Tech Support Forum - View Single Post - Pop-ups keep coming !!!

Tps.llc · 01-25-2008, 03:56 PM

Ok the file is on it's way and here is report.

ComboFix 08-01-23.1C - Kallen's 2008-01-25 16:51:53.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511 [GMT -6:00]
Running from: C:\Documents and Settings\Kallen's\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kallen's\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\Kallen's\12630
C:\Documents and Settings\Kallen's\26928
C:\Documents and Settings\Kallen's\5383
C:\Documents and Settings\Kallen's\6046
C:\Documents and Settings\Kallen's\7424
C:\Documents and Settings\Kallen's\msftp.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Kallen's\2118
C:\Documents and Settings\Kallen's\7417

.
((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))
.

2008-01-25 16:45 . 2008-01-25 16:45 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-23 19:06 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-01-23 19:06 . 2007-04-10 03:09 211 --a------ C:\Boot.bak
2008-01-23 19:03 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-21 14:43 . 2008-01-21 14:43 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-17 15:25 . 2008-01-17 15:25 <DIR> d-------- C:\ie-spyad_zo
2008-01-16 19:05 . 2008-01-16 19:05 <DIR> d-------- C:\Deckard
2008-01-16 18:52 . 2008-01-16 18:55 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-16 16:23 . 2008-01-16 18:30 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-16 16:23 . 2008-01-16 16:33 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-16 16:23 . 2008-01-16 16:33 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-16 16:23 . 2008-01-16 16:33 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-15 03:10 . 2008-01-15 14:30 3,412 --a------ C:\ntboot

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 22:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-20 13:13 --------- d-----w C:\Program Files\Google
2008-01-20 13:00 --------- d-----w C:\Program Files\Paint Shop Pro 6
2008-01-20 12:54 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
2008-01-20 12:52 --------- d-----w C:\Program Files\The Learning Company
2008-01-16 23:49 --------- d-----w C:\Program Files\System Soap Pro
2008-01-16 23:37 --------- d-----w C:\Program Files\Norton 360
2008-01-16 23:31 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-12 16:46 --------- d-----w C:\Program Files\Click'N Design 3D (V5)
2007-12-19 20:05 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-12-15 22:22 --------- d-----w C:\Program Files\BIAS
2007-12-15 21:54 --------- d-----w C:\Program Files\proDAD
2007-12-15 21:36 --------- d-----w C:\Program Files\AdorageI-GfxDatas
2007-12-15 21:35 --------- d-----w C:\Program Files\AdorageI-SAL
2007-12-15 21:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-15 21:01 --------- d-----w C:\Program Files\Pinnacle
2007-12-15 12:32 --------- d-----w C:\Program Files\AIM
2007-12-15 12:31 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-14 17:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-11 10:18 --------- d-----w C:\Program Files\Sonic Foundry
2007-12-09 12:04 --------- d-----w C:\Program Files\Pure Motion
2007-12-09 12:04 --------- d-----w C:\Program Files\DebugMode
2007-12-05 21:42 160,297 ----a-w C:\WINDOWS\Sqirlz Morph Uninstaller.exe
2007-12-05 21:42 --------- d-----w C:\Program Files\Sqirlz Morph
2007-12-05 08:40 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-05 08:40 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-05 08:40 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-05 08:40 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-05 08:40 --------- d-----w C:\Program Files\Symantec
2007-12-01 05:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 05:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 05:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 05:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 05:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 05:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 05:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-23_19.46.58.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-24 01:04:07 1,425,408 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-25 22:51:29 1,433,600 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-24 01:04:07 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-25 22:51:30 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-24 01:04:07 1,421,312 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-25 22:51:30 1,425,408 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-24 01:04:07 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-25 22:51:30 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-24 01:04:07 10,248,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-25 22:51:30 10,268,672 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-24 01:04:07 204,800 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-25 22:51:30 204,800 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-25 20:44:05 4,386 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{72185751-3B53-4E9A-9F06-7E260E790A49}.bin
- 2008-01-24 01:21:13 73,668 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-25 21:42:56 73,668 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-24 01:21:13 448,774 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-25 21:42:56 448,774 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 03:40 218032]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"@"="C:\Program Files\Internet Explorer\iexplore.exe" [2007-10-10 04:59 625152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 11:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 11:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 11:50 114688]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [ ]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 03:40 218032]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 03:40 86960]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 03:20 122940]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 17:05 1117184]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-01-05 01:27 176128]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18 241664]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 19:09 842584]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 21:31:38 241664]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 22

