Tech Support Forum - View Single Post - Photoshop Cs3 and IE7 crash on Kernel32.dll offset:00018943

coolboyxxx · 11-29-2007, 11:11 AM

FIXWAREOUT report (report.txt)

Username "hasansas" - 29.11.2007 19:04:40 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="cshnf.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.114.51 85.255.112.8" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{282D156A-6381-4570-BE37-251BEDDE1A00}
"nameserver"="85.255.114.51,85.255.112.8" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{37A539A9-6C02-407B-98B5-F6B7F727193D}
"nameserver"="85.255.114.51,85.255.112.8" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A31C5FD6-96F9-407C-AFB7-B6EE31F12416}
"nameserver"="85.255.114.51,85.255.112.8" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{CE3A2212-1A00-4CD8-863F-3B971463BC99}
"nameserver"="85.255.114.51,85.255.112.8" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F6F69E76-479C-4EE8-93BA-6A7D326D673C}
"nameserver"="85.255.114.51,85.255.112.8" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{282D156A-6381-4570-BE37-251BEDDE1A00}
"DhcpNameServer"="85.255.114.51,85.255.112.8" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{37A539A9-6C02-407B-98B5-F6B7F727193D}
"DhcpNameServer"="85.255.114.51,85.255.112.8" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{CE3A2212-1A00-4CD8-863F-3B971463BC99}
"DhcpNameServer"="85.255.114.51,85.255.112.8" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F6F69E76-479C-4EE8-93BA-6A7D326D673C}
"DhcpNameServer"="85.255.114.51,85.255.112.8" <Value cleared.

System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "fnhsc" Value deleted
HKCR\CLSID\{8C67E42F-FBD5-415E-9FDC-DA1F696E2C3F}\_h\4 Deleted.
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"UPSMON"="D:\\\\UPSMON.exe"
"kis"="\"D:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

===========================================================================================

Here is the new ComboFix.txt
Combofix has run as you described with the CFScript.txt

ComboFix 07-11-29.3 - hasansas 2007-11-29 19:36:29.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1254.1.1033.18.132 [GMT 2:00]
Running from: C:\Documents and Settings\hasansas\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\hasansas\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\vdxfkivl.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\vdxfkivl.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))
.

