Tech Support Forum - View Single Post - search-daily.com

Michael Wayne · 12-04-2007, 01:02 PM

ComboFix 07-12-02.6 - Michael Bottella 2007-12-04 14:49:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.614 [GMT -5:00]
Running from: C:\Documents and Settings\Michael Bottella\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\Michael Bottella\Application Data\addon.dat
C:\WINDOWS\system32\clbcatexu.dll
C:\WINDOWS\system32\drivers\hobiowbn.dat
C:\WINDOWS\system32\f02WtR

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_GYLJBOKR
-------\LEGACY_NPF
-------\LEGACY_OHCIUSB
-------\LEGACY_POOF
-------\gyljbokr
-------\ohciusb

((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 )))))))))))))))))))))))))))))))
.

2007-12-04 11:23 . 2007-12-04 11:23 <DIR> d-------- C:\Deckard
2007-12-04 11:22 . 2007-12-04 11:22 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-03 18:00 . 2007-12-03 18:02 418,545,664 --a------ C:\18.tmp
2007-12-03 17:57 . 2007-12-03 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2007-12-03 17:57 . 2007-06-06 11:43 83,640 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2007-12-03 17:57 . 2007-12-03 17:57 248 --a------ C:\WINDOWS\system32\PavCPL.dat
2007-12-03 17:56 . 2007-12-03 20:38 <DIR> d-------- C:\WINDOWS\system32\PAV
2007-12-03 17:56 . 2007-12-03 17:56 <DIR> d-------- C:\Program Files\Panda Security
2007-12-03 17:56 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl
2007-12-03 17:56 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll
2007-12-03 17:51 . 2007-12-03 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-03 14:41 . 2007-12-03 14:41 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-03 14:41 . 2007-12-03 14:41 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-03 14:41 . 2007-12-03 14:41 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-03 14:40 . 2007-12-03 16:07 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-03 13:47 . 2007-12-03 22:29 <DIR> d-------- C:\Program Files\Yahoo!
2007-12-03 13:47 . 2007-12-03 13:47 <DIR> d-------- C:\Program Files\CCleaner
2007-12-01 16:08 . 2007-12-01 16:08 164 --a------ C:\install.dat
2007-12-01 16:06 . 2007-12-01 16:07 <DIR> d-------- C:\Documents and Settings\Michael Bottella\Application Data\GetRightToGo
2007-12-01 15:09 . 2007-12-03 04:17 <DIR> d-------- C:\Program Files\XoftSpySE
2007-11-30 00:16 . 2007-11-30 00:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-30 00:15 . 2007-11-30 03:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-28 17:40 . 2007-11-28 17:40 <DIR> d-------- C:\Program Files\Comodo
2007-11-28 17:40 . 2007-11-28 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-11-28 17:40 . 2007-11-28 17:40 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2007-11-28 17:40 . 2007-11-28 17:40 216,576 --a------ C:\WINDOWS\system32\monln.dll
2007-11-28 14:22 . 2007-11-28 14:22 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-28 14:22 . 2007-11-28 14:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-28 02:54 . 2007-12-03 16:07 <DIR> d-------- C:\WINDOWS\system32\AppCert
2007-11-27 22:48 . 2005-07-25 23:30 100,864 --a------ C:\WINDOWS\system32\clbcatexu.2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-04 19:11 --------- d-----w C:\Program Files\Java
2007-12-04 16:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-04 05:58 --------- d-----w C:\Program Files\eMule
2007-12-03 22:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-03 20:45 --------- d-----w C:\Program Files\SmartPopupBlocker
2007-12-03 20:37 --------- d-----w C:\Program Files\LeechGet 2006
2007-11-30 22:27 --------- d-----w C:\Documents and Settings\Michael Bottella\Application Data\.ABC
2007-11-28 04:13 --------- d-----w C:\Program Files\PeerGuardian2
2007-11-27 06:04 --------- d-----w C:\Program Files\AIM6
2007-11-27 06:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-27 06:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-16 03:50 --------- d-----w C:\Program Files\Sony
2007-11-13 14:16 --------- d-----w C:\Program Files\Norton SystemWorks
2007-11-06 08:23 --------- d-----w C:\Program Files\MySpace
2007-10-21 02:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-10-21 02:36 --------- d-----w C:\Program Files\Security Task Manager
