Tech Support Forum - View Single Post

gavhall316 · 12-24-2007, 06:57 AM

ComboFix 07-12-24.8 - HP_Owner 2007-12-24 10:35:29.3 - NTFSx86
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\dat.txt
C:\WINDOWS\search_res.txt

.
((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 )))))))))))))))))))))))))))))))
.

2007-12-23 19:19 . 2007-12-23 19:19 <DIR> d-------- C:\Program Files\Kontiki
2007-12-23 19:18 . 2007-12-23 19:18 <DIR> d-------- C:\Program Files\Channel4
2007-12-23 19:18 . 2007-12-24 10:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kontiki
2007-12-23 19:18 . 2007-12-23 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Channel4
2007-12-19 13:46 . 2007-12-19 13:46 <DIR> d-------- C:\Program Files\DivX
2007-12-16 17:23 . 2007-12-16 17:23 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Lavasoft
2007-12-16 17:22 . 2007-12-16 17:22 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-16 16:54 . 2007-12-23 14:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-16 16:54 . 2007-12-16 16:54 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-11 22:34 . 2007-12-11 22:34 1,044,480 --a--c--- C:\WINDOWS\system32\libdivx.dll
2007-12-11 22:34 . 2007-12-11 22:34 200,704 --a--c--- C:\WINDOWS\system32\ssldivx.dll
2007-12-11 16:40 . 2007-12-11 08:31 253,952 --a------ C:\WINDOWS\blopenvtrk.dll
2007-12-11 16:40 . 2007-12-11 08:31 192,512 --a------ C:\WINDOWS\nopzet.dll
2007-12-11 16:40 . 2007-12-11 08:31 143,360 --a------ C:\WINDOWS\jokvip.exe
2007-12-09 17:40 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2007-12-09 17:40 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2007-12-09 17:40 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2007-11-30 10:49 . 2007-12-11 12:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2007-11-29 23:35 . 2007-11-30 11:01 <DIR> d-------- C:\Program Files\DVDFab Platinum 4
2007-11-29 20:00 . 2007-11-29 20:00 <DIR> d-------- C:\Program Files\DVD Shrink
2007-11-29 20:00 . 2007-11-29 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-29 18:19 . 2007-11-29 18:19 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-11-29 18:19 . 2007-11-29 18:19 43,698 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2007-11-29 18:16 . 2007-11-29 18:16 <DIR> d-------- C:\Program Files\Gabest
2007-11-29 18:15 . 2007-11-29 18:19 <DIR> d-------- C:\Program Files\AutoGK
2007-11-29 17:50 . 2007-11-29 17:50 <DIR> d-------- C:\New Folder
2007-11-24 12:31 . 2007-11-24 12:31 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Microsoft Games
2007-11-24 11:44 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-11-24 11:44 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-11-24 11:44 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-11-24 10:48 . 2007-11-24 10:48 <DIR> d-------- C:\Program Files\Microsoft Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 10:35 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\uTorrent
2007-12-24 10:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-23 18:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-23 10:34 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-12-20 18:19 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Vso
2007-12-13 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-07 19:25 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\iPhoneRingToneMaker
2007-12-07 11:48 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-04 18:28 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\LimeWire
2007-11-17 19:13 --------- d-----w C:\Program Files\Altap Salamander 2.5
2007-11-16 15:06 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-14 11:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-14 10:48 --------- d-----w C:\Program Files\Activision
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 20:50 --------- d-----w C:\Program Files\LimeWire
2007-11-09 00:04 2,621,440 ----a-w C:\WINDOWS\system32\drivers\SET7.tmp
2007-11-08 19:41 --------- d-----w C:\Program Files\Driving Test Complete
2007-11-08 19:20 --------- d-----w C:\Program Files\AMD
2007-11-06 17:28 --------- d-----w C:\Program Files\Alcohol Soft
2007-11-06 17:22 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-06 17:07 --------- d-----w C:\Program Files\PowerISO
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-24 15:28 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\dvdcss
2007-10-16 13:02 5,412 ----a-w C:\WINDOWS\system32\tmp.reg
2007-10-11 09:32 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:55 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:55 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 10:59 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-10-04 17:34 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-10-04 17:34 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-10-04 17:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-04 17:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-04 17:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-04 17:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-04 17:14 6,854,464 ----a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-10-04 17:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 17:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-04 17:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-04 17:14 5,783,424 ----a-w C:\WINDOWS\system32\dllcache\nv4_disp.dll