2007-11-26 19:47 . 2007-11-26 19:47 <DIR> d-------- C:\Program Files\Bonjour
2007-11-23 00:59 . 2007-11-23 00:59 <DIR> d-------- C:\Documents and Settings\ahmet\Application Data\ACD Systems
2007-11-19 21:40 . 1996-11-17 00:00 326,656 --a------ C:\WINDOWS\system\MSVCRT40.DLL
2007-11-17 22:35 . 2007-11-17 22:39 <DIR> d-------- C:\Program Files\XP Repair Pro 2007
2007-11-17 21:59 . 2007-11-17 21:59 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-11-17 21:04 . 2007-11-17 21:08 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-17 17:02 . 2007-11-20 20:11 <DIR> d-------- C:\Program Files\MSECACHE
2007-11-17 16:06 . 2003-03-11 09:04 266,240 --a------ C:\WINDOWS\system32\hpdj3600
2007-11-17 16:05 . 2003-12-14 14:03 438,799 --a------ C:\WINDOWS\hpdj3600.hi2
2007-11-17 16:05 . 2003-12-14 14:03 9,050 --a------ C:\WINDOWS\hpdj3600.bu2
2007-11-17 15:57 . 2007-11-17 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-02 22:12 . 2007-11-02 23:09 <DIR> d-------- C:\ebooks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-29 17:51 118,587,424 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-29 17:46 3,388,960 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-29 17:44 323,960 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-29 17:44 1,596,536 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-29 16:57 362 ----a-w C:\Eurojava.sys
2007-11-28 23:35 --------- d-----w C:\Documents and Settings\hasansas\Application Data\AVG7
2007-11-27 22:47 --------- d-----w C:\Program Files\FlashGet
2007-11-26 17:47 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-26 17:28 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-11-21 17:44 --------- d-----w C:\Program Files\xat.com JPEG Optimizer
2007-11-21 17:44 --------- d-----w C:\Program Files\WinISO
2007-11-21 17:44 --------- d-----w C:\Program Files\Lavasoft Ad- Aware
2007-11-21 17:44 --------- d-----w C:\Program Files\Eng-Ger Dictionary
2007-11-21 17:44 --------- d-----w C:\Program Files\AZR
2007-11-21 17:44 --------- d-----w C:\Program Files\APDFPRP
2007-11-21 16:02 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-21-2007_17-56-48_5055604.dnp
2007-11-21 16:02 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-21-2007_17-56-48_3435695.dnp
2007-11-21 15:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-21-2007_17-56-48_8478519.dnp
2007-11-21 15:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-21-2007_17-56-48_4290064.dnp
2007-11-17 20:48 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-17-2007_22-39-32_6006188.dnp
2007-11-17 20:48 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-17-2007_22-39-32_1365664.dnp
2007-11-17 20:43 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-17-2007_22-39-32_9160329.dnp
2007-11-17 20:43 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-17-2007_22-39-32_6060886.dnp
2007-11-17 14:05 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-06 18:06 --------- d-----w C:\Program Files\ICQ6
2007-10-31 22:15 724,992 ----a-w C:\WINDOWS\iun6002.exe
2007-10-26 15:48 --------- d-----w C:\Documents and Settings\hasansas\Application Data\Apple Computer
2007-10-10 23:12 --------- d-----w C:\Program Files\Equis
2007-10-08 20:19 --------- d-----w C:\Program Files\Common Files\Equis
2007-10-08 18:47 --------- d-----w C:\Program Files\ZoomBook The Temple Of The Sun
2007-10-07 14:17 --------- d-----w C:\Documents and Settings\hasansas\Application Data\Azureus
2007-09-30 20:47 --------- d-----w C:\Program Files\iPod
2007-09-30 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-30 20:33 --------- d-----w C:\Program Files\Apple Software Update
2007-09-30 20:31 --------- d-----w C:\Program Files\Common Files\Apple
2007-09-30 20:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2005-10-31 00:05 1,560 -c--a-w C:\Program Files\INSTALL.LOG
2004-10-31 11:39 489 ----a-w C:\Documents and Settings\hasansas\Application Data\dcuser.dat
1998-02-10 16:34 128,000 ----a-w C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UPSMON"="D:\\UPSMON.exe" [2005-03-30 15:13]
"kis"="D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 19:09]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:56]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-31 21:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2003-08-25 09:25 139264 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\google\google~1\goec62~1.dll d:\progra~1\agnitum\outpos~1\wl_hook.dll,D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSFIE]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlackICE PC Protection.lnk]
backup=C:\WINDOWS\pss\BlackICE PC Protection.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Net Send GUI.lnk]
backup=C:\WINDOWS\pss\Net Send GUI.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^U.S. Robotics Wireless USB Adapter.lnk]
backup=C:\WINDOWS\pss\U.S. Robotics Wireless USB Adapter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^hasansas^Start Menu^Programs^Startup^palmOne Registration.lnk]
backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti Trojan Elite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoShutdown]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
2002-10-07 00:23 90112 --a------ C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cc_app]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMSystem]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 09:56 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
2004-09-23 09:33 1019392 --a------ C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskCalc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
2002-12-02 20:56 40960 --a------ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dgp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmnwb.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drag'n'Drop_Autolaunch]
2004-05-13 10:01 131072 --a------ D:\Program Files\Iomega HotBurn Pro\Autolaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzdMontr]
C:\Program Files\Quik Touch\EzdMontr.exe install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro]
2003-09-11 23:15 278528 --a------ C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-03-11 10:08 172032 --a------ C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
2001-10-04 01:00 28672 --a------ C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgrn]
2002-12-12 14:24 421888 --a------ C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\navapp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Connection Monitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Overnet]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2004-09-15 14:36 148992 --a------ C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
D:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-17 10:42 69632 --a------ C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
2005-05-18 21:51 81920 --a------ C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 01:00 90112 -----c--- C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
2004-11-12 19:24 106557 --a------ C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"XPRepairPro2007"=C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe /r
"RegClean Expert Scheduler"="D:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TIxDSL"=C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" -atboottime
"Viewbar"=D:\Program Files\AGLOCO Viewbar\Viewbar.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
"Nokia Tray Application"=C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
"CTStartup"=C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
"Inst"=C:\WINDOWS\System\Inst.exe install
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