36 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2006-12-20 13:05 227328 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2007-05-15 08:14 214560 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe

S1 mp32;mp3 audio;C:\WINDOWS\system32\dxdss.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-12-27 18:33:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-25 09:30:00 C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job"
- C:\Program Files\RegSweep\RegSweep.ex
- C:\Program Files\RegSweep
"2008-01-13 17:26:00 C:\WINDOWS\Tasks\WebReg 20060802112613.job"
- c:\Program Files\HP\Digital Imaging\bin\hpqwrg.exeX/TaskName 20060802112613 /N
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 16:56:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-25 16:57:42
ComboFix-quarantined-files.txt 2008-01-25 22:57:40
ComboFix2.txt 2008-01-25 20:56:58
.
2008-01-24 00:33:09 --- E O F ---

01-25-2008, 03:56 PM	#23 (permalink)
Tps.llc Registered User Join Date: Jan 2008 Location: Midwest N.W Indiana Posts: 45 OS: XP sp2	Re: Pop-ups keep coming !!! Ok the file is on it's way and here is report. ComboFix 08-01-23.1C - Kallen's 2008-01-25 16:51:53.6 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511 [GMT -6:00] Running from: C:\Documents and Settings\Kallen's\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Kallen's\Desktop\CFScript.txt * Created a new restore point FILE C:\Documents and Settings\Kallen's\12630 C:\Documents and Settings\Kallen's\26928 C:\Documents and Settings\Kallen's\5383 C:\Documents and Settings\Kallen's\6046 C:\Documents and Settings\Kallen's\7424 C:\Documents and Settings\Kallen's\msftp.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Kallen's\2118 C:\Documents and Settings\Kallen's\7417 . ((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 ))))))))))))))))))))))))))))))) . 2008-01-25 16:45 . 2008-01-25 16:45 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-01-23 19:06 . 2004-08-03 23:00 260,272 --a------ C:\cmldr 2008-01-23 19:06 . 2007-04-10 03:09 211 --a------ C:\Boot.bak 2008-01-23 19:03 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-21 14:43 . 2008-01-21 14:43 <DIR> d-------- C:\Program Files\Lavasoft 2008-01-17 15:25 . 2008-01-17 15:25 <DIR> d-------- C:\ie-spyad_zo 2008-01-16 19:05 . 2008-01-16 19:05 <DIR> d-------- C:\Deckard 2008-01-16 18:52 . 2008-01-16 18:55 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-01-16 16:23 . 2008-01-16 18:30 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2008-01-16 16:23 . 2008-01-16 16:33 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-01-16 16:23 . 2008-01-16 16:33 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-01-16 16:23 . 2008-01-16 16:33 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-01-15 03:10 . 2008-01-15 14:30 3,412 --a------ C:\ntboot . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-25 22:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-20 13:13 --------- d-----w C:\Program Files\Google 2008-01-20 13:00 --------- d-----w C:\Program Files\Paint Shop Pro 6 2008-01-20 12:54 --------- d-----w C:\Program Files\Common Files\Sandlot Shared 2008-01-20 12:52 --------- d-----w C:\Program Files\The Learning Company 2008-01-16 23:49 --------- d-----w C:\Program Files\System Soap Pro 2008-01-16 23:37 --------- d-----w C:\Program Files\Norton 360 2008-01-16 23:31 --------- d-----w C:\Program Files\Microsoft IntelliPoint 2008-01-12 16:46 --------- d-----w C:\Program Files\Click'N Design 3D (V5) 2007-12-19 20:05 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys 2007-12-15 22:22 --------- d-----w C:\Program Files\BIAS 2007-12-15 21:54 --------- d-----w C:\Program Files\proDAD 2007-12-15 21:36 --------- d-----w C:\Program Files\AdorageI-GfxDatas 2007-12-15 21:35 --------- d-----w C:\Program Files\AdorageI-SAL 2007-12-15 21:07 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-15 21:01 --------- d-----w C:\Program Files\Pinnacle 2007-12-15 12:32 --------- d-----w C:\Program Files\AIM 2007-12-15 12:31 --------- d-----w C:\Program Files\Common Files\AOL 2007-12-14 17:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-12-11 10:18 --------- d-----w C:\Program Files\Sonic Foundry 2007-12-09 12:04 --------- d-----w C:\Program Files\Pure Motion 2007-12-09 12:04 --------- d-----w C:\Program Files\DebugMode 2007-12-05 21:42 160,297 ----a-w C:\WINDOWS\Sqirlz Morph Uninstaller.exe 2007-12-05 21:42 --------- d-----w C:\Program Files\Sqirlz Morph 2007-12-05 08:40 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-12-05 08:40 