Tech Support Forum - View Single Post - help please? computer wont shut down/restart and some error

traviis · 05-13-2008, 11:55 AM

i would of sticked with one but this one was made september last year wasnt sure if i should reuse it or not. =/
i dont have a psp disk, that was the old problem :P the current one is windvd, this happened like 3-4 times already. the psp came pre-installed on my computer when i got it over 2 years ago. anyways i already ran Combofix yesterday, i'll see if i still have the log
also- uninstalling the program does not work, the installer thing will just skip to another program. like i said this has happened before and i believe last time i followed what the person said the problem was fixed, the others i just reformatted the computer but i have ALOT of pics and videos on it right now that i dont want to lose and my 60gb external drive is full. thanks :]

ok here it is

ComboFix 08-05-11.1 - travis 2008-05-12 14:23:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.109 [GMT -4:00]
Running from: C:\Documents and Settings\travis\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))
.

2008-05-12 06:12 . 2008-05-12 06:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-11 04:37 . 2008-05-11 04:37 <DIR> d-------- C:\_OTMoveIt
2008-05-07 02:50 . 2008-05-07 02:50 <DIR> d-------- C:\Program Files\Switch Off
2008-05-05 21:01 . 2008-05-05 21:01 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-05-01 16:38 . 2008-05-01 16:39 <DIR> d-------- C:\Program Files\Neopets
2008-05-01 16:38 . 2008-05-01 16:38 <DIR> d-------- C:\Documents and Settings\travis\Application Data\Neopets Toolbar
2008-04-24 17:37 . 2008-04-24 17:37 <DIR> d-------- C:\Program Files\COMODO
2008-04-24 17:37 . 2008-04-24 17:37 <DIR> d-------- C:\Documents and Settings\travis\Application Data\Comodo
2008-04-24 17:37 . 2008-04-24 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-04-24 17:37 . 2008-04-24 17:37 139,008 --a------ C:\WINDOWS\system32\guard32.dll
2008-04-24 17:37 . 2008-04-24 17:37 87,312 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-04-24 17:37 . 2008-04-24 17:37 23,824 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-04-24 02:19 . 2008-05-12 14:19 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-23 04:39 . 2008-05-04 01:26 <DIR> d-------- C:\Temp
2008-04-23 04:04 . 2008-04-23 04:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-04-23 02:37 . 2008-04-23 02:39 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-04-23 02:37 . 2008-04-24 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-22 17:14 . 2008-04-22 17:14 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-04-22 01:41 . 2008-04-22 01:41 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-22 01:41 . 2008-04-22 01:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-22 00:57 . 2008-04-22 01:12 <DIR> d-------- C:\Documents and Settings\travis\Application Data\Ulead Systems
2008-04-22 00:55 . 2008-04-22 00:55 <DIR> d-------- C:\Documents and Settings\travis\Application Data\InstallShield
2008-04-22 00:52 . 2008-04-22 00:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InterVideo
2008-04-22 00:52 . 2007-03-06 11:58 210,456 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-04-22 00:52 . 2007-03-06 11:58 206,360 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-04-22 00:52 . 2007-03-06 11:58 198,168 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-04-22 00:52 . 2007-03-06 11:58 198,168 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-04-22 00:52 . 2007-03-06 11:58 194,072 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-04-22 00:52 . 2007-03-06 11:58 26,136 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-04-22 00:48 . 2008-04-22 00:48 <DIR> d-------- C:\Program Files\Ulead Systems
2008-04-22 00:48 . 2008-04-22 00:49 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-04-22 00:48 . 2008-04-22 00:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-04-19 02:51 . 2008-05-11 05:43 526 --a------ C:\WINDOWS\system\Cmicnfg3.ini
2008-04-18 19:02 . 2008-04-19 02:49 <DIR> d-------- C:\Program Files\AUZEN X-Plosion 7.1
2008-04-18 19:02 . 2008-03-03 18:25 1,405,632 --a------ C:\WINDOWS\system32\drivers\cmudax3.sys
2008-04-18 19:02 . 2007-02-26 20:30 36,864 --a------ C:\WINDOWS\system32\cmudax3.DLL
2008-04-18 01:42 . 2008-04-18 01:42 <DIR> d-------- C:\Documents and Settings\travis\Application Data\Grisoft
2008-04-18 01:41 . 2008-04-18 01:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-18 01:41 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-13 23:59 . 2008-04-14 00:01 <DIR> d-------- C:\Program Files\MediaMonkey
2008-04-13 21:43 . 2008-04-17 05:30 <DIR> d-------- C:\Program Files\AutoShutdown

