Tech Support Forum - View Single Post

Alexlonebear · 12-07-2007, 06:15 PM

Hey TheBruce1,

Sorry to be so dense.
I think I know how to ZIP a file,
I have WINZIP.
But when Tetonbob says post the zipped file "here" does he mean on this forum or on the website that he gives the address for.
Also, can I paste a ZIP file into the copy?
The ComboFix file was old because I started to send it when I started trying to send the Scan from Panda.
I'm pasteing a new one here.
It just occured to me.
The Panda scan is 3 days old also.
Should I run a new one before I try to send it again.

ComboFix 07-12-02.7 - Hank 2007-12-07 19:48:41.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.572 [GMT -5:00]
Running from: C:\Documents and Settings\Hank\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-08 to 2007-12-08 )))))))))))))))))))))))))))))))
.

2007-12-07 13:42 . 2007-12-07 13:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-07 13:42 . 2007-12-07 13:42 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-05 12:02 . 2007-12-05 14:51 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-05 12:02 . 2007-12-05 12:02 <DIR> d-------- C:\WINDOWS\LastGood
2007-12-05 12:02 . 2007-12-05 12:02 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-05 12:02 . 2007-12-05 12:02 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-05 12:02 . 2007-12-05 12:02 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-04 10:07 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-04 10:07 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-04 10:07 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-04 10:07 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-03 17:47 . 2007-12-03 17:47 <DIR> d-------- C:\Deckard
2007-12-02 14:00 . 2007-12-02 14:00 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-02 00:22 . 2007-12-02 00:22 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-12-02 00:21 . 2007-12-07 02:00 <DIR> d-------- C:\Program Files\SpyNoMore
2007-12-02 00:20 . 2007-12-02 00:20 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-11-18 20:35 . 2007-11-18 20:35 <DIR> d-------- C:\Temp\PALM
2007-11-18 20:35 . 2007-11-18 20:35 <DIR> d-------- C:\Temp\2577

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 19:25 --------- d-----w C:\Program Files\Spyware Doctor
2007-12-05 19:10 --------- d-----w C:\Program Files\PC Tools AntiVirus
2007-12-05 18:59 --------- d-----w C:\Program Files\EvidenceNuker
2007-12-04 14:47 --------- d-----w C:\Program Files\Opera
2007-10-15 03:10 139,432 ----a-w C:\Documents and Settings\Hank\Application Data\GDIPFONTCACHEV1.DAT
2006-03-17 08:16 22 ----a-w C:\Documents and Settings\Music Downloads\nik Color Efex Pro 2.0 (Photoshop Plug.zip
2006-02-03 17:21 2,255 ----a-w C:\Documents and Settings\Music Downloads\teps.zip
2005-12-12 03:00 4,126,240 ----a-w C:\Documents and Settings\Music Downloads\picasa2-current.exe
2005-12-12 03:00 3,707,944 ----a-w C:\Documents and Settings\Music Downloads\picasa-google-free.exe
2005-12-12 02:55 22 ----a-w C:\Documents and Settings\Music Downloads\Picasa 2.1.0.zip
2004-02-02 21:40 560 ----a-w C:\Documents and Settings\Hank\PCDOC.BAT
2005-07-14 19:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((( snapshot_2007-12-05_11.33.56.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-24 13:28:54 141,424 ----a-w C:\WINDOWS\Downloaded Program Files\asinst.dll
+ 2007-03-29 14:20:50 110,592 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll
+ 2006-10-05 21:15:26 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll
+ 2005-06-03 19:03:18 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll
+ 2003-08-01 16:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll
+ 2005-05-20 18:42:44 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\instlsp.dll
+ 2006-02-16 23:20:20 4,608 ----a-w C:\WINDOWS\system32\ActiveScan\memvfile.dll
+ 2005-10-25 23:08:32 348,160 ----a-w C:\WINDOWS\system32\ActiveScan\msvcr71.dll
+ 2004-05-04 20:01:02 139,264 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll
+ 2006-07-14 18:04:10 45,056 ----a-w C:\WINDOWS\system32\ActiveScan\pavdr.exe
+ 2006-04-10 15:50:02 159,832 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll
+ 2006-02-14 18:05:38 94,208 ----a-w C:\WINDOWS\system32\ActiveScan\pavinas.dll
+ 2006-02-16 23:35:38 180,224 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll
+ 2006-10-05 21:15:38 122,880 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll
+ 2006-06-30 19:13:38 8,704 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
+ 2004-02-04 19:08:42 49,152 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll
+ 2006-08-01 18:23:10 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pscpu.dll
+ 2006-08-23 18