2007-10-19 00:09 --------- d-----w C:\Program Files\MP3+G Toolz .NET 4
2007-10-08 18:40 --------- d-----w C:\Program Files\Alcohol Soft
2007-10-08 17:55 --------- d-----w C:\Documents and Settings\Michael Bottella\Application Data\SlySoft
2007-10-08 16:40 --------- d-----w C:\Program Files\SlySoft
2007-10-08 15:39 --------- d-----w C:\Program Files\Common Files\cdrdao
2007-10-08 15:27 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-06 04:46 --------- d-----w C:\Program Files\ABC
2007-10-04 09:16 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-04 09:16 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-04 09:16 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-04 09:16 --------- d-----w C:\Program Files\Symantec
2007-10-03 11:07 24,576 ----a-w C:\WINDOWS\OkyFlyPC_uninstall.exe
2007-09-25 09:56 737,280 ----a-w C:\WINDOWS\iun6002.exe
2003-08-27 19:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll
2004-08-15 23:10 32 --sha-w C:\WINDOWS\{18BEC826-02D5-4AFC-BAA8-C06B7EAB8247}.dat
2004-08-15 23:10 32 --sha-w C:\WINDOWS\{523B879B-62A5-4392-812E-C5C284AAAEB0}.dat
2004-08-15 23:11 32 --sha-w C:\WINDOWS\{8B10D43A-7FBF-4947-8390-C8AEA7B1A949}.dat
2004-08-15 23:08 32 --sha-w C:\WINDOWS\{9107C27E-3342-4C64-870B-2A9833AF5EA8}.dat
2004-08-15 23:08 32 --sha-w C:\WINDOWS\{E181FAE3-12E5-4654-8CB9-3D85D62C6E5F}.dat
2005-10-08 06:58 32 --sha-w C:\WINDOWS\{FF9E27A5-0ED2-4D8F-B439-23DF433F51F3}.dat
2005-10-15 16:34 349,088 --sha-w C:\WINDOWS\system32\acfii.bak2
2005-10-16 03:43 335,883 --sha-w C:\WINDOWS\system32\acfii.ini2
2004-08-15 23:08 32 --sha-w C:\WINDOWS\system32\{4BE1F716-C1DB-473A-AF35-DF7BF40B97BC}.dat
2004-08-15 23:08 32 --sha-w C:\WINDOWS\system32\{5C486995-454D-49E0-AB83-DCFEE9493C6A}.dat
2004-08-15 23:10 32 --sha-w C:\WINDOWS\system32\{64E1E082-BD47-4A27-9249-CAF1E0BCEC51}.dat
2004-08-15 23:08 32 --sha-w C:\WINDOWS\system32\{800FBB96-2302-4899-9281-E5075BBA36DD}.dat
2004-08-15 23:10 32 --sha-w C:\WINDOWS\system32\{E7870D69-EE94-4DB9-8072-6DDBCBF01D05}.dat
2004-08-15 23:11 32 --sha-w C:\WINDOWS\system32\{ED529549-8B17-4BB0-A251-7996E420AC9B}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 05:27]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [2001-12-26 02:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-31 13:34]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-07-19 15:23]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 2001-12-20 23:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michael Bottella^Start Menu^Programs^Startup^Eyetide Launcher.lnk]
path=C:\Documents and Settings\Michael Bottella\Start Menu\Programs\Startup\Eyetide Launcher.lnk
backup=C:\WINDOWS\pss\Eyetide Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A+PopUpBlocker]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Launcher]
2000-02-16 01:52 257536 --a------ C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer]
2002-08-29 05:41 91136 --a------ C:\Program Files\Internet Explorer\iexplore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\funk]
funk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
C:\Program Files\Internet Optimizer\optimize.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
2001-11-29 01:00 28672 --a------ C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LeechGet]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NewsUpd]
C:\Program Files\Creative\News\NewsUpd.EXE /q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpInspector.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Scan]
C:\Program Files\Power Scan\powerscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regscan]
C:\WINDOWS\System32\regscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\satmat]
C:\WINDOWS\satmat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SideWinderTrayV4]
1999-11-18 18:12 24650 --a------ C:\PROGRA~1\MI948F~1\GAMECO~1\common\swtrayv4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
2003-08-27 14:20 94208 -ra------ C:\WINDOWS\SM1BG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2005-05-31 01:04 1415824 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Begone]
C:\Program Files\Freescan\freescan.exe -FastScan

