Tech Support Forum - View Single Post - random pop ups tried spybot and kaspersky still get pop ups

MyDingo21 · 03-06-2007, 08:28 AM

i didn't have problems with the regfix. i thought it worked. here is the combofix

"Admin" - 07-03-06 9:22:41 Service Pack 2
ComboFix 07-03-05.2_PreRelease - Running from: "C:\Documents and Settings\Admin\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\hosts

((((((((((((((((((((((((((((((( Files Created from 2007-02-06 to 2007-03-06 ))))))))))))))))))))))))))))))))))

2007-03-06 08:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SlySoft
2007-03-06 08:30 <DIR> d-------- C:\Program Files\AC3Filter
2007-03-06 08:19 <DIR> d-------- C:\Program Files\GSpot
2007-03-05 18:23 <DIR> d-------- C:\Program Files\PeerGuardian2
2007-03-05 17:09 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-03-02 18:36 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-03-02 16:40 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-28 18:10 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-02-28 18:10 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-02-28 18:10 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-02-28 18:10 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-02-28 18:10 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-02-28 18:10 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-02-28 17:05 86,016 --a------ C:\WINDOWS\system32\ElbyCDIO.dll
2007-02-28 14:56 15,440 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2007-02-27 16:55 <DIR> d-------- C:\CloneDVDTemp
2007-02-27 16:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Elaborate Bytes
2007-02-27 16:53 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\SlySoft
2007-02-26 18:06 1,826 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-26 17:57 281,652 --ahs---- C:\WINDOWS\system32\vtsqp.dll.vir
2007-02-26 16:49 <DIR> d-------- C:\DOCUME~1\ADMINI~1.USE\APPLIC~1\Webroot
2007-02-26 16:47 <DIR> d-------- C:\DOCUME~1\NETWOR~1.NTA\APPLIC~1\Webroot
2007-02-26 16:22 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-02-26 16:22 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-02-26 16:22 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-02-26 16:22 144,448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-02-26 16:21 <DIR> d-------- C:\Program Files\Webroot
2007-02-26 16:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Webroot
2007-02-26 16:19 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Webroot
2007-02-19 16:23 <DIR> d-------- C:\Program Files\Acoustica Beatcraft
2007-02-19 14:05 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Media Player Classic
2007-02-19 14:03 <DIR> d-------- C:\Program Files\Real Alternative
2007-02-19 14:03 <DIR> d-------- C:\Program Files\Media Player Classic
2007-02-19 14:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Real
2007-02-19 14:03 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Real
2007-02-19 13:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\NCH Swift Sound
2007-02-18 17:29 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2007-02-18 17:29 <DIR> d-------- C:\Program Files\VstPlugins
2007-02-18 11:57 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\NCH Swift Sound
2007-02-18 11:56 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-02-16 18:05 <DIR> d-------- C:\Program Files\Azureus
2007-02-16 18:05 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Azureus
2007-02-12 19:09 <DIR> d-------- C:\Program Files\Avi2Dvd
2007-02-07 17:27 <DIR> d-------- C:\My Downloads