08 1,388,544 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll
+ 2006-08-17 16:38:14 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\pskalloc.dll
+ 2006-09-04 16:49:54 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\pskas.dll
+ 2006-08-18 13:46:18 779,264 ----a-w C:\WINDOWS\system32\ActiveScan\pskavs.dll
+ 2007-03-26 19:25:34 417,792 ----a-w C:\WINDOWS\system32\ActiveScan\pskcmp.dll
+ 2006-08-09 15:42:24 90,112 ----a-w C:\WINDOWS\system32\ActiveScan\pskfss.dll
+ 2006-07-19 15:55:58 208,896 ----a-w C:\WINDOWS\system32\ActiveScan\pskhtml.dll
+ 2006-01-20 21:57:00 9,728 ----a-w C:\WINDOWS\system32\ActiveScan\pskmas.dll
+ 2006-05-17 14:50:12 14,336 ----a-w C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
+ 2006-08-16 15:58:12 33,280 ----a-w C:\WINDOWS\system32\ActiveScan\pskpack.dll
+ 2006-06-30 19:42:36 266,240 ----a-w C:\WINDOWS\system32\ActiveScan\pskscs.dll
+ 2006-08-17 19:33:14 62,976 ----a-w C:\WINDOWS\system32\ActiveScan\pskutil.dll
+ 2006-08-08 18:13:10 13,312 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfile.dll
+ 2006-08-18 13:53:08 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfs.dll
+ 2006-08-18 13:49:50 167,936 ----a-w C:\WINDOWS\system32\ActiveScan\pskvm.dll
+ 2007-04-18 22:16:04 353,840 ----a-w C:\WINDOWS\system32\ActiveScan\psscan.dll
+ 2007-01-22 19:42:48 35,328 ----a-w C:\WINDOWS\system32\ActiveScan\rawvfile.dll
+ 1997-09-18 11:12:32 9,488 ----a-w C:\WINDOWS\system32\ActiveScan\sporder.dll
+ 2006-02-28 22:23:40 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
+ 2006-08-02 17:39:06 73,728 ----a-w C:\WINDOWS\system32\asuninst.exe
+ 2003-03-25 23:53:50 11,776 ----a-w C:\WINDOWS\system32\ZPORT4AS.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 08:50 C:\WINDOWS\LOGI_MWX.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 13:46 C:\WINDOWS\KHALMNPR.Exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" [2007-12-02 00:22]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-06-15 08:56]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2005-12-13 15:13]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2006-05-29 12:41:29]
HOTSYNCSHORTCUTNAME.lnk - C:\Palm\Hotsync.exe [2004-06-09 14:27:34]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [2006-08-17 14:57 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
backup=C:\WINDOWS\pss\Event Reminder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LimeWire 4.0.8.lnk]
backup=C:\WINDOWS\pss\LimeWire 4.0.8.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PhotoCAL Startup.lnk]
backup=C:\WINDOWS\pss\PhotoCAL Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hank^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hank^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe]
backup=C:\WINDOWS\pss\PowerReg SchedulerV2.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Macromedia Licensing Service"=3 (0x3)

R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R3 SQTECH930B;Motion Track Webcam;C:\WINDOWS\system32\Drivers\Capt930b.sys
S1 AEC671X;AEC671X;C:\WINDOWS\system32\drivers\AEC671X.SYS
S1 DMX3191;DMX3191;C:\WINDOWS\system32\drivers\DMX3191.SYS
S2 UDNT;UDNT;C:\WINDOWS\system32\drivers\UDNT.sys
S3 cvspydr2;ColorVision Spyder 2;C:\WINDOWS\system32\DRIVERS\cvspydr2.sys
S3 EPUSBSTOR;EPSON USB Storage Driver;C:\WINDOWS\system32\DRIVERS\epusbsto.sys
S3 NUVision;Pinnacle LINX;C:\WINDOWS\system32\DRIVERS\NUVision.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53de9c33-01c0-11dc-8070-0040ca587ccf}]
\Shell\AutoRun\command - G:\system\viewer\FlipVideoforPC.exe
\Shell\Flip Video for PC\command - G:\system\viewer\FlipVideoforPC.exe

.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-07 19:54:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-07 20:01:43
C:\ComboFix2.txt ... 2007-12-05 11:37
C:\ComboFix3.txt ... 2007-12-04 10:01
.
--- E O F ---