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperAdBlocker]
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 01:00 90112 --a------ C:\WINDOWS\Updreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2006-01-23 14:42 196608 --a------ C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)

R1 Cinemsup;Cinemsup;C:\WINDOWS\System32\drivers\Cinemsup.sys
R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\System32\DRIVERS\AN983.sys
R3 Ausbflt;Ausbflt;C:\WINDOWS\System32\Drivers\Ausbflt.sys
R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS
S2 ATIBTCAP;ATI TV Wonder Video Capture;C:\WINDOWS\System32\drivers\atibtcap.sys
S2 ATIBTXBAR;ATI TV Wonder Video Crossbar;C:\WINDOWS\System32\drivers\atibtxbr.sys
S2 ATIVTUTW;ATI TV Wonder TV Tuner;C:\WINDOWS\System32\drivers\ativtutw.sys
S2 ATIVXSTW;ATI TV Wonder Audio Crossbar;C:\WINDOWS\System32\drivers\ativxstw.sys
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\System32\drivers\ctlsb16.sys
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver;C:\WINDOWS\System32\DRIVERS\GcKernel.sys
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver;C:\WINDOWS\System32\DRIVERS\HIDSwvd.sys
S3 Ip6FwHlp;IPv6 Internet Connection Firewall;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;C:\WINDOWS\System32\drivers\usbscan.sys

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44AA3114-D221-43EC-1C32-1EAC52A2014D}]
C:\WINDOWS\System32\msnvl.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-04 18:23:12 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 14:57:35
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????????E?@?Disc Detector?A????? ?A???????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A???????B???@?????P?????@????????????w??????????@?G?????????????????B?????????????????????????????????r?B

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-04 14:59:10 - machine was rebooted
.
--- E O F ---