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-03-06 09:02 -------- d-------- C:\DOCUME~1\Admin\APPLIC~1\limewire
2007-03-05 20:07 -------- d-------- C:\Program Files\avisynth 2.5
2007-03-05 17:09 -------- d-------- C:\Program Files\lexmarkx63
2007-03-02 21:19 -------- d-------- C:\Program Files\java
2007-03-01 18:13 -------- d-------- C:\Program Files\yahoo!
2007-03-01 18:13 -------- d-------- C:\Program Files\xvid
2007-03-01 18:13 -------- d-------- C:\Program Files\windows nt
2007-03-01 18:13 -------- d-------- C:\Program Files\windows media connect 2
2007-03-01 18:12 -------- d-------- C:\Program Files\supertux
2007-03-01 18:10 -------- d-------- C:\Program Files\sbc self support tool
2007-03-01 18:09 -------- d-------- C:\Program Files\realtek ac97
2007-03-01 18:09 -------- d-------- C:\Program Files\online services
2007-03-01 18:09 -------- d-------- C:\Program Files\officeupdate11
2007-03-01 18:09 -------- d-------- C:\Program Files\movie maker
2007-03-01 18:04 -------- d-------- C:\Program Files\microsoft activesync
2007-03-01 18:04 -------- d-------- C:\Program Files\messenger
2007-03-01 18:04 -------- d-------- C:\Program Files\limewire
2007-03-01 18:00 -------- d-------- C:\Program Files\dvd shrink
2007-03-01 18:00 -------- d-------- C:\Program Files\dvd decrypter
2007-03-01 18:00 -------- d-------- C:\Program Files\dv ts
2007-03-01 18:00 -------- d-------- C:\Program Files\divx
2007-03-01 18:00 -------- d-------- C:\Program Files\damn nfo viewer
2007-03-01 17:56 -------- d-------- C:\Program Files\Common Files\motive
2007-03-01 17:55 -------- d-------- C:\Program Files\Common Files\kaspersky lab
2007-03-01 17:54 -------- d-------- C:\Program Files\ccleaner
2007-03-01 17:53 -------- d-------- C:\Program Files\avrack
2007-03-01 17:52 -------- d-------- C:\Program Files\aod
2007-03-01 17:52 -------- d-------- C:\Program Files\aim6
2007-03-01 17:51 -------- d-------- C:\Program Files\aim
2007-03-01 17:50 -------- d-------- C:\Program Files\ace-high mp3 wav wma ogg converter
2007-03-01 17:31 -------- d-------- C:\DOCUME~1\Admin\APPLIC~1\utorrent
2007-03-01 17:31 -------- d-------- C:\DOCUME~1\Admin\APPLIC~1\msninstaller
2007-03-01 17:31 -------- d-------- C:\DOCUME~1\Admin\APPLIC~1\mozilla
2007-03-01 17:30 -------- d-------- C:\DOCUME~1\Admin\APPLIC~1\adobeum
2007-02-23 16:43 -------- d--h----- C:\Program Files\installshield installation information
2007-02-18 18:19 56314 --a------ C:\DOCUME~1\Admin\APPLIC~1\speech.wav
2007-02-03 15:14 335 --a------ C:\WINDOWS\mozregistry.dat
2007-02-02 21:30 -------- d-------- C:\Program Files\Common Files\swf studio
2007-01-21 19:47 -------- d-------- C:\Program Files\elaborate bytes
2007-01-21 19:46 -------- d-------- C:\Program Files\slysoft
2007-01-08 19:38 -------- d---s---- C:\DOCUME~1\Admin\APPLIC~1\microsoft
2007-01-08 19:01 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-12-27 10:46 126976 --a------ C:\WINDOWS\system32\iavlsp.dll
2006-12-12 14:15 845312 --a------ C:\WINDOWS\system32\smab.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"µnBlackList"="C:\\Program Files\\SlySoft\\AnyDVD\\unBlackList.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RaidTool"="\"C:\\Program Files\\VIA\\RAID\\raid_tool.exe\""
"KAVPersonal50"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kav.exe\" /minimize"
"PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"LexStart"=""
"lxamsp32.exe"="lxamsp32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Monitor.lnk]
"backup"="C:\\WINDOWS\\pss\\Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\ArcSoft\\MEDIAC~1\\MCCMON~1.EXE -r"
"item"="Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Language"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexStart]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mavenapp://maven.net/nike/jogatv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NikeJogaTV"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero DriveSpeed]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DRIVES~1"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"inimapping"="0"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SMSystemAnalyzer"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swdoctor"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="1"
"hkey"="HKCU"
"command"="1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C47A9554-195A-4769-9B13-04F15B450A39}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
Shell\AutoRun\command G:\LaunchU3.exe -a

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac442ae2-864e-11db-82f5-00508d79493f}]
Shell\AutoRun\command G:\LaunchU3.exe -a