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 10:40 --------- d-----w C:\Documents and Settings\travis\Application Data\LimeWire
2008-05-12 09:16 --------- d-----w C:\Documents and Settings\travis\Application Data\uTorrent
2008-05-11 07:20 --------- d-----w C:\Program Files\Xvid
2008-05-11 07:20 --------- d-----w C:\Program Files\Modem On Hold
2008-05-11 07:20 --------- d-----w C:\Program Files\Modem Helper
2008-05-11 07:20 --------- d-----w C:\Program Files\Magic Video Converter
2008-05-11 07:20 --------- d-----w C:\Program Files\LimeWire
2008-05-11 07:20 --------- d-----w C:\Program Files\DivX
2008-05-07 06:54 --------- d-----w C:\Program Files\Jasc Software Inc
2008-05-06 22:29 --------- d-----w C:\Program Files\Last.fm
2008-05-06 01:01 --------- d-----w C:\Program Files\Common Files\Real
2008-05-06 01:00 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-30 00:16 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-29 22:31 --------- d-----w C:\Program Files\Avant Browser
2008-04-23 08:09 --------- d-----w C:\Program Files\Xilisoft
2008-04-23 06:37 --------- d-----w C:\Program Files\Nero
2008-04-22 20:27 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-04-22 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-04-22 05:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-22 04:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-07 21:55 --------- d-----w C:\Program Files\On2 Technologies
2008-04-06 04:30 --------- d-----w C:\Program Files\Common Files\NSV
2008-04-05 06:40 --------- d-----w C:\Program Files\Winamp
2008-04-05 06:37 --------- d-----w C:\Documents and Settings\travis\Application Data\Winamp
2008-04-04 20:35 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-04 20:33 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-04 14:36 --------- d-----w C:\Documents and Settings\travis\Application Data\U3
2008-04-01 06:11 --------- d-----w C:\Program Files\iTunes
2008-04-01 06:06 --------- d-----w C:\Program Files\iPod
2008-03-31 03:15 --------- d-----w C:\Program Files\MagicISO
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-15 21:19 --------- d-----w C:\Documents and Settings\travis\Application Data\Corel
2008-03-14 01:29 --------- d-----w C:\Program Files\Java
2008-03-06 22:59 274,432 ----a-w C:\WINDOWS\CmiPCIUninstall.exe
2008-03-01 22:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-26 20:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 12:09 460784]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 20:42 1404928]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12 221184]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-20 18:34 213936]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 18:34 86960]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02 86016]
"CmPCIaudio"="CMICNFG3.cpl" []
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 14:49 36352]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 13:55 341232]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-04-24 17:37 1572608]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-05 21:00 185896]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 13:00 531272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\guard32.dll
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Avant Browser\\avant.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-04-24 17:37]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-04-24 17:37]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 06:00]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2007-12-30 04:24]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5df63d3-c920-11dc-92a4-0013208872a9}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-10 00:01:07 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-05-05 23:54:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 14:28:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-05-12 14:31:57
ComboFix-quarantined-files.txt 2008-05-12 18:31:37