R1 ts_lb;ts_lb;C:\WINDOWS\system32\drivers\ts_lb.sys
R2 BT848;Conexant's BtPCI WDM Video Capture;C:\WINDOWS\system32\DRIVERS\BT848.sys
R2 BTTUNER;BtTuner, WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys
R2 MDServ;MDServ;"g:\Program Files\Messenger Detect\MDServ.exe"
R2 NokiaSuite3;NokiaSuite3;C:\WINDOWS\system32\drivers\NokiaSuite3.sys
R3 AtmElan;ATM Emulated LAN;C:\WINDOWS\system32\DRIVERS\atmlane.sys
R3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
R3 TSCOMM;CommStudio Virtual Adapter by TamoSoft;C:\WINDOWS\system32\DRIVERS\tscomm.sys
S2 BulkUsb;Genius ColorPage USB Scanner;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S2 MSFIE;MainSafe Service;C:\WINDOWS\system32\mainsafe.exe C:\WINDOWS\system32\mainsafe.empty.ini
S3 Allied;CopperJet ADSL modem Installer;C:\WINDOWS\system32\DRIVERS\instl.sys
S3 Aruba;QuikTouch/USB2 Device;C:\WINDOWS\system32\DRIVERS\Aruba.sys
S3 AtmLane;ATM LAN Emulation;C:\WINDOWS\system32\DRIVERS\atmlane.sys
S3 CV2K1;CommView Network Monitor;C:\WINDOWS\system32\DRIVERS\cv2k1.sys
S3 KCIRNET;KC Technology Device Driver;C:\WINDOWS\system32\DRIVERS\kcirnet.sys
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys
S3 RapFile;RapFile;\??\C:\WINDOWS\system32\drivers\RapFile.sys
S3 RapNet;RapNet;\??\C:\WINDOWS\system32\drivers\RapNet.sys
S3 TIAu5Bt;AU5 USB DSL Modem Boot Device;C:\WINDOWS\system32\Drivers\tiau5bt.sys
S3 TIAU5CO;AU5 USB DSL Modem(WAN);C:\WINDOWS\system32\DRIVERS\TIAU5CO.sys
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys
S4 ewido security suite driver;ewido security suite driver;\??\D:\Program Files\ewido\security suite\guard.sys
S4 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53b5a0fe-8896-11dc-aaff-0002440b43c0}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe

.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 19:51:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-29 19:54:32 - machine was rebooted
C:\ComboFix.txt ... 2007-11-29 01:55
.
--- E O F ---