2007-10-04 17:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 17:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-04 17:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-04 17:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-04 17:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-04 17:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-04 17:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-04 17:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-04 17:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-04 17:14 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-04 17:14 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-10-04 17:14 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-10-04 17:14 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-10-04 17:14 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-10-04 17:14 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-10-03 23:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
2007-03-28 15:00 87,608 ----a-w C:\Documents and Settings\HP_Owner\Application Data\ezpinst.exe
2007-03-28 15:00 47,360 ----a-w C:\Documents and Settings\HP_Owner\Application Data\pcouffin.sys
2007-03-27 13:16 92,064 -c--a-w C:\Documents and Settings\HP_Owner\mqdmmdm.sys
2007-03-27 13:16 9,232 -c--a-w C:\Documents and Settings\HP_Owner\mqdmmdfl.sys
2007-03-27 13:16 79,328 -c--a-w C:\Documents and Settings\HP_Owner\mqdmserd.sys
2007-03-27 13:16 66,656 -c--a-w C:\Documents and Settings\HP_Owner\mqdmbus.sys
2007-03-27 13:16 6,208 -c--a-w C:\Documents and Settings\HP_Owner\mqdmcmnt.sys
2007-03-27 13:16 5,936 -c--a-w C:\Documents and Settings\HP_Owner\mqdmwhnt.sys
2007-03-27 13:16 4,048 -c--a-w C:\Documents and Settings\HP_Owner\mqdmcr.sys
2007-03-27 13:16 25,600 -c--a-w C:\Documents and Settings\HP_Owner\usbsermptxp.sys
2007-03-27 13:16 22,768 -c--a-w C:\Documents and Settings\HP_Owner\usbsermpt.sys
2005-05-12 06:36 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((( snapshot_2007-12-13_18.20.58.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-13 16:29:14 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2007-12-15 11:08:46 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
- 2007-12-13 16:29:13 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2007-12-15 11:08:46 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
- 2007-12-13 16:29:14 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2007-12-15 11:08:46 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2007-07-22 18:39:27 279,552 -c--a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 08:00:00 156,160 -c--a-w C:\WINDOWS\system32\swreg.exe
+ 2007-12-22 09:46:42 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_c0.dat
+ 2007-12-23 19:20:05 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_d328.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A82CA08-45C7-4D20-997D-35AEED4B130F}]
2007-12-11 08:31 253952 --a------ C:\WINDOWS\blopenvtrk.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 13:06]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 00:07 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-05-04 01:43 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-05-04 17:01 C:\WINDOWS\ALCWZRD.EXE]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 06:35]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-02 10:41]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2006-11-30 10:51]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-06 01:22]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"btbb_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [2007-08-22 12:34]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [2007-07-31 16:36]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 11:06]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 05:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-08-02 15:30 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 05:00 C:\WINDOWS\system32\rundll32.exe]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BT Broadband Desktop Help.lnk - C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe [2007-09-13 09:25:14]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-08-29 15:33:24]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 06:23:26]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"nopzet"= {30652AE8-DE23-41A4-B282-D7EFDFFE59C0} - C:\WINDOWS\nopzet.dll [2007-12-11 08:31 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\AirfoilInject.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 22:46 57344 --a--c--- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]
2006-07-31 20:00 19857408 --a--c--- C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 --a------ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iRiver Updater]
2004-07-01 21:20 212992 --a------ \Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-09-26 13:42 267064 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 12.0]
2007-07-31 16:36 2037088 --a------ C:\Program Files\Norton Ghost\Agent\VProTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2007-08-07 00:05 200704 --a------ C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-03-24 09:46 171448 --a--c--- C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
2006-07-21 16:19 129536 --a------ C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