Pre-Run: 2,258,624,512 bytes free
Post-Run: 2,283,388,928 bytes free

200 --- E O F --- 2008-04-11 07:09:28

05-13-2008, 11:55 AM	#10 (permalink)
traviis Registered User Join Date: Mar 2007 Posts: 24 OS: xp	Re: help please? computer wont shut down/restart and some error i would of sticked with one but this one was made september last year wasnt sure if i should reuse it or not. =/ i dont have a psp disk, that was the old problem :P the current one is windvd, this happened like 3-4 times already. the psp came pre-installed on my computer when i got it over 2 years ago. anyways i already ran Combofix yesterday, i'll see if i still have the log also- uninstalling the program does not work, the installer thing will just skip to another program. like i said this has happened before and i believe last time i followed what the person said the problem was fixed, the others i just reformatted the computer but i have ALOT of pics and videos on it right now that i dont want to lose and my 60gb external drive is full. thanks :] ok here it is ComboFix 08-05-11.1 - travis 2008-05-12 14:23:15.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.109 [GMT -4:00] Running from: C:\Documents and Settings\travis\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . E:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 ))))))))))))))))))))))))))))))) . 2008-05-12 06:12 . 2008-05-12 06:12 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-11 04:37 . 2008-05-11 04:37 <DIR> d-------- C:\_OTMoveIt 2008-05-07 02:50 . 2008-05-07 02:50 <DIR> d-------- C:\Program Files\Switch Off 2008-05-05 21:01 . 2008-05-05 21:01 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-05-01 16:38 . 2008-05-01 16:39 <DIR> d-------- C:\Program Files\Neopets 2008-05-01 16:38 . 2008-05-01 16:38 <DIR> d-------- C:\Documents and Settings\travis\Application Data\Neopets Toolbar 2008-04-24 17:37 . 2008-04-24 17:37 <DIR> d-------- C:\Program Files\COMODO 2008-04-24 17:37 . 2008-04-24 17:37 <DIR> d-------- C:\Documents and Settings\travis\Application Data\Comodo 2008-04-24 17:37 . 2008-04-24 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo 2008-04-24 17:37 . 2008-04-24 17:37 139,008 --a------ C:\WINDOWS\system32\guard32.dll 2008-04-24 17:37 . 2008-04-24 17:37 87,312 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys 2008-04-24 17:37 . 2008-04-24 17:37 23,824 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys 2008-04-24 02:19 . 2008-05-12 14:19 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-04-23 04:39 . 2008-05-04 01:26 <DIR> d-------- C:\Temp 2008-04-23 04:04 . 2008-04-23 04:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-04-23 02:37 . 2008-04-23 02:39 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-04-23 02:37 . 2008-04-24 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-04-22 17:14 . 2008-04-22 17:14 <DIR> d-------- C:\Program Files\NeroInstall.bak 2008-04-22 01:41 . 2008-04-22 01:41 <DIR> d-------- C:\Program Files\Lavasoft 2008-04-22 01:41 . 2008-04-22 01:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-22 00:57 . 2008-04-22 01:12 <DIR> d-------- C:\Documents and Settings\travis\Application Data\Ulead Systems 2008-04-22 00:55 . 2008-04-22 00:55 <DIR> d-------- C:\Documents and Settings\travis\Application Data\InstallShield 2008-04-22 00:52 . 2008-04-22 00:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InterVideo 2008-04-22 00:52 . 2007-03-06 11:58 210,456 --a------ C:\WINDOWS\system32\IVIresizeW7.dll 2008-04-22 00:52 . 2007-03-06 11:58 206,360 --a------ C:\WINDOWS\system32\IVIresizeA6.dll 2008-04-22 00:52 . 2007-03-06 11:58 198,168 --a------ C:\WINDOWS\system32\IVIresizeP6.dll 2008-04-22 00:52 . 2007-03-06 11:58 198,168 --a------ C:\WINDOWS\system32\IVIresizeM6.dll 2008-04-22 00:52 . 2007-03-06 11:58 194,072 --a------ C:\WINDOWS\system32\IVIresizePX.dll 2008-04-22 00:52 . 2007-03-06 11:58 26,136 --a------ C:\WINDOWS\system32\IVIresize.dll 2008-04-22 00:48 . 2008-04-22 00:48 <DIR> d-------- C:\Program Files\Ulead Systems 2008-04-22 00:48 . 2008-04-22 00:49 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems 2008-04-22 00:48 . 2008-04-22 00:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems 2008-04-19 02:51 . 2008-05-11 05:43 526 --a------ C:\WINDOWS\system\Cmicnfg3.ini 2008-04-18 19:02 . 2008-04-19 02:49 <DIR> d-------- C:\Program Files\AUZEN X-Plosion 7.1 2008-04-18 19:02 . 2008-03-03 18:25 1,405,632 --a------ C:\WINDOWS\system32\drivers\cmudax3.sys 2008-04-18 19:02 . 2007-02-26 20:30 36,864 --a------ C:\WINDOWS\system32\cmudax3.DLL 2008-04-18 01:42 . 2008-04-18 01:42 <DIR> d-------- C:\Documents and Settings\travis\Application Data\Grisoft 2008-04-18 01:41 . 2008-04-18 01:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-04-18 01:41 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-04-13 23:59 . 