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Disk Cleanup.job

********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-03-06 9:25:59

03-06-2007, 08:28 AM	#25 (permalink)
MyDingo21 Registered User Join Date: Jan 2006 Location: Chi- city Posts: 91 OS: XP pro sp2	i didn't have problems with the regfix. i thought it worked. here is the combofix "Admin" - 07-03-06 9:22:41 Service Pack 2 ComboFix 07-03-05.2_PreRelease - Running from: "C:\Documents and Settings\Admin\Desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\hosts ((((((((((((((((((((((((((((((( Files Created from 2007-02-06 to 2007-03-06 )))))))))))))))))))))))))))))))))) 2007-03-06 08:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SlySoft 2007-03-06 08:30 <DIR> d-------- C:\Program Files\AC3Filter 2007-03-06 08:19 <DIR> d-------- C:\Program Files\GSpot 2007-03-05 18:23 <DIR> d-------- C:\Program Files\PeerGuardian2 2007-03-05 17:09 86,016 --a------ C:\WINDOWS\unvise32.exe 2007-03-02 18:36 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-03-02 16:40 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-02-28 18:10 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe 2007-02-28 18:10 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-02-28 18:10 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-02-28 18:10 40,960 --a------ C:\WINDOWS\system32\swsc.exe 2007-02-28 18:10 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-02-28 18:10 135,168 --a------ C:\WINDOWS\system32\swreg.exe 2007-02-28 17:05 86,016 --a------ C:\WINDOWS\system32\ElbyCDIO.dll 2007-02-28 14:56 15,440 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys 2007-02-27 16:55 <DIR> d-------- C:\CloneDVDTemp 2007-02-27 16:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Elaborate Bytes 2007-02-27 16:53 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\SlySoft 2007-02-26 18:06 1,826 --a------ C:\WINDOWS\system32\tmp.reg 2007-02-26 17:57 281,652 --ahs---- C:\WINDOWS\system32\vtsqp.dll.vir 2007-02-26 16:49 <DIR> d-------- C:\DOCUME~1\ADMINI~1.USE\APPLIC~1\Webroot 2007-02-26 16:47 <DIR> d-------- C:\DOCUME~1\NETWOR~1.NTA\APPLIC~1\Webroot 2007-02-26 16:22 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys 2007-02-26 16:22 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2007-02-26 16:22 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys 2007-02-26 16:22 144,448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys 2007-02-26 16:21 <DIR> d-------- C:\Program Files\Webroot 2007-02-26 16:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Webroot 2007-02-26 16:19 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Webroot 2007-02-19 16:23 <DIR> d-------- C:\Program Files\Acoustica Beatcraft 2007-02-19 14:05 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Media Player Classic 2007-02-19 14:03 <DIR> d-------- C:\Program Files\Real Alternative 2007-02-19 14:03 <DIR> d-------- C:\Program Files\Media Player Classic 2007-02-19 14:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Real 2007-02-19 14:03 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Real 2007-02-19 13:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\NCH Swift Sound 2007-02-18 17:29 225,280 --a------ C:\WINDOWS\system32\rewire.dll 2007-02-18 17:29 <DIR> d-------- C:\Program Files\VstPlugins 2007-02-18 11:57 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\NCH Swift Sound 2007-02-18 11:56 <DIR> d-------- C:\Program Files\NCH Swift Sound 2007-02-16 18:05 <DIR> d-------- C:\Program Files\Azureus 2007-02-16 18:05 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Azureus 2007-02-12 19:09 <DIR> d-------- C:\Program Files\Avi2Dvd 2007-02-07 17:27 <DIR> d-------- C:\My Downloads (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-03-06 09:02 -------- d-------- C:\DOCUME~1\Admin\APPLIC~1\limewire 2007-03-05 20:07 -------- d-------- C:\Program Files\avisynth 2.5 2007-03-05 17:09 -------- d-------- C:\Program Files\lexmarkx63 2007-03-02 21:19 -------- d-------- C:\Program Files\java 2007-03-01 18:13 -------- d-------- C:\Program Files\yahoo! 