11-29-2007, 11:11 AM	#6 (permalink)
coolboyxxx Registered User Join Date: Nov 2007 Posts: 15 OS: xp home edition	Re: Photoshop Cs3 and IE7 crash on Kernel32.dll offset:00018943 FIXWAREOUT report (report.txt) Username "hasansas" - 29.11.2007 19:04:40 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check HKLM\SOFTWARE\~\Winlogon\ "System"="cshnf.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters "nameserver"="85.255.114.51 85.255.112.8" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{282D156A-6381-4570-BE37-251BEDDE1A00} "nameserver"="85.255.114.51,85.255.112.8" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{37A539A9-6C02-407B-98B5-F6B7F727193D} "nameserver"="85.255.114.51,85.255.112.8" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A31C5FD6-96F9-407C-AFB7-B6EE31F12416} "nameserver"="85.255.114.51,85.255.112.8" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{CE3A2212-1A00-4CD8-863F-3B971463BC99} "nameserver"="85.255.114.51,85.255.112.8" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F6F69E76-479C-4EE8-93BA-6A7D326D673C} "nameserver"="85.255.114.51,85.255.112.8" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{282D156A-6381-4570-BE37-251BEDDE1A00} "DhcpNameServer"="85.255.114.51,85.255.112.8" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{37A539A9-6C02-407B-98B5-F6B7F727193D} "DhcpNameServer"="85.255.114.51,85.255.112.8" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{CE3A2212-1A00-4CD8-863F-3B971463BC99} "DhcpNameServer"="85.255.114.51,85.255.112.8" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F6F69E76-479C-4EE8-93BA-6A7D326D673C} "DhcpNameServer"="85.255.114.51,85.255.112.8" <Value cleared. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "fnhsc" Value deleted HKCR\CLSID\{8C67E42F-FBD5-415E-9FDC-DA1F696E2C3F}\_h\4 Deleted. .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "UPSMON"="D:\\\\UPSMON.exe" "kis"="\"D:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\"" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater] .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ =========================================================================================== Here is the new ComboFix.txt Combofix has run as you described with the CFScript.txt ComboFix 07-11-29.3 - hasansas 2007-11-29 19:36:29.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1254.1.1033.18.132 [GMT 2:00] Running from: C:\Documents and Settings\hasansas\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\hasansas\Desktop\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\vdxfkivl.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\vdxfkivl.dll . ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 ))))))))))))))))))))))))))))))) . 2007-11-26 19:47 . 2007-11-26 19:47 <DIR> d-------- C:\Program Files\Bonjour 2007-11-23 00:59 . 2007-11-23 00:59 <DIR> d-------- C:\Documents and Settings\ahmet\Application Data\ACD Systems 2007-11-19 21:40 . 1996-11-17 00:00 326,656 --a------ C:\WINDOWS\system\MSVCRT40.DLL 2007-11-17 22:35 . 2007-11-17 22:39 <DIR> d-------- C:\Program Files\XP Repair Pro 2007 2007-11-17 21:59 . 2007-11-17 21:59 0 --a------ C:\WINDOWS\ativpsrm.bin 2007-11-17 21:04 . 2007-11-17 21:08 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-11-17 17:02 . 2007-11-20 20:11 <DIR> d-------- C:\Program Files\MSECACHE 2007-11-17 16:06 . 2003-03-11 09:04 266,240 --a------ C:\WINDOWS\system32\hpdj3600 2007-11-17 16:05 . 2003-12-14 14:03 438,799 --a------ C:\WINDOWS\hpdj3600.hi2 2007-11-17 16:05 . 2003-12-14 14:03 9,050 --a------ C:\WINDOWS\hpdj3600.bu2 2007-11-17 15:57 . 2007-11-17 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2007-11-02 22:12 . 2007-11-02 23:09 <DIR> d-------- C:\ebooks . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-29 17:51 118,587,424 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-11-29 17:46 3,388,960 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2007-11-29 17:44 323,960 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-11-29 17:44 1,596,536 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-11-29 16:57 362 ----a-w C:\Eurojava.sys 2007-11-28 23:35 --------- d-----w C:\Documents and Settings\hasansas\Application Data\AVG7 2007-11-27 22:47 --------- d-----w C:\Program Files\FlashGet 2007-11-26 17:47 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-26 17:28 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2007-11-21 17:44 --------- d-----w C:\Program Files\xat.com JPEG Optimizer 2007-11-21 17:44 --------- d-----w C:\Program Files\WinISO 2007-11-21 17:44 --------- d-----w C:\Program Files\Lavasoft Ad- Aware 2007-11-21 17:44 --------- d-----w C:\Program Files\Eng-Ger Dictionary 2007-11-21 17:44 --------- d-----w C:\Program Files\AZR 2007-11-21 17:44 --------- d-----w C:\Program Files\APDFPRP 2007-11-21 16:02 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-21-2007_17-56-48_5055604.dnp 2007-11-21 16:02 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-21-2007_17-56-48_3435695.dnp 2007-11-21 15:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-21-2007_17-56-48_8478519.dnp 2007-11-21 15:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-21-2007_17-56-48_4290064.dnp 2007-11-17 20:48 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-17-2007_22-39-32_6006188.dnp 2007-11-17 20:48 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-17-2007_22-39-32_1365664.dnp 2007-11-17 20:43 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-17-2007_22-39-32_9160329.dnp 2007-11-17 20:43 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-11-17-2007_22-39-32_6060886.dnp 2007-11-17 14:05 --------- d-----w C:\Program Files\Hewlett-Packard 2007-11-06 18:06 --------- d-----w C:\Program Files\ICQ6 2007-10-31 22:15 724,992 ----a-w C:\WINDOWS\iun6002.exe 2007-10-26 15:48 --------- d-----w C:\Documents and Settings\hasansas\Application Data\Apple Computer 2007-10-10 23:12 --------- d-----w C:\Program Files\Equis 2007-10-08 20:19 --------- d-----w C:\Program Files\Common Files\Equis 2007-10-08 18:47 --------- d-----w C:\Program Files\ZoomBook The Temple Of The Sun 2007-10-07 14:17 --------- d-----w C:\Documents and Settings\hasansas\Application Data\Azureus 2007-09-30 20:47 --------- d-----w C:\Program Files\iPod 2007-09-30 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-09-30 20:33 --------- d-----w C:\Program Files\Apple Software Update 2007-09-30 20:31 --------- d-----w C:\Program Files\Common Files\Apple 2007-09-30 20:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2005-10-31 00:05 1,560 -c--a-w C:\Program Files\INSTALL.LOG 2004-10-31 11:39 489 ----a-w C:\Documents and Settings\hasansas\Application Data\dcuser.dat 1998-02-10 16:34 128,000 ----a-w C:\Program Files\UNWISE.