12-04-2007, 01:02 PM	#8 (permalink)
Michael Wayne Registered User Join Date: Dec 2007 Posts: 33 OS: XP SP 1	Re: search-daily.com ComboFix 07-12-02.6 - Michael Bottella 2007-12-04 14:49:25.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.614 [GMT -5:00] Running from: C:\Documents and Settings\Michael Bottella\desktop\combofix.exe Command switches used :: /killall * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users.\documents\settings C:\Documents and Settings\All Users.\documents\settings\desktop.ini C:\Documents and Settings\Michael Bottella\Application Data\addon.dat C:\WINDOWS\system32\clbcatexu.dll C:\WINDOWS\system32\drivers\hobiowbn.dat C:\WINDOWS\system32\f02WtR . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_GYLJBOKR -------\LEGACY_NPF -------\LEGACY_OHCIUSB -------\LEGACY_POOF -------\gyljbokr -------\ohciusb ((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 ))))))))))))))))))))))))))))))) . 2007-12-04 11:23 . 2007-12-04 11:23 <DIR> d-------- C:\Deckard 2007-12-04 11:22 . 2007-12-04 11:22 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-03 18:00 . 2007-12-03 18:02 418,545,664 --a------ C:\18.tmp 2007-12-03 17:57 . 2007-12-03 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel 2007-12-03 17:57 . 2007-06-06 11:43 83,640 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys 2007-12-03 17:57 . 2007-12-03 17:57 248 --a------ C:\WINDOWS\system32\PavCPL.dat 2007-12-03 17:56 . 2007-12-03 20:38 <DIR> d-------- C:\WINDOWS\system32\PAV 2007-12-03 17:56 . 2007-12-03 17:56 <DIR> d-------- C:\Program Files\Panda Security 2007-12-03 17:56 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl 2007-12-03 17:56 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll 2007-12-03 17:51 . 2007-12-03 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2007-12-03 14:41 . 2007-12-03 14:41 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-12-03 14:41 . 2007-12-03 14:41 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-12-03 14:41 . 2007-12-03 14:41 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-03 14:40 . 2007-12-03 16:07 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-12-03 13:47 . 2007-12-03 22:29 <DIR> d-------- C:\Program Files\Yahoo! 2007-12-03 13:47 . 2007-12-03 13:47 <DIR> d-------- C:\Program Files\CCleaner 2007-12-01 16:08 . 2007-12-01 16:08 164 --a------ C:\install.dat 2007-12-01 16:06 . 2007-12-01 16:07 <DIR> d-------- C:\Documents and Settings\Michael Bottella\Application Data\GetRightToGo 2007-12-01 15:09 . 2007-12-03 04:17 <DIR> d-------- C:\Program Files\XoftSpySE 2007-11-30 00:16 . 2007-11-30 00:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-11-30 00:15 . 2007-11-30 03:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-11-28 17:40 . 2007-11-28 17:40 <DIR> d-------- C:\Program Files\Comodo 2007-11-28 17:40 . 2007-11-28 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo 2007-11-28 17:40 . 2007-11-28 17:40 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL 2007-11-28 17:40 . 2007-11-28 17:40 216,576 --a------ C:\WINDOWS\system32\monln.dll 2007-11-28 14:22 . 2007-11-28 14:22 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-11-28 14:22 . 2007-11-28 14:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-11-28 02:54 . 2007-12-03 16:07 <DIR> d-------- C:\WINDOWS\system32\AppCert 2007-11-27 22:48 . 2005-07-25 23:30 100,864 --a------ C:\WINDOWS\system32\clbcatexu.2 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-04 19:11 --------- d-----w C:\Program Files\Java 2007-12-04 16:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-04 05:58 --------- d-----w C:\Program Files\eMule 2007-12-03 22:56 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-03 20:45 --------- d-----w C:\Program Files\SmartPopupBlocker 2007-12-03 20:37 --------- d-----w C:\Program Files\LeechGet 2006 2007-11-30 22:27 --------- d-----w C:\Documents and Settings\Michael Bottella\Application Data\.ABC 2007-11-28 04:13 --------- d-----w C:\Program Files\PeerGuardian2 2007-11-27 06:04 --------- d-----w C:\Program Files\AIM6 2007-11-27 06:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-11-27 06:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2007-11-16 03:50 --------- d-----w C:\Program Files\Sony 2007-11-13 14:16 --------- d-----w C:\Program Files\Norton SystemWorks 2007-11-06 08:23 --------- d-----w C:\Program Files\MySpace 2007-10-21 02:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan 2007-10-21 02:36 --------- d-----w C:\Program Files\Security Task Manager 2007-10-19 00:09 --------- d-----w C:\Program Files\MP3+G Toolz .NET 4 2007-10-08 18:40 --------- d-----w C:\Program Files\Alcohol Soft 2007-10-08 17:55 --------- d-----w C:\Documents and Settings\Michael Bottella\Application Data\SlySoft 2007-10-08 16:40 --------- d-----w C:\Program Files\SlySoft 2007-10-08 15:39 --------- d-----w C:\Program Files\Common Files\cdrdao 2007-10-08 15:27 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-10-06 04:46 --------- d-----w C:\Program Files\ABC 2007-10-04 09:16 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-10-04 09:16 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-10-04 09:16 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-10-04 09:16 --------- d-----w C:\Program Files\Symantec 2007-10-03 11:07 24,576 ----a-w C:\WINDOWS\OkyFlyPC_uninstall.exe 2007-09-25 09:56 737,280 ----a-w C:\WINDOWS\iun6002.exe 2003-08-27 19:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll 2004-08-15 23:10 32 --sha-w