R0 IFP700;iRiver Internet Audio Player IFP-700;C:\WINDOWS\system32\drivers\ifp700.sys [2004-03-29 16:28]
R2 Belkin Wireless USB Network Adapter Service;Belkin Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 16:08]
R2 v2imount;Symantec V2i Mount Driver;C:\WINDOWS\system32\DRIVERS\v2imount.sys [2007-03-28 19:29]
R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 14:47]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP;C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys [2007-03-27 13:16]
S3 wanusb;BT Voyager 100 ADSL Modem;C:\WINDOWS\system32\DRIVERS\gwausb.sys [2003-04-28 11:10]
S3 WimFltr;WimFltr;C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2007-03-28 19:49]

*Newly Created Service* - COMHOST
*Newly Created Service* - KSERVICE
.
Contents of the 'Scheduled Tasks' folder
"2007-12-04 09:25:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-21 20:00:09 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Owner.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 10:42:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

? [20700]
? [22944]
? [23420]

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\AirfoilInject.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\AirfoilInject.dll
.
Completion time: 2007-12-24 10:42:50
C:\ComboFix2.txt ... 2007-12-13 18:21
C:\ComboFix3.txt ... 2007-10-18 16:09
.
2007-12-13 16:40:40 --- E O F ---

12-24-2007, 06:57 AM	#4 (permalink)
gavhall316 Registered User Join Date: Dec 2007 Posts: 10 OS: WinXP SP2	Re: Slow and Pop Ups ComboFix 07-12-24.8 - HP_Owner 2007-12-24 10:35:29.3 - NTFSx86 Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\dat.txt C:\WINDOWS\search_res.txt . ((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 ))))))))))))))))))))))))))))))) . 2007-12-23 19:19 . 2007-12-23 19:19 <DIR> d-------- C:\Program Files\Kontiki 2007-12-23 19:18 . 2007-12-23 19:18 <DIR> d-------- C:\Program Files\Channel4 2007-12-23 19:18 . 2007-12-24 10:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kontiki 2007-12-23 19:18 . 2007-12-23 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Channel4 2007-12-19 13:46 . 2007-12-19 13:46 <DIR> d-------- C:\Program Files\DivX 2007-12-16 17:23 . 2007-12-16 17:23 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Lavasoft 2007-12-16 17:22 . 2007-12-16 17:22 <DIR> d-------- C:\Program Files\Lavasoft 2007-12-16 16:54 . 2007-12-23 14:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-16 16:54 . 2007-12-16 16:54 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-11 22:34 . 2007-12-11 22:34 1,044,480 --a--c--- C:\WINDOWS\system32\libdivx.dll 2007-12-11 22:34 . 2007-12-11 22:34 200,704 --a--c--- C:\WINDOWS\system32\ssldivx.dll 2007-12-11 16:40 . 2007-12-11 08:31 253,952 --a------ C:\WINDOWS\blopenvtrk.dll 2007-12-11 16:40 . 2007-12-11 08:31 192,512 --a------ C:\WINDOWS\nopzet.dll 2007-12-11 16:40 . 2007-12-11 08:31 143,360 --a------ C:\WINDOWS\jokvip.exe 2007-12-09 17:40 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll 2007-12-09 17:40 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll 2007-12-09 17:40 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll 2007-11-30 10:49 . 2007-12-11 12:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk 2007-11-29 23:35 . 2007-11-30 11:01 <DIR> d-------- C:\Program Files\DVDFab Platinum 4 2007-11-29 20:00 . 2007-11-29 20:00 <DIR> d-------- C:\Program Files\DVD Shrink 2007-11-29 20:00 . 2007-11-29 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-11-29 18:19 . 2007-11-29 18:19 <DIR> d-------- C:\Program Files\AviSynth 2.5 2007-11-29 18:19 . 2007-11-29 18:19 43,698 --a------ C:\WINDOWS\system32\xvid-uninstall.exe 2007-11-29 18:16 . 2007-11-29 18:16 <DIR> d-------- C:\Program Files\Gabest 2007-11-29 18:15 . 2007-11-29 18:19 <DIR> d-------- C:\Program Files\AutoGK 2007-11-29 17:50 . 2007-11-29 17:50 <DIR> d-------- C:\New Folder 2007-11-24 12:31 . 2007-11-24 12:31 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Microsoft Games 2007-11-24 11:44 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2007-11-24 11:44 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2007-11-24 11:44 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2007-11-24 10:48 . 2007-11-24 10:48 <DIR> d-------- C:\Program Files\Microsoft Games . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-24 10:35 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\uTorrent 2007-12-24 10:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-12-23 18:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-12-23 10:34 --------- d-----w C:\Program Files\SUPERAntiSpyware 2007-12-20 18:19 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Vso 2007-12-13 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-12-07 19:25 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\iPhoneRingToneMaker 2007-12-07 11:48 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-04 18:28 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\LimeWire 2007-11-17 19:13 --------- d-----w C:\Program Files\Altap Salamander 2.5 2007-11-16 15:06 --------- d-----w C:\Program Files\Norton Internet Security 2007-11-14 11:10 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-14 10:48 --------- d-----w C:\Program Files\Activision 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-10 20:50 --------- d-----w C:\Program Files\LimeWire 2007-11-09 00:04 2,621,440 ----a-w C:\WINDOWS\system32\drivers\SET7.tmp 2007-11-08 19:41 --------- d-----w C:\Program Files\Driving Test Complete 2007-11-08 19:20 --------- d-----w C:\Program Files\AMD 2007-11-06 17:28 --------- d-----w C:\Program Files\Alcohol Soft 2007-11-06 17:22 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-11-06 17:07 --------- d-----w C:\Program Files\PowerISO 2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-24 15:28 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\dvdcss 2007-10-16 13:02 5,412 ----a-w C:\WINDOWS\system32\tmp.reg 2007-10-11 09:32 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-10-10 23:56 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll 2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-10-10 23:55 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll 2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-10-10 23:55 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll 2007-10-10 23:55 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll 2007-10-10 23:55 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-10-10 23:55 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-10-10 23:55 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll 2007-10-10 23:55 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll 2007-10-10 23:55 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll 2007-10-10 10:59 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-10-10 10:59 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-10-04 17:34 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-10-04 17:34 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe 2007-10-04 17:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-10-04 17:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-10-04 17:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-10-04 17:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-10-04 17:14 6,854,464 ----a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys 2007-10-04 17:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-10-04 17:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-10-04 17:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-10-04 17:14 5,783,424 ----a-w C:\WINDOWS\system32\dllcache\nv4_disp.dll 2007-10-04 17:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-10-04 17:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-10-04 17:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-10-04 17:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-10-04 17:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-10-04 17:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-10-04 17:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-10-04 17:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-10-04 17:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-10-04 17:14 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-10-04 17:14 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-10-04 17:14 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll 2007-10-04 17:14 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-10-04 17:14 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe 2007-10-04 17:14 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll 2007-10-03 23:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe 2007-03-28 15:00 87,608 ----a-w C:\Documents and Settings\HP_Owner\Application Data\ezpinst.exe 2007-03-28 15:00 47,360 ----a-w C:\Documents and Settings\HP_Owner\Application Data\pcouffin.sys 2007-03-27 13:16 92,064 -c--a-w C:\Documents and Settings\HP_Owner\mqdmmdm.sys 2007-03-27 13:16 9,232 -c--a-w C:\Documents and Settings\HP_Owner\mqdmmdfl.sys 2007-03-27 13:16 79,328 -c--a-w C:\Documents and Settings\HP_Owner\mqdmserd.sys 2007-03-27 13:16 66,656 -c--a-w C:\Documents and Settings\HP_Owner\mqdmbus.sys 2007-03-27 13:16 6,208 -c--a-w C:\Documents and Settings\HP_Owner\mqdmcmnt.sys 2007-03-27 13:16 5,936 -c--a-w C:\Documents and Settings\HP_Owner\mqdmwhnt.sys 2007-03-27 13:16 4,048 -c--a-w C:\Documents and Settings\HP_Owner\mqdmcr.sys 2007-03-27 13:16 25,600 -c--a-w C:\Documents and Settings\HP_Owner\usbsermptxp.sys 2007-03-27 13:16 22,768 -c--a-w C:\Documents and Settings\HP_Owner\usbsermpt.sys 2005-05-12 06:36 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll . ((((((((((((((((((((((((((((( snapshot_2007-12-13_18.20.58.42 ))))))))))))))))))))))))))))))))))))))))) . - 2007-12-13 16:29:14 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe + 2007-12-15 11:08:46 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe - 2007-12-13 16:29:13 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2007-12-15 11:08:46 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe - 2007-12-13 16:29:14 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe + 2007-12-15 11:08:46 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe - 2007-07-22 18:39:27 279,552 -c--a-w C:\WINDOWS\system32\swreg.exe + 2000-08-31 08:00:00 156,160 -c--a-w C:\WINDOWS\system32\swreg.exe + 2007-12-22 09:46:42 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_c0.dat + 2007-12-23 19:20:05 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_d328.