DRIVERS\Aruba.sys S3 AtmLane;ATM LAN Emulation;C:\WINDOWS\system32\DRIVERS\atmlane.sys S3 CV2K1;CommView Network Monitor;C:\WINDOWS\system32\DRIVERS\cv2k1.sys S3 KCIRNET;KC Technology Device Driver;C:\WINDOWS\system32\DRIVERS\kcirnet.sys S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys S3 RapFile;RapFile;\??\C:\WINDOWS\system32\drivers\RapFile.sys S3 RapNet;RapNet;\??\C:\WINDOWS\system32\drivers\RapNet.sys S3 TIAu5Bt;AU5 USB DSL Modem Boot Device;C:\WINDOWS\system32\Drivers\tiau5bt.sys S3 TIAU5CO;AU5 USB DSL Modem(WAN);C:\WINDOWS\system32\DRIVERS\TIAU5CO.sys S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys S4 ewido security suite driver;ewido security suite driver;\??\D:\Program Files\ewido\security suite\guard.sys S4 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53b5a0fe-8896-11dc-aaff-0002440b43c0}] \Shell\AutoRun\command - wd_windows_tools\setup.exe . ************************************************************************ catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-29 01:51:12 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-11-29 1:55:25 - machine was rebooted . --- E O F --- ===================================================================================== HijackThis after Combofix: ====================================================================================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:00:55, on 29.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\SYSTEM32\astsrv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\CTsvcCDA.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE g:\Program Files\Messenger Detect\MDServ.exe g:\Program Files\Messenger Detect\MDetect.exe C:\WINDOWS\System32\svchost.exe D:\UPSMON_Service.Exe C:\WINDOWS\System32\MsPMSPSv.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe D:\UPSMON.exe D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\notepad.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {81A35F39-4850-474E-92C9-B4CF283207E0} - (no file) O2 - BHO: (no name) - {904413A4-8B06-486E-62F3-504AAE43DFE0} - C:\WINDOWS\system32\vdxfkivl.dll O2 - BHO: (no name) - {A4DD4B92-B79B-E2B7-0418-943D4A3AF4EB} - (no file) O2 - BHO: (no name) - {AA909BCE-4552-48F6-2D36-835D4B8A0E7D} - (no file) O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll O2 - BHO: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - E:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [UPSMON] D:\\UPSMON.exe O4 - HKLM\..\Run: [kis] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Add to Kaspersky Anti-Banner - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Link to &MidpX - E:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Descargas - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing) O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing) O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll O9 - Extra 'Tools' menuitem: i-Nav Options - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{282D156A-6381-4570-BE37-251BEDDE1A00}: NameServer = 85.255.114.51,85.255.112.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{37A539A9-6C02-407B-98B5-F6B7F727193D}: NameServer = 85.255.114.51,85.255.112.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{A31C5FD6-96F9-407C-AFB7-B6EE31F12416}: NameServer = 85.255.114.51,85.255.112.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{CE3A2212-1A00-4CD8-863F-3B971463BC99}: NameServer = 85.255.114.51,85.255.112.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{F6F69E76-479C-4EE8-93BA-6A7D326D673C}: NameServer = 85.255.114.51,85.255.112.8 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.51 85.255.112.8 O17 - HKLM\System\CS1\Services\Tcpip\..\{0CAFE162-794E-4983-A6F7-1C2E9D88D432}: NameServer = 195.175.39.39 195.175.39.40 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.51 85.255.112.8 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.51 85.255.112.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.51 85.255.112.8 O20 - AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll d:\progra~1\agnitum\outpos~1\wl_hook.dll,D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AST Service (astcc) - Advanced Software Technologies - C:\WINDOWS\SYSTEM32\astsrv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Power Translator\LogoMedia TranslateDotNet Server.exe O23 - Service: MDServ - formessengers.com - g:\Program Files\Messenger Detect\MDServ.exe O23 - Service: MainSafe Service (MSFIE) - Unknown owner - C:\WINDOWS\system32\mainsafe.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: UPSMONService - Unknown owner - D:\UPSMON_Service.Exe O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE O24 - Desktop Component 2: (no name) - http://online.platodata.com.tr/desktop/desktop.asp -- End of file - 10904 bytes