2008-04-14 00:01 <DIR> d-------- C:\Program Files\MediaMonkey 2008-04-13 21:43 . 2008-04-17 05:30 <DIR> d-------- C:\Program Files\AutoShutdown . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-12 10:40 --------- d-----w C:\Documents and Settings\travis\Application Data\LimeWire 2008-05-12 09:16 --------- d-----w C:\Documents and Settings\travis\Application Data\uTorrent 2008-05-11 07:20 --------- d-----w C:\Program Files\Xvid 2008-05-11 07:20 --------- d-----w C:\Program Files\Modem On Hold 2008-05-11 07:20 --------- d-----w C:\Program Files\Modem Helper 2008-05-11 07:20 --------- d-----w C:\Program Files\Magic Video Converter 2008-05-11 07:20 --------- d-----w C:\Program Files\LimeWire 2008-05-11 07:20 --------- d-----w C:\Program Files\DivX 2008-05-07 06:54 --------- d-----w C:\Program Files\Jasc Software Inc 2008-05-06 22:29 --------- d-----w C:\Program Files\Last.fm 2008-05-06 01:01 --------- d-----w C:\Program Files\Common Files\Real 2008-05-06 01:00 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-04-30 00:16 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-04-29 22:31 --------- d-----w C:\Program Files\Avant Browser 2008-04-23 08:09 --------- d-----w C:\Program Files\Xilisoft 2008-04-23 06:37 --------- d-----w C:\Program Files\Nero 2008-04-22 20:27 --------- d-----w C:\Program Files\Common Files\InterVideo 2008-04-22 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro 2008-04-22 05:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-22 04:52 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-07 21:55 --------- d-----w C:\Program Files\On2 Technologies 2008-04-06 04:30 --------- d-----w C:\Program Files\Common Files\NSV 2008-04-05 06:40 --------- d-----w C:\Program Files\Winamp 2008-04-05 06:37 --------- d-----w C:\Documents and Settings\travis\Application Data\Winamp 2008-04-04 20:35 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-04-04 20:33 --------- d-----w C:\Program Files\Microsoft.NET 2008-04-04 14:36 --------- d-----w C:\Documents and Settings\travis\Application Data\U3 2008-04-01 06:11 --------- d-----w C:\Program Files\iTunes 2008-04-01 06:06 --------- d-----w C:\Program Files\iPod 2008-03-31 03:15 --------- d-----w C:\Program Files\MagicISO 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-15 21:19 --------- d-----w C:\Documents and Settings\travis\Application Data\Corel 2008-03-14 01:29 --------- d-----w C:\Program Files\Java 2008-03-06 22:59 274,432 ----a-w C:\WINDOWS\CmiPCIUninstall.exe 2008-03-01 22:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-02-26 20:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 12:09 460784] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 20:42 1404928] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12 221184] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-20 18:34 213936] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 18:34 86960] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02 86016] "CmPCIaudio"="CMICNFG3.cpl" [] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 14:49 36352] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312] "UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 13:55 341232] "COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-04-24 17:37 1572608] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-05 21:00 185896] "Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 13:00 531272] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\WINDOWS\system32\guard32.dll "LoadAppInit_DLLs"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "VIDC.YV12"= yv12vfw.dll "msacm.divxa32"= divxa32.acm "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\Avant Browser\\avant.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-04-24 17:37] R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-04-24 17:37] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 06:00] R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2007-12-30 04:24] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5df63d3-c920-11dc-92a4-0013208872a9}] \Shell\AutoRun\command - E:\LaunchU3.exe -a Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-05-10 00:01:07 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2008\OneClick.exe "2008-05-05 23:54:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-12 14:28:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\guard32.dll PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\WINDOWS\system32\guard32.dll . Completion time: 2008-05-12 14:31:57 ComboFix-quarantined-files.txt 2008-05-12 18:31:37 Pre-Run: 2,258,624,512 bytes free Post-Run: 2,283,388,928 bytes free 200 --- E O F --- 2008-04-11 07:09:28 Last edited by traviis; 05-13-2008 at 12:03 PM.