12-07-2007, 06:15 PM	#25 (permalink)
Alexlonebear Registered User Join Date: Dec 2007 Posts: 17 OS: Windows XP	Re: A mess with ads and popups Hey TheBruce1, Sorry to be so dense. I think I know how to ZIP a file, I have WINZIP. But when Tetonbob says post the zipped file "here" does he mean on this forum or on the website that he gives the address for. Also, can I paste a ZIP file into the copy? The ComboFix file was old because I started to send it when I started trying to send the Scan from Panda. I'm pasteing a new one here. It just occured to me. The Panda scan is 3 days old also. Should I run a new one before I try to send it again. ComboFix 07-12-02.7 - Hank 2007-12-07 19:48:41.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.572 [GMT -5:00] Running from: C:\Documents and Settings\Hank\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-11-08 to 2007-12-08 ))))))))))))))))))))))))))))))) . 2007-12-07 13:42 . 2007-12-07 13:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-07 13:42 . 2007-12-07 13:42 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-05 12:02 . 2007-12-05 14:51 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-12-05 12:02 . 2007-12-05 12:02 <DIR> d-------- C:\WINDOWS\LastGood 2007-12-05 12:02 . 2007-12-05 12:02 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-12-05 12:02 . 2007-12-05 12:02 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-12-05 12:02 . 2007-12-05 12:02 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-04 10:07 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2007-12-04 10:07 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2007-12-04 10:07 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2007-12-04 10:07 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2007-12-03 17:47 . 2007-12-03 17:47 <DIR> d-------- C:\Deckard 2007-12-02 14:00 . 2007-12-02 14:00 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-02 00:22 . 2007-12-02 00:22 1,152 --a------ C:\WINDOWS\system32\windrv.sys 2007-12-02 00:21 . 2007-12-07 02:00 <DIR> d-------- C:\Program Files\SpyNoMore 2007-12-02 00:20 . 2007-12-02 00:20 <DIR> d-------- C:\Program Files\Common Files\Download Manager 2007-11-18 20:35 . 2007-11-18 20:35 <DIR> d-------- C:\Temp\PALM 2007-11-18 20:35 . 2007-11-18 20:35 <DIR> d-------- C:\Temp\2577 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-05 19:25 --------- d-----w C:\Program Files\Spyware Doctor 2007-12-05 19:10 --------- d-----w C:\Program Files\PC Tools AntiVirus 2007-12-05 18:59 --------- d-----w C:\Program Files\EvidenceNuker 2007-12-04 14:47 --------- d-----w C:\Program Files\Opera 2007-10-15 03:10 139,432 ----a-w C:\Documents and Settings\Hank\Application Data\GDIPFONTCACHEV1.DAT 2006-03-17 08:16 22 ----a-w C:\Documents and Settings\Music Downloads\nik Color Efex Pro 2.0 (Photoshop Plug.zip 2006-02-03 17:21 2,255 ----a-w C:\Documents and Settings\Music Downloads\teps.zip 2005-12-12 03:00 4,126,240 ----a-w C:\Documents and Settings\Music Downloads\picasa2-current.exe 2005-12-12 03:00 3,707,944 ----a-w C:\Documents and Settings\Music Downloads\picasa-google-free.exe 2005-12-12 02:55 22 ----a-w C:\Documents and Settings\Music Downloads\Picasa 2.1.0.zip 2004-02-02 21:40 560 ----a-w C:\Documents and Settings\Hank\PCDOC.BAT 2005-07-14 19:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll . ((((((((((((((((((((((((((((( snapshot_2007-12-05_11.33.56.12 ))))))))))))))))))))))))))))))))))))))))) . + 2006-08-24 13:28:54 141,424 ----a-w C:\WINDOWS\Downloaded Program Files\asinst.dll + 2007-03-29 14:20:50 110,592 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll + 2006-10-05 21:15:26 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll + 2005-06-03 19:03:18 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll + 2003-08-01 16:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll + 2005-05-20 18:42:44 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\instlsp.dll + 2006-02-16 23:20:20 4,608 ----a-w C:\WINDOWS\system32\ActiveScan\memvfile.dll + 2005-10-25 23:08:32 348,160 ----a-w C:\WINDOWS\system32\ActiveScan\msvcr71.dll + 2004-05-04 20:01:02 139,264 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll + 2006-07-14 18:04:10 45,056 ----a-w C:\WINDOWS\system32\ActiveScan\pavdr.exe + 2006-04-10 15:50:02 159,832 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll + 2006-02-14 18:05:38 94,208 ----a-w C:\WINDOWS\system32\ActiveScan\pavinas.dll + 2006-02-16 23:35:38 180,224 