C:\WINDOWS\{18BEC826-02D5-4AFC-BAA8-C06B7EAB8247}.dat 2004-08-15 23:10 32 --sha-w C:\WINDOWS\{523B879B-62A5-4392-812E-C5C284AAAEB0}.dat 2004-08-15 23:11 32 --sha-w C:\WINDOWS\{8B10D43A-7FBF-4947-8390-C8AEA7B1A949}.dat 2004-08-15 23:08 32 --sha-w C:\WINDOWS\{9107C27E-3342-4C64-870B-2A9833AF5EA8}.dat 2004-08-15 23:08 32 --sha-w C:\WINDOWS\{E181FAE3-12E5-4654-8CB9-3D85D62C6E5F}.dat 2005-10-08 06:58 32 --sha-w C:\WINDOWS\{FF9E27A5-0ED2-4D8F-B439-23DF433F51F3}.dat 2005-10-15 16:34 349,088 --sha-w C:\WINDOWS\system32\acfii.bak2 2005-10-16 03:43 335,883 --sha-w C:\WINDOWS\system32\acfii.ini2 2004-08-15 23:08 32 --sha-w C:\WINDOWS\system32\{4BE1F716-C1DB-473A-AF35-DF7BF40B97BC}.dat 2004-08-15 23:08 32 --sha-w C:\WINDOWS\system32\{5C486995-454D-49E0-AB83-DCFEE9493C6A}.dat 2004-08-15 23:10 32 --sha-w C:\WINDOWS\system32\{64E1E082-BD47-4A27-9249-CAF1E0BCEC51}.dat 2004-08-15 23:08 32 --sha-w C:\WINDOWS\system32\{800FBB96-2302-4899-9281-E5075BBA36DD}.dat 2004-08-15 23:10 32 --sha-w C:\WINDOWS\system32\{E7870D69-EE94-4DB9-8072-6DDBCBF01D05}.dat 2004-08-15 23:11 32 --sha-w C:\WINDOWS\system32\{ED529549-8B17-4BB0-A251-7996E420AC9B}.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 05:27] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [2001-12-26 02:00] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-31 13:34] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35] "APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-07-19 15:23] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="LogonUI.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 2001-12-20 23:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli scecli [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michael Bottella^Start Menu^Programs^Startup^Eyetide Launcher.lnk] path=C:\Documents and Settings\Michael Bottella\Start Menu\Programs\Startup\Eyetide Launcher.lnk backup=C:\WINDOWS\pss\Eyetide Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A+PopUpBlocker] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] Mixer.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Launcher] 2000-02-16 01:52 257536 --a------ C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer] 2002-08-29 05:41 91136 --a------ C:\Program Files\Internet Explorer\iexplore.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\funk] funk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer] C:\Program Files\Internet Optimizer\optimize.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection] 2001-11-29 01:00 28672 --a------ C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LeechGet] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpInspector.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Scan] C:\Program Files\Power Scan\powerscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regscan] C:\WINDOWS\System32\regscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc] C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\satmat] C:\WINDOWS\satmat.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SideWinderTrayV4] 1999-11-18 18:12 24650 --a------ C:\PROGRA~1\MI948F~1\GAMECO~1\common\swtrayv4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG] 2003-08-27 14:20 94208 -ra------ C:\WINDOWS\SM1BG.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2005-05-31 01:04 1415824 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Begone] C:\Program Files\Freescan\freescan.exe -FastScan [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 01:00 90112 --a------ C:\WINDOWS\Updreg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip] 2006-01-23 14:42 196608 --a------ C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch] CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPodService"=3 (0x3) R1 Cinemsup;Cinemsup;C:\WINDOWS\System32\drivers\Cinemsup.sys R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\System32\DRIVERS\AN983.sys R3 Ausbflt;Ausbflt;C:\WINDOWS\System32\Drivers\Ausbflt.sys R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS S2 ATIBTCAP;ATI TV Wonder Video Capture;C:\WINDOWS\System32\drivers\atibtcap.sys S2 ATIBTXBAR;ATI TV Wonder Video Crossbar;C:\WINDOWS\System32\drivers\atibtxbr.sys S2 ATIVTUTW;ATI TV Wonder TV Tuner;C:\WINDOWS\System32\drivers\ativtutw.sys S2 ATIVXSTW;ATI TV Wonder Audio Crossbar;C:\WINDOWS\System32\drivers\ativxstw.sys S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\System32\drivers\ctlsb16.sys S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver;C:\WINDOWS\System32\DRIVERS\GcKernel.sys S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver;C:\WINDOWS\System32\DRIVERS\HIDSwvd.sys S3 Ip6FwHlp;IPv6 Internet Connection Firewall;C:\WINDOWS\System32\svchost.exe -k netsvcs S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;C:\WINDOWS\System32\drivers\usbscan.sys [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44AA3114-D221-43EC-1C32-1EAC52A2014D}] C:\WINDOWS\System32\msnvl.exe . Contents of the 'Scheduled Tasks' folder "2007-12-04 18:23:12 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************ catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-04 14:57:35 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????????E?@?Disc Detector?A????? ?A???????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A???????B???@?????P?????@????????????w??????????@?G?????????????????B?????????????????????????????????r?B scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-12-04 14:59:10 - machine was rebooted . --- E O F --- Last edited by Michael Wayne; 12-04-2007 at 01:08 PM.