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-12-05 08:40 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-12-05 08:40 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-12-05 08:40 --------- d-----w C:\Program Files\Symantec 2007-12-01 05:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys 2007-12-01 05:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys 2007-12-01 05:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys 2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-12-01 05:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-12-01 05:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-12-01 05:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-12-01 05:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll . ((((((((((((((((((((((((((((( snapshot@2008-01-23_19.46.58.68 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-24 01:04:07 1,425,408 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT + 2008-01-25 22:51:29 1,433,600 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT - 2008-01-24 01:04:07 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat + 2008-01-25 22:51:30 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat - 2008-01-24 01:04:07 1,421,312 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT + 2008-01-25 22:51:30 1,425,408 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT - 2008-01-24 01:04:07 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat + 2008-01-25 22:51:30 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat - 2008-01-24 01:04:07 10,248,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT + 2008-01-25 22:51:30 10,268,672 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT - 2008-01-24 01:04:07 204,800 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat + 2008-01-25 22:51:30 204,800 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat + 2008-01-25 20:44:05 4,386 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{72185751-3B53-4E9A-9F06-7E260E790A49}.bin - 2008-01-24 01:21:13 73,668 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-01-25 21:42:56 73,668 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-01-24 01:21:13 448,774 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-01-25 21:42:56 448,774 ----a-w C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 03:40 218032] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "@"="C:\Program Files\Internet Explorer\iexplore.exe" [2007-10-10 04:59 625152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 11:49 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 11:46 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 11:50 114688] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [ ] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 03:40 218032] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 03:40 86960] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 03:20 122940] "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 17:05 1117184] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-01-05 01:27 176128] "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18 241664] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 19:09 842584] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 21:31:38 241664] HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 2236 53248] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] C:\Program Files\AIM\aim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] C:\Program Files\AIM6\aim6.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] --a------ 2006-12-20 13:05 227328 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] --a------ 2007-05-15 08:14 214560 C:\Program Files\Real\RealPlayer\RealPlay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe S1 mp32;mp3 audio;C:\WINDOWS\system32\dxdss.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe -a Newly Created Service - COMHOST . Contents of the 'Scheduled Tasks' folder "2007-12-27 18:33:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-01-25 09:30:00 C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job" - C:\Program Files\RegSweep\RegSweep.ex - C:\Program Files\RegSweep "2008-01-13 17:26:00 C:\WINDOWS\Tasks\WebReg 20060802112613.job" - c:\Program Files\HP\Digital Imaging\bin\hpqwrg.exeX/TaskName 20060802112613 /N . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-25 16:56:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-01-25 16:57:42 ComboFix-quarantined-files.txt 2008-01-25 22:57:40 ComboFix2.txt 2008-01-25 20:56:58 . 2008-01-24 00:33:09 --- E O F ---