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UPSMON"="D:\\UPSMON.exe" [2005-03-30 15:13] "kis"="D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 19:09] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:56] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-31 21:34] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient] C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2003-08-25 09:25 139264 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\google\google~1\goec62~1.dll d:\progra~1\agnitum\outpos~1\wl_hook.dll,D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSFIE] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlackICE PC Protection.lnk] backup=C:\WINDOWS\pss\BlackICE PC Protection.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Net Send GUI.lnk] backup=C:\WINDOWS\pss\Net Send GUI.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^U.S. Robotics Wireless USB Adapter.lnk] backup=C:\WINDOWS\pss\U.S. Robotics Wireless USB Adapter.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^hasansas^Start Menu^Programs^Startup^palmOne Registration.lnk] backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti Trojan Elite] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoShutdown] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor] 2002-10-07 00:23 90112 --a------ C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cc_app] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMSystem] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-04 09:56 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer] 2004-09-23 09:33 1019392 --a------ C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskCalc] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery] 2002-12-02 20:56 40960 --a------ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dgp] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmnwb.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drag'n'Drop_Autolaunch] 2004-05-13 10:01 131072 --a------ D:\Program Files\Iomega HotBurn Pro\Autolaunch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzdMontr] C:\Program Files\Quik Touch\EzdMontr.exe install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro] 2003-09-11 23:15 278528 --a------ C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] 2003-03-11 10:08 172032 --a------ C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection] 2001-10-04 01:00 28672 --a------ C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\msnmsgr.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgrn] 2002-12-12 14:24 421888 --a------ C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\navapp] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Connection Monitor] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Overnet] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] 2004-09-15 14:36 148992 --a------ C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] D:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] 2002-04-17 10:42 69632 --a------ C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler] 2005-05-18 21:51 81920 --a------ C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 01:00 90112 -----c--- C:\WINDOWS\UpdReg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr] 2004-11-12 19:24 106557 --a------ C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch] CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 "XPRepairPro2007"=C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe /r "RegClean Expert Scheduler"="D:\Program Files\Registry Clean Expert\RCHelper.exe" /startup "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TIxDSL"=C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe "iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" "QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" -atboottime "Viewbar"=D:\Program Files\AGLOCO Viewbar\Viewbar.exe "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" "Nokia Tray Application"=C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe "CTStartup"=C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run "Inst"=C:\WINDOWS\System\Inst.exe install "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP R1 ts_lb;ts_lb;C:\WINDOWS\system32\drivers\ts_lb.sys R2 BT848;Conexant's BtPCI WDM Video Capture;C:\WINDOWS\system32\DRIVERS\BT848.sys R2 BTTUNER;BtTuner, WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys R2 MDServ;MDServ;"g:\Program Files\Messenger Detect\MDServ.exe" R2 NokiaSuite3;NokiaSuite3;C:\WINDOWS\system32\drivers\NokiaSuite3.sys R3 AtmElan;ATM Emulated LAN;C:\WINDOWS\system32\DRIVERS\atmlane.sys R3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys R3 TSCOMM;CommStudio Virtual Adapter by TamoSoft;C:\WINDOWS\system32\DRIVERS\tscomm.sys S2 BulkUsb;Genius ColorPage USB Scanner;C:\WINDOWS\system32\DRIVERS\usbscan.sys S2 MSFIE;MainSafe Service;C:\WINDOWS\system32\mainsafe.exe C:\WINDOWS\system32\mainsafe.empty.ini S3 Allied;CopperJet ADSL modem Installer;C:\WINDOWS\system32\DRIVERS\instl.sys S3 Aruba;QuikTouch/USB2 Device;C:\WINDOWS\system32\DRIVERS\Aruba.sys S3 AtmLane;ATM LAN Emulation;C:\WINDOWS\system32\DRIVERS\atmlane.sys S3 CV2K1;CommView Network Monitor;C:\WINDOWS\system32\DRIVERS\cv2k1.sys S3 KCIRNET;KC Technology Device Driver;C:\WINDOWS\system32\DRIVERS\kcirnet.sys S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys S3 RapFile;RapFile;\??\C:\WINDOWS\system32\drivers\RapFile.sys S3 RapNet;RapNet;\??\C:\WINDOWS\system32\drivers\RapNet.sys S3 TIAu5Bt;AU5 USB DSL Modem Boot Device;C:\WINDOWS\system32\Drivers\tiau5bt.sys S3 TIAU5CO;AU5 USB DSL Modem(WAN);C:\WINDOWS\system32\DRIVERS\TIAU5CO.sys S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys S4 ewido security suite driver;ewido security suite driver;\??\D:\Program Files\ewido\security suite\guard.sys S4 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53b5a0fe-8896-11dc-aaff-0002440b43c0}] \Shell\AutoRun\command - wd_windows_tools\setup.exe . ************************************************************************ catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-29 19:51:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ . Completion time: 2007-11-29 19:54:32 - machine was rebooted C:\ComboFix.txt ... 2007-11-29 01:55 . --- E O F ---