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll + 2006-10-05 21:15:38 122,880 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll + 2006-06-30 19:13:38 8,704 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe + 2004-02-04 19:08:42 49,152 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll + 2006-08-01 18:23:10 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pscpu.dll + 2006-08-23 1808 1,388,544 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll + 2006-08-17 16:38:14 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\pskalloc.dll + 2006-09-04 16:49:54 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\pskas.dll + 2006-08-18 13:46:18 779,264 ----a-w C:\WINDOWS\system32\ActiveScan\pskavs.dll + 2007-03-26 19:25:34 417,792 ----a-w C:\WINDOWS\system32\ActiveScan\pskcmp.dll + 2006-08-09 15:42:24 90,112 ----a-w C:\WINDOWS\system32\ActiveScan\pskfss.dll + 2006-07-19 15:55:58 208,896 ----a-w C:\WINDOWS\system32\ActiveScan\pskhtml.dll + 2006-01-20 21:57:00 9,728 ----a-w C:\WINDOWS\system32\ActiveScan\pskmas.dll + 2006-05-17 14:50:12 14,336 ----a-w C:\WINDOWS\system32\ActiveScan\pskmdfs.dll + 2006-08-16 15:58:12 33,280 ----a-w C:\WINDOWS\system32\ActiveScan\pskpack.dll + 2006-06-30 19:42:36 266,240 ----a-w C:\WINDOWS\system32\ActiveScan\pskscs.dll + 2006-08-17 19:33:14 62,976 ----a-w C:\WINDOWS\system32\ActiveScan\pskutil.dll + 2006-08-08 18:13:10 13,312 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfile.dll + 2006-08-18 13:53:08 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfs.dll + 2006-08-18 13:49:50 167,936 ----a-w C:\WINDOWS\system32\ActiveScan\pskvm.dll + 2007-04-18 22:16:04 353,840 ----a-w C:\WINDOWS\system32\ActiveScan\psscan.dll + 2007-01-22 19:42:48 35,328 ----a-w C:\WINDOWS\system32\ActiveScan\rawvfile.dll + 1997-09-18 11:12:32 9,488 ----a-w C:\WINDOWS\system32\ActiveScan\sporder.dll + 2006-02-28 22:23:40 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\tcpvfile.dll + 2006-08-02 17:39:06 73,728 ----a-w C:\WINDOWS\system32\asuninst.exe + 2003-03-25 23:53:50 11,776 ----a-w C:\WINDOWS\system32\ZPORT4AS.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 08:50 C:\WINDOWS\LOGI_MWX.EXE] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 13:46 C:\WINDOWS\KHALMNPR.Exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "SNM"="C:\Program Files\SpyNoMore\SNM.exe" [2007-12-02 00:22] "MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-06-15 08:56] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2005-12-13 15:13] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2006-05-29 12:41:29] HOTSYNCSHORTCUTNAME.lnk - C:\Palm\Hotsync.exe [2004-06-09 14:27:34] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [2006-08-17 14:57 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk] backup=C:\WINDOWS\pss\Event Reminder.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LimeWire 4.0.8.lnk] backup=C:\WINDOWS\pss\LimeWire 4.0.8.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PhotoCAL Startup.lnk] backup=C:\WINDOWS\pss\PhotoCAL Startup.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk] backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hank^Start Menu^Programs^Startup^PowerReg Scheduler.exe] backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hank^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe] backup=C:\WINDOWS\pss\PowerReg SchedulerV2.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Macromedia Licensing Service"=3 (0x3) R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys R3 SQTECH930B;Motion Track Webcam;C:\WINDOWS\system32\Drivers\Capt930b.sys S1 AEC671X;AEC671X;C:\WINDOWS\system32\drivers\AEC671X.SYS S1 DMX3191;DMX3191;C:\WINDOWS\system32\drivers\DMX3191.SYS S2 UDNT;UDNT;C:\WINDOWS\system32\drivers\UDNT.sys S3 cvspydr2;ColorVision Spyder 2;C:\WINDOWS\system32\DRIVERS\cvspydr2.sys S3 EPUSBSTOR;EPSON USB Storage Driver;C:\WINDOWS\system32\DRIVERS\epusbsto.sys S3 NUVision;Pinnacle LINX;C:\WINDOWS\system32\DRIVERS\NUVision.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53de9c33-01c0-11dc-8070-0040ca587ccf}] \Shell\AutoRun\command - G:\system\viewer\FlipVideoforPC.exe \Shell\Flip Video for PC\command - G:\system\viewer\FlipVideoforPC.exe . ************************************************************************ catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-07 19:54:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-12-07 20:01:43 C:\ComboFix2.txt ... 2007-12-05 11:37 C:\ComboFix3.txt ... 2007-12-04 10:01 . --- E O F ---