2007-03-01 18:13 -------- d-------- C:\Program Files\xvid 2007-03-01 18:13 -------- d-------- C:\Program Files\windows nt 2007-03-01 18:13 -------- d-------- C:\Program Files\windows media connect 2 2007-03-01 18:12 -------- d-------- C:\Program Files\supertux 2007-03-01 18:10 -------- d-------- C:\Program Files\sbc self support tool 2007-03-01 18:09 -------- d-------- C:\Program Files\realtek ac97 2007-03-01 18:09 -------- d-------- C:\Program Files\online services 2007-03-01 18:09 -------- d-------- C:\Program Files\officeupdate11 2007-03-01 18:09 -------- d-------- C:\Program Files\movie maker 2007-03-01 18:04 -------- d-------- C:\Program Files\microsoft activesync 2007-03-01 18:04 -------- d-------- C:\Program Files\messenger 2007-03-01 18:04 -------- d-------- C:\Program Files\limewire 2007-03-01 18:00 -------- d-------- C:\Program Files\dvd shrink 2007-03-01 18:00 -------- d-------- C:\Program Files\dvd decrypter 2007-03-01 18:00 -------- d-------- C:\Program Files\dv ts 2007-03-01 18:00 -------- d-------- C:\Program Files\divx 2007-03-01 18:00 -------- d-------- C:\Program Files\damn nfo viewer 2007-03-01 17:56 -------- d-------- C:\Program Files\Common Files\motive 2007-03-01 17:55 -------- d-------- C:\Program Files\Common Files\kaspersky lab 2007-03-01 17:54 -------- d-------- C:\Program Files\ccleaner 2007-03-01 17:53 -------- d-------- C:\Program Files\avrack 2007-03-01 17:52 -------- d-------- C:\Program Files\aod 2007-03-01 17:52 -------- d-------- C:\Program Files\aim6 2007-03-01 17:51 -------- d-------- C:\Program Files\aim 2007-03-01 17:50 -------- d-------- C:\Program Files\ace-high mp3 wav wma ogg converter 2007-03-01 17:31 -------- d-------- C:\DOCUME~1\Admin\APPLIC~1\utorrent 2007-03-01 17:31 -------- d-------- C:\DOCUME~1\Admin\APPLIC~1\msninstaller 2007-03-01 17:31 -------- d-------- C:\DOCUME~1\Admin\APPLIC~1\mozilla 2007-03-01 17:30 -------- d-------- C:\DOCUME~1\Admin\APPLIC~1\adobeum 2007-02-23 16:43 -------- d--h----- C:\Program Files\installshield installation information 2007-02-18 18:19 56314 --a------ C:\DOCUME~1\Admin\APPLIC~1\speech.wav 2007-02-03 15:14 335 --a------ C:\WINDOWS\mozregistry.dat 2007-02-02 21:30 -------- d-------- C:\Program Files\Common Files\swf studio 2007-01-21 19:47 -------- d-------- C:\Program Files\elaborate bytes 2007-01-21 19:46 -------- d-------- C:\Program Files\slysoft 2007-01-08 19:38 -------- d---s---- C:\DOCUME~1\Admin\APPLIC~1\microsoft 2007-01-08 19:01 17408 --a------ C:\WINDOWS\system32\corpol.dll 2006-12-27 10:46 126976 --a------ C:\WINDOWS\system32\iavlsp.dll 2006-12-12 14:15 845312 --a------ C:\WINDOWS\system32\smab.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "µnBlackList"="C:\\Program Files\\SlySoft\\AnyDVD\\unBlackList.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "RaidTool"="\"C:\\Program Files\\VIA\\RAID\\raid_tool.exe\"" "KAVPersonal50"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kav.exe\" /minimize" "PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "LexStart"="" "lxamsp32.exe"="lxamsp32.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Monitor.lnk] "backup"="C:\\WINDOWS\\pss\\Monitor.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\ArcSoft\\MEDIAC~1\\MCCMON~1.EXE -r" "item"="Monitor" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="aim" "hkey"="HKCU" "command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOLSoftware" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Language" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexStart] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mavenapp://maven.net/nike/jogatv] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NikeJogaTV" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero DriveSpeed] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DRIVES~1" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "inimapping"="0" "command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVDServ" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SMSystemAnalyzer" "hkey"="HKCU" "command"="\"C:\\Program Files\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swdoctor" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeUpdateManager" "hkey"="HKCU" "command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ViewMgr" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winampa" "hkey"="HKLM" "command"="C:\\Program Files\\Winamp\\winampa.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="1" "hkey"="HKCU" "command"="1" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{C47A9554-195A-4769-9B13-04F15B450A39}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G] Shell\AutoRun\command G:\LaunchU3.exe -a [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac442ae2-864e-11db-82f5-00508d79493f}] Shell\AutoRun\command G:\LaunchU3.exe -a Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Disk Cleanup.job ****************************************************************** catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ****************************************************************** Completion time: 07-03-06 9:25:59