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A82CA08-45C7-4D20-997D-35AEED4B130F}] 2007-12-11 08:31 253952 --a------ C:\WINDOWS\blopenvtrk.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 13:06] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49] "kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 00:07 C:\WINDOWS\system32\HdAShCut.exe] "SoundMan"="SOUNDMAN.EXE" [2005-05-04 01:43 C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2005-05-04 17:01 C:\WINDOWS\ALCWZRD.EXE] "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 06:35] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-02 10:41] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24] "btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2006-11-30 10:51] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53] "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-06 01:22] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47] "btbb_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [2007-08-22 12:34] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24] "Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [2007-07-31 16:36] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] "amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 11:06] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 05:00 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2005-08-02 15:30 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 05:00 C:\WINDOWS\system32\rundll32.exe] "4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ BT Broadband Desktop Help.lnk - C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe [2007-09-13 09:25:14] BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-08-29 15:33:24] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 06:23:26] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "nopzet"= {30652AE8-DE23-41A4-B282-D7EFDFFE59C0} - C:\WINDOWS\nopzet.dll [2007-12-11 08:31 192512] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\WINDOWS\system32\AirfoilInject.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-06-06 22:46 57344 --a--c--- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client] 2006-07-31 20:00 19857408 --a--c--- C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 23:47 31016 --a------ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iRiver Updater] 2004-07-01 21:20 212992 --a------ \Updater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-09-26 13:42 267064 --a------ C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 12.0] 2007-07-31 16:36 2037088 --a------ C:\Program Files\Norton Ghost\Agent\VProTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2007-08-07 00:05 200704 --a------ C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-03-24 09:46 171448 --a--c--- C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser] 2006-07-21 16:19 129536 --a------ C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe R0 IFP700;iRiver Internet Audio Player IFP-700;C:\WINDOWS\system32\drivers\ifp700.sys [2004-03-29 16:28] R2 Belkin Wireless USB Network Adapter Service;Belkin Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 16:08] R2 v2imount;Symantec V2i Mount Driver;C:\WINDOWS\system32\DRIVERS\v2imount.sys [2007-03-28 19:29] R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 14:47] S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01] S3 usbsermptxp;Motorola USB Modem Driver for MPT XP;C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys [2007-03-27 13:16] S3 wanusb;BT Voyager 100 ADSL Modem;C:\WINDOWS\system32\DRIVERS\gwausb.sys [2003-04-28 11:10] S3 WimFltr;WimFltr;C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2007-03-28 19:49] Newly Created Service - COMHOST Newly Created Service - KSERVICE . Contents of the 'Scheduled Tasks' folder "2007-12-04 09:25:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-21 20:00:09 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Owner.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK: . ************************************************************************ catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-24 10:42:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... ? [20700] ? [22944] ? [23420] scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\AirfoilInject.dll PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180] -> C:\WINDOWS\system32\AirfoilInject.dll . Completion time: 2007-12-24 10:42:50 C:\ComboFix2.txt ... 2007-12-13 18:21 C:\ComboFix3.txt ... 2007-10-18 16:09 . 2007-12-13 16